top of page

POSH Act, 13 Years Later: What Are We Still Getting Wrong?

On April 7, 2026, an awareness programme on the law governing workplace sexual harassment was convened within the premises of the Orissa High Court. It was, on the face of it, just another institutional event—one among many across the country marking renewed engagement with the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013. But the symbolism is hard to ignore: more than a decade after the law came into force, the very institutions entrusted with enforcing it are still reminding themselves—and by extension, everyone else—of its meaning, scope, and urgency. That, in itself, tells a story. The POSH Act, as it is commonly known, is no longer new, yet it is far from settled. Its principles are widely acknowledged, its language familiar, but its application remains uneven, often misunderstood, and increasingly strained by the realities of a changing workplace. In 2026, the conversation around POSH is no longer just about awareness; it is about enforcement, compliance failures, and a growing legal grey zone that threatens to outpace the law itself.


At its core, the POSH Act was a legislative response to a moral imperative articulated decades earlier by the Supreme Court in Vishaka v. State of Rajasthan: that the right to work with dignity is an intrinsic part of the right to life under Article 21 of the Constitution. It sought to convert that principle into a practical framework, mandating that every workplace constitute an Internal Complaints Committee (ICC), establish procedures for inquiry, and ensure that complaints of sexual harassment are addressed promptly and fairly. The law was, and remains, a powerful statement of intent. Yet intent, as history often shows, is only the beginning. The real measure of a law lies in how it is implemented, and here, the POSH Act reveals its vulnerabilities.


Consider, for instance, the seemingly mundane but legally critical requirement of constituting a proper ICC. The statute is explicit: the committee must include a presiding officer who is a senior woman employee, at least two members committed to the cause of women or with experience in social work or legal knowledge, and, crucially, an external member from an NGO or association familiar with issues of sexual harassment. This external presence is not a procedural formality; it is a safeguard against internal bias and institutional pressure. Yet, across India, countless organisations—particularly startups and mid-sized enterprises—either ignore this requirement or reduce it to a checkbox exercise. Some appoint “external members” who are neither independent nor qualified; others operate with entirely internal committees, often composed of HR personnel with little training in quasi-judicial processes.


More troubling still is the rise of what can only be described as informal or ad hoc complaint mechanisms. In an era dominated by instant communication, there are documented instances of organisations handling complaints through WhatsApp groups or email threads, bypassing the structured inquiry process mandated by law. These practices may be justified internally as efficient or “employee-friendly,” but they fundamentally undermine the procedural fairness that the POSH Act seeks to guarantee. An ICC is not a suggestion; it is a statutory body. Its inquiries are not casual discussions; they are quasi-judicial proceedings with real consequences for both complainants and respondents. When organisations treat them otherwise, they expose themselves not only to legal liability but to a deeper erosion of trust.


This gap between law and practice is not merely theoretical. Courts and consumer commissions in recent years have increasingly scrutinised POSH compliance, often with significant consequences. Organisations that fail to constitute a proper ICC or follow due process have found their decisions set aside, their credibility questioned, and in some cases, damages imposed. The message from the judiciary is clear: compliance is not optional, and procedural shortcuts will not be tolerated. Yet, despite this growing body of jurisprudence, the same mistakes persist, suggesting that the problem is not one of ignorance alone but of institutional inertia.


Part of the challenge lies in the perception of POSH compliance as a burden rather than a necessity. For many businesses, particularly in the startup ecosystem, the focus remains on growth, funding, and market expansion. Compliance, especially in areas perceived as “non-core,” is often relegated to the background. The ICC becomes a line item in a policy document rather than a functional mechanism. Annual reports, which must be filed with the District Officer detailing the number of cases and their disposal, are overlooked or treated as an afterthought. Training sessions, when conducted, are often perfunctory, designed more to tick a regulatory box than to foster genuine understanding.


This approach is not only short-sighted but increasingly untenable. In a world where reputational risk can materialise overnight, a single mishandled complaint can have consequences far beyond the confines of a courtroom. Investors, clients, and employees are paying closer attention to workplace culture, and POSH compliance is becoming a key indicator of organisational integrity. The cost of non-compliance is no longer limited to legal penalties; it extends to brand damage, employee attrition, and loss of trust.


Yet, even as organisations struggle with basic compliance, a more complex challenge is emerging—one that the POSH Act, in its current form, does not fully address. The nature of work itself is changing. Remote work, once a necessity during the pandemic, has become a permanent feature for many sectors. The gig economy is expanding, with millions of individuals working as independent contractors, platform-based service providers, or freelancers. These developments raise fundamental questions about the scope of the POSH Act. Who is an “employee” in a world where work is mediated by apps and algorithms? What constitutes a “workplace” when interactions occur in virtual spaces or private homes?


The law offers some guidance, defining “workplace” broadly to include not just physical offices but any place visited by the employee during the course of employment, including transportation provided by the employer. This expansive definition has allowed courts to interpret the Act in a flexible manner. However, the application to gig workers and platform-based employment remains uncertain. Many platforms classify their workers as independent contractors, thereby placing them outside the traditional employer-employee relationship that the POSH framework assumes. If a delivery partner or ride-hailing driver faces sexual harassment, who is responsible for redressal? The platform? The customer? The law does not provide a clear answer.


This ambiguity is not merely academic; it has real consequences for millions of workers who find themselves in a legal grey zone. As the gig economy continues to grow, the absence of a clear POSH framework for such workers risks creating a parallel labour market where protections against sexual harassment are weaker or non-existent. Addressing this gap will require not just judicial interpretation but legislative intervention, potentially rethinking the very definitions that underpin the Act.


Adding another layer of complexity is the intersection of POSH with data protection law, particularly in light of the Digital Personal Data Protection (DPDP) framework. An ICC inquiry inevitably involves the collection, processing, and storage of sensitive personal data—statements, evidence, medical records, and sometimes intimate details of individuals’ lives. Under the DPDP regime, such processing must comply with principles of consent, purpose limitation, data minimisation, and security safeguards. Yet, few organisations have fully grappled with what this means in the context of POSH.


For instance, how should consent be obtained from complainants and respondents for the use of their data in an inquiry? What is the appropriate retention period for ICC records? How should organisations handle data breaches involving sensitive information disclosed during proceedings? The POSH Act emphasises confidentiality, prohibiting the publication or disclosure of information relating to complaints and inquiries. But confidentiality, in the age of digital data, is as much a technical challenge as it is a legal one. Ensuring that sensitive information is protected requires robust data governance practices, not just policy statements.


Here, the gap between law and practice is even more pronounced. Many organisations continue to store ICC records in unsecured formats—shared drives, email chains, or even physical files with limited access control. The risk of unauthorised access or accidental disclosure is significant, and the consequences, both legal and reputational, can be severe. The integration of POSH compliance with data protection is no longer optional; it is an essential aspect of responsible governance in 2026.


It is tempting, in the face of these challenges, to argue that the law itself is outdated, that it needs to be overhauled to reflect the realities of modern work. There is some merit to this view. Laws must evolve with society, and the POSH Act is no exception. But to focus solely on legislative reform is to overlook a more immediate and pressing issue: the failure to implement the law as it currently exists. Many of the compliance gaps we see today—improper ICCs, lack of training, failure to file reports—are not the result of ambiguity in the statute but of neglect in practice.


As the legal scholar Catharine MacKinnon once observed, “Sexual harassment is less about sex than about power.” This insight remains as relevant today as it was when she first articulated it. The POSH Act is, at its heart, an attempt to address power imbalances in the workplace, to create a mechanism through which individuals can seek redress without fear of retaliation. But for this mechanism to function, it must be credible. Employees must believe that complaints will be handled fairly, that confidentiality will be maintained, and that outcomes will not be influenced by organisational hierarchies. When compliance becomes a formality, that credibility is lost.


There are, of course, counterarguments. Some employers express concern about the potential misuse of POSH provisions, arguing that false or malicious complaints can harm reputations and careers. The law itself acknowledges this possibility, providing for action against complainants who make false allegations. But it also makes clear that the mere inability to substantiate a complaint does not amount to falsity. The challenge, therefore, is not to dilute the protections offered by the Act but to ensure that inquiries are conducted with rigor and fairness. A well-functioning ICC, properly constituted and trained, is the best safeguard against both harassment and misuse.


What, then, does meaningful POSH compliance look like in 2026? It begins with recognising that compliance is not a one-time exercise but an ongoing process. Organisations must invest in training—not just for ICC members but for all employees, including leadership. They must ensure that their committees are properly constituted, with genuine external members who bring independence and expertise. They must establish clear procedures, document their actions, and adhere to timelines. They must integrate POSH with broader governance frameworks, including data protection and risk management.


Equally important is the need for cultural change. Laws can mandate structures, but they cannot, on their own, create safe workplaces. That requires a shift in attitudes, a willingness to confront uncomfortable truths, and a commitment from leadership to prioritise dignity and respect. In this sense, POSH compliance is as much about ethics as it is about law.


The events of April 2026, including the awareness programme at the Orissa High Court, are a reminder that the conversation around workplace harassment is far from over. If anything, it is entering a new phase—one where the focus is shifting from awareness to accountability, from policy to practice. The challenges are significant, but so are the stakes. The right to a safe workplace is not a privilege; it is a fundamental aspect of human dignity.


As we look ahead, the question is not whether the POSH Act will remain relevant, but whether our institutions—corporate, judicial, and societal—are willing to take it seriously. The law has laid down the framework. The jurisprudence is evolving. The gaps are visible. What remains is the will to bridge them. If 2026 is to mark a turning point, it will not be because of new statutes or landmark judgments alone, but because organisations finally recognise that compliance is not about avoiding liability—it is about upholding the very values that the law was designed to protect.

BharatLaw.AI is revolutionising the way lawyers research cases. We have built a fantastic platform that can help you save up to 90% of your time in your research. Signup is free, and we have a free forever plan that you can use to organise your research. Give it a try.

bottom of page