Working from Home Policy (India)

A Working from Home Policy in India sets out the rules the organisation expects to be followed and the standards against which conduct will be judged.

India does not have a single unified statute governing remote work. The regulatory framework draws on several overlapping statutes. The Industrial Disputes Act 1947, interpreted by the Supreme Court of India and various High Courts, governs the terms of employment, including changes to working conditions, for all employees who qualify as workmen. Unilaterally changing working conditions without proper notice under Section 9A of the Industrial Disputes Act 1947 — including mandating a return to office after a WFH arrangement has become an established practice — can constitute an unfair labour practice and expose the employer to disputes before the Labour Court or Industrial Tribunal.

For IT and ITES companies, the Ministry of Electronics and Information Technology (MeitY) has issued sector-specific guidelines. Companies operating from Special Economic Zones (SEZ) under the Special Economic Zones Act 2005 and from Software Technology Parks (STP) under the STPI scheme are subject to additional WFH conditions: MeitY guidelines require prior intimation to the Development Commissioner before WFH is permitted for SEZ employees, data security compliance including use of company-approved VPN and Mobile Device Management (MDM) software, and maintenance of records of WFH employees and their home locations. NASSCOM estimates that India's IT and BPM industry employs over 5 million professionals, the majority of whom have experienced WFH arrangements since 2020, making a strong, current WFH policy essential for IT employer compliance.

Data security is the most significant compliance dimension of WFH in India. The Information Technology Act 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (SPDI Rules) impose obligations on organisations processing sensitive personal data of employees and customers. The Digital Personal Data Protection Act 2023 (DPDPA 2023), when operationalised through Rules by MeitY, will strengthen data principal rights and impose penalties up to ₹250 crore per breach for data security failures attributable to inadequate home-working controls. The CERT-In Directions 2022 require mandatory reporting of cybersecurity incidents within 6 hours to the Indian Computer Emergency Response Team. A Working from Home Policy (India) that does not address these obligations creates significant regulatory exposure for the employer. Forms-legal.com provides this Working from Home Policy template as a starting point for India-compliant remote work governance.

A Working from Home Policy (India) is needed whenever an employer wishes to permit, formalise, or regulate remote working arrangements for any category of employee. Draft and implement the policy before WFH arrangements begin — not after disputes arise about entitlement, equipment, or data security obligations.

The policy is particularly essential for the following categories of Indian employers.

The Working from Home Policy and software companies: Technology employers in Bengaluru, Hyderabad, Pune, Chennai, Noida, and Mumbai routinely operate hybrid or fully remote models. Without a written WFH policy that addresses SEZ/STPI conditions under the Special Economic Zones Act 2005, data security, and attendance monitoring, these employers face both regulatory risk (Development Commissioner compliance for SEZ units, STPI compliance for STP units) and employee relations risk under the Industrial Disputes Act 1947 where employees assert that WFH has become an established condition of service.

BPO and KPO operators: Business process outsourcing and knowledge process outsourcing companies in cities such as Gurugram, Noida, Bengaluru, Hyderabad, Pune, and Mumbai handle customer data for international clients under contracts that require compliance with data security frameworks — SOC 2 Type II, ISO 27001, PCI-DSS, and HIPAA for US healthcare BPOs. Client contracts typically require documented WFH security policies as a condition of allowing remote delivery.

Corporate employers with DPDPA 2023 obligations: Any employer processing personal data of employees, customers, or third parties from home environments must have a documented WFH policy that addresses device security, data handling procedures, and breach reporting obligations under the Digital Personal Data Protection Act 2023 and the CERT-In Directions 2022.

Startups and SMEs introducing flexible working: Growing companies in India formalising hybrid or remote work models for the first time need a WFH policy to establish consistent expectations across distributed teams, address the income tax treatment of employer-provided home office equipment under the Income Tax Act 1961 (perquisite valuation under Rule 3 of the Income Tax Rules 1962), and maintain performance accountability through objective KPIs for remote workers.

The policy requires review and update after any significant regulatory change — when the DPDPA 2023 Rules are finalised by MeitY, when the Occupational Safety, Health and Working Conditions Code 2020 (OSHWC Code) is notified with Rules replacing the Factories Act 1948, or when the employer changes its technology infrastructure, data classification framework, or SEZ/STPI compliance obligations.

A complete Working from Home Policy (India) must address the following elements to be legally effective and operationally useful across the range of employers in India's technology, services, and corporate sectors.

Scope and eligibility: Define which categories of employees are eligible for WFH (by role, department, seniority, or performance rating), which roles are categorically ineligible (factory floor workers subject to the Factories Act 1948, front-desk reception staff, laboratory technicians requiring physical equipment access), and whether WFH is a permanent arrangement, a hybrid model specifying the minimum number of days per week in the office, or available only on an ad hoc approved basis for specific reasons.

Application and approval process: The procedure for applying for WFH (written request to line manager with reasons), the criteria for approval (role compatibility, home office adequacy, broadband availability, team coverage requirements), the review period (typically 3 months before a permanent WFH arrangement is confirmed), and the right to withdraw approval for operational reasons. For employees based in SEZ units, the requirement to notify the Development Commissioner and receive approval before WFH commences under MeitY guidelines must be stated explicitly.

Equipment and technology: Whether the employer provides a laptop, monitor, ergonomic chair, headset, and internet allowance (and the income tax perquisite implications under Rule 3 of the Income Tax Rules 1962), or whether employees use their own devices under a formal BYOD policy. BYOD arrangements must require installation of the company's Mobile Device Management (MDM) software as a condition of corporate network access, with the employer retaining the right to remotely wipe company data in the event of device loss, theft, or employment termination.

Data security and IT Act 2000 compliance: Mandatory use of company-approved VPN for all access to corporate systems; prohibition on storing corporate data on personal cloud storage accounts (Google Drive, Dropbox, OneDrive, iCloud) without written IT department approval; encrypted communication channels for all sensitive or confidential information; compliance with the IT (SPDI) Rules 2011 and DPDPA 2023 as a data fiduciary; obligation to lock screens when unattended and to work only in a physically private environment; prohibition on joining video calls in public spaces (cafés, trains, airports) where screens or audio may be observed; mandatory reporting of lost devices, suspected unauthorised access, or security incidents to the IT security team and to CERT-In within 6 hours under the CERT-In Directions 2022.

Working hours and availability: Core hours during which the employee must be reachable and responsive (for example, 10 AM to 5 PM IST Monday to Friday), whether contractual working hours under the employment contract and the applicable state Shops and Establishments Act (Maharashtra Shops and Establishments (Work and Welfare) Act 2017, Karnataka Shops and Commercial Establishments Act 1961, Tamil Nadu Shops and Establishments Act 1947) remain unchanged while working from home, and the prohibition on WFH from locations outside India without prior written HR and tax department approval — working from abroad as an Indian tax resident employee creates risks of permanent establishment under double tax avoidance treaties and triggers compliance questions under Section 6 of the Income Tax Act 1961.

Attendance and performance management: How attendance is recorded for WFH employees — timesheet or attendance logging in the HRMS, daily check-in message, or project management tool activity — and the disciplinary consequences of unexcused absence or non-availability. Performance KPIs must be defined objectively for remote workers. The process for managing underperformance in a remote context must comply with the Industrial Employment (Standing Orders) Act 1946 where applicable, providing a fair opportunity to improve.

Health, safety, and ergonomics: The employer's duty of care under the OSHWC Code 2020 to take reasonably practicable steps to protect the health and safety of remote workers; the requirement for the employee to complete a home workstation self-assessment checklist before commencing WFH, confirming the workspace meets minimum safety standards; and the employee's obligation to report any home-working accident or injury sustained during working hours to the HR department, which may trigger Employees' Compensation Act 1923 obligations.

Expenses and tax treatment: Whether the employer pays a monthly WFH allowance or reimburses actual expenses for broadband, electricity, or office supplies; the income tax treatment of such allowances under the Income Tax Act 1961 (exempt allowances under Section 10(14) or taxable perquisites under Section 17(2)); and the claim submission process.

Review and amendment: The employer's right to review, modify, or withdraw WFH arrangements on reasonable notice consistent with Section 9A of the Industrial Disputes Act 1947. The policy must be reviewed at least annually and following any material change in regulatory requirements. Forms-legal.com provides this template as a starting point for India-compliant WFH policy documentation.