D&O and ESOP Liability: Insurance Considerations for Indian Tech Companies

Directors and officers of Indian technology companies face a distinctly higher liability profile than their counterparts in traditional industries. The combination of rapid scaling, multiple funding rounds with complex shareholder agreements, and an increasingly assertive regulatory environment under SEBI, the Ministry of Corporate Affairs, and the Reserve Bank of India creates a dense web of personal exposure for founders, independent directors, and C-suite executives.

Unlike a manufacturing or trading company where liability events tend to be operational, tech company D&O claims typically originate from corporate governance disputes, investor grievances during down-rounds, misrepresentation allegations in funding decks, and regulatory non-compliance. The Companies Act, 2013 imposes personal liability on directors under Sections 166 and 447, and SEBI's LODR Regulations add further obligations for listed and IPO-bound entities. For Indian tech companies that are scaling from Series B to pre-IPO stage, the risk profile is materially different from what a standard D&O policy is designed to address.

The challenge is compounded by the fact that many Indian tech founders serve simultaneously as promoters, managing directors, and members of the ESOP compensation committee. This overlap of roles concentrates liability rather than distributing it. On top of that, independent directors appointed to satisfy Companies Act requirements often lack the institutional support and legal briefing that their counterparts at established corporates receive, making them particularly vulnerable to personal claims.

Employee Stock Ownership Plans have become the default retention and compensation tool in Indian tech companies, but they are also an emerging source of litigation against directors. Common ESOP disputes include allegations that the board misrepresented the fair market value of shares during grant, that vesting schedules were modified unfairly during restructuring, or that employees were denied the right to exercise options during a secondary sale or acquisition.

Under Indian law, ESOPs are governed by the Companies (Share Capital and Debentures) Rules, 2014 for unlisted companies and SEBI (Share Based Employee Benefits and Sweat Equity) Regulations, 2021 for listed entities. The board's fiduciary duty to act fairly when administering ESOP schemes is well established under Section 166 of the Companies Act. When an employee or former employee alleges that directors breached this duty (for example, by approving a down-round valuation that diminished ESOP value without adequate disclosure) the resulting claim falls squarely within D&O territory. Indian tech companies with large ESOP pools, often comprising 10-15% of fully diluted equity, carry proportionally higher exposure.

Tax treatment adds another layer of complexity. Under Section 17(2) of the Income Tax Act, ESOPs are taxed as perquisites at the time of exercise, based on fair market value determined per Rule 3(8) of the Income Tax Rules. If the board-approved valuation at exercise is later disputed by tax authorities or employees, directors who approved that valuation face potential liability. This intersection of tax, employment, and corporate law makes ESOP-related D&O claims uniquely multidimensional in the Indian context.

The correction in Indian startup valuations since 2023 has made down-round liability a practical reality rather than a theoretical risk. When a company raises a subsequent funding round at a lower valuation, existing investors may allege that directors failed to protect shareholder value, breached representations made during earlier rounds, or did not comply with anti-dilution protections embedded in shareholder agreements.

These disputes rarely reach public courts in India because most shareholder agreements mandate arbitration under the Arbitration and Conciliation Act, 1996, but the defence costs can be substantial; often running into several crores of rupees for multi-party investor disputes involving international arbitration seated in Singapore or London. A typical investor-side claim will allege breach of fiduciary duty under the Companies Act, violation of specific contractual representations, and potentially fraud under Section 447 if the investor believes financial projections were knowingly inflated.

D&O insurance responds to these claims by covering defence costs and, where the policy permits, settlement amounts. However, many standard D&O policies in India contain exclusions for claims arising from prior or pending litigation, fraud, and contractual liability; making it essential for tech companies to negotiate carve-backs that address the realities of multi-round venture funding. Particular attention should be paid to the insured versus insured exclusion, which can bar coverage when one shareholder-director sues another, a common pattern in founder-investor disputes within Indian tech companies.

Indian tech companies preparing for an initial public offering face a step-change in D&O exposure. SEBI's ICDR Regulations require extensive disclosures in the Draft Red Herring Prospectus, and any material misstatement or omission can trigger personal liability for promoters and directors under Section 34 of the Companies Act and SEBI's enforcement powers. The liability extends to the company secretary who signs the prospectus and to the merchant bankers who certify due diligence, but it is the promoter-directors who face the highest personal exposure.

SEBI has demonstrated a willingness to act against tech company directors. Enforcement actions have targeted inadequate disclosure of related-party transactions, overstatement of key performance indicators in offer documents, non-compliance with corporate governance norms post-listing, and failures to disclose material litigation during the offer period. For directors who served during the IPO preparation phase, the liability window extends well beyond the listing date. SEBI investigations can commence years after the event, and the limitation period under the SEBI Act is not always clearly defined.

D&O policies for IPO-bound companies must include IPO entity coverage (sometimes called public offering of securities coverage), which specifically addresses claims arising from the offering process. This is a distinct coverage section, not a standard feature, and must be negotiated explicitly with the insurer. The policy should also extend the discovery period (ideally to six years from the listing date) to account for the significant delay between listing and the emergence of regulatory or investor claims. Without this extension, directors may find themselves uninsured precisely when claims materialise.

A well-structured D&O programme for an Indian tech company typically involves three layers. Side A coverage protects individual directors and officers when the company cannot indemnify them; critical in insolvency scenarios under the Insolvency and Bankruptcy Code, 2016, which are not uncommon in the startup ecosystem. Side B coverage reimburses the company when it does indemnify its directors. Side C coverage, also known as entity coverage, protects the company itself against securities claims, and is particularly relevant for listed or soon-to-be-listed entities.

For Indian tech companies, several policy features require specific attention. The definition of insured persons should explicitly include founders acting as directors, ESOP committee members, and independent directors who serve on audit and nomination committees. The definition of claim should involve regulatory investigations by SEBI, MCA, and tax authorities. Not just formal court proceedings. The territorial scope must cover claims brought in jurisdictions where the company has subsidiaries or investors, particularly the United States where securities litigation is more aggressive and where class action suits can generate defence costs that dwarf the Indian policy premium many times over.

Policy limits should be calibrated to the company's funding stage and investor base. A Series B company with institutional investors may need INR 25-50 crore of coverage, while a pre-IPO entity should consider INR 100 crore or more, often structured as a tower with a primary layer and excess layers from different insurers to diversify capacity. Retention amounts (the self-insured portion that the company or director must bear before the policy responds) should be negotiated carefully, as excessively high retentions can render the policy ineffective for smaller but frequent regulatory defence costs.

Before approaching D&O insurers, Indian tech companies should complete three preparatory steps. First, conduct a governance audit that maps all potential liability exposures. Shareholder agreements with their specific representation and warranty clauses, ESOP scheme documents including all amendments, board resolution records, and regulatory compliance status under Companies Act, FEMA, and applicable SEBI regulations. Insurers underwrite D&O risk based on governance quality, and a well-documented governance structure will yield more favourable terms and lower premiums.

Second, review existing indemnification provisions in the company's Articles of Association. Section 197 of the Companies Act limits the indemnification a company can provide to its directors, and the gap between what the company can indemnify and the director's actual exposure is precisely what Side A D&O coverage addresses. Companies should also review indemnification clauses in their shareholder agreements, as some investor agreements restrict the company's ability to indemnify directors in certain scenarios. Third, engage a specialist insurance broker with demonstrated expertise in D&O placements for Indian tech companies, this is not a commodity product that can be procured through a general commercial insurance broker.

When evaluating policy terms, pay particular attention to the retroactive date (it should predate the company's incorporation if possible), the definition of wrongful act (it should include ESOP administration decisions and regulatory compliance failures), and the conduct exclusions (fraud exclusions should only apply after a final adjudication, not merely an allegation). Annual premium for a well-structured D&O programme for a mid-stage Indian tech company typically ranges from INR 8-25 lakh depending on coverage limits, claims history, and governance quality.