Investor Due Diligence Checklist: Legal, Financial & Tax (India)

Why Due Diligence Matters for Indian Startups

Due diligence is not merely a compliance exercise — it is the process through which investors assess whether a startup is worth their capital and what risks they are assuming. For founders, understanding the diligence process is critical because it directly impacts valuation negotiations, deal terms and the speed of closing.

At our firm, we have supported startups through hundreds of funding rounds, from seed to growth stage, and we have observed a clear pattern: startups that invest in building a diligence-ready infrastructure from day one close their rounds faster, negotiate better valuations and face fewer post-investment disputes. Conversely, startups that treat diligence as an afterthought often face down-rounds, onerous indemnity obligations or, in the worst case, deal collapse.

This guide provides a comprehensive, practical checklist across all five diligence workstreams, drawn from our experience advising both investors and startups in the Indian ecosystem.

I. Legal Due Diligence

A. Corporate Records and Governance

The legal diligence team will begin with a thorough examination of the company’s corporate records. This is the foundation upon which all other diligence workstreams rest.

• Certificate of Incorporation and amendments: Verify the company’s legal existence, registered office and any changes to the name or registered address.
• Memorandum of Association (MoA) and Articles of Association (AoA): Review the objects clause, authorised share capital, share transfer restrictions and any special rights attached to different share classes. Ensure the AoA is consistent with existing shareholder agreements.
• Board resolutions and minutes: Review minutes of all board meetings and general meetings from incorporation. Pay particular attention to resolutions authorising share allotments, borrowings, related party transactions and appointment/removal of directors.
• Statutory registers: Register of members, register of directors and KMP, register of charges, register of contracts with related parties, register of loans and investments — all maintained under the Companies Act, 2013.
• Annual returns and filings with the MCA: Verify that all annual returns (Form MGT-7), financial statements (Form AOC-4) and event-based filings have been made on time. Late filings attract penalties and suggest operational laxity.
• Existing shareholders’ agreements, subscription agreements and side letters: Review all existing investment documents, including term sheets, SHA, SSA, side letters and any amendments. Identify provisions that may affect the current round (pre-emptive rights, anti-dilution, drag-along, tag-along).

B. Capitalisation and Share History

• Cap table reconciliation: Reconcile the cap table with statutory records (register of members, MCA filings). Verify every share issuance from incorporation, including share certificates, Form PAS-3 filings and board/shareholder resolutions.
• Convertible instruments: Identify all outstanding convertible notes, compulsorily convertible debentures (CCDs) and compulsorily convertible preference shares (CCPS). Verify conversion terms, timelines and compliance with FEMA pricing norms.
• ESOP plan and grants: Review the ESOP scheme document, board and shareholder resolutions, individual grant letters, vesting schedules, exercise prices and the current status of all grants (vested, exercised, lapsed, cancelled). Verify compliance with Section 62(1)(b) of the Companies Act.
• Pending share transfers: Identify any pending or disputed share transfers, transfer restrictions and encumbrances on shares (pledges, liens).

C. Intellectual Property

• IP ownership and assignment: Verify that all intellectual property created by founders, employees and contractors has been validly assigned to the company. This is one of the most common diligence red flags — many Indian startups fail to execute proper IP assignment agreements.
• Trademark registrations: Review trademark applications and registrations, including the status of each (applied, published, registered, opposed). Verify the company’s right to use its brand name and logo.
• Patent filings: For technology startups, review patent applications and grants, including the scope of claims, jurisdictions covered and maintenance fee status.
• Domain names and digital assets: Verify ownership of all domain names, social media handles and app store listings.
• Open source compliance: Review the use of open-source software, including compliance with licence terms (GPL, MIT, Apache, etc.). Ensure the company’s proprietary code is not contaminated by copyleft obligations.
• Third-party IP risks: Assess the risk of infringement claims and review any cease-and-desist notices or IP disputes.

D. Contracts and Commercial Arrangements

• Material contracts: Review all contracts above a specified threshold (typically INR 10 lakh or as defined by the investor). This includes customer contracts, vendor agreements, technology licences, lease agreements and distribution agreements.
• Change of control provisions: Identify contracts that contain change-of-control clauses which may be triggered by the investment round or a future exit.
• Related party transactions: Review all transactions with related parties (directors, promoters, their relatives and associated entities) for compliance with Section 188 of the Companies Act and arm’s length pricing.
• Non-compete and non-solicitation agreements: Verify that founders and key employees are bound by appropriate restrictive covenants.

E. Employment and Labour

• Employment agreements: Review employment contracts for key personnel, including compensation, notice periods, IP assignment, confidentiality and restrictive covenants.
• Contractor vs. employee classification: Assess whether contractors (freelancers, consultants) are correctly classified. Misclassification can lead to PF, ESI and gratuity liabilities.
• Labour law compliance: Review compliance with the Shops and Establishments Act, Payment of Wages Act, Minimum Wages Act, PF Act, ESI Act, Payment of Bonus Act, Payment of Gratuity Act and the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.
• Employee headcount and attrition: Analyse headcount trends, attrition rates and any pending employee disputes or complaints.

F. Litigation and Disputes

• Pending litigation: Obtain a complete list of all pending and threatened litigation, including civil suits, criminal cases, consumer complaints, labour disputes and arbitration proceedings.
• Regulatory proceedings: Review any show-cause notices, investigation orders or enforcement actions from regulatory bodies (SEBI, RBI, DPIIT, Competition Commission, data protection authorities, etc.).
• Contingent liabilities: Quantify the financial exposure from pending litigation and disputes, cross-referencing with contingent liability disclosures in the financial statements.

II. Financial Due Diligence

A. Historical Financial Statements

• Audited financial statements: Review audited financials for the last three financial years (or from incorporation, if younger). Analyse the auditor’s report for qualifications, emphasis of matter paragraphs and key audit matters.
• Revenue recognition: Verify revenue recognition policies for compliance with Ind AS 115 (Revenue from Contracts with Customers). For SaaS companies, this includes the treatment of annual subscriptions, usage-based billing, professional services revenue and multi-element arrangements.
• Quality of earnings analysis: Distinguish between recurring and non-recurring revenue and expenses. Identify one-time items, related-party transactions and accounting policy choices that may inflate or deflate reported earnings.
• Working capital analysis: Analyse trade receivables ageing, trade payables ageing, inventory levels (if applicable) and cash conversion cycle. Identify any receivables from related parties or doubtful debts.
• Cash flow analysis: Review cash flow from operations, investing and financing activities. Assess the company’s cash burn rate and runway at current spending levels.

B. Management Accounts and Projections

• Monthly MIS: Review monthly management information systems (MIS) for the last 12-24 months. Compare MIS data with audited financials to identify discrepancies.
• Financial projections: Evaluate the reasonableness of the company’s financial projections, including revenue growth assumptions, margin expansion plans, customer acquisition cost (CAC) trends, lifetime value (LTV) assumptions and capital expenditure plans.
• Burn rate and runway: Calculate the current monthly burn rate and remaining runway based on cash in hand and projected inflows/outflows.

C. Internal Controls and Accounting Systems

• Accounting software and systems: Review the accounting software used, chart of accounts, internal controls over financial reporting and segregation of duties.
• Bank account reconciliation: Verify that all bank accounts are reconciled and there are no unexplained differences.
• Expense management: Review expense approval processes, reimbursement policies and corporate credit card usage.

III. Tax Due Diligence

A. Direct Tax

• Income tax returns: Review filed income tax returns for all assessment years from incorporation. Verify that returns were filed on time and that the tax computation is consistent with the audited financial statements.
• Section 56(2)(viib) compliance (Angel Tax): For every share issuance to resident investors above face value, verify that the share premium is supported by a valuation report under Rule 11UA. While the angel tax has been abolished for issues after April 2024, historical exposures may still exist.
• Section 68 (unexplained cash credits): Verify that all share capital and premium received can be explained with documentary evidence (identity, creditworthiness and genuineness of the investor).
• TDS compliance: Review TDS deductions and deposits for salaries, contractor payments, rent, professional fees and other specified payments. Verify that TDS returns have been filed on time and that there are no outstanding demands.
• Transfer pricing: For companies with international transactions (including with overseas group entities), review transfer pricing documentation (Form 3CEB, TP study) and compliance with arm’s length principles.
• DPIIT recognition and tax benefits: Verify DPIIT startup recognition status and eligibility for tax benefits under Section 80-IAC (three-year tax holiday). Confirm that the Inter-Ministerial Board certification has been obtained if claiming the exemption.
• Pending assessments and demands: Review all pending income tax assessments, scrutiny proceedings, rectification proceedings, appeals and outstanding demands.

B. Indirect Tax (GST)

• GST registration: Verify GST registration status across all states where the company has a place of business or supply obligation.
• GST return filing: Review GSTR-1, GSTR-3B and annual return (GSTR-9) filings for completeness and timeliness. Reconcile GST returns with the audited financial statements and the books of accounts.
• Input tax credit (ITC) compliance: Verify that ITC claims are supported by valid tax invoices from registered suppliers and that ITC reversals have been made where required (blocked credits under Section 17(5), proportionate reversal for exempt supplies, etc.).
• E-invoicing and e-way bill compliance: Verify compliance with e-invoicing requirements (mandatory for businesses above specified turnover thresholds) and e-way bill generation for movement of goods.
• Pending GST proceedings: Review any show-cause notices, assessment orders, refund claims or appeals under GST.

C. Other Tax Matters

• Equalisation levy: For companies receiving digital advertising or e-commerce services from non-residents, verify compliance with the equalisation levy provisions.
• Professional tax: Verify professional tax registration and payment compliance in all applicable states.
• Stamp duty: Review whether all share issuances, property transactions and agreements have been adequately stamped.

IV. Regulatory Due Diligence

A. FEMA Compliance

• FDI reporting: Verify that all foreign investments have been reported on the RBI‘s Single Master Form (SMF) within the prescribed timelines. Late reporting or non-reporting is a common compliance gap in Indian startups and can result in compounding penalties.
• Pricing compliance: Verify that all share issuances to non-resident investors comply with FEMA pricing guidelines (fair market value determined by an internationally accepted methodology). Cross-reference with the valuation reports obtained at each round.
• Sectoral conditions: Verify compliance with sector-specific FDI conditions, including sectoral caps, conditionalities and government approval requirements.
• Downstream investment: If the company has made downstream investments, verify compliance with downstream investment regulations under the NDI Rules.
• External commercial borrowings (ECB): Review any ECB arrangements for compliance with the FEMA (Borrowing and Lending) Regulations.
• Overseas direct investment (ODI): If the company has overseas subsidiaries or has made overseas investments, verify compliance with the FEMA (Overseas Investment) Rules, 2022.

B. Industry-Specific Regulations

• RBI regulations: For fintech companies, verify compliance with RBI guidelines on payment aggregators, NBFC licensing, digital lending guidelines and data localisation requirements.
• SEBI regulations: For companies operating in or adjacent to capital markets, verify SEBI registration and compliance requirements.
• Data protection: Review compliance with the Digital Personal Data Protection Act, 2023, including data processing agreements, consent mechanisms, data localisation and cross-border transfer compliance.
• Sector-specific licences: Verify all industry-specific licences, permits and approvals (telecom, healthcare, food safety, education, insurance, etc.).

V. Operational Due Diligence

A. Technology and Product

• Technology stack: Review the technology architecture, scalability, technical debt, code quality and deployment practices.
• Data security: Assess cybersecurity measures, vulnerability management, incident response procedures and data backup/recovery mechanisms.
• Product roadmap: Evaluate the product roadmap, competitive positioning and technology differentiation.

B. Commercial and Market

• Customer concentration: Analyse revenue concentration across customers. High dependence on a few customers is a significant risk factor.
• Unit economics: Review customer acquisition cost (CAC), lifetime value (LTV), gross margins and contribution margins at a cohort level.
• Competitive landscape: Assess the competitive environment, market size, growth potential and the company’s competitive moat.

C. Insurance

• Insurance coverage: Review all insurance policies, including directors’ and officers’ (D&O) liability, professional indemnity, cyber insurance, property insurance and key-person insurance. Identify gaps in coverage.

Building a Diligence-Ready Data Room

Data Room Structure

We recommend organising the data room into the following top-level folders, with sub-folders mirroring the checklist above:

1. Corporate: Incorporation documents, AoA, MoA, board resolutions, minutes, statutory registers, MCA filings.
2. Capitalisation: Cap table, share issuance documents, SHA/SSA, ESOP documents, convertible instruments.
3. Financial: Audited financials, management accounts, bank statements, projections, audit reports.
4. Tax: Income tax returns, TDS returns, GST returns, valuation reports, assessment orders, demands.
5. Regulatory: FEMA filings, RBI approvals, DPIIT recognition, industry licences, data protection compliance.
6. IP: Trademark registrations, patent filings, IP assignment agreements, open-source audit reports.
7. Contracts: Material contracts, customer agreements, vendor contracts, lease agreements.
8. Employment: Employment agreements, ESOP grant letters, HR policies, PF/ESI compliance.
9. Litigation: Pending cases, legal notices, insurance claims.
10. Operational: Technology architecture documents, security audit reports, insurance policies.

Data Room Best Practices

• Use a reputable virtual data room (VDR) platform with access controls, watermarking and activity tracking.
• Number all documents consistently and maintain an index.
• Upload documents in searchable PDF format wherever possible.
• Grant granular access permissions — legal advisors may need access to litigation documents that financial diligence teams do not.
• Designate a single point of contact (typically the CFO or a senior finance team member) to manage data room queries.
• Maintain a Q&A log to track and respond to investor queries systematically.

Timeline and Process

A typical due diligence process for a Series A or Series B round in India takes 4-8 weeks. The timeline depends on the complexity of the company’s structure, the quality of existing documentation and the investor’s thoroughness. We recommend the following timeline:

• Week 1-2: Data room preparation and initial document upload by the company.
• Week 2-4: Investor’s legal, financial and tax teams review documents and submit queries.
• Week 3-5: Company responds to queries, provides additional documents and conducts management presentations.
• Week 5-7: Investor’s teams prepare diligence reports, identify red flags and negotiate indemnity/warranty provisions.
• Week 6-8: Diligence completion, definitive document negotiation and signing.

Frequently Asked Questions

1. How long does investor due diligence typically take for an Indian startup?

For a Series A or Series B round, due diligence typically takes 4-8 weeks from the date the data room is opened. Seed rounds may take 2-4 weeks given the simpler structure, while later-stage rounds with complex cap tables, multiple subsidiaries and international operations can take 8-12 weeks. The most significant variable is the startup’s preparedness — a well-organised data room can reduce the timeline by several weeks.

2. What are the most common diligence deal-breakers for Indian startups?

The most common deal-breakers we have observed include: undisclosed litigation or regulatory proceedings, material FEMA non-compliance (especially unreported foreign investments), IP ownership disputes (where founders or key developers have not assigned IP to the company), unexplained gaps between audited financials and management accounts, and undisclosed related-party transactions. Any of these can result in the investor walking away or demanding significant valuation haircuts and enhanced indemnities.

3. Should startups engage their own diligence advisors?

Yes. We strongly recommend that startups engage their own legal, tax and financial advisors to conduct a pre-diligence health check before opening the data room to investors. This “vendor due diligence” or “diligence readiness assessment” identifies issues that can be remediated before the investor’s team discovers them. The cost of engaging advisors proactively is far less than the value destroyed by deal delays or haircuts caused by diligence surprises. Our startup advisory team offers comprehensive diligence readiness assessments.

4. How should startups handle diligence queries about FEMA compliance?

FEMA compliance is one of the most heavily scrutinised areas in diligence for any startup with foreign investment. Startups should ensure that all FDI-related filings (Form FC-GPR, Form FC-TRS, downstream investment reporting) have been made on the RBI’s Single Master Form within prescribed timelines. If there are delays or gaps, consider filing late returns or applying for compounding before the diligence process begins. Our FEMA compliance team regularly assists startups with remediation and regularisation of past non-compliances.

5. What happens if diligence reveals material issues?

Material diligence findings typically result in one or more of the following outcomes: (a) the investor renegotiates the valuation downward; (b) the investor demands specific indemnities from the founders for identified risks; (c) certain issues are designated as “conditions precedent” that must be resolved before closing; (d) the investor requires additional representations and warranties in the investment documents; or (e) in the worst case, the investor terminates the transaction. The specific outcome depends on the nature and severity of the issue, the investor’s risk appetite and the overall attractiveness of the opportunity.

6. Is due diligence different for DPIIT-recognised startups?

DPIIT-recognised startups enjoy certain regulatory benefits (including the erstwhile angel tax exemption and self-certification for labour and environmental laws), but the diligence process itself is substantially similar. However, the diligence team will specifically verify the validity of the DPIIT recognition certificate, compliance with the startup definition criteria and proper availing of any tax benefits claimed under Section 80-IAC. If the startup has claimed the Section 80-IAC tax holiday, the diligence team will verify Inter-Ministerial Board certification and ongoing eligibility.

7. How should founders prepare for management presentations during diligence?

Management presentations are a critical component of the diligence process. Founders should prepare clear, honest and well-documented presentations covering the company’s history, product, technology, market opportunity, competitive landscape, unit economics, financial projections, key risks and mitigation strategies. We advise founders to be transparent about known issues — attempting to hide problems only destroys trust if (and when) the diligence team discovers them independently.

Virtual Auditor — AI-Powered CA & IBBI Registered Valuer Firm
Valuer: V. VISWANATHAN, FCA, ACS, CFE, IBBI/RV/03/2019/12333
Chennai (HQ): G-131, Phase III, Spencer Plaza, Anna Salai, Chennai 600002
Bangalore: 7th Floor, Mahalakshmi Chambers, 29, MG Road, Bangalore 560001
Mumbai: Workafella, Goregaon West, Mumbai 400062
Phone: +91 99622 60333 | Email: support@virtualauditor.in
Book a Free Consultation