Upcoming Challenges for Indian Company Law: Corporate governance, comparative international practice, and a reform roadmap for a fast-changing economy
Abstract
Indian company law is being tested by converging pressures: complex group structures, rapid digitisation, global capital flows, intensified ESG expectations, more assertive institutional investors, and a heavier enforcement environment built around specialised regulators and tribunals. Peer jurisdictions are simultaneously modernising director duties, audit regulation, sustainability reporting, beneficial ownership transparency, and cross-border restructuring tools. These trends increasingly shape Indian corporate practice through investment conditions, supply-chain expectations, and comparative governance benchmarks.
This article maps the upcoming challenges for Indian company law through the lens of corporate governance. It compares India’s framework with selected international approaches (UK, US/Delaware, EU and Singapore). It uses Indian case studies and case law – including the Satyam fraud (SEBI enforcement and Supreme Court litigation) and the Tata Sons–Cyrus Mistry oppression and mismanagement judgment of the Supreme Court (26 March 2021) – to illustrate how governance failures and governance disputes arise. It then proposes a reform roadmap that aims to improve disclosure quality, board capability, beneficial ownership transparency, related party governance, audit credibility and dispute-resolution speed.
Key words and defined terms
Company law: the body of statutes, rules and judicial principles governing incorporation, capital, management, investor protection, disclosures, restructuring and winding up of companies.
Corporate governance: the system of direction and control. It includes board structure, fiduciary duties, internal controls, audit, disclosures, shareholder rights, and accountability for outcomes.
Fiduciary duties: duties of loyalty and care owed by directors and key managerial personnel to the company. In India these are codified substantially in section 166 of the Companies Act of 2013
Stakeholder capitalism: a governance approach that treats employees, customers, communities and the environment as stakeholders whose interests should be considered alongside shareholder value.
ESG: environmental, social and governance factors that influence corporate risk and performance. Increasingly linked to disclosures, financing terms and market access.
Related party transaction (RPT): a transaction between a company and its related parties. It is regulated because it can enable transfer of value away from the company. In India, the Companies Act (section 188) and SEBI LODR (regulation 23) are key regimes for listed entities.
Beneficial ownership: the natural person who ultimately owns or controls a legal entity, even if ownership is held through layers of companies, trusts or nominees.
Digital governance: board-level oversight of technology risks. Cyber security, data protection, AI governance, resilience and business continuity.
Regulatory arbitrage: structuring business activity to exploit gaps between different legal regimes or jurisdictions.
Group insolvency: treatment of insolvency risks in corporate groups where entities are legally separate but operationally interdependent.
1. Why the next decade will stress company law
Company law is a framework. It assumes that boards will act with competence, integrity and independence; that disclosures will be meaningful; that audits will be reliable; and that enforcement will be timely. When any one pillar weakens, the framework becomes performative rather than protective.
The next decade amplifies three stressors.
First. Complexity. Modern enterprises are built on subsidiaries, joint ventures, special purpose vehicles, off-balance-sheet contracts, platform ecosystems and cross-border supply chains. Transactions are faster. Documentation is more voluminous. Risks are more interconnected.
Second. Intangibles. Value increasingly sits in data, software, brands, networks and human capital. Traditional legal tests built around physical assets and financial statements do not fully capture governance and accountability for intangibles.
Third. Speed. Markets react in minutes. Cyber incidents unfold in hours. Activist campaigns and social media narratives can change corporate reputations overnight. Traditional adjudication timelines are too slow for these realities.
2. The Indian corporate governance landscape: strengths and fault lines
India’s company law and listed-entity governance architecture is dense. The Companies Act, 2013 introduced codified director duties, strengthened board committees, independent director norms, internal audit, rotation requirements, and a specialised tribunal system (NCLT/NCLAT). SEBI’s LODR Regulations add continuous disclosure, board composition requirements, RPT approvals, shareholder voting norms, and investor-facing governance reporting.
Strengths.
Clear statutory duties. A recognisable committee model. Mandatory audit committee oversight. Formalised shareholder remedies for oppression and mismanagement (sections 241-242). Enhanced accountability for fraud (section 447).
Fault lines that create upcoming challenges.
Form over substance. Checklists can replace judgement. Boards may satisfy independence in form but not in spirit.
Controlling shareholder dominance. Many Indian listed groups remain promoter-led. That creates agency risks: tunnelling, preferential information access, and group-level decisions that externalise costs to minority shareholders.
Enforcement capacity. Multiple regulators exist (MCA, SEBI, SFIO, NFRA, RBI for regulated entities). Overlaps create duplication in some areas and gaps in others. Timelines remain a chronic weakness.
Disclosure overload without clarity. Annual reports may be long, but not necessarily decision-useful. Key risks can be buried under boilerplate text.
3. Lessons from Indian case studies and case law
3.1 Satyam: financial reporting fraud as governance failure.
In January 2009, the chairman of Satyam Computer Services admitted that the company’s financial statements were materially misstated. The event became a watershed for Indian governance. The core lesson is that fraud was not only an accounting problem. It reflected weak board skepticism, ineffective internal controls, and compromised gatekeeping.
Regulatory and judicial trail matters for company law because it shaped standards of accountability for directors and auditors. SEBI passed enforcement orders in 2014 against key individuals associated with the fraud. The Supreme Court, in proceedings arising from the ‘Satyam scam’, described the genesis and ramifications of the misstatements while dealing with connected appeals.
Practical takeaway for upcoming challenges.
Disclosure and audit reforms must address incentive design. Independence is necessary. Not sufficient. Audit quality requires supervision, liability clarity and real-time oversight of red flags.
3.2 Tata Sons–Cyrus Mistry: oppression and mismanagement in large groups.
The Tata Sons litigation shows how governance disputes in closely held or promoter-controlled groups can be framed as oppression and mismanagement. The Supreme Court’s judgment (March 2021) examined whether board and shareholder decisions crossed the threshold of oppression, and what remedies are permissible under the statutory scheme.
Practical takeaway.
Indian company law will see more disputes where governance is contestable rather than fraudulent: removal of executives, board control, information rights, and conversion between private and public status. Tribunals need consistent, predictable standards on when business judgement ends and oppression begins.
3.3 IL&FS: group complexity and gatekeeper accountability.
The IL&FS collapse (2018) highlighted how a systemically important group can accumulate leverage and liquidity risk through a complex web of entities. Post-crisis proceedings involved questions of director oversight, auditor conduct, and group resolution. Even when insolvency is handled under the IBC for individual entities, the practical reality is group interdependence.
Practical takeaway.
India needs clearer group-governance norms and better tools for group resolution, including information consolidation, intra-group transaction scrutiny, and coordinated creditor processes.
3.4 Everyday governance failures: smaller, frequent, and hard to detect.
Not all governance challenges are headline scandals. They include: delayed disclosure of material events; weak board minutes; perfunctory risk management; conflict-of-interest declarations without meaningful recusal; and ‘rubber-stamp’ audit committee approvals. These accumulate into investor distrust and higher cost of capital.
4. The future challenge-map for Indian company law
4.1 Digital business models and platform governance.
Indian company law grew up around factories, plant and machinery, and traditional balance sheets. Platform businesses monetize data, network effects and algorithmic decision-making. Key governance questions follow.
Who is accountable for algorithmic harm? For example, discriminatory outcomes in lending, hiring or pricing driven by AI models.
What is a ‘material risk’ in cyber security, and when must it be disclosed? International practice is moving toward faster incident reporting and board accountability for resilience.
How should boards document technology oversight? Minutes and committee charters may need explicit digital governance responsibilities.
4.2 Cyber crime, fraud-tech and internal controls.
Cyber incidents now combine technology and finance: ransomware, business email compromise, deepfake authorisations, and supply-chain attacks. Company law intersects through internal financial controls, director duties, disclosure obligations, and liability allocation.
Upcoming governance issue.
Whether ‘reasonable’ internal controls should be defined more concretely for digital payments, treasury operations, and third-party access.
4.3 ESG, sustainability disclosures and greenwashing risk.
ESG is no longer a voluntary narrative in many markets. The European Commission notes that the first companies subject to the EU’s Corporate Sustainability Reporting Directive (CSRD) apply the new rules for the 2024 financial year, for reports published in 2025. In the UK, the Financial Reporting Council’s UK Corporate Governance Code was updated in January 2024 and applies to financial years beginning on or after 1 January 2025, with some provisions phased further. Even where Indian law does not directly replicate these instruments, the compliance burden is exported through capital markets and supply chains, because global investors and customers increasingly demand comparable metrics and governance. The company-law challenge is governance architecture: ownership of ESG data, internal controls, board oversight, and assurance. Without audit trails and proportionate assurance, sustainability reporting can degrade into marketing and expose companies to greenwashing allegations and securities-law risks.
These developments influence Indian companies even when Indian statutes do not directly mandate equivalent reporting. The influence travels through capital markets, lending covenants, export supply chains, and global customers. A large Indian manufacturer supplying to EU-based buyers may be asked to produce emissions data, labour-practice controls and due diligence evidence as a contractual requirement.
The company-law challenge is governance architecture. Who owns ESG data? Which officer certifies it? What internal controls exist? Without audit trails and assurance, sustainability reporting becomes vulnerable to greenwashing allegations. Greenwashing is a complex term. It means making sustainability claims that are misleading because they omit context, use weak metrics, or are not backed by reliable data and controls.
India’s regulatory direction already points toward greater structure. SEBI’s BRSR regime and its evolutions (including ‘BRSR Core’ assurance expectations for certain metrics) indicate that ESG will steadily move from narrative to measurable disclosures. Company law must therefore reinforce board oversight, define accountability for sustainability statements in board reports and public communications, and create proportionate liability standards that discourage misstatement without chilling legitimate transition efforts.
ESG is no longer a voluntary narrative in many markets. The European Commission notes that the first companies subject to the EU’s Corporate Sustainability Reporting Directive (CSRD) apply the new rules for the 2024 financial year, for reports published in 2025. In the UK, the Financial Reporting Council’s UK Corporate Governance Code was updated in January 2024 and applies to financial years beginning on or after 1 January 2025, with some provisions phased further. Even where Indian law does not directly replicate these instruments, the compliance burden is exported through capital markets and supply chains, because global investors and customers increasingly demand comparable metrics and governance. The company-law challenge is governance architecture: ownership of ESG data, internal controls, board oversight, and assurance. Without audit trails and proportionate assurance, sustainability reporting can degrade into marketing and expose companies to greenwashing allegations and securities-law risks.
India has initiated sustainability reporting via SEBI’s BRSR framework for top listed entities. The challenge is to avoid a compliance culture that produces volume rather than truth.
Greenwashing risk: statements about climate transition, diversity or supply-chain ethics that are not backed by data and controls.
Assurance gap: without credible assurance, sustainability reporting can be ignored by sophisticated investors or treated as marketing.
4.4 Related party transactions in a promoter economy.
RPTs remain a principal channel for value transfer risk. SEBI continues to refine the RPT framework, including by clarifying information requirements and materiality approaches under the LODR regime. The direction of travel is toward more structured disclosures to audit committees and shareholders and more proportionate thresholds.
Upcoming challenge.
How to harmonise the Companies Act (section 188 and rules) with SEBI’s LODR so that compliance is coherent, not duplicative. Also. How to ensure ‘arm’s length’ is demonstrated with comparable evidence.
4.5 Beneficial ownership, shell entities and cross-border structures.
Layered ownership is common for legitimate reasons: risk isolation, joint ventures, and global capital. It is also used to hide controlling interests, route prohibited funds, or bypass sectoral caps. Company law must balance ease of doing business with transparency.
Upcoming challenge.
Stronger and more verifiable beneficial ownership registers. Better integration between corporate registries and financial intelligence. Penalties that are credible without being arbitrary.
4.6 Minority protection and the rise of activism.
In mature markets, shareholder activism is a discipline mechanism. India is moving in that direction as domestic institutions and global funds demand better governance. Company law challenges include class actions, information rights, proxy advisory influence, and the cost of litigation.
Upcoming challenge.
More predictable standards for interim relief and disclosure in oppression/mismanagement cases. Faster remedies. Reduced uncertainty that currently encourages private settlements without systemic correction.
4.7 Board capability, independence, and the talent pipeline.
Formal independence does not guarantee competence. Modern boards need literacy in risk, technology, ESG, finance, and behavioural dynamics. The independent director role in India also faces liability anxieties, which can discourage high-quality candidates.
Upcoming challenge.
Designing safe harbours and guidance that encourage diligent oversight while holding negligent directors accountable. Clarifying expectations on time commitment, site visits, and interactions with auditors and internal audit.
4.8 Audit reform, assurance expectations, and regulator credibility.
Internationally, audit regulation is being strengthened. The UK is considering reforms around ARGA with enhanced powers over audit and corporate reporting. The EU is combining sustainability reporting with assurance expectations. India already has NFRA for large entities and a mature ICAI framework.
Upcoming challenge.
Audit quality in group audits, component audits, and technology-enabled audits. Clear responsibility for fraud detection boundaries. Timely disciplinary outcomes that restore confidence.
4.9 Speed and predictability of NCLT/NCLAT and corporate dispute resolution.
The tribunal system was designed for specialised, faster corporate justice. Yet caseloads and adjournments can create delay. For governance disputes, delay is itself a harm: value erodes, transactions stall, and parties weaponise process.
Upcoming challenge.
Process reform. Case management. Early neutral evaluation. Greater use of written submissions and technology. Consistent precedent reporting.
4.10 Regulatory overlap and compliance design.
Indian companies face multiple regimes: company law, securities law, competition law, data protection, sectoral regulation, labour and environmental law. Overlap is not inherently bad. But incoherence increases compliance cost without improving outcomes.
Upcoming challenge.
A ‘single source of truth’ approach for corporate disclosures: integrated reporting architecture where one dataset feeds multiple obligations with clear ownership and audit trails.
4.11 New capital structures: private equity, start-ups, and hybrid instruments.
Start-ups often use convertible notes, SAFE-like instruments, multiple preference classes, and complex shareholder agreements. Traditional company law concepts like capital maintenance, pre-emption, and oppression can become difficult to apply.
Upcoming challenge.
Clearer statutory recognition of modern instruments and standard templates. Better alignment between corporate law, FEMA rules, and tax outcomes to reduce friction for global funding.
4.12 Insolvency, restructuring, and the boundary with company law.
While the Insolvency and Bankruptcy Code is the primary restructuring regime, company law still matters in schemes, mergers, related party scrutiny, and director liability. Cross-border restructurings will increase with global operations.
Upcoming challenge.
Better coordination between company law mechanisms (schemes, compromises, arrangements) and insolvency processes. More developed cross-border insolvency tools and protocols.
5. What peer countries are doing: a comparative snapshot
5.1 United Kingdom: resilience, audit reform and governance code evolution.
The UK Corporate Governance Code 2024 applies for financial years beginning on or after 1 January 2025, with certain provisions phased. The reform agenda also includes proposals to strengthen audit and corporate reporting regulation through a new regulator (ARGA) and expanded reporting tools such as resilience statements and audit and assurance policies.
Lesson for India.
Move from generic risk factor disclosure to structured resilience reporting: how the company remains viable under severe but plausible scenarios; what stress tests were run; and how board oversight is evidenced.
5.2 United States: enforcement intensity and internal control culture.
US corporate governance is shaped by Delaware fiduciary law, federal securities regulation, and Sarbanes-Oxley internal control certification. Even when legal duties are not codified in one statute, litigation and enforcement make them real.
Lesson for India.
Internal control accountability works when certification is meaningful and enforcement is prompt. India’s internal financial controls framework can be strengthened by better guidance on technology controls and third-party risk.
5.3 European Union: sustainability reporting and due diligence in supply chains.
The EU’s CSRD introduces detailed sustainability reporting, with phased commencement already triggered for certain companies starting FY 2024 (reports published in 2025). The direction is toward double materiality: impact on society and environment, and financial risk to the company. The parallel debate on due diligence laws shows how sustainability can become a legal compliance domain, not merely reporting.
Lesson for India.
Indian law should anticipate ‘exported compliance’: Indian suppliers to EU markets may need systems for emissions data, labour practices and human rights controls. Company law and securities law must facilitate credible disclosures and board oversight rather than treating sustainability as CSR only.
5.4 Singapore: pragmatic governance and efficient dispute resolution.
Singapore emphasises high-quality disclosures, strong enforcement, and efficient courts. Governance codes are principle-based but backed by credible sanctions for misleading statements.
Lesson for India.
Simplify where possible, strengthen where necessary. The best governance outcomes often come from a combination of clear principles, predictable enforcement, and fast adjudication.
5.5 The new data protection regime as a governance driver (India)
The notification of the Digital Personal Data Protection (DPDP) Rules, 2025 operationalises India’s personal data protection law. For company law and governance, privacy compliance is not only an IT project. It is a board-level risk domain that affects trust, litigation exposure, product design, and cross-border business.
Complex words explained.
Data fiduciary: the entity that determines the purpose and means of processing personal data. In plain language: the organisation that decides why and how people’s personal data will be used.
Data principal: the individual to whom the personal data relates. In plain language: the customer, employee, user or citizen.
Consent manager: a regulated intermediary that enables consent management at scale. In governance terms: it creates an audit trail and reduces the risk of ‘implicit’ consent assumptions.
Why company law should care.
Directors’ duty of care extends to overseeing legal compliance risks that can reasonably harm the company. Data breaches, unlawful processing, or inadequate grievance mechanisms can trigger penalties and reputational damage. That makes privacy a matter of board oversight, internal controls, and disclosure.
Practical governance actions for boards.
Approve a data governance charter. Assign responsibility to a key managerial person. Require periodic reporting on data incidents, third-party processors, and remediation. Ensure that contract templates include data processing clauses and incident response obligations.
International comparison.
Many jurisdictions already treat privacy as a mature compliance domain. EU GDPR enforcement created a culture where privacy-by-design is expected. India’s DPDP regime will gradually create a similar expectation. Indian company law can support this by encouraging structured reporting on material data incidents and control improvements, especially for listed entities.
9. Annexure A: Board and audit committee checklist for the next decade
This checklist is designed as a practical tool. It converts ‘governance principles’ into board questions. Each item should be evidenced by documents, minutes, policies and testing.
A. Strategy and business model.
1. Has the board documented how the business makes money, and what assumptions it relies on (data access, regulatory permissions, platform rules, supplier concentration)?
2. Is there a periodic review of business model risks arising from technology disruption, climate transition, or geopolitical supply-chain shifts?
B. Director duties and conflicts.
3. Are conflicts of interest mapped for directors and key executives (shareholdings, family links, advisory roles, vendor relationships)?
4. Is there a documented recusal protocol and is it followed in practice, not only on paper?
C. Related party transactions.
5. Does every material RPT note include commercial rationale, pricing benchmarks and an ‘alternative options’ analysis?
6. Are promoter-group and subsidiary transactions reviewed for cumulative materiality, not only transaction-by-transaction thresholds?
D. Financial reporting and audit quality.
7. Are key accounting estimates, impairments, and revenue recognition risks debated with the auditor in the absence of management?
8. Is internal audit independent in substance, and does it test technology controls and third-party risk, not only vouchers and approvals?
9. Is there a clear fraud risk assessment and a documented ‘red flag escalation’ route to the audit committee chair?
E. Cyber security and data protection.
10. Does the board receive a cyber dashboard: vulnerabilities, patching status, phishing simulation results, privileged access reviews and incident drills?
11. Are material vendors (cloud, payment processors, call centres) subject to security and privacy audits?
12. Is the organisation prepared for DPDP compliance: consent logs, grievance handling, breach response and data retention discipline?
F. ESG and sustainability.
13. Are sustainability statements in public communications backed by data, controls and assurance plans?
14. Is there clarity on scope 1/2/3 emissions boundaries and measurement methodology?
15. Are supply chain human rights and labour risks mapped and monitored, especially for export-linked businesses?
G. Tribunal risk and dispute preparedness.
16. For governance disputes, is there a litigation strategy that prioritises business continuity and stakeholder communication?
17. Are board minutes drafted with sufficient detail to show application of mind, without becoming defensive or overly legalistic?
H. Culture and whistleblowing.
18. Are whistleblower complaints analysed for patterns and root causes, and is retaliation risk monitored?
19. Are incentives designed to discourage short-term earnings manipulation and sales-at-any-cost cultures?
I. Capital structure and shareholder communication.
20. Are complex instruments (convertibles, preference shares, shareholder agreements) explained clearly to shareholders and regulators?
21. Are investor presentations consistent with statutory disclosures and audited data, with a documented sign-off process?
10. Annexure B: Mini glossary of complex governance terms
Business judgement rule: a principle (well-developed in US law) that courts will not second-guess honest, informed board decisions made in good faith, even if outcomes are poor. It protects risk-taking, but it does not protect fraud, conflicts or gross negligence.
Materiality: information is material if a reasonable investor would consider it important in making an investment decision. Materiality is context-specific; it depends on size, nature and circumstances.
Tunnelling: extraction of value by controlling shareholders from the company to themselves, often through RPTs, asset transfers, or preferential financing terms.
Gatekeepers: professionals and institutions expected to protect market integrity – auditors, independent directors, valuers, credit rating agencies, and compliance officers.
Integrated reporting: reporting that connects financial performance with strategy, governance, sustainability and value creation over time.
Double materiality: (EU concept) a company reports both how sustainability issues affect the company financially and how the company impacts society and the environment.
Assurance: an independent professional conclusion on whether information (financial or non-financial) is fairly stated. It may be limited assurance or reasonable assurance, depending on the scope and standard.
Resilience statement: a structured narrative (emerging in the UK reform agenda) on how a company would remain viable under severe but plausible scenarios, including liquidity shocks, cyber incidents or supply disruptions.
6. Where Indian company law needs improvement: a reform roadmap
6.1 Shift from disclosure volume to disclosure quality.
India should develop a layered disclosure model.
Layer 1. A concise ‘governance and risk dashboard’ in the annual report. Key risks. RPT concentration. Auditor observations. Material litigation. Cyber incidents. ESG metrics with assurance status.
Layer 2. Detailed annexures and data tables for analysts and regulators.
This mirrors best practice in advanced markets where annual reports are readable yet rigorous.
6.2 Strengthen beneficial ownership transparency with verification.
A register is only as good as verification. India can improve by enabling structured data submission, stronger cross-validation with tax and financial intelligence systems, and clear liability for false declarations. Technology can help: API-based verification, risk scoring, and targeted scrutiny rather than universal friction.
6.3 Upgrade RPT governance.
Require boards to document the ‘commercial rationale’ and benchmarking for material RPTs, not just compliance. Encourage independent director led reviews for high-risk categories (intra-group loans, asset transfers, brand royalty, management fees). Harmonise Companies Act and SEBI LODR definitions and thresholds to avoid conflicting results.
6.4 Board competence in technology and sustainability.
Mandate disclosure of board skills matrix in a meaningful way: technology, cyber, ESG, and financial reporting expertise. Encourage a board-level technology and resilience committee for large digital businesses, or at least explicit charter responsibilities under risk management/audit committees.
6.5 Whistleblower protection and incentives.
Whistleblowers are early sensors. India should strengthen anti-retaliation protections, confidential reporting channels that bypass management, and transparent reporting on the number and nature of complaints (with safeguards). Where appropriate, consider incentive alignment for high-quality reporting that prevents large losses.
6.6 Faster and more predictable corporate justice.
Introduce specialised governance benches or time-bound tracks for oppression/mismanagement and director disqualification matters. Publish more reasoned, searchable orders quickly. Adopt strict adjournment discipline and case management conferences.
6.7 Audit quality and group accountability.
Clarify group auditor responsibilities, component auditor oversight, and technology audit expectations. Encourage stronger dialogue between audit committees and auditors, including on key audit matters, fraud risks, and management estimates.
6.8 Proportionate compliance for smaller companies.
Ease of doing business is governance too. The government has already expanded the ‘small company’ thresholds with effect from 1 December 2025, bringing more companies under lighter compliance. The next step is to ensure that reduced compliance does not become reduced accountability: simplified reporting templates, standardised registers, and digital filings that are easy and auditable.
6.9 Make enforcement risk-based and outcome-focused.
Enforcement should prioritise: market-wide harm, repeat offenders, fraudulent disclosures, and gatekeeper failures. Minor procedural lapses should be decriminalised or resolved through compounding to conserve enforcement capacity.
6.10 Build an integrated corporate reporting architecture.
Move toward a single, well-governed corporate data spine: financials, governance, RPTs, beneficial ownership, and sustainability metrics as structured data. This can reduce duplication across MCA and SEBI filings and enable analytics-driven supervision.
7. Practical illustrations: how the challenges show up in boardrooms
Illustration 1. Deepfake treasury fraud.
A listed company’s treasury head receives a video call appearing to be the CEO requesting an urgent overseas payment for a confidential acquisition. The video is a deepfake. The company loses INR 18 crore. Governance implications.
Internal financial controls. Maker-checker protocols. Multi-factor verification for high-value payments. Board oversight of cyber and fraud risk. Disclosure analysis: is the loss material, and does it indicate a control deficiency requiring disclosure and remediation?
Illustration 2. ESG claim without controls.
A company advertises ‘carbon-neutral operations’ based on offsets, but its scope 1 and 2 emissions data is incomplete and the offset quality is weak. An investor challenges the claim. Governance implications.
Board accountability for sustainability statements. Need for assurance. Risk of misrepresentation to markets and consumers. Potential liability under securities law for misleading disclosures.
Illustration 3. Intra-group brand royalty.
A listed subsidiary pays a high brand royalty to an unlisted promoter entity. The audit committee approves it as ‘arm’s length’ without benchmarking. Minority shareholders allege value diversion. Governance implications.
RPT scrutiny. Independent director independence and competence. Requirement for documented comparables and commercial rationale. Shareholder voting safeguards.
8. Conclusion
Indian company law is not starting from zero. The Companies Act, 2013 and SEBI’s governance regime are sophisticated. The coming challenges arise from the changing nature of business: digital platforms, intangible value, global sustainability expectations, and complex group finance. Peer jurisdictions are responding by strengthening resilience reporting, audit regulation, beneficial ownership transparency and sustainability assurance.
For India, the reform priority is not to add more checklists. It is to make governance real: measurable, auditable and enforceable. That requires better disclosure design, stronger ownership transparency, board capability for technology and ESG, credible assurance, faster corporate justice and risk-based enforcement. If these pillars are strengthened, Indian company law can remain an enabler of capital formation while protecting stakeholders in an increasingly complex economy.
11. Annexure C: Comparative improvement matrix (India vs peer practice)
This matrix maps key themes where Indian company law and governance may need reinforcement. Not a ranking. Use it as a diagnostic tool during annual board evaluation and risk review.
Theme 1. Cyber incident disclosure.
Peer practice: the US SEC requires listed companies to disclose material cyber incidents on Form 8-K quickly and to describe cyber governance in annual reports.
India’s gap: while SEBI’s disclosure regime captures many material events, cyber incidents often fall into grey areas unless they clearly impact financials. Improvement: provide clearer guidance on cyber materiality, board oversight expectations, and post-incident remediation disclosure.
Theme 2. Sustainability reporting and assurance.
Peer practice: the EU CSRD is designed as a reporting-plus-assurance regime and links reporting to detailed standards. India has BRSR and emerging assurance requirements for core metrics, but consistency and auditability remain uneven.
Improvement: standardise data definitions, encourage assurance adoption for high-risk metrics, and clarify liability for misleading ESG statements across company law and securities law.
Theme 3. Beneficial ownership verification.
Peer practice: many jurisdictions increasingly emphasise verified beneficial ownership and anti-shell-company controls, supported by stronger data analytics.
Improvement: enhance verification tools in the corporate registry and apply risk-based scrutiny for complex ownership chains.
Theme 4. Speed of corporate justice.
Peer practice: specialist courts in leading financial centres prioritise predictability and timelines for company disputes.
Improvement: strengthen case management and prioritised tracks within NCLT/NCLAT for governance disputes and urgent interim relief.
References (indicative)
- Government of India, Press Information Bureau: ‘Ministry of Corporate Affairs taking timely steps to ease compliance’ (16 Dec 2025) – enhancement of small company thresholds. (pib.gov.in)
- Ministry of Corporate Affairs Notification: Companies (Accounts) Second Amendment Rules, 2025 (effective 14 July 2025).
- SEBI, Order in the matter of Satyam Computer Services Ltd. (15 Jul 2014).
- Supreme Court of India, Tata Sons / Tata Consultancy Services v. Cyrus Investments (Judgment dated 26 Mar 2021) – oppression and mismanagement framework.
- Supreme Court of India, Chintalapati Srinivasa Raju v. SEBI (14 May 2018) – Satyam-related appeals (Indian Kanoon reproduction).
- Financial Reporting Council (UK), UK Corporate Governance Code 2024 (published 22 Jan 2024; effective for FYs beginning 1 Jan 2025).
- European Commission, Corporate Sustainability Reporting Directive (CSRD) – application timeline and reporting requirements (Finance DG page).
- Times of India, ‘SEBI tweaks RPT rules…’ (Nov 2025) – turnover-linked materiality framework for RPTs (reported).
Author Bio
