Blog

Compliance

India Labour Code Compliance for Attendance: What IT Companies Need to Know in 2026

April 2026Workclave Team10 min read

India's four new Labour Codes — consolidating 29 central labour laws into a unified framework — have been passed by Parliament and are awaiting state-level notification before full enforcement. When they come into force, every employer in India, including IT companies and startups, will face significantly stricter requirements around attendance documentation, working hours, and record-keeping.

This guide is written specifically for founders, operations heads, and HR leads at Indian IT firms, software agencies, and tech startups. It covers what the new codes actually require, what your current attendance system probably cannot prove, and how session-based tracking changes the compliance picture.

Important note: This article is for informational purposes only and does not constitute legal advice. Consult a qualified labour law practitioner for advice specific to your organisation and state.

The four Labour Codes: what changed

India's Ministry of Labour and Employment consolidated 29 existing central labour laws into four codes between 2019 and 2020:

  1. The Code on Wages, 2019 — Covers minimum wages, payment of wages, equal remuneration, and bonus
  2. The Industrial Relations Code, 2020 — Covers trade unions, collective bargaining, and industrial disputes
  3. The Code on Social Security, 2020 — Covers PF, ESI, gratuity, maternity benefits, and gig workers
  4. The Occupational Safety, Health and Working Conditions Code, 2020 — Covers working hours, rest periods, overtime, and workplace safety

The full text of all four codes is available on the Ministry of Labour website.

The Occupational Safety Code is the most directly relevant for attendance management. It sets out rules for working hours, overtime records, and rest periods that require documentary evidence — not just memory or spreadsheet estimates.

What the Occupational Safety Code requires for IT companies

Working hours documentation

Under the Occupational Safety Code, employers must maintain registers showing:

  • Daily working hours for each employee
  • Rest periods and intervals
  • Overtime hours and overtime payments
  • Leave taken and leave balance

The code specifies that no worker shall work more than 8 hours in a day or 48 hours in a week as ordinary work, with overtime calculated beyond that threshold. Section 25 of the Occupational Safety Code requires that overtime records be maintained in the prescribed form.

For IT companies, this matters in three specific scenarios:

  • Remote developers working across time zones
  • Project crunch periods where hours routinely exceed standard limits
  • Contractual workers and freelancers engaged on specific deliverables

The register requirement

Employers are required to maintain a Register of Hours of Work (Form H under the existing Factories Act, which the new code consolidates). The register must show, for each employee, the actual hours worked each day — not just a timestamp of when they arrived.

The critical gap in most IT companies: A clock-in/clock-out system proves presence. It does not prove what work was done or which project it was attributed to. If a Labour Inspector requests your attendance register, you need to show hours worked — not just swipe-in times.

Shops & Establishments Act: state-level requirements

While the central Labour Codes are pending full notification, the Shops & Establishments Act continues to operate at the state level. Every state has its own version, and IT companies operating as establishments (not factories) are governed by these state acts.

Key states and their requirements:

Karnataka (home to Bangalore's IT corridor): The Karnataka Shops and Commercial Establishments Act 1961 requires employers to maintain a Register of Employees showing attendance, hours of work, and leave. Inspections can be conducted by Labour Inspectors without advance notice.

Maharashtra(Mumbai and Pune): The Maharashtra Shops & Establishments (Regulation of Employment and Conditions of Service) Act 2017 requires electronic attendance records for establishments with 10+ employees. The act specifically contemplates digital record-keeping and accepts it for compliance purposes.

Tamil Nadu (Chennai): The Tamil Nadu Shops and Establishments Act requires daily attendance registers and grants Labour Inspectors the right to inspect these records during working hours.

Telangana (Hyderabad): Similar requirements to Karnataka, with specific provisions for IT companies registered as IT/ITES establishments under the Special Economic Zones or Software Technology Parks framework.

The DPDP Act: employee data and attendance records

India's Digital Personal Data Protection Act 2023 (DPDP Act) introduces a new layer of compliance for any organisation that processes personal data — which includes attendance data.

Employee attendance records contain personal data. Under the DPDP Act:

  • Employees have the right to know what personal data is being collected and how it is used
  • Data must be used only for the purpose it was collected for
  • Employees can request correction of inaccurate data
  • Organisations cannot retain data beyond the period necessary

For attendance systems that use biometrics (fingerprint scanners, facial recognition), the DPDP Act categorises biometric data as sensitive personal data, requiring explicit consent and additional safeguards.

For Hubstaff-style screenshot monitoring: The DPDP Act significantly complicates continuous screenshot capture of employee screens. This practice is likely to face legal challenges as enforcement develops. IT companies should be cautious about deploying screenshot-based monitoring tools.

For session-based attendance tracking (where employees log what they are working on rather than being passively monitored), the DPDP Act requirements are straightforward — the employee is actively providing the data, and the purpose (attendance and billing records) is clear and legitimate.

What “audit-ready” attendance actually means

Most IT companies believe their attendance is in order because they have a system — a biometric punch, a Slack check-in, or a spreadsheet. An audit-ready attendance record is different.

What a Labour Inspector is actually checking for

When a Labour Inspector requests attendance records, they are looking for:

  1. Continuity — Records for every working day, not just the days when issues arise
  2. Individual specificity — Records per employee, not aggregates
  3. Working hour accuracy — Actual hours worked, not just arrival/departure times
  4. Rest period compliance — Evidence that rest intervals were taken
  5. Overtime authorisation — Approved overtime hours with payment calculation
  6. Leave reconciliation — Leave taken vs leave balance, consistent with payroll

A simple clock-in/clock-out system can satisfy points 1 and 2. It struggles with 3 and 4, and has no answer for 5 and 6 unless you have built significant manual processes around it.

The session record advantage

A session-based attendance system creates a different kind of record. Each session contains:

  • Employee identification
  • Start time and end time (actual work, not just door-tap)
  • Project or work type attribution
  • Duration with any automatic deductions (lunch breaks)
  • Manager approval with timestamp

This record answers the Labour Inspector's questions directly. It also creates the audit trail that client billing disputes require — a documented, manager-approved record that a specific person worked for a specific duration on a specific deliverable.

Practical compliance checklist for IT companies

Based on the current requirements under state Shops & Establishments Acts and in preparation for the new Labour Codes:

Documentation you should have today:

  • Register of attendance with daily hours for each employee
  • Leave application and approval records
  • Overtime hours and corresponding payment records
  • Establishment registration under your state's Shops & Establishments Act

Documentation you should prepare:

  • Data processing notice for employees explaining what attendance data is collected
  • Consent records for any biometric attendance systems
  • Retention policy for attendance records (typically 3–5 years under most state acts)
  • Process for employees to request correction of attendance records

What to avoid:

  • Screenshot monitoring without explicit employee consent and a clear data retention policy
  • Attendance estimates or reconstructed records (all records should be contemporaneous)
  • Storing attendance data on personal devices or unsecured spreadsheets

How upcoming Labour Code enforcement changes the picture

When the central Labour Codes are fully notified and enforced — which legal commentators expect to happen progressively through 2025–2027 based on the Ministry of Labour's implementation timeline — the requirements will shift in two important ways.

Standardisation: Currently, companies operating across multiple states deal with different state-level requirements. The central codes create a more uniform framework, but implementation will still have state-specific dimensions.

Digital record acceptance: The new codes explicitly contemplate digital records. The old requirement for physical registers is replaced by requirements for accurate, accessible records in whatever format the establishment maintains. This actually favours well-structured digital systems over physical registers.

Gig worker provisions: The Code on Social Security specifically addresses gig workers and platform workers — relevant for IT companies that engage contract developers. These provisions require records of work performed and payments made, which a session-based system is well-placed to provide.

Choosing an attendance system that is compliance-ready

Not all attendance tools are built with Indian compliance in mind. When evaluating options, ask:

  1. Can it produce an attendance register reportin a format that meets state Shops & Establishments requirements?
  2. Does it track actual working hours or just arrival/departure?
  3. Are records tamper-evident — can managers change past records, and is there an audit trail if they do?
  4. Does it handle overtime calculation automatically based on your workweek configuration?
  5. Is biometric data processed in compliance with DPDP Act requirements?
  6. Can it produce per-employee reports for a specific date range (required for Labour Inspector visits)?

For IT companies specifically, add one more question: Does it link hours to projects? — because the compliance requirement (how many hours did Priya work?) and the billing requirement (how many of those hours went to Acme Corp?) are best answered by the same system.

Summary

India's Labour Codes represent the most significant overhaul of employment law in decades. For IT companies, the key obligations are:

  • Maintaining daily attendance registers with actual working hours (not just door-tap timestamps)
  • Documenting overtime with manager approval and payment records
  • Complying with the DPDP Act's requirements around employee personal data
  • Ensuring records are accessible for Labour Inspector visits without notice

The practical challenge is that most clock-in/clock-out systems create presence records, not work records. For IT firms billing clients, this gap creates two problems simultaneously: compliance risk and billing inaccuracy.

A session-based attendance system — where employees log what they are working on, with manager approval — creates records that satisfy both requirements from a single source of truth. For the model itself, see session-based attendance vs clock-in/clock-out.

Related reading

Product Insight
Session-Based Attendance vs Clock-In/Clock-Out
Operations
Why Indian IT Agencies Lose ₹30,000+ Every Month in Billable Hours
Side-by-side
Workclave vs Hubstaff — DPDP-aware comparison

Build an audit-ready attendance register from day one. Workclave records actual working hours per employee, per project, with manager approval and exportable compliance reports.

Start free on Workclave

Sources and further reading: