HR Compliance Checklist for Indian SMEs (2025): PF, ESIC, PT, and What You're Probably Missing

Most Indian SME founders believe their compliance is in order. Most are wrong. In my experience auditing growing businesses across Maharashtra and the rest of India, a labour inspection would find at least three to four compliance gaps in the average 50-person company — and in many cases, the gaps are significant enough to attract penalties that run into lakhs.

This isn't because founders are careless. It's because labour compliance in India is genuinely complex. There are central laws and state laws. There are thresholds — 10 employees, 20 employees — that trigger new obligations. There are contribution rates that change, registration requirements with multiple different government portals, and filing deadlines that don't neatly align with each other. Most SME founders are running a business, not a compliance department. Gaps accumulate silently.

This article is a complete, practical reference for the HR compliance obligations that apply to most Indian SMEs. Use it to assess your current position and identify what needs attention.

Provident Fund (PF) — The Baseline Obligation

The Employees' Provident Fund (EPF) is mandatory for all establishments with 20 or more employees. Once you cross that threshold, registration with the EPFO is compulsory — and the obligation continues even if headcount temporarily dips below 20.

The contribution structure is: 12% of basic salary from the employer, and 12% of basic salary from the employee. Of the employer's 12%, 8.33% goes to the Employee Pension Scheme (EPS) and the remaining 3.67% goes into the EPF corpus. Additionally, the employer pays 0.5% as administrative charges (EDLI contribution).

PF is applicable to employees earning up to ₹15,000 per month as basic salary. Employees earning above this can voluntarily contribute, but the employer's statutory obligation is capped at the ₹15,000 basic.

Common PF Compliance Gaps

• Structuring salaries to minimise PF liability. Splitting basic salary to inflate HRA or other allowances is a widely used practice — and a risky one. If the PF department determines that the salary structure was artificially designed to reduce basic (and therefore PF contributions), the entire CTC can be treated as basic, and arrear demands can go back years.
• Missing contract and gig workers. If you engage workers through a contractor, and those workers regularly work on your premises, PF liability may rest with you as the principal employer — regardless of whether the contractor is also contributing.
• Delayed challan payments. PF challan is due by the 15th of the following month. Late payment attracts interest at 12% per annum on the amount due, plus a penalty of ₹5 per day per default.
• Not registering when you cross 20 employees. This is surprisingly common. Founders track revenue and projects, not a headcount threshold that triggers a statutory obligation.

ESIC — Mandatory From 10 Employees

The Employees' State Insurance Corporation (ESIC) scheme provides medical, sickness, maternity, and disability benefits to covered employees. Registration with ESIC is mandatory for establishments with 10 or more employees (in notified areas — check your state's notification).

The contribution rates are: 3.25% of gross wages from the employer, and 0.75% of gross wages from the employee. Unlike PF, ESIC contributions are calculated on gross wages (not just basic), and apply to employees earning up to ₹21,000 per month.

Common ESIC Compliance Gaps

• Not registering when crossing 10 employees. Many founders reach 15–20 employees before realising ESIC registration should have happened at 10.
• Part-time and contractual workers missed. If someone works on your premises and earns up to ₹21,000/month, they may be eligible for ESIC coverage regardless of their contract type.
• Wrong contribution base. ESIC applies to gross wages including allowances — not just basic. Calculating on basic understates the contribution and creates a liability.
• Non-compliance penalties. ESIC non-compliance can attract penalties of ₹5,000–₹10,000 per default under Section 85 of the ESI Act, plus interest and arrears.

Professional Tax — Small Amount, Big Oversight

Professional Tax is a state-level tax on employment income, applicable in Maharashtra, Karnataka, Andhra Pradesh, Telangana, Gujarat, and several other states. The employer is required to deduct PT from employee salaries and remit it to the state government.

In Maharashtra, the PT slab is: up to ₹7,500/month gross — nil; ₹7,501–₹10,000 — ₹175/month; above ₹10,000 — ₹200/month (except February, when it is ₹300). The employer also has a separate PT liability as a business entity — typically ₹2,500 per year.

Common PT Compliance Gaps

• PT not deducted at all. This is especially common in businesses that grew from a small base and never formalised payroll deductions.
• Deducted but not remitted. Some businesses deduct PT but don't remit it to the state authority — which creates a liability with interest.
• Wrong slab application. PT slabs vary by state and change periodically. Using outdated slabs is a compliance gap.

Gratuity — The Silent Long-Term Liability

Gratuity is a statutory benefit payable to employees who have completed five or more years of continuous service with the same employer. It is governed by the Payment of Gratuity Act, 1972, and applies to establishments with 10 or more employees.

The formula is: (15 / 26) × number of years of service × last drawn basic salary. The "15/26" represents 15 days' wages for every year of service, calculated on a 26-working-day month.

For example, an employee with 7 years of service and a last basic salary of ₹30,000/month would be entitled to: (15/26) × 7 × 30,000 = ₹1,21,154.

Common Gratuity Compliance Gaps

• Not provisioning for gratuity. Many SMEs don't create a gratuity provision in their books, which means when the liability crystallises, it hits as an unexpected cash outflow — sometimes a significant one.
• Disputed calculations. Arguments about what counts as "basic salary" and whether an employee has actually completed 5 years are common. Clear employment records and service dates eliminate most disputes.
• Not knowing the 4.8-year rule. An employee who has worked 4 years and 240 days is legally considered to have completed 5 years under most interpretations. This catches founders off guard when long-serving employees resign just before a perceived "five year" mark.

POSH — The Most Commonly Ignored Requirement

The Prevention of Sexual Harassment (POSH) Act, 2013, requires every employer with 10 or more employees to constitute an Internal Committee (IC) to address sexual harassment complaints in the workplace. This is not optional, and it applies regardless of the gender composition of your workforce.

The IC must have a minimum of four members: a presiding officer (a senior woman employee), two other employees, and an external member from an NGO or advocacy organisation familiar with POSH issues. At least half the members must be women.

Additionally, the IC must submit an annual report to the District Officer by January 31 each year, covering the number of complaints received, disposed of, and pending — even if the count is zero.

In my experience auditing SMEs, POSH is the single most common compliance gap I find. A majority of businesses with 50–200 employees either have no IC constituted, have an IC that was constituted on paper but hasn't been trained, or have never filed an annual report.

Common POSH Compliance Gaps

• No IC constituted at all. The most frequent gap — and the most serious. Non-constitution of an IC is a violation attracting a fine of up to ₹50,000 for a first offence, doubled for repeat violations, plus potential licence cancellation.
• Annual report not filed. Most founders who have constituted an IC are unaware of the annual reporting obligation.
• No policy document. Every business must have a written POSH policy displayed in the workplace.
• IC members not trained. The IC must be trained to conduct enquiries. An untrained IC is a legal risk, not a protection.

Shops and Establishments Act — State-Level Foundation

The Shops and Establishments Act is state legislation that governs working hours, leave entitlements, and working conditions for commercial establishments. Every business must register under the relevant state Act — in Maharashtra, this is the Maharashtra Shops and Establishments (Regulation of Employment and Conditions of Service) Act, 2017.

Registration must be obtained within 30 days of commencement of business and must be renewed annually. The Act also specifies requirements around working hours (maximum 9 hours per day, 48 per week), overtime eligibility and rates, and mandatory leave entitlements.

Common Shops Act Gaps

• Registration not obtained or lapsed. Annual renewal is often missed, leaving the business technically unregistered.
• Leave records not maintained. The Act requires employers to maintain attendance registers, leave records, and wage registers in prescribed formats. Most SMEs don't maintain these in the legally required form.
• Overtime not calculated or paid correctly. For establishments covered under the Shops Act, overtime must be paid at twice the ordinary rate — not at 1.5x as some employers assume.

The HR Compliance Checklist

Use this checklist to do a quick self-assessment of your compliance status. A tick means you're covered; a cross means there's likely a gap to address.

Key Takeaways

• PF is mandatory from 20 employees; ESIC from 10 employees (in notified areas). Many businesses cross these thresholds without registering
• Professional Tax is deducted from employees' salaries and must be remitted to the state — not doing so is a double gap (non-deduction and non-remittance)
• Gratuity liability builds silently from day one of employment — provisioning protects against a large unexpected cash outflow
• POSH compliance (Internal Committee + annual report) is legally mandatory for all businesses with 10+ employees — it is the most commonly missing compliance requirement in Indian SMEs
• Shops and Establishments Act registration must be renewed annually; leave and attendance records must be maintained in the legally prescribed format
• A single labour inspection penalty can cost more than six months of professional compliance support

If you identified gaps in this checklist, the right next step is a structured compliance review — not a panic reaction. Most gaps can be addressed systematically. See our Compliance Support services for how we help businesses get fully covered, and get in touch if you'd like to discuss your specific situation.