Ahlawat & Associates

Employee Stock Option Plans, or commonly referred to as ESOPs, were once assumed to be a simple corporate incentive. However, lately ESOPs have featured prominently across media: from the Enforcement Directorate issuing summons to Senior Advocates for providing legal advice over ESOP structuring, former Managing Director of BharatPe levying allegations regarding the unlawful grant of ESOPs to certain managerial-level individuals or scrutiny undertaken by Securities Exchange Board of India (“SEBI”) on Paytm for the alleged illegal grant of ESOPs, ESOPs seem to have attracted immense regulatory and public attention. Further, the recent announcement made by Flipkart regarding its intention to buyback ESOPs worth USD 50 million which ultimately benefits 7500 employees is also garnering a lot of attention. These legal issues, though unconnected, reflect one thing: that ESOPs are now high-stakes legal and strategic tools for corporates and that it makes it imperative to understand the underlying concept and the legal intricacies behind them. ESOPs are structured initiatives designed for employees of a company to purchase the shares of the company at a discounted price from its market value. ESOPs were first coined back in the year 1956 by an Economist and Lawyer from San Francisco called Louis O. Kelso with a motive to transition the ownership of the company from the founders to their successors along with their employees. While many companies used to work on the concept of employee ownership company prior to 1956 as well, however, the term ESOPs was specifically coined by Kelso as he used a different tax-qualified stock bonus plan as a tool for business succession. ESOPs, in India, were first introduced by Wipro back in 1985, but the news only gained momentum and publicity when Infosys in 1990s used them to hire and retain talent which eventually resulted in many of such employees becoming millionaires. In this article, we will breakdown everything that companies, employees, and legal practitioners need to know about ESOPs including their origin, purpose, relevance, impact on startups and international application. What Are ESOPs? Well, in the most basic sense, it is a tool used by companies to attract, retain and incentivise employees by giving them a right (option) to purchase the shares of the company at a later stage at a pre-determined price so that eventually they can also become owners of the company. It not only acts as a recognition towards the employee’s efforts but also creates a sense of belonging towards the company. It benefits the company in the sense that the company can lower their turnover rates and retain talented people who are crucial for business development. Legal Framework Governing ESOPs in India The Companies Act, 2013 (the “Act”) defines “employee stock option” as an option given to employees, officers, and directors of a company or of its holding company or subsidiary which will give them right to purchase the securities at a future date at a predetermined price. Under Section 62 of the Act, a company can issue ESOPs to the employees, prescribed under the rules, through a properly approved scheme. The Act must be read with the Companies (Share Capital and Debenture) Rules, 2014 (“SCDR”) when private limited companies issue ESOPs. It lays down the criteria for startups for issuing ESOPs and provides comprehensive explanation on who can be termed as an “employee” for issuance of ESOPs under Rule 12 of SCDR. It further lays down the requirements in relation to grant, vesting and exercise of the options. Further, for listed companies, the governing law for ESOPs is the Securities and Exchange Board of India (Share Based Employee Benefits and Sweat Equity) Regulations, 2021. These regulations govern the companies which are listed on Indian stock exchanges and have an ESOP scheme. Further, if any resident individual is willing to acquire securities through ESOPs from a foreign company, then the Foreign Exchange Management Act, 1999 (“FEMA”) read with Foreign Exchange Management (Overseas Investment) Rules, 2022 (“OI Rules”) and the Foreign Exchange Management (Overseas Investment) Regulations, 2022 and Master Directions on Liberalized Remittance Scheme (“LRS”) have to be taken into consideration. Such an issuance falls under capital account transaction and according to OI Rules, such shares or equity interests can only be acquired by way of ESOPs by Indian employees. ESOPs will form Overseas Portfolio Investment (“OPI”) only if it is 10% or less than the total equity capital of the company otherwise it will be termed as Overseas Direct Investment (“ODI”). LRS permits an Indian employee remittances without RBI approval up to $250,000 per financial year. There exists no sub limit on the amount of remittance made, they are still reckoned towards LRS limit. Under the FDI Policy, an Indian Company can issue ESOPs to foreign directors or employees of its holding, join venture and subsidiaries outside India but it must comply with the Indian regulations. It should further comply with the sectoral cap applicable on the company. Additionally, it will require prior government approval if the foreign investment is under the approval route. Phases of ESOPs An ESOP is not a one-step transaction, but rather is a structured journey conducted in phases which ranges from granting the option to its vesting and concludes at exercising. This phased journey ensures alignment with the long-term goals between the company and the employees. A detailed understanding of these phases is provided below: Grant Phase: As a first step, the company identifies the employees who are eligible for stock options based on various criterion such as their expected contributions, tenure, skill set etc. Upon identification, the employees are granted the stock options upon executing grant letters/ stock option agreements. During this process, the employees are informed of the terms and conditions of ESOPs including the vesting schedule and the exercise price as may be determined by the company. Vesting Phase: Granting of ESOPs does not directly give the right to the employee to purchase the shares of a company, and the employee must rather earn the right during a certain time period for undertaking the said purchase. Vesting is actually the cliff period during which the employee is required to stay employed with the company, fulfil targets basis certain milestones and earn the right to purchase the shares of the company. Once this period ends, the shares are said to be vested in the employee. Exercise Phase: In this phase, the employees can exercise their right to purchase the vested shares at the pre-determined price and become the shareholders of the company. Unless the rights are exercised within the exercise period, the employee cannot be entitled to either derive the dividend or voting rights. Sometimes, companies also impose a lock-in period and/or share transfer restrictions once the options are exercised to restrict the sale of shares. Routes of Implementation of ESOP Scheme Generally, the two recognised routes for implementation of ESOP Scheme are: Trust Route: An ESOP trust is created and incorporated under the Indian Trust Act. The trust is then granted a loan by the Company for the purpose of acquisition of shares through private placement. When an employee becomes eligible and wants to exercise his/her option, he/she can simply apply to the trust by paying the exercise price and the trust will then repay the loan to the Company. In this route, secondary transfer of shares happens from the trust to the employee and the requirement to file return of allotment is done away with. Hence, this is a widely used method of ESOP issuance. Direct Route through virtual pool: Unlike the secondary transfer under the Trust route, here the Company directly issues the shares to the employees when they chose to exercise their option. Whenever an employee exercises his/her rights, Company is bound to allot fully paid-up shares and file a return of allotment. This method is usually used by small private companies. Tax Implications on ESOPs: Dual Incidence ESOP taxation arises at two key stages: First when the employee exercises their option and second when they eventually sell such shares. In both these stages, the tax implications are distinct under the Income Tax Act, 1961. First Stage: At the time of exercise: When employees decide to exercise the option to own the vested shares, they have to pay exercise price which is the pre-determined price of the share which is different from the fair market value of the shares. The difference between the exercise value and fair market value is liable to be taxed as a perquisite and taxation is done based on the tax slab of the employee under the head of “salaries.” Second Stage: At the time of Sale: Upon exercise of the ESOPs and allotment of shares to the eligible employees, they can sell their shares to any third party subject to the restrictions imposed under the shareholders agreement read with the charter documents of the company. In the event, the employee sells its shares to any third party, the difference between the selling price of the shares and the fair market value shall be liable to be taxed as the same shall be held as “capital gains.” This tax treatment further depends on two factors: Whether the shares are listed or unlisted, and The holding period of the shares. Listed Shares: If the shares are listed and are sold within 12 months of date of exercising the option, it falls under Short Term Capital Gains (“STCG”) and taxed at 15%. If held for more than 12 months and then sold, it will be called as Long-Term Capital Gains (“LTCG”) and if it exceeds Rs.1 Lakhs in a financial year then it will be taxed at 10% without any indexation benefit. Unlisted Shares: If the shares are unlisted and are sold within 24 months from the date of exercising the option, it will be called as STCG and the same shall be taxed as per the slab rate of the employee and if held and sold after 24 months then it will be called at LTCG which will be taxed at 20% after indexation of cost. Why Startups Swear by ESOPs ESOPs are fairly popular among startups as they serve as an optimum incentivisation structure in relation to employee benefits considering that they have fixed resources and need to hire and retain employees for a long period without offering huge packages. Further, through ESOPs employees get ownership in the companies they are working in, which boosts their morale and encourages performance while fostering loyalty even when the salary package is modest. Many startups are rapidly growing and have been on the path of continued progress by successfully implementing ESOPs. For example, Ola, an online cab booking company has issued ESOPs to more than 3,000 employees which is nearly 3 percent ownership of the company. Many of the employees have earned handsome benefits from selling their ESOPs. Zomato, a food delivery company has given ESOPs amounting to 6.5 % of the ownership which resulted in many early employees is making huge benefits worth millions of dollars. Additionally, the government of India has also recognised the role played by startups in implementation of ESOPs and therefore, in furtherance to the same, the government of India has introduced targeted tax relief provisions under the Startup India Initiative. Startups that are not more than 10 years old, involved in the development or innovation of products or services, and have a turnover of INR100 crore or below annually, can be exempted from deferred taxation on ESOPs. Conclusion Considering its trajectory from being a means of business succession to becoming a defining pillar of India’s startup ecosystem, ESOPs have operated in deeply transformative ways to empower companies to attract, retain, and reward talent and have become an integral part of the growth stories of some of the most successful businesses on the planet. But ESOPs now do not exist in a regulatory vacuum. They are now regulated by a multi-layered framework of legal and compliance obligations under the Companies Act, FEMA, SEBI regulations, and income tax enactments. Further, ESOP structuring is not merely a strategic human resource choice anymore but a vital legal imperative that needs careful design and careful implementation. For startups, the dilemma shall be to find the appropriate balance, between legal compliance and empowering employees, between cost-efficient short-run and value-creating long-run, and between preserving capital and granting substantial ownership. Further, considering the transitioning trajectory of the regulatory landscape of India, the ESOPs are anticipated to be more comprehensive, formalized, and subject to stringent governance and therefore, it becomes imperative for both the employees and the employers to learn about the legal, financial and strategic intricacies of the ESOPs. About the Author: Shramona Sarkar, Senior Associate at Ahlawat & Associates. Shramona is a qualified lawyer, having extensive years of experience in the field of ‘Corporate & Commercial’ and ‘Transactional Advisory’. Her broad practice areas in Ahlawat and Associates involve dealing in strategic and financial transactions related to ‘Private Equity’ and ‘M&A’. In addition to this, her expertise spans across several other legal domains, encompassing advisory services concerning labour and employment issues, as well as corporate and commercial law, and she has been closely working with a wide array of clients, both private and government entities, across sectors like sports & gaming, manufacturing, health technology companies, and education.

Global Capability Centres (“GCCs”) have stolen the spotlight and emerged at the centre stage as multinational corporations across the globe strive to restructure their operating models to achieve innovation and efficiency. GCCs are offshore productivity engines set up by multinational corporations across geographies, i.e., business units set up in different countries, particularly in emerging markets, to undertake specific functions including IT services, business process operations, research & development, analytics, finance and customer service. In India, GCCs started off as back-end units engaged in providing basic customer support services and have gradually evolved to operational arms of multinational corporations, undertaking middle and front office operations including but not limited to data analytics, product development and innovation. This article aims to assist multinational corporations in navigating through India’s legal landscape and optimizing their investment in building efficient, scalable, and compliant GCCs. Identifying a Strategic Location While identifying the suitable location for setting up the GCC in India, multinational corporations must evaluate factors including the nature of the GCC’s operations, availability of resources for facilitating the operations, infrastructural requirements, costs of living and industry-specific incentives available at the location. The top Indian locations for setting up GCCs include Bengaluru, Delhi, Hyderabad, Chennai, Pune, and Mumbai, while the emerging locations include Ahmedabad, Vadodara, Jaipur, Visakhapatnam, and Coimbatore. The favourable state-specific incentives and evolved infrastructural ecosystem in the aforementioned cities make them the top picks for setting up GCCs. It is pertinent to note that the location of the GCC shall also bear implications with respect to the stamp duties payable on various documents and agreements. Hence, while identifying the suitable location for setting up the GCC, multinational corporations must factor in all key aspects such as state-specific legislation, costs, infrastructure, existing industrial ecosystem and supply chain networks. Key Legal Considerations Entity Structuring In order to set up a GCC in India, a multinational corporation shall be required to ensure adherence to the provisions of the Foreign Exchange Management Act, 1999 (“FEMA”), the rules, regulations made thereunder, and the notifications and directions issued thereunder, as amended from time to time. Additionally, while setting up in India, the multinational corporation shall ensure compliance with the provisions of the Foreign Direct Investment (FDI) Policy (“FDI Policy”) and the sectoral caps, entry routes and conditions specified therein. It is imperative to note that the FDI Policy prohibits foreign investment in certain sectors including atomic energy, gambling, betting and railway operations. The GCC may be set up in the form of a Branch Office or a Limited Liability Partnership or a Joint Venture (“JV”) or a Wholly Owned Subsidiary (“WOS”). While JVs are a preferred choice for restricted sectors, the structure of a WOS stands out as the most preferred choice for multinational corporations intending to set up a GCC in India. GCCs may also require structure-specific approvals and shall be subject to certain additional compliances including compliance with the Companies Act, 2013. Furthermore, the GCCs may also be subjected to restrictions imposed by the RBI on investments from certain jurisdictions. A multinational corporation may either independently set up and manage the GCC, retaining entire control and ownership over the GCC while outsourcing operations which demand specialised expertise or may outsource the process of setting up the GCC to a third-party and thereafter acquire control over the fully operational GCC. The choice of the ownership structure for the GCC and the mode of setting up shall depend on the availability of capital, control requirements of the foreign entity, its operations and commercial requirements. Tax Implications One of the most crucial aspects that multinational corporations must evaluate is the tax implications of each entity structure and the implications of the arrangement for setting up the GCC. In case the GCC is a part of the group of the multinational corporation, any transactions between the group entities shall be conducted at a price determined on an arms-length basis. Multinational corporations must define clear standard operating procedures to guide the interaction and collaboration between the employees of GCCs and those from the multinational corporation or other group entities to avoid the risk of classification as a permanent establishment under the Indian tax regime. It is imperative to note that multinational corporations setting up GCCs in India may also be established in designated areas such as Special Economic Zones and Software Technology Parks. Alternatively, GCCs may also be established as GICs under the provisions of the IFSCA (Global In-House Centres) Regulations, 2020, in the International Financial Services Centre located in Gujarat to avail numerous fiscal and non-fiscal benefits including tax holidays, indirect tax exemptions and a relaxed regulatory environment. Workforce Management Labour and employment law compliances for the GCC shall encompass various facets at both central and state levels, including but not limited to mandatory policy formulation including the prevention of sexual harassment policy and equal opportunity policy, adherence to the prescribed working hours, provisions for leaves, procedures for termination of employees, provision of benefits to the workforce, etc. as stipulated under the applicable laws. In order to ensure compliance with the Indian labour and employment laws, GCCs must adopt meticulously drafted employment or consultancy agreements for engaging the workforce. The Government of India has consolidated 29 central-level labour laws into 4 labour codes , namely the Industrial Relations Code, 2020, the Code on Social Security, 2020, the Occupational Safety, Health and Working Conditions Code, 2020 and the Code on Wages, 2019. The labour codes may be notified soon and shall thereafter replace the existing labour laws. Intellectual Property Rights While setting up GCCs in India, multinational corporations must ensure that their intellectual property is adequately safeguarded. The key legislation governing IP rights in India includes, without limitation, the Patents Act, 1970, the Trademarks Act, 1999, the Copyright Act, 1957 and the Designs Act, 2000. While onboarding the workforce and engaging service providers, GCCs must ensure that the agreements comprehensively capture and address the ownership and assignment of intellectual property. The agreements must conspicuously allocate ownership rights to any intellectual property created, used, or modified during the course of the engagement of the employees, contractors, service providers and/or any other third parties. Any licenses granted for the use of such intellectual property must be backed with meticulously drafted licensing agreements, which should clearly incorporate comprehensive provisions to set forth the scope and nature of such rights, including provisions pertaining to exclusivity, transferability, sub-licensing, term, and the respective rights, obligations, remedies and disputes resolution mechanisms of the parties. Government Incentives for GCCs The Indian government incentivises multinational corporations by conferring numerous relaxations and rebates for setting up GCCs in India. Furthermore, the government has implemented schemes for setting up in information and technology hubs, set up software parks and provided numerous benefits to entities setting up in such designated areas. In order to attract multinational corporations and position the Indian states as global leaders in hosting GCCs, the state governments of Karnataka , Uttar Pradesh , Madhya Pradesh , Gujarat and Andhra Pradesh have notified GCC policies (“Policies”) for the respective states. The Policies encompass targeted incentivization and streamlined governance for GCCs setting up in the states and include tax exemptions, interest assistance, electricity duties rebates, subsidies, labour law incentives, incentives for the advancement of research and development in emerging sectors and innovation, regulatory support, relaxations from compliances under several legislation and various other fiscal and non-fiscal incentives. Additionally, the Policies include initiatives to foster local talent through internships, offering reimbursement for internship stipends. The incentives and relaxations under the Policies have been made eligible for both new GCCs and existing GCCs, subject to the thresholds, requirements and conditions specified under the Policies. Conclusion Setting up a GCC in India represents a strategically sound move for multinational corporations seeking to enhance operational efficiency and capitalize on favorable jurisdictional advantages. The legislative and policy frameworks adopted by several Indian states demonstrate a concerted effort to attract GCC investments, streamline regulatory processes, and foster a conducive environment for international business operations. However, multinational corporations must note that the establishment of a GCC in India necessitates a nuanced understanding of the country’s multifaceted legal and regulatory regime. The legal framework encompasses a wide array of central and state laws, procedural compliances, sector-specific guidelines, and tax considerations that multinational corporations must navigate with diligence. From the initial stages of determining the appropriate legal entity to structuring operational models and selecting jurisdictionally beneficial locations, each phase of the GCC lifecycle demands strategic legal and regulatory planning. Given India’s evolving economic landscape, progressive digital infrastructure, and policy-driven emphasis on foreign investment and innovation, the present moment offers a unique opportunity for international businesses to establish or expand their offshore centres in India. A legally sound and well-advised entry strategy will be critical to unlocking the long-term value and resilience that a GCC in India can offer. Author: Aashima Gusain (Associate)  

INTRODUCTION The enactment of the Digital Personal Data Protection Act (DPDPA), 2023, and the publication of the draft Digital Personal Data Protection Rules, 2025 (DPDP Rules), marks a significant development in India’s data privacy framework. On one hand, the proposed legislative framework is aimed at safeguarding personal data, at the same time, the legislation also introduces stringent obligations for data fiduciaries as regards observing compliances, reporting breaches, etc. This article explores the emerging challenges businesses face under the DPDPA, 2023, and the draft DPDP Rules, 2025, while offering strategic insights for businesses to navigate these requirements effectively. KEY CHALLENGES AND COMPLIANCE BURDENS With comprehensive measures to ensure transparency and accountability, the DPDPA and the draft Rules aim to balance individual rights with compliance obligations on businesses to ensure that appropriate emphasis is given to privacy and data security (while providing opportunities for fostering innovation as well). However, businesses face several critical compliance challenges, including: Enhanced Consent Management and Tracking Mechanisms While Section 6 of the DPDPA places a strong emphasis on obtaining free, specific, informed, and unconditional consent for processing personal data, its practical implementation poses significant challenges. Businesses will now be required to move beyond generic consent forms and adopt granular, purpose-driven consent mechanisms. Further, implementation of these requirements will require businesses to establish robust consent-tracking mechanisms and maintain audit trails to ensure compliance. Further, Rule 4 of the draft DPDP Rules outlines specific requirements for Consent Managers which will enable users to provide, manage, review, and revoke their consent for the processing of their personal data. While the usage of consent managers is optional under the statute, it would lessen the administrative burden if businesses opt for the services of consent managers. However, this also comes with added costs for engaging these consent managers (which might not be finally feasible for smaller entities, MSMEs, etc.). Manner of Displaying Notice for Consent Section 5 of the DPDPA states that every request regarding consent for processing of data made to a Data Principal under Section 6 must be accompanied or preceded by a notice. Further, Rule 3 of the Draft Rules provides specific requirements to be incorporated in such notice. The notices are required to be presented in clear and plain language and must include details necessary to enable the Data Principal to give specific and informed consent for the processing of their personal data. It's interesting to note that while there are standards prescribed under Rule 3 for the notice, the DPDP Rules do not prescribe any standardized format for the Consent Notice. Consequently, a major concern amongst businesses is regarding the appropriate and legally compliant manner to display consent notices in a manner that is easily accessible and understandable to data principals. It remains to be seen whether a standard notice format will be prescribed in the final rules that would streamline compliance or if data fiduciaries will have the option to retain flexibility in adopting their own mechanisms and specifics of notice based on their business operations. This further cause concerns that Data Fiduciaries might give notice in a manner that does not adequately inform the Data Principals about the particulars of the data to be shared. Ensuring Reasonable Security Safeguards Section 8(5) of the DPDPA mandates that Data Fiduciaries will protect the personal data (in its possession) and implement ‘reasonable security safeguards’ to prevent any data breach. Accordingly, Rule 6 of the Draft Rules expands on this requirement of ‘reasonable security safeguards’ and specify that Data Fiduciaries must adopt robust data security measures such as encryption, intrusion detection systems, data loss prevention tools, etc. Accordingly, the challenge lies not only in implementing these technologies but also requires businesses to adopt a risk-based approach to data security, conducting regular vulnerability assessments and implementing appropriate technical and organizational measures. Personal Data Breach Notification Section 8(6) of the DPDPA states that in the event of a personal data breach, it is the duty of the Data Fiduciary to promptly notify the Data Protection Board of India (‘Board’) and each affected individual about such breach. Since Data Fiduciaries are required to intimate Data Principals every time for each and every data breach because of no specific data threshold, it may eventually lead to significant compliance burdens for Data Fiduciaries. Further, these data breach notification requirements will add another layer of complexity as it would be difficult for the businesses to report each data breach promptly within 72 hours to both the Data Protection Board and all the affected Data Principals (especially with the elaborate information to be provided to the Board). In light of this, it would be ideal if the businesses implement automated threat detection systems and develop a data breach notification template for swift reporting (to the Board and Data Principals) to ensure timely compliance. Cross-Border Data Transfers Under the DPDPA, cross-border transfers of personal data is permitted unless explicitly prohibited by the government through a ‘negative list’ of jurisdictions (which could be prescribed by the Government in the future). Further, the draft DPDP Rules do not define a clear policy framework for the countries which could be designated under the ‘negative list’. Consequently, businesses will remain uncertain about future government decisions, necessitating careful risk assessments and contingency plans for cross-border data flows. Data Retention Requirements DPDPA provides strict data retention requirements mandating Data Fiduciaries to retain the personal data of Data Principals only as long as necessary to fulfill the purpose for which it was collected. Accordingly, in order to avoid any potential misuse, Data Fiduciaries must erase the personal data once it has served its purpose or is no longer required. Further, the DPDPA mandates Data Fiduciaries to promptly erase personal data upon the withdrawal of consent by the Data Principal. However, the DPDP Rules provide specific data retention timelines for three specific business sectors. Accordingly, all e-commerce entities and social media intermediaries (which have more than twenty million registered users in India) and all online gaming intermediaries (which have more than five million registered users in India) are required to ensure that they’ve deleted personal data of Users/ Data Principals provided the Data Principals do not approach such Data Fiduciaries for any specified purpose or for exercising their rights under the DPDPA for a continuous period of three years, or three years from the commencement of the DPDP Rules (whichever is earlier). In light of these compliance requirements, it will be challenging for the Data Fiduciaries to notify Data Principals each time prior to the permanent deletion of their data (after completion of the specified timelines). Challenges with Implementing Verifiable Parental Consent The DPDPA and its draft DPDP Rules require verifiable parental consent for processing personal data of children (who are below the age of 18 years) or people with disabilities. The purpose of this requirement is to shield children from negative consequences such as exposure to inappropriate content or targeted advertising (which could negatively impact their well-being and development). Furter, Rule 10 of the draft DPDP Rules provides how Data Fiduciaries should handle personal data when it comes to children or people with disabilities. Consequently, the main focus is on ensuring that the parent or legal guardian gives their consent prior to the processing of children data or person with a disability’s data by businesses. Although the businesses are required to implement robust age verification mechanisms and maintain detailed records of consent to ensure compliance with legal obligations, however, given that India’s data protection framework lacks clarity on permissible mechanisms/verification methods, it’ll be challenging for the Data Fiduciaries to ensure that they get clear and verifiable consent from a parent before they process or use the personal data of children or people with disabilities. Addressing the Rights of Data Principals Section 11 and 12 of the DPDPA grants Data Principals a range of rights, including the right to access, request corrections, updates and erasure of their personal data. Further, Rule 13 of the Draft DPDP Rules provides guidelines concerning the rights of Data Principal and their implementation. In light of this, it’ll be essential for the businesses to establish efficient and effective mechanisms for responding to Data Principal requests within the stipulated timelines and hence, the challenge lies in balancing the need to protect data privacy along with the need to maintain business operations. To streamline this process, it would be critical to deploy automated data rectification and deletion tools in the system and maintain an efficient grievance redressal mechanism. Obligations of Data Fiduciaries The DPDPA requires Data Fiduciaries to demonstrate accountability and transparency in their data processing activities. This requires businesses to maintain detailed records of their data processing activities, conduct data protection impact assessments (DPIAs) for high-risk processing businesses (which are supposed to be classified as Significant Data Fiduciaries) and appoint data protection officers (DPOs) where required. While maintaining records of data processing activities and conducting Data Protection Impact Assessments are welcome steps, however, the lack of clarity on DPIA requirements and assessment formats poses implementation challenges, which could eventually lead to weak assessments. Establishing a Grievance Redressal Mechanism The DPDPA mandates that Data Fiduciaries establish a grievance redressal mechanism for addressing Data Principal complaints. This requires businesses to develop clear and accessible procedures for receiving, investigating and resolving complaints as and when received from the Data Principals. However, the ultimate challenge lies in ensuring that the grievance redressal mechanism is fair, transparent, and effective, and that each complaint is resolved in a timely manner as mandated under the DPDPA. CONCLUSION The DPDPA, 2023, and the forthcoming DPDPR, 2025 signify a paradigm shift in India’s data privacy landscape. As the draft DPDP Rules were open for public consultation for a reasonable period of time, it remains to be seen whether the above inadequacies and challenges have undergone further scrutiny and refinement (to ensure robust data protection regime which upholds privacy rights while balancing compliance obligations of businesses) in the final version of the Rules which are supposed to be published in 2025. Meanwhile, to ensure effective compliance with the data protection laws, businesses should start adopting proactive compliance strategies by investing in privacy-enhancing technologies, conducting regulatory risk assessments, and implementing user-centric data governance models. By addressing these emerging challenges, businesses can not only ensure compliance with the legislation but will also build trust with their customers and stakeholders (thereby establishing a competitive advantage in the evolving digital ecosystem). Authors: Mr. Gaurav Bhalla (Partner) Mr. Parag Singhal (Associate)

Introduction Human resources (HR) management and resolution of employee-related issues are central to the successful functioning of any organization in India’s often chaotic labour market. The scope of activities ranges from ensuring solid structured frameworks for the recruitment of suitable talents to compliance with myriad labour laws to managing employer-employee relations and navigating extensive regulations for management of their workforce, business requirements to ensure they are in compliance with applicable labour laws. This is where a retained external General Counsel (GC) can play a crucial role in the smooth functioning of an organisation. Navigating the complexity of Indian labour laws and addressing the growing need for efficient and cost-effective legal support, an outsourced GC offers essential assistance for HR departments in companies to managing legal risks and ensuring smooth functioning of their day-to-day operations. What is a General Counsel Retainer? A General Counsel retainer refers to an arrangement wherein an organisation engages an external law firm to provide ongoing, reliable legal advice to the organisation in accordance with a pre-determined payment term. Unlike in the case of hiring a full-time in-house legal counsel, a retainer model allows organisations to access expert legal guidance without the significant costs associated in the event of the engagement of an in-house counsel. In the context of human resources and employment matters, a GC retainer ensures organisations have access to a specialist legal advisor for managing legal risks and providing advice on various aspects of Indian employment laws. The external GC can assist with a wide range of employment issues, from undertaking compliance as required under labour and employment legislations to managing employee disputes and ensuring legal compliance in the employment policies of a company. Key labour laws in India include: Shops and Establishment Act: The Shops and Establishment Act in each state governs the terms of employment of individuals at commercial establishments in each state. It lays down conditions pertaining to engagement of individuals, termination of employment and management of leaves among others. The Industrial Disputes Act, 1947: The Industrial Disputes Act primarily governs the management of disputes between employers and workmen and addresses matters such as layoffs, retrenchment, and termination of employment. The Employees’ Provident Funds and Miscellaneous Provisions Act, 1952: It provides a mechanism for deducting provident fund contributions for employees and provides a social security framework for employees. The Payment of Gratuity Act, 1972: Provides a framework for the computation and the payment of gratuity to employees who have completed five years of continuous service with an employer. General Counsel supports risk mitigation in the following manner: Drafting and Reviewing Employment Documents: Ensuring that employment contracts, offer letters, non-disclosure agreements (NDAs), settlement letters and other employment-related documents are legally sound and compliant with Indian laws, while ensuring that the interests of the company are covered. Managing Disputes: Providing guidance to companies on the ideal way to resolve disputes between employers and employees through mechanisms such as mediation, conciliation, or approaching the courts. Handling Terminations and Redundancies: Advising companies on formulating termination mechanisms and processes such as retrenchment, and termination for misconduct, as per applicable labour laws. Dealing with matters in relation to Trade Unions: Offering guidance to companies in dealing with trade unions pertaining to the available recourses under the applicable laws. Preventing Discriminatory Practices: Ensuring companies comply with laws like the Equal Remuneration Act, 1976 and the Sexual Harassment of Women at Workplace (Prevention, Prohibition, and Redressal) Act, 2013, the Transgender Persons (Protection of Rights) Act, 2019, and the Rights of Persons with Disabilities Act, 2016 etc. Employee Training and Education Another important role that a General Counsel is often required to play in employment matters is in training employees and managers of a company on their rights and responsibilities under labour laws mainly pertaining to registration of establishments, hiring and termination of workforce, prevention of sexual harassment in the workplace, prevention of discrimination in hiring and management of personnel. General Counsels are often required to design and deliver employee training programs that help the organization stay compliant with laws and create a more conducive work environment while ensuring that the commercial goals of the employer are being met. One such examples is educating employees and management on the provisions and frameworks as provided under the Sexual Harassment of Women at Workplace (Prevention, Prohibition, and Redressal) Act, 2013 (“POSH Act”). General Counsels further work towards providing employers and employees an understanding on how to prevent, report, and address incidents of sexual harassment. Furthermore, a GC can help businesses create mandatory frameworks as required under labour laws such as the POSH Act for preventing and addressing sexual harassment in the workplace. Cost-Effective Legal Support For many small and medium-sized businesses in India, having a full-time legal team dedicated to HR and employment matters may not be financially viable. In such cases, engaging a General Counsel from a third-party law firm on retainer offers a cost-effective method of managing employment issues. An external GC on a retainer provides companies with regular legal support at a predictable cost, allowing companies to manage their employment and labour related issues more efficiently than if they were to hire an internal legal team or engage external lawyers on a case-by-case basis. Moreover, a General Counsel’s ongoing advice aims to help businesses avoid costly litigation and fines from labour departments due to lapses and complaints made by stakeholders, which can significantly reduce overall legal expenses. Conclusion In the context of Indian laws, a General Counsel engaged from a law firm is an invaluable resource for companies, providing consistent legal advice and support on a range of employment-related issues. By ensuring compliance with labour laws, helping with risk mitigation, facilitating employee training, and guiding strategic decisions, a General Counsel helps companies and businesses manage their legal responsibilities while protecting them from costly disputes and penalties. With the landscape of Indian employment laws requiring a definitive mechanism to ensure oversight and compliance, having a trusted General Counsel on a retainer basis is a clear necessity for companies seeking to ensure legal compliance and smoother employment and labour management as part of optimum business operations. Author: Ms. Khyati Bhatia, Senior Associate at Ahlawat & Associates and Upamanyu Banerjee,  Associate

India passed the Digital Personal Data Protection Act, 2023 (“DPDPA”) – the nation’s first dedicated data protection statute – on August 11, 2023. The DPDPA undeniably marks a significant advance in aligning India’s domestic laws with international standards for data protection and privacy and is intended to replace the existing Indian Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). Notably, the DPDPA sets out a comprehensive legal framework for protection of personal data of individuals residing in India, akin to the European Union (EU) General Data Protection Regulation (GDPR). Like the GDPR, the DPDPA has extra territorial application – it also regulates processing of personal data (of individuals resident in India) by a person located outside Indian territory, provided such processing is carried out in connection with offering of goods or services to Indian residents. Accordingly, any person engaged in processing personal data of Indian residents (in digital form) is required to comply with the provisions of the DPDPA – irrespective of whether or not such person is located in India. While the DPDPA parallels the GDPR in certain aspects, however, it has its own distinct structure and requirements – including, notably, requirements in relation to regulation of the cross-border transfer of personal data. For Indian as well as foreign business organizations (whether targeting Indian consumers and/or engaging in cross border trade with Indian business partners) which are now subject to regulation under the DPDPA – it is accordingly exceedingly relevant to understand the scope and application of requirements set out thereunder in respect of transfer and processing of personal data of Indian residents and to implement necessary steps to ensure compliance thereto. Moreover, it is also relevant for stakeholders to have awareness and understanding of statutory requirements ahead of the upcoming (eminent) release of the draft Rules formulated under the DPDPA by the Indian Government (for the purpose of implementation of statute). This is also since it is speculated that the draft Rules will likely provide a short transition period (of around 6-8 months) to stakeholders for statutory compliance. Scope and Application of the DPDPA The DPDPA regulates the processing of digital personal data of “Data Principals” (i.e. the individuals to whom the data relates). Simply put, the statute applies to the processing of any personal data in digital form – whether collected in digital form or collected in non-digitized format and subsequently digitized. In relation, the DPDPA adopts a broad statutory definition of the term “personal data” – classifying this as any data about an individual “who is identifiable by or in relation to such data”. Further, where the individual to whom personal data relates comprises a child (i.e. any individual less than 18 years of age) the term Data Principal includes the parents or lawful guardian of such a child per the statue. The statute further stipulates that in so far as the personal data relates to any person with “disability” the term Data Principal would also include his/her lawful guardian Further, the statue is also extra-territorial in application – as mentioned above, it applies to the processing of digital personal outside Indian territory, provided such processing is carried out in connection with offering goods or services to Data Principals located in India. Thereby, it applies to any business organization engaged in processing digital personal data of Indian consumers for commercial purposes, irrespective of whether the relevant business organization is located within India. Key Stakeholders under the DPDPA For the purpose of regulation, the DPDPA principally recognizes and demarcates stakeholders as “Data Fiduciary” and “Data Processor”. Under the statute, a “Data Fiduciary” comprises any person who, alone or in conjunction with other persons, determines the purpose and means of the processing of personal data. Meanwhile, the term “Data Processor” broadly encompasses any person who processes personal data on behalf of a Data Fiduciary. The above designations employed by the statute are arguably akin (but not alike) to the designation of Data Processor and Data Controller under EU’s GDPR. It is important for international stakeholders, in particular, to note that these terms do not carry equivalent connotations in respect of statutory obligations. Illustratively, the DPDPA places the primary liability for management, security and processing of personal data (and the protection of the rights and interests of Data Principals) on the Data Fiduciary. The Data Fiduciary is held responsible for the Data Processor(s) engaged by it, including for ensuring appropriate conduct and statutory compliance at the end of such Data Processor(s). It is anticipated, however, that the forthcoming Rules under the DPDPA could further elaborate upon the obligations and duties applicable to the Data Processors. It is worth noting also that the DPDPA empowers the Indian Government to classify a certain Data Fiduciary or a certain class of Data Fiduciary as a “Significant Data Fiduciary”. The statute (non-exhaustively) stipulates that such classification may be based on factors such as the volume and sensitivity of the data processed by the Data Fiduciary, the risk of harm to the Data Principal and potential impact on the sovereignty and integrity of India and its security. The statute also prescribes enhanced compliance obligations for Significant Data Fiduciaries, which include the mandatory appointment of a local Data Protection Officer in India, engagement of an independent Data Auditor and the conduct of periodic Data Protection Impact Assessments. Further information on such measures and classification of the Significant Data Fiduciaries is also anticipated to be provided by the Indian Government under the forthcoming Rules. Regulation of Cross Border Data Transfer The DPDPA introduces certain important provisions in relation to cross-border processing and transfer of personal data, which are elaborated below. Restrictions on Transfer of Personal Data The DPDA empowers the Indian Government to restrict the transfer of personal data by a Data Fiduciary to certain foreign countries or territories (as may be notified). Thereby, the Indian Government can exercise this statutory power to blacklist a foreign territory or country prospectively and prohibit stakeholders from transfer of any personal data thereto. In this regard, it is worthwhile to note that the DPDPA doesn’t provide for the criteria basis which such restriction may be imposed by the Indian Government as regards a particular jurisdiction. However, it is speculated that clarity on this aspect may be incorporated in the draft Rules (to be issued under the DPDPA). Statutory Exemptions The DPDPA exempts certain instances of data processing and transfer from prohibition (in exercise of the statutory power granted by the Indian Government. This exemption extends to instances where data processing is necessary for the following purposes: for enforcing any legal right or claim; for discharge of functions any competent court or judicial or quasi-judicial or authority in India; for prevention, detection, investigation or prosecution of any offence or contravention of any law in force in India; where personal data of Data Principals (located outside India) is processed subject to contract between an Indian and any foreign (offshore) entity; for carrying out legally approved acquisition, merger or amalgamation or similar arrangement between two or more companies; for ascertaining the financial information and assets and liabilities of any person who has defaulted in payment of a loan or advance taken from a financial institution Concurrent Application of Additional Laws The DPDPA clarifies that its provisions will not impact existing law in India which provides for “…a higher degree of protection for or restriction on transfer of personal data by a Data Fiduciary outside India…” than the threshold of protection established under the DPDPA. This indicates that while transferring personal data outside India, multinational and other organizations will also require to comply with any Indian laws (as may be applicable) which provide for higher degree of protection or restriction than the DPDPA itself. Conclusion: Key Ramifications & Best Practices for Businesses  Key Ramifications The introduction of the DPDPA carries significant implications for domestic as well as international businesses engaged in trade in India – given its extraterritorial nature. With the enactment of the statute, a diverse set of stakeholders including multinational/international corporations or services providers with or without corporate presence in India, particularly in the e-commerce and IT industry are now subject to carry out compliance thereunder. From a practical perspective, stakeholders under the statue – including international or domestic business(es) operating in India – may qualify as Data Fiduciary or Data Processor or both. While businesses qualifying simply as a Data Processor will admittedly have a relatively lesser compliance burden under the DPDPA, they can still expect to deal with contractual obligations and negotiations regarding statutorily prescribed practices and procedures as part of their business arrangements/dealings with Indian stakeholders. Further, while the DPDPA does not impose specific restrictions or requirements on the transfer of data overseas, it – unlike the SPDI Rules – provides for prohibition of transfer of personal data to certain foreign jurisdictions or territories, as may be “blacklisted” by the Indian Government. This aspect of the DPDPA carries significant implications for businesses reliant upon outsourcing or overseas operations or otherwise operating in industries where data processing is integral to the offering of goods and services. Such businesses may face significant challenges in conducting business with Indian customers – since should the foreign country or territory, where important affiliates or partners are located, be blacklisted by the Indian Government subject to the DPDPA. Considerations & Best Practices for Businesses If a territory or country is blacklisted by the Indian Government, it is implicit that any collection or processing of data by relevant affiliates or partners in such territory or country will also be restricted. For adequately safeguarding business interests, it thus becomes necessary for relevant stakeholders to seek advisory to align their practices with the procedures prescribed in the DPDPA as well as to understand the recourse available to them under the statute. Illustratively, it can be inferred that the statutory exemptions set out in the DPDPA are largely intended to facilitate the discharge of official functions by law enforcement, banking and judicial authorities in India. For multinational and other business organizations, however, it is relevant to note that the statute exempts the processing of personal data where such processing is carried out as part of a merger or amalgamation or similar arrangement between two or more corporate entities. Further, it exempts the processing of data subject to a contract between a domestic party (located in India) and a foreign party. Consequently, relevant stakeholders – in particular businesses involved in outsourcing services or goods to or from India or business groups having or seeking control or ownership of entities in India – can employ the aforementioned two exemptions as grounds to transfer personal data of Data Principals to a foreign jurisdiction which has been blacklisted by the Indian Government prospectively (in exercise of its powers under the DPDPA) – provided that data transfers are otherwise conducted in alignment with the requirements under the DPDPA. To provide context, relevant considerations and requirements for stakeholders under the DPDPA include collection of informed consent from Data Principals, including for transfer of their; the management of such consent (including accounting for withdrawal of consent); employment of adequate protocols and contractual arrangements with third parties for maintaining confidentiality and security of data and/or handling of requests from Data Principals for retention/erasure/correction of data etc. In addition to the DPDPA, stakeholders must be prepared also for additional compliance under applicable laws and sector-specific regulations in India which prescribe a higher threshold of protection for the transfer and protection of personal data in India. For reference, these include relevant regulations of the Reserve Bank of India (RBI), Telecom Regulatory Authority of India (TRAI), Securities and Exchange Board of India (SEBI) and the Insurance Regulatory and Development Authority (IRDAI), per which requirements are set out for applicable stakeholders in relation to localization of storage of certain kinds of data and records. Interestingly, the SPDI Rules are also included within the scope of applicable laws at present – and will remain applicable until the time the DPDPA is fully implemented in India. Author: Ms. Ashneet Hanspal (Senior Associate)

Introduction India, with its dynamic and diverse economy, has become one of the most attractive destinations for business expansion and investment. Whether you are setting up a new business or managing an existing enterprise, complying with regulatory and legal requirements is crucial. Among these obligations, annual filings are significant for businesses operating in India. These filings ensure compliance with Indian corporate laws, tax regulations, and financial reporting standards, contributing to transparency and accountability. Here’s a detailed overview of the essential annual filings businesses need to make while operating in India. We have categorised the filings based on the applicability of the following enactments: A. Companies Act, 2013 Annual Return Filing with the Ministry of Corporate Affairs (MCA) Every company in India is required to complete the annual filing with the concerned Registrar of Companies (ROC), MCA, upon conclusion of the Annual General Meeting (“AGM”) every year. These filings are: Form AOC-4: This form is required to be filed to submit the financial statements, including the balance sheet, profit and loss account, and directors’ report of a company. This form needs to be filed within thirty days from the date of the AGM. In case of delay in filing the return, there is per-day penalty applicable to it. In case financial statements are not adopted in AGM, then un-adopted financial statements need to be filed within thirty days of the date of AGM (due date of AGM if AGM not held or extended due date, if any). Once financial statements are adopted, the company shall file the adopted financial statements within thirty days of the AGM (actual or adjourned, whichever is applicable). Form AOC-4 CFS:Every company having one or more subsidiaries is required to prepare the consolidated financial statements of the company and of all the subsidiaries. Such financial statements, duly adopted in the AGM of the company, shall be filed with the ROC within thirty days of the date of AGM. Form AOC-4 XBRL: Certain classes of companies as notified under Companies (Filing of documents and forms in Extensible Business Reporting Language) Rules, 2015 by the Central Government are required to mandatorily file their financial statement in Extensible Business Reporting Language (XBRL) format. It shall be filed with the ROC within thirty days of the date of the AGM. Form MGT-7/MGT-7A: This is the Annual Return, which contains information about the company, including its directors, shareholders, and corporate governance practices. It must be filed by every company within sixty days from the date of the AGM. In case of delay in filing the return, there is a per day penalty applicable to it. MGT-14: In the case of any resolution passed as a special resolution in the AGM or if the AGM is being conducted through video conferencing or other video audio mode, in such a case, Form MGT-14 is required to be filed within thirty days from the date of the AGM. Director’s Report and Financial Statements The companies must prepare and approve the director’s report and financial statements before the due date of the AGM. These documents must be signed by the directors of the company and are required to be adopted at the AGM. The director’s report provides an overview of the company’s financial health, corporate governance practices, and future business outlook. The financial statements—comprising the balance sheet, profit & loss account, and cash flow statement—reflect the financial performance of the company for the preceding financial year. Compliances under the Companies Act, 2013 The other event-based annual compliances required to be undertaken by the companies are as follows, including but not limited to: Form MSME Return: All companies who get supplies of goods or services from micro and small enterprises and whose payments to micro and small enterprise suppliers exceed forty five days from the date of acceptance or the date of deemed acceptance of the goods or services as per the provisions of Section 9 of the Micro, Small and Medium Enterprises Development Act, 2006 (27 of 2006), shall submit a half-yearly return to the MCA. Hence, the due dates for the MSME, if applicable, are April 30 and October 30, every financial year. Form DPT-3: Pursuant to the provisions of Rule 16 of the Companies (Acceptance of Deposits) Rules, 2014, every company shall, on or before the 30th day of June of every year, file with the ROC, a return in e-Form DPT-3 for deposits and/or particulars of transactions not considered as deposits as on March 31, of that year. Form PAS-6: Pursuant to Rule 9A and 9B of the Companies (Prospectus and Allotment of Securities) Rules, 2014, every unlisted public company and private company, other than a small company, is required to submit Form PAS-6 to the concerned ROC within sixty days from the conclusion of each half year duly certified by a company secretary in practice or chartered accountant in practice. B. Foreign Exchange Management Act, 1999 Foreign Liabilities and Assets Return (“FLA”): A company that has received foreign direct investment directly or indirectly in the previous year(s), including the current year, shall submit form FLA to the Reserve Bank of India on or before the 15th day of July of each year (Year for this purpose shall be reckoned as April to March). ECB 2 Return: A company that has raised External Commercial Borrowings (“ECB”) from outside India is required to report actual ECB transactions through Form ECB 2 Return through the AD Category I bank on a monthly basis so as to reach the Department of Statistics and Information Management (“DSIM”) within seven working days from the close of the month to which it relates. Annual Performance Report (“APR”): An Indian company acquiring equity capital in a foreign entity, which is reckoned as Overseas Direct Investment (ODI), shall submit an APR with respect to each foreign entity every year till the company is invested in such foreign entity, by December 31st, and where the accounting year of the foreign entity ends on December 31st, the APR shall be submitted by December 31st of the next year. Conclusion In conclusion, businesses operating in India must navigate a complex regulatory environment that includes a variety of annual filings to maintain compliance with corporate, tax, and foreign exchange laws. The filings under the Companies Act, 2013, such as the submission of financial statements, annual returns, and other event-based compliance forms, are essential to ensure transparency and accountability in business operations. Furthermore, businesses engaged in foreign direct investment (FDI) or external commercial borrowings (ECB) must comply with reporting obligations under the Foreign Exchange Management Act (FEMA), including FLA returns and APR submissions. Staying updated on these annual filing requirements is crucial for businesses to avoid penalties and legal issues. The diverse range of filings also highlights the importance of maintaining accurate and timely records, which not only ensures regulatory compliance but also enhances the company’s credibility in the market. Businesses must prioritize these filings as part of their overall governance strategy to foster sustainable growth and avoid potential legal complications. Author Details: Ms. Shweta Singh (Senior Associate) of Ahlawat & Associates    

India’s online gaming industry has seen exponential growth due to technological progress and increased internet access. As the online gaming industry expands, the complexity of its legal landscape has deepened, which is primarily governed by numerous legislation that predominantly cover a variety of legal areas viz. intellectual property rights, taxation, advertising, and information technology. Moreover, states in India have their own state-specific gaming laws due to the subject falling in the State List under the Indian Constitution, which indicates a lack of centralized legislation. Consequently, Indian Courts have tried to regulate the online gaming industry through judicial precedents that regulate key aspects of the gaming sector. I. Overview of Regulatory Framework The regulation of online gaming in India remains fragmented across states and intersects with several other legislations in the country. The primary legislation under which online gaming is largely legislated is the Public Gambling Act, 1867, which regulates and prohibits offline games of chance (but not offline games of skill). In this regard, Section 12 of the Act makes it clear that this legislation does not apply to games of skill. However, it is to be noted that post the enactment of the Constitution of India, 1950, the various state legislatures in India have received the authority to regulate and govern betting, gambling and allied activities within the territory of their respective state territories. Consequently, this has led to numerous legislations being enacted in various states across the country to regulate online games in the state. Recently, the Madras High Court in the case of All India Gaming Federation v. State and Ors., WP 13203 of 2023, nullified the Tamil Nadu Government’s ban on online rummy and poker, and held that that the Tamil Nadu Prohibition of Online Gambling and Regulation of Online Games Act, 2022 cannot be entirely declared unconstitutional and hence, the Act will be applicable only to games of chance. Therefore, the Hon’ble Court specified that the ban can be imposed on games of chance, but it should not extend to Rummy and Poker, which are considered games of skill. Game of Skill vs. Game of Chance The terms “game of chance” and “game of skill” have not been decisively defined in any Indian legislation (including gaming and gambling legislation existing at both the central and state level in India) in a comprehensive manner. However, the Indian judiciary has adjudicated upon and interpreted the terms at length in various judicial decisions. Thereby, whether a game qualifies as a “game of skill” or a “game of chance” in India is required to be determined keeping in mind the relevant criterion laid down by the Indian judiciary. The above aspect has also been affirmed in the case of Manoranjithan Manamyil Mandram v State of Tamil Nadu[1] wherein, the Madras High Court held that to determine what constitutes a game of chance or skill is a “question of fact” and is to accordingly be decided on the basis of facts and circumstances on a case-to-case basis. Further, as regards a “game of mere skill”, the Madras High Court held that a game of mere skill (which includes games based on skill, and a competition wherein success depends on a “substantial degree of skill”) will not constitute gambling. In contrast, a game of chance is where the aspect of luck or chance dominates skill or affects the outcome of the game. II. Regulation of Online Gaming: Recent Developments and Outlook for 2024 (a) Information Technology (Intermediary Guidelines and Digital Media and Ethics Code) Rules, 2021: Amendments One of the most notable developments is the amendment of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, in April 2023. This amendment expanded the scope of the IT rules and included online gaming in the same sphere by defining the terms ‘online game’ and ‘online real money game’. Under the amended rules, all online gaming platforms/intermediaries which offer an online real money game qualify as an ‘online gaming intermediary’ under the IT Rules and are required to undertake some compliances and exercise due diligence in a manner similar to the due diligence required by intermediaries in social media and e-commerce spheres under Rule 3 and 4 of the IT Rules. The guidelines require online gaming intermediaries to publish privacy policies and terms of use, verify users before allowing access to real-money games, and implement a grievance redressal mechanism for user complaints. (b) Tax Regulation on Online Games In August 2023, amendments to the Integrated Goods and Services Tax Act, 2017, and the Central Goods and Services Tax Act, 2017, required foreign-based gaming intermediaries offering services in India to register with Indian tax authorities and comply with local tax laws. Further, the GST Council also finalized its decision and levied a tax of 28% on monies deposited by users and/or the full face value of the bets placed on online gaming, casinos and horse-trading. Prior to this decision, the earlier regime allowed for an 18% tax on the gross gaming revenue (GGR). The GGR was calculated as the difference between the money wagered by the players and the amount paid as winnings. (c) Ethical Gaming Practices and Government Advisories on Advertisements. With the addition of the internet to gaming, advertisements have become a part of the online gaming experience and the industry. However, the prevalence of advertisements in online gaming introduces risks of unfair practices or surrogate advertising, which are regulated under the existing laws such as the Consumer Protection Act 2019, Press Council Act, 1978, and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 which prohibit the advertisements/promotion of betting and gambling . MIB’s advisories agianst surrogate advertising for online gaming  On August 25, 2023, the Ministry of Information & Broadcasting (“MIB”) issued an advisory to registered newspapers, private television channels, publishers of news and current affairs content on digital media, online advertisement intermediaries, and social media platforms asking them to refrain from publishing, broadcasting advertisements of online betting platforms and/or any such product/service depicting these platforms in a surrogate manner. CCPA’s Advisory on Prohibition of Advertising, Promotion, and Endorsement of Unlawful Activities  On March 6, 2024, CCPA also issued an advisory stating that celebrities and influencers should refrain from endorsing and promoting illegal betting and gambling activities as when a celebrity/influencer endorses or promotes something, consumers often perceive it as an acceptable activity. In view thereof, the Advisory specifically provides that celebrities and influencers can also be held equally liable for participating in an illegal activity. III. Recent Judicial Pronouncements: Galactus Funware Technology v. State of Karnataka (2022) In this case, the High Court of Karnataka on February 14, 2022 quashed various provisions of the Karnataka Police (Amendment) Act, 2021 thereby lifting the blanket ban on all games (including online skill games) played for stakes. The Court further held that the Amendment Act is violative of Article 14 of the Constitution as it does not recognize the difference between a ‘game of skill’ and a ‘game of chance’, thus treating distinct activities equally. All India Gaming Federation v. State and Ors., (WP 13203 of 2023) In this case, the Madras High Court nullified the Tamil Nadu Government’s ban on online rummy and poker and specified that the ban can be imposed only on games of chance and not on games of skill such as Rummy and Poker. The Court while partly allowing a batch of writ petitions further held that the Tamil Nadu Prohibition of Online Gambling and Regulation of Online Games Act, 2022 cannot be entirely declared unconstitutional and hence, the Act will be applicable only to games of chance. The Court further held that the definition of ‘online gambling’ under Section 2(i) of the Act, shall be read as restricted to ‘games of chance’ and not games involving skill viz. rummy and poker. IV. Conclusion India’s online gaming industry holds significant revenue potential but faces challenges due to fragmented regulations across states, outdated laws, and recent amendments. As the online gaming industry continues to grow, there is an urgent need for comprehensive legal reform to create a more consistent and unified regulatory framework. Instead of regulating the industry by amending the IT Rules, 2021, the government should consider updating existing laws and creating separate central legislation including the framework of self-regulatory bodies, to protect consumer interests and encourage responsible gaming practices. Authors: Ashneet Hanspal and  Parag Singhal Footnotes [1] AIR 2005 Mad 261

In this dynamic world of growing businesses and evolving economic landscape, India has emerged as the prime destination for facilitating business expansion.With its robust legal framework, favorable location, advanced infrastructure and varied talent pool, India provides a sustainable environment and a lucrative industry for investors to establish and expand their business. In this article, we explore why India is considered the best destination for international businesses to expand, with primary focus on the growing economy, favorable government policies, forthcoming legislative reforms and the vast market potential. India: A Growing Economy India’s economy has proven to be the fastest growing in recent years, throughout the world. The country has become the fifth-largest economy globally and aims at joining the top three global economic powers soon. According to the International Monetary Fund (IMF)[1], India’s economy is expected to grow for the year 2024-2025 at a rate of 6.5% attributable to the vigorous domestic demand and increasing working-age population. The Indian economy is supported by strong foundational policies laid by the Reserve Bank of India (RBI), which is vital in maintaining stability in the monetary framework. The RBI intends to control inflation, while providing continued and sustainable economic growth, by precisely modifying the interest rates and managing liquidity. Furthermore, the resilience of India’s economy has also boosted the stock market to record all-time highs, reflecting investor confidence in the country’s long-term growth prospects. Additionally, the economy is pushed forward owing to the country’s dynamic and large population, with 65% of Indians under the age of 35. With an increase in economic growth, businesses tend to expand and attract more investments, which results in a higher demand for a dynamic workforce across various industries. This demographic dividend provides a significant advantage for businesses as they can utilize a pool of young, skilled and cost-effective workforce. The dynamic workforce available in India has attracted various multinational companies to set up base and operate in India, specifically in IT, manufacturing and service sectors. As per the employment data included in the Periodic Labor Force Survey (PLFS) and the RBI’s KLEMS Data, India generated more than 8 crore employment opportunities from 2017-2018 to 2021-2022[2] which highlights the impact of the effective government initiatives aimed at boosting employment across sectors. While the rise in the economic growth boosts job creation in the nation, it also provides the Indian Government with the incentive and means to enhance the benefits and social security provided to the public which consequently contributes to a more sustainable and successful economy. Furthermore, with an improved connectivity and a rise in the technological capabilities, India’s digital transformation has been remarkable. The nation’s Information Technology (IT) sector is one of the largest sectors contributing significantly to the Indian economy. The Government’s drive for a digital economy through initiatives like Digital India, has played a key role in the increased digital access and is transforming the country into a digitally empowered society. Favorable Government Policies The Government of India has implemented several initiatives and policies to attract foreign investment and create a thriving business environment. The primary objective of the initiatives is to create a strong ecosystem that nurtures and protects businesses and innovation, ultimately generating large-scale employment opportunities and leading to the sustainable economic growth of the country. Register your Company in India – Company Registration Services in India We have listed few of the key government initiatives that contribute to India as an attractive business destination: Digital India Launched in 2015, the Digital India is a flagship initiative which aims at creating a digitally empowered society and knowledge economy. Strengthening the digital revolution, the purpose of this initiative is to ensure that the public services are made accessible to the citizens of India electronically by improving online infrastructure and internet connectivity. The Digital India initiative ensures continuous governance, transitioning from cumbersome analogue processes to seamless online platforms. This initiative has a significant impact on various sectors including, without limitation, education, healthcare and finance and focuses on providing high-speed internet across India, especially in remote and rural areas. The Digital India initiative has made significant developments in making government services more accessible to the public and promotes digital literacy throughout the country, making it an attractive spot for businesses to set base. Make in India The Make in India initiative, launched in 2014, intends to transform India into a global manufacturing destination and has been identified to give boost to entrepreneurship, across the varied sectors in India. The initiative primarily focuses on sectors including automobiles, defense, biotechnology, aviation, food processing, media and entertainment and railways. The Government launched the initiative to create a favorable environment for investments, develop an efficient infrastructure and make new sectors available for foreign capital. This initiative encourages both domestic and international business to commence manufacturing in India and provides various incentives such as simplified regulations, tax breaks and subsidies. Startup India Startup India, launched in 2016, is a flagship initiative of the Government of India with the agenda to actively support startups and entrepreneurs. The initiative provides mentorship and incubation support to startups subject to fulfillment of various conditions, encouraging innovation and helping new businesses rise at a quicker pace. With the intention to attract more businesses, the initiative provides various incentives and benefits to startups including easier compliance, reduction in patent registration fee, tax exemptions and access to fundings by the government. The Startup India initiative has launched several programs with the objective of building a robust start up ecosystem, attracting entrepreneurs and investors from around the globe. Atma Nirbhar Bharat The Self-Reliant India initiative (Atma Nirbhar Bharat Abhigyan) was launched with the vision to boost local manufacturing, reduce dependency on imports and promote indigenous products. The key objective of this initiative is to establish India as a global supply chain hub and to enter global markets to export goods. By promoting local manufacturing and products, the initiative intends to boost the country’s economy and create employment opportunities. This initiative emphasizes self-reliance and features job creation, education reforms, ease of doing business and agricultural boost. The use of local products and services resultantly creates a favorable environment for entrepreneurs to enter and tap into the growing demand for products made in India. Foreign Direct Investment (FDI) Liberalization The Government of India introduced and formulated an investor friendly FDI policy under which FDI up to 100% is permitted under the automatic route in most sectors and activities. The liberalized entry routes under the current FDI policy are aimed to attract potential investors as it has made it easier for foreign companies to invest in India. This liberalization attracted high levels of FDI specifically in sectors like retail, e-commerce, infrastructure and manufacturing. The resulting inflow of capital and technology has had a transformative impact on the growing economy of India, leading to job creation, infrastructure development, and enhanced global integration. Forthcoming Legislative Reforms and Proposed Regulations With the aim to safeguard personal data, the Government of India intends to implement a comprehensive legislation namely Digital Personal Data Protection Act, 2023 (“DPDP Act”) to establish clear guidelines with respect to data collection, storage, processing and usage and further mandates businesses to ensure the privacy and security of personal data in compliance with the provisions thereunder. This assurance of security and privacy is crucial for businesses, specifically for those in sectors like e-commerce and fintech where sensitive personal information is processed frequently. With the implementation of the DPDP Act, international businesses can now innovate and conduct their business activities without the fear of lack of regulatory certainty. The DPDP Act has received parliamentary approval and is proposed to come into effect in 2024. It aligns with the global protection standards like the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act. With the implementation of the DPDP Act, India shall also offer a regulatory framework at par with the international frameworks, allowing businesses to reduce their compliance costs and complexity. Further, businesses concerned about data security can enter the Indian market with ease and confidence in the security standards laid down by the DPDP Act. As part of the legislative reforms, the Government of India, through the Jan Vishwas (Amendment of Provisions) Act, 2023 (“Jan Vishwas Act”), aims to amend 183 (one hundred and eighty-three) provisions in 42 central statutes of India which is planned to be implemented in a phased-out manner. The Jan Vishwas Act amends various legislations including, without limitation, the Information Technology Act, 2000, the Payment and Settlement Systems Act, 2007, the Copyright Act, 1957, the Legal Metrology Act, 2009, the Environment Protection Act, 1986 and the Trademarks Act, 1999. The Jan Vishwas Act contains a slew of amendments that are bound to impact businesses operating in India as well as businesses that intend to operate in India. One of the key features of the Jan Vishwas Act is the decriminalization of minor, technical and procedural violations. Criminal consequences for unintended or minor defaults act as a barrier for international businesses considering to setup business domestically in India. The amendments introduced under the Jan Vishwas Act lower the risks associated with minor defaults that may occur while establishing businesses and offer a favorable business environment. The reduction in the criminal liabilities of businesses aims to and shall bolster foreign investment in India. Furthermore, the Government has recently introduced 4 (four) labor codes, with the aim of amending the labor landscape. These are the Occupational Safety, Health and Working Conditions Code, Code on Wages, Industrial Relations Code and Code on Social Security. While these labor codes have received parliamentary approval, they are yet to come into force. The implementation of these labor codes shall bring with it an employer friendly labor market, making it easier for businesses to hire, manage and retain employees. The labor codes simplify compliance requirements and reduce regulatory burdens for employers, particularly for labor exclusive sectors such as the manufacturing sector. The flexibility introduced with these labor codes is likely to drive the economic growth and attract investment at both domestic and international levels. Vast Market Potential As India has now cemented its position as among the world’s major economies, India has become an attractive market for countries to tap into and establish their businesses. Considering the large population, India also makes it an attractive consumer market for manufactured goods and services. With a majority of the Indian population residing in rural areas, the Government introduced initiatives such as Pradhan Mantri Gram Sadak Yojana for rural development. Owing to such schemes and initiatives, the infrastructure and connectivity in the rural areas have significantly improved, offering international businesses opportunities to establish and expand into these specific regions. The nation’s growing middle class, rising incomes, development and urbanization enhances its market appeal for international businesses. The everchanging consumer market and the shifts in the consumer behavior in India offers new opportunities for international companies to establish their presence in India in sectors including retail, e-commerce and entertainment. Furthermore, establishing e-commerce platforms in India is an approach through which businesses intend to reach the Indian consumer market and has witnessed significant advancements as this platform offers a convenient and efficient way to purchase global products and services. Given that India’s digital landscape has been growing at a rapid speed, the digital transformation of the country has created new opportunities for establishing businesses. The Government’s drive to create a cashless economy through schemes like Aadhar-enabled payments and Unified Payments Interface (UPI) payments has given entrepreneurs a boost to adopt digital payments and transactions. Additionally, India’s geographic location offers access to vast markets of South Asia, Central Asia and the Middle East, making it an ideal choice to set up businesses. This advantage promotes international trade, access to regional supply chains and provides businesses with an opportunity to expand their reach beyond the borders of India. Furthermore, India has pursued free trade agreements with major global economies which makes it easier for businesses in India to reach international markets under favorable trade terms. Conclusion To support business operations and smooth functioning, India has enacted strict and sector-specific legal and regulatory framework to conduct businesses and streamline foreign investments. Furthermore, India provides robust legal framework and governance with respect to commercial contract enforcement, protection of intellectual property and dispute resolution systems. Navigating the central and state specific legislations while while setting up a business in India requires legal expertise, however India’s commitment to protecting investor’s rights makes it a safe and favorable destination for international businesses. With a supportive legal framework, skilled workforce and a vast consumer market, India aims to continuously emerge as the ideal place to set up a business. Additionally, advancements in technology and infrastructure and a supportive startup ecosystem, enhance India’s appeal for entrepreneurs to establish business. The country’s growing economy, coupled with the government initiatives, offers a dynamic market and conducive environment for both international and domestic businesses. Authors: Sheena Ogra (Partner) and Shreyika Walia (Associate) of Ahlawat & Associates Footnotes [1] Press Information Bureau: Ministry of Finance- India shines as IMF upgrades GDP forecast to 7% in FY24-25 [2] Press Information Bureau: Employment Data