Your Work From Home Policy: What to Document, What to Update

Work from home is no longer a pandemic response. It is an operating model. Hybrid teams, distributed hiring, and remote-first roles are now standard across Indian startups, mid-size firms, and large enterprises alike. More than half of Indian companies have implemented some form of structured hybrid model.

Yet most companies still do not have a written WFH policy. They have a practice, a habit, a set of manager-level norms that have never been put to paper. That gap is a legal and operational risk, and 2026 is the year to close it.

This article covers what your WFH policy should document, when to update it, and where the compliance pressure points actually are.

The Legal Reality: No Dedicated WFH Law, But Existing Laws Fully Apply

The first thing to understand is that Indian labour laws do not expressly define or regulate “remote work” or “work from home.” However, the absence of a specific framework does not mean absence of compliance. Employees working remotely continue to be governed by existing labour statutes, and employers remain responsible for statutory obligations regardless of the physical workplace.

This is the part most companies get wrong. They assume that because there is no dedicated WFH legislation, they have room to improvise. They do not. Every obligation that applies to an office-based employee, from working hours under the Shops and Establishments Act, to provident fund contributions, to POSH compliance, follows the employee home.

Employment contracts must clearly outline remote work arrangements, including work location clauses, working hours, performance expectations, and supervision mechanisms. These contracts must comply with the Indian Contract Act, 1872, and state-specific Shops and Establishments Acts.

There is one sector-specific exception worth knowing. The Ministry of Commerce and Industry amended Rule 43A of the Special Economic Zones (SEZ) Rules, 2006, liberalizing the work-from-home model for SEZ unit employees. If your company operates out of an SEZ, you are working within a more defined framework than most, and your WFH policy documentation requirements are even more specific.

For everyone else, the compliance burden is real but manageable if you document it properly.

Why 2026 Is the Right Year to Get This Done

Two things have shifted in the last twelve months that make a written policy more urgent than before.

First, as Indian companies have moved to bring employees back to the office, employment agreements are being rewritten with much more precision. New contracts spell out the exact hours remote employees must be available, designate the office as the sole official workplace, and add confidentiality clauses that limit where remote work can happen. This means the legal environment around WFH is tightening, not loosening. Companies that have been informal about remote work are finding that informality creates disputes when they try to change the arrangement.

Second, the talent market has normalized remote work as an expectation. When employees expect WFH as a benefit and companies have never documented whether it is a right, a privilege, or a discretionary arrangement, you have a recipe for grievances. A written policy removes the ambiguity before it becomes a dispute.

What Your WFH Policy Must Document

The eight areas below are where most informal WFH arrangements fall apart. A policy that addresses all of them, in writing, removes most of the ambiguity that creates disputes later.

Eligibility Criteria

Not every role is suitable for remote work, and not every employee should be automatically eligible. Your policy must define who qualifies. This typically means specifying whether WFH is available to all permanent employees, only to specific roles, only after a probation period, or only with manager approval.

The policy should also define the different WFH models your company offers. Full-time remote, hybrid with fixed office days, and ad hoc work-from-home on request are three distinct arrangements, and each has different implications for everything from attendance tracking to equipment provision.

Being vague here is what causes problems. When an employee believes they are on a full-time remote arrangement and the company believes it is ad hoc, both sides feel the other has broken the agreement, even though nothing was ever written down.

Working Hours, Availability, and Overtime

The Shops and Establishments Act in most Indian states caps daily and weekly working hours, and those limits do not disappear because someone is working from their bedroom. Your policy must address what constitutes working hours for remote employees, what the expected availability window is, and how overtime is handled.

This is also where you need to address the right to disconnect, even though India does not have legislation on it yet. Documenting expected response times and communication norms protects both the employer and the employee. It is also increasingly relevant for employee retention, especially in knowledge work roles where the boundary between work and personal time erodes quickly in a remote setting.

Work Location and Geographic Restrictions

This is one of the most overlooked clauses in Indian WFH policies. Your policy must state whether employees can work from anywhere in India, only from their registered home address, or whether they need approval to work from a different city or state.

The reason this matters is compliance. If an employee relocates from Mumbai to Pune without informing HR, the applicable Shops and Establishments Act may change. If they move to a different state, the professional tax slab changes. If they are working from a shared office or co-working space, data security considerations arise. None of these are hypothetical. They happen constantly in companies that have remote teams without a documented location policy.

For companies that hire across state lines, the policy should also address whether the company’s registered state governs the employment relationship or whether state-specific rules apply based on where the employee actually works.

Equipment, Internet, and Expense Reimbursement

Equipment provision policies should cover ownership, maintenance, and return procedures. For internet and utilities, policies vary regarding reimbursement for home internet or electricity costs. Some companies offer a fixed stipend, while others may reimburse based on usage or not at all, depending on company policy and role requirements.

Your policy must be explicit on all three fronts: what the company provides, what the employee is responsible for, and what happens to company-owned equipment when the employee leaves. Leaving this undocumented creates both financial disputes and asset recovery problems at exit.

For SEZ units specifically, employees may be provided duty-free goods such as laptop computers, desktop computers, and other electronic devices needed to work remotely, and employees will be allowed to take such duty-free goods out of the SEZ premises. However, this comes with its own documentation requirements that need to be reflected in both the policy and the employment agreement.

Data Security and Confidentiality

A remote employee accessing company systems from a home network is a data security exposure that most companies have not formally addressed in their policies. Your WFH policy needs to cover what tools employees are required to use, whether a VPN is mandatory, what the rules are around storing company data on personal devices, and who is responsible in the event of a breach.

The Information Technology Act, 2000 and its amendments impose obligations on companies handling sensitive personal data. If your employees are handling client data, customer information, or any form of sensitive records while working from home, your policy must define the protocols that make that handling compliant.

This section of the WFH policy often overlaps with your data privacy and IT security policy. It should. Cross-referencing them is good practice. If your platform supports it, link policies to one another so an update to the IT security policy automatically surfaces in the WFH policy that references it. PolicyCentral.ai’s Security & Compliance feature handles this kind of cross-reference natively. The WFH policy itself should contain at minimum a clear statement of what is and is not permitted, not just a reference to another document the employee may never read.

Performance Management and Attendance

Remote work does not change your obligation to track attendance and manage performance, but it does change how you do it. Your policy should specify the attendance mechanism for remote days, whether that is a login to an HRMS, a check-in on a communication platform, or something else.

Performance expectations for remote employees should be output-based wherever possible. Documenting this in the policy sets the standard and makes it harder for either party to later claim that remote work caused a performance deterioration that was not addressed.

This also connects to your disciplinary policy. If an employee is consistently unavailable during their stated working hours while on WFH, what is the process? If the performance of a remote employee deteriorates, what is the documentation trail required before action can be taken? Your WFH policy should answer both questions or explicitly reference your existing performance management framework. A compliance dashboard that shows who has read the latest WFH policy, who has acknowledged it, and who is still pending makes this trail far easier to defend.

Health, Safety, and Ergonomics

Under the Occupational Safety, Health, and Working Conditions Code, 2020, employers retain responsibilities for worker well-being even in remote settings.

This is the clause most Indian companies skip entirely, and it is the one that creates liability. Your policy should include a statement about the company’s expectation that employees set up an ergonomically appropriate workspace, guidance on what that means, and whether the company provides any support for it. Some larger companies conduct home workspace assessments. Most just document that the responsibility sits with the employee after the company provides the guidance.

The POSH Act also applies to remote work. Sexual harassment does not become non-actionable because it happens over a video call. Your policy should state this clearly and confirm that the Internal Complaints Committee is accessible to remote employees in the same way it is to office-based staff.

Right to Modify or Revoke WFH

This is the clause that protects the company most directly. Companies are ensuring employees do not view remote work as an entitlement. Your policy should state clearly that WFH is a privilege extended at the company’s discretion, that it can be modified or revoked based on business needs, and that employees may be required to return to office with reasonable notice.

The notice period for this kind of change should be specified. Requiring an employee to return to office the next day with no prior indication is not reasonable. Thirty days is a common standard. Whatever it is, document it. When companies have tried to call employees back to office without a documented right to do so, the resulting disputes have been expensive and public. Version control on the policy matters here too — being able to show exactly which version of the WFH policy an employee acknowledged on a given date is what makes a recall enforceable.

What SEZ Companies Must Document Additionally

If your company operates in an SEZ, the documentation requirements go further. Accurate attendance records must be maintained for WFH employees during the permitted duration, and these records must be submitted to the Development Commissioner from time to time.

SEZ units are required to maintain a list of employees who have been permitted to work remotely. This list must be made available to the Development Commissioner for verification purposes as and when required.

Your WFH policy should include a specific annex or section for SEZ compliance that covers the employee list maintenance process, the equipment tracking requirement for duty-free devices, and the intimation procedure to the Development Commissioner when initiating a WFH arrangement.

When to Refresh Your WFH Policy

An annual review is a defensible baseline. Diary it, do it, document it. Even if nothing material has changed, the act of reviewing and re-confirming the policy creates an audit trail that says someone looked.

Trigger an off-cycle review when the law changes (a fresh Shops and Establishments amendment, a new state-specific notification, a Supreme Court ruling on remote work or maternity continuity), when the company crosses an employee threshold that brings new statutory obligations into scope, or when an internal incident exposes a gap (an asset never returned at exit, a data breach traced to a remote worker’s home network, a dispute about availability hours).

When a refresh changes anything material, re-acknowledgement matters. Resending the updated policy and capturing fresh confirmations, even if it is just a one-line change, is what protects the company in the next dispute. The original signature on version one does not bind the employee to the rule that appeared in version three.

Where PolicyCentral.ai Fits In

A WFH policy is not a single document. It touches on the employment contract, the HRMS configuration, the IT security policy, the POSH policy, attendance policy and the performance management framework. Getting one document right while leaving the others outdated creates exactly the kind of inconsistency that causes compliance failures.

PolicyCentral.ai helps companies build and maintain an interconnected policy ecosystem rather than a folder of disconnected documents. If you are building your WFH policy from scratch or auditing what you have against what 2026 compliance requires, the platform gives you a structured starting point, version control, and a way to ensure that when one policy is updated, the others that reference it stay current. For specific questions about how compliance tracking works on the platform, see our compliance tracking FAQs.

For HR teams managing distributed workforces across multiple states, this is not a convenience, it is a compliance safeguard.

A Note on What Is Still Evolving

The existing and proposed laws are limited to a specific set of employees and do not confer on them a legal right to WFH. The COVID-19 pandemic has already reshaped and accelerated the future of work by enabling various new employment models, including gig, hybrid, and remote working.

India will likely legislate more specifically on remote work in the coming years, as several other countries have already done. When that happens, companies with documented, structured WFH policies will have a much easier time adapting than those that have been operating on informal norms. The policy you write today does not need to be final. It needs to be written, versioned, and maintained.

Key Takeaways

There is no standalone WFH law in India, but existing labour statutes apply to remote workers without exception. The compliance risk is not theoretical. It shows up in disputes about attendance, location, equipment recovery, and the right to call employees back to office.

A WFH policy for 2026 needs to cover eligibility, working hours, geographic restrictions, equipment and reimbursement, data security, performance tracking, health and safety obligations, and the company’s right to modify the arrangement. SEZ companies need additional documentation for their Development Commissioner obligations.

Most importantly, the policy needs to exist. Written, shared with employees, and stored somewhere accessible. An informal arrangement that everyone understands is not a policy. It is a liability waiting for a trigger.

If you are setting up an HR policy framework from scratch, you may also want to read our guide on gratuity rules in India, which covers another statutory obligation HR teams routinely get wrong.

Frequently Asked Questions