Contact Us
June 2026 Edition

The Complete Compliance Framework for Schools in India

RAYSolute builds India's schools a living compliance framework, mapping every RTE, board, and statutory obligation to an owner, a deadline, and an audit checkpoint, so you never face a surprise inspection penalty.

111
Requirements
17
Domains
30+
Statutes
INR 250 Cr
Max DPDPA Penalty

Why Most Schools Are Only Half-Compliant

School promoters and administrators in India focus heavily on setup-phase compliance: entity registration, land approvals, building codes, and board affiliation. These are necessary but represent less than a third of the regulatory surface area.

The operational phase, where most legal exposure actually lives, is routinely neglected. POCSO non-reporting, DPDPA 2023 data breaches, labour law violations, transport accidents, and fee regulation disputes all occur after the school opens, not before. In 2024-25, CBSE issued show-cause notices and disaffiliated schools primarily for operational failures that documented compliance frameworks could have prevented.

This register maps 111 individual compliance requirements across 17 regulatory domains, covering the full lifecycle from pre-establishment through daily operations. Each requirement is linked to the specific Indian statute, board affiliation rule (CBSE Bye-Laws, CISCE, IB or Cambridge norms), or judicial directive that mandates it.

Applies to every school operating in India, regardless of board. The statutory requirements below (child protection, RTE, data protection, labour, fire and building safety, transport, food safety, tax) bind all schools alike. Affiliation-specific items cite CBSE Bye-Laws as the worked example; CISCE, IB and Cambridge schools should read these against their own affiliation norms, which impose equivalent or, for the international boards, additional obligations.

This article tells you what compliance obligations exist. For the operational procedures to meet them, read the companion article: The 100 SOPs Schools Should Have in 2026. For end-to-end school setup and operational consulting, see RAYSolute's K-12 Schools Consulting Services.

Research compilation, not legal advice. This framework is drawn from publicly available Indian statutes, regulatory notifications, and official circulars. It is for orientation purposes only and does not constitute legal advice. Schools and promoters should engage qualified legal counsel before making compliance or structural decisions.

🛡️
Domain I

Child Protection

8 Requirements
1

POCSO Mandatory Reporting Obligation

📄 POCSO Act 2012, Sections 19 & 21Up to 6 months imprisonment; up to 1 year for institution in-charge (Sec 21(2))
2

Child Protection Committee Constitution

📄 POCSO Rules 2020; CBSE Circular 19/2017High Priority
3

Annual POCSO Awareness Training for All Staff

📄 POCSO Act Sec 19; NCPCR GuidelinesHigh Priority
4

Prohibition of Corporal Punishment

📄 RTE Act Section 17; JJ Act 2015 Sec 75Up to 5 years imprisonment (JJ Act)
5

Anti-Bullying Policy and Response Protocol

📄 NCPCR Guidelines 2018; SC Guidelines 2025High Priority
6

Police Verification of All Staff

📄 Affiliation norms (CBSE/CISCE); Supreme Court DirectivesHigh Priority
7

POCSO e-Box Display and Grievance Access

📄 NCPCR Directive; CBSE Safety CircularMedium Priority
8

CCTV Surveillance with 60-Day Retention

📄 CBSE Affiliation Norms; DPDPA 2023High Priority
📋
Domain II

RTE Act 2009 Operational Compliance

7 Requirements
9

25% EWS/DG Reservation (Class 1 Admission)

📄 RTE Act Section 12(1)(c)Mandatory; reimbursement by state
10

Prohibition of Screening & Capitation Fees

📄 RTE Act Section 13Fine up to 10x capitation fee charged
11

School Management Committee (75% Parents)

📄 RTE Act Section 21High Priority
12

Pupil-Teacher Ratio Compliance (30:1 / 35:1)

📄 RTE Act Section 25; ScheduleHigh Priority
13

Minimum Instructional Hours & Working Days

📄 RTE Act Section 19; 200/220 days per yearMedium Priority
14

Age-Appropriate Admission (No Denial)

📄 RTE Act Section 4High Priority
15

Transfer Certificate: No Withholding Permitted

📄 RTE Act Section 5(2); Bye-Laws 14.19High Priority
🔒
Domain III

Data Privacy (DPDPA 2023)

6 Requirements
16

Data Fiduciary Obligations & Designated Contact Person

📄 DPDPA 2023 Sections 4-8; DPDP Rules 2025High Priority
17

Verifiable Parental Consent for Children's Data

📄 DPDPA 2023 Section 9Up to Rs 200 crore penalty
18

Data Breach Notification (72-Hour Mandate)

📄 DPDPA 2023 Sec 8(6); DPDP Rules 2025, Rule 7Up to Rs 200 crore penalty
19

Data Mapping: All Systems (ERP, EdTech, CCTV)

📄 DPDPA 2023; Best PracticeHigh Priority
20

Third-Party Vendor Data Processing Agreements

📄 DPDPA 2023 Section 8(7)Medium Priority
21

Data Retention & Deletion Policy

📄 DPDPA 2023 Section 8(8)Medium Priority
⚖️
Domain IV

Labour & Employment Law

12 Requirements
22

Internal Complaints Committee (POSH Act)

📄 POSH Act 2013; 10+ employeesRs 50,000 fine; licence cancellation on repeat
23

EPF Registration & Monthly ECR Filing

📄 EPF Act 1952; 20+ employeesUp to 3 years imprisonment for contribution default
24

ESI Registration & Contribution

📄 ESI Act 1948; 10+ employeesHigh Priority
25

Maternity Benefit Compliance (26 Weeks; Creche at 50+ Employees)

📄 Maternity Benefit Act 1961 (amended 2017)High Priority
26

Gratuity Payment (5+ Years Service; 10+ Employee Establishments)

📄 Payment of Gratuity Act 1972, Section 1(3)Medium Priority
27

Minimum Wages & Payment of Wages Compliance

📄 MW Act 1948; PW Act 1936High Priority
28

Shops & Establishments Act Registration

📄 State-specific S&E ActsMedium Priority
29

Contract Labour Regulation (Outsourced Staff)

📄 CLRA Act 1970; 20+ contract workersMedium Priority
30

Payment of Bonus & Non-Profit Exemption

📄 Payment of Bonus Act 1965, Sec 32(v)(c)Medium Priority
31

Professional Tax Registration & Deduction

📄 State Professional Tax Acts (where levied)Medium Priority
32

Labour Welfare Fund Contribution

📄 State Labour Welfare Fund Acts (where applicable)Medium Priority
33

Equal Remuneration & Equal Pay

📄 Equal Remuneration Act 1976; Code on Wages 2019Medium Priority
🎓
Domain V

NEP 2020 Implementation

6 Requirements
34

5+3+3+4 Pedagogical Structure Alignment

📄 NEP 2020; NCF 2023High Priority
35

Foundational Literacy & Numeracy (NIPUN Bharat)

📄 NIPUN Bharat Mission 2021High Priority
36

Competency-Based Assessment (PARAKH Standards)

📄 NEP 2020; PARAKH FrameworkHigh Priority
37

Multilingual Education (Mother Tongue till Grade 5)

📄 NEP 2020 Para 4.11-4.14Medium Priority
38

Vocational Integration from Grade 6

📄 NEP 2020; CBSE Skill Education CircularHigh Priority
39

50-Hour Annual CPD for All Teachers

📄 NEP 2020; NCTE NormsMedium Priority
🏗️
Domain VII

Land, Zoning & Infrastructure

6 Requirements
45

Land Use Conversion (Agricultural to Institutional)

📄 State Land Revenue Acts; Municipal ZoningHigh Priority
46

Minimum Land Requirement (~2 Acres for CBSE)

📄 CBSE Affiliation Bye-LawsHigh Priority
47

Building Plan Approval & National Building Code

📄 NBC 2016; Municipal Building Bye-LawsHigh Priority
48

Fire Safety NOC & Annual Renewal

📄 Fire Services Act (State); NBC Part 4Closure order on non-compliance
49

Structural Stability Certificate

📄 CBSE Affiliation Norms; NBCHigh Priority
50

Occupancy & Completion Certificate

📄 Municipal Corporation RulesHigh Priority
📜
Domain VIII

Board Affiliation & Recognition

5 Requirements
51

CBSE/CISCE/State Board Affiliation & Renewal

📄 CBSE SARAS 6.0; CISCE NormsHigh Priority
52

Mandatory Public Disclosure on Website & Affiliation Portal

📄 CBSE Bye-Laws 2.3.8, 2.4.9; CISCE/IB/Cambridge disclosure normsShow-cause notice / disaffiliation
53

NCTE Teacher Qualification Norms

📄 NCTE Regulations; RTE Section 23High Priority
54

UDISE+ Registration & Annual Data Submission

📄 MoE Directive; State Education DeptHigh Priority
55

SQAAF Self-Assessment Compliance

📄 CBSE SQAAF FrameworkMedium Priority
🍽️
Domain IX

Food Safety (FSSAI)

4 Requirements
56

FSSAI Registration for School Canteen

📄 FSSAI (Safe Food for Children in Schools) Regulations 2020High Priority
57

Junk Food Ban (Campus + 50m Radius)

📄 FSSAI Regulations 2020; Delhi HC OrdersHigh Priority
58

Mid-Day Meal Vendor FSSAI Licence Verification

📄 FSSAI Act 2006; MDM Scheme GuidelinesMedium Priority
59

Food Allergen Identification & Sanitation Records

📄 FSSAI Regulations; Best PracticeMedium Priority
🚌
Domain X

Transport Safety

6 Requirements
60

School Bus Registration in School's Name + RTA Permit

📄 MVA 1988; SC 1997 DirectionsHigh Priority
61

GPS Tracking (AIS-140) & CCTV in Buses

📄 CBSE Transport Circular; AIS-140 StandardHigh Priority
62

Speed Governor (40 km/h Cap)

📄 SC Directions 1997; CBSE CircularHigh Priority
63

Lady Attendant on Every Bus

📄 CBSE Transport Safety GuidelinesHigh Priority
64

Driver: 5+ Years Experience, Police Verified, Annual Medical

📄 MVA 1988; CBSE NormsHigh Priority
65

Student Manifest with Blood Groups & Route Plan

📄 CBSE Circular; Best PracticeMedium Priority
Domain XI

Disability & Accessibility (RPWD Act 2016)

5 Requirements
66

Non-Discriminatory Admission for CwSN

📄 RPWD Act 2016 Section 16High Priority
67

Barrier-Free Access (Ramps, Washrooms, Signage)

📄 RPWD Act 2016; Accessible India CampaignHigh Priority
68

Reasonable Accommodation & Assistive Devices

📄 RPWD Act Section 16(ii-iv)High Priority
69

Early Detection of Specific Learning Disabilities

📄 RPWD Act Section 16(vi)Medium Priority
70

Individual Education Plans (IEPs) for CwSN

📄 RPWD Act; CBSE Circular Acad-57/2025High Priority
💰
Domain XII

Financial & Tax Compliance

6 Requirements
71

Income Tax Exemption (Sec 10(23C) or 12A/12AB)

📄 Income Tax Act 1961High Priority
72

TDS Compliance (Salaries, Rent, Contractors)

📄 IT Act Sections 192, 194C, 194I, 194JHigh Priority
73

GST Treatment of Ancillary Services

📄 CGST Act 2017; Exemption NotificationMedium Priority
74

State Fee Regulation Act Compliance

📄 State-specific Fee Regulation ActsDerecognition risk in multiple states
75

FCRA 2010 (Foreign Donations: Designated SBI Account)

📄 FCRA 2010 (amended 2020)Medium Priority
76

Audited Financial Statements & Annual Return Filing

📄 Trust/Society/Company Act; affiliation norms (CBSE/CISCE)High Priority
🌿
Domain XIII

Environmental Compliance

4 Requirements
77

Rainwater Harvesting (Mandatory in Most Cities)

📄 NGT Orders; State Building Bye-LawsHigh Priority
78

Solid Waste Management & Segregation

📄 SWM Rules 2016; Municipal Bye-LawsMedium Priority
79

E-Waste Disposal (Computers, Lab Equipment)

📄 E-Waste Management Rules 2022Medium Priority
80

Single-Use Plastic Ban on Campus

📄 Plastic Waste Management Rules 2022Medium Priority
💻
Domain XIV

Cyber Safety & IT Governance

5 Requirements
81

Cyber Safety Policy (IT Act 2000 Compliance)

📄 IT Act 2000; NCPCR Cyber Safety GuidelinesHigh Priority
82

Social Media Policy (Student Data Sharing)

📄 DPDPA 2023; IT Act 2000Medium Priority
83

Web Content Filtering & Safe Internet Access

📄 NCPCR Guidelines; Best PracticeMedium Priority
84

Cyberbullying Prevention & Response Protocol

📄 IT Act Secs 66C-66E (impersonation, privacy); BNS 2023 stalking & intimidation provisionsHigh Priority
85

EdTech Vendor Due Diligence & Data Agreements

📄 DPDPA 2023; IT ActMedium Priority
📌
Domain XV

Mandatory Committees, Disclosure & Grievance Redressal

7 Requirements
86

Safety & Security Committee

📄 CBSE Safety Circular; Bye-LawsHigh Priority
87

Anti-Sexual Harassment Committee

📄 POSH Act 2013; CBSE DirectiveHigh Priority
88

Grievance Redressal Committees (4 Types)

📄 CBSE Notification Sept 2017: Public, Staff, Parent, StudentHigh Priority
89

RTI Compliance (Government-Aided Schools)

📄 RTI Act 2005; Public Authority definitionMedium Priority
90

Anti-Ragging Committee & Squad

📄 Board norms (CBSE/CISCE); UGC Anti-Ragging Regulations (Sr Sec)Medium Priority
91

Student & Public Liability Insurance

📄 Best Practice; CBSE AdvisoryMedium Priority
92

Examination Conduct & Board Exam Compliance

📄 CBSE Exam Bye-Laws Rules 13-14; Annual SOP CircularsHigh Priority
Beyond the Standard 92

Advanced Compliance Vectors for Schools at Scale

The 15 core domains and 92 standard parameters above map the regulatory surface area of standard K-12 operations: the full lifecycle from setup through daily privacy and child protection. The moment a school scales, diversifies its curriculum, or adds residential and specialised infrastructure, a further tier opens up. These vectors sit just outside day-to-day operations, yet they carry the heaviest exposure, because this is where education regulation intersects with corporate, tax, foreign-exchange, and criminal law.

Triggered by International boards (Cambridge, IB) Foreign staff or NRI students Boarding and hostels Promoter-owned sister concerns Large software and media estates
🌐
Vector A

Cross-Border & Foreign Exchange

Opens when: the school affiliates with an international board, employs foreign nationals, or moves money across the border.
Foreign Exchange Management Act (FEMA) 1999 & RBI GuidelinesCrucial for schools affiliated with international boards. Remitting affiliation fees abroad, paying for international exchange programmes, or importing specialised educational equipment requires strict adherence to foreign exchange regulation set by the Reserve Bank of India (RBI).
Foreign Regional Registration Office (FRRO)Mandatory tracking and reporting if the school employs foreign nationals as teachers or admits international and Non-Resident Indian (NRI) students on student visas.
Foreign Contribution (Regulation) Act (FCRA) 2010If the managing trust or society receives foreign donations, international Corporate Social Responsibility (CSR) funding, or alumni contributions from abroad, FCRA registration and a designated State Bank of India (SBI) banking channel apply.
🎭
Vector B

Intellectual Property & Media

Opens when: digital learning platforms, large software estates, public performances, or aggressive admissions marketing come into play.
Copyright Act 1957 (Beyond Section 52)Section 52 allows fair use for classroom instruction, but schools cross into infringement by digitising entire textbooks onto Learning Management Systems (LMS), distributing copyrighted PDFs, or staging commercial plays and musicals for Annual Day without Phonographic Performance Limited (PPL) or Indian Performing Right Society (IPRS) licences.
Commercial Software LicensingUsing Home or Student editions of operating systems or creative suites on administrative, marketing, or lab computers violates commercial licensing terms and invites costly software audits.
ASCI Advertising GuidelinesThe Advertising Standards Council of India (ASCI) monitors education marketing closely. Claims such as "100% Guaranteed Results" or "Ranked No. 1" without an independent, cited source can trigger regulatory action and public retraction mandates.
🏥
Vector C

Advanced Health & Medical Infrastructure

Opens when: a basic sickbay is upgraded into a staffed, bedded infirmary.
Clinical Establishments ActIf a school upgrades a basic sickbay into a round-the-clock infirmary with beds and a resident medical officer, it may cross the threshold that requires formal registration as a clinical establishment.
Bio-Medical Waste Management Rules 2016Mandatory for the safe segregation and disposal of medical waste (syringes, soiled dressings, expired medication) generated by the school infirmary.
🏨
Vector D

Residential & Specialised Infrastructure

Opens when: boarding facilities, multi-storey blocks, lifts, or high-capacity backup power are added.
State Hostel ActsOperating a boarding facility opens a separate regulatory domain (for example, Tamil Nadu's Hostels and Homes for Women and Children Regulation Act). These mandate warden-to-student ratios, police verifications, defined dietary minimums, and district-level licensing.
NDMA School Safety Policy (2016)Beyond basic Fire NOCs, the National Disaster Management Authority (NDMA) requires documented structural earthquake-safety audits and formal evacuation drills logged with the District Disaster Management Authority.
State Lift and Escalator ActsDedicated annual licensing, structural audits, and mandatory Annual Maintenance Contracts (AMC) for every campus elevator.
SPCB Consent for DG SetsHigh-capacity Diesel Generator (DG) sets used for backup power require Consent to Establish and Consent to Operate from the State Pollution Control Board (SPCB) to monitor emissions and noise.

Advanced Risk Prioritisation Matrix

Visualising these additional risks alongside standard operations helps prioritise audits. The matrix maps the impact of each advanced compliance failure against its likelihood, so limited audit attention lands on the upper-right cells first.

Impact
Low
Medium
High
High
ModerateFEMA RemittancesFCRA Donations
HighHostel Act LicensingNDMA Structural Audit
CriticalLabour Codes: 50% RuleRPT / Section 13
Medium
LowClinical EstablishmentBio-Medical Waste
ModerateDG-Set SPCB ConsentLift & Escalator AMCFRRO Reporting
HighCopyright / LMS UseIPRS / PPL Licences
Low
LowRoutine watch
LowRoutine watch
ModerateSoftware LicensingASCI Ad Claims
Likelihood of occurrence →
Low (manage in routine cycle) Moderate (scheduled audit) High (priority remediation) Critical (audit first)
🔑 Key Insight

The heaviest penalties usually stem from areas where education regulation intersects with corporate or criminal law: foreign exchange violations (FEMA), intellectual property infringement, or data privacy. Because schools are human-capital intensive and frequently rely on promoter-driven infrastructure models, failing to adapt to these frameworks hits the bottom line directly and can threaten tax-exempt status.

Two Emerging High-Impact Frameworks

These two areas represent the most aggressive financial and regulatory shifts facing the education sector right now. Both turn an established operating habit into a live liability.

1. The New Labour Codes Effective Nov 2025

Consolidating 29 earlier acts into four unified codes has fundamentally changed how schools structure teacher compensation, handle contracts, and manage outsourced labour. Four impacts hit school operations hardest:

Area of ImpactPrevious Standard PracticeThe New Compliance Mandate
Wage RestructuringKeeping Basic Pay low (20 to 30%) and padding salaries with heavy allowances to minimise Provident Fund (PF) payouts.The 50% Rule: Basic plus Dearness Allowance (DA) must be at least 50% of gross pay. Excess allowances are automatically deemed "wages", inflating PF and gratuity liabilities.
Fixed-Term GratuityHiring teachers on rolling 11-month or 2-year contracts to dodge the 5-year continuous-service threshold for gratuity.Fixed-term employees are now legally entitled to pro-rata gratuity after just 1 year of service.
Leave EncashmentRolling earned leave over indefinitely, or capping encashment until retirement.Carry-forward is capped at 30 days. Any excess must be encashed annually at the end of the calendar year.
Principal EmployerOutsourcing security, transport, and housekeeping to shed HR overhead and liability.Schools are strictly liable. If a vendor defaults on PF or Employees' State Insurance (ESI) for campus guards or drivers, the school must cover the default and face the penal consequences.
2. Related Party Transactions (RPT) & Arm's Length Pricing

The classic operating model, a tax-exempt Trust or Section 8 company running the school while a for-profit Private Limited Company owned by the promoters provides the land, Enterprise Resource Planning (ERP) software, transport, or management services, is a primary target for Income-Tax scrutiny under Section 12AB. The structure is perfectly legal, but extracting surplus through sister concerns requires bulletproof documentation to prove no undue benefit passes to the promoters.

Exemption Loss

The Section 13(1)(c) / 13(2) Death Blow

If an Assessing Officer (AO) finds the trust paid "unreasonable" compensation to a specified person (trustees, promoters, or their sister companies), the trust can lose its tax exemption entirely. The surplus is then taxed at the Maximum Marginal Rate (MMR).

Form 3CEB

Transfer Pricing Threshold (Section 92BA)

If the aggregate value of these Specified Domestic Transactions (SDTs) with sister concerns exceeds INR 20 Crore in a financial year, the school triggers formal Transfer Pricing regulations: it must file Form 3CEB and undergo a specialised audit.

Proving Arm's Length Pricing (ALP)

Even below the INR 20 Crore threshold, the school must establish that its pricing mirrors an open-market transaction. The burden of proof rests entirely on school management.

1
The CUP Method (Comparable Uncontrolled Price)

The strongest defence. If a sister concern leases a building to the school, a registered valuer's report must prove the commercial rent in that specific micro-market matches what the school pays. If a sister company provides ERP software for INR 25 Lakh a year, procurement files must hold independent competitor quotes (for example, Edunext or Fedena) showing the same or higher price for an identical scope.

2
Defensible Service Agreements

Management Service Agreements (MSAs) cannot bill for vague "advisory services". They must detail specific deliverables (IT maintenance, fleet management, payroll processing) with strict Service Level Agreements (SLAs). Trustees also cannot draw a salary from the school for the same administrative duties the sister concern is billing the school to manage.

Scaling, diversifying, or adding a hostel or an international stream? A RAYSolute Compliance Diagnostic maps these advanced vectors against your specific entity structure and curriculum. Talk to Aurobindo →
A 360-Degree View

Five Cross-Cutting Tripwires

Beyond the domains that open at scale, a true 360-degree view reveals tripwires hidden inside operations a school believes it already runs well. These five surface most often in surprise audits, precisely where education meets commercial, labour, and corporate law. Academic affiliation and basic infrastructure are usually well managed; these are not.

01

The Indirect Tax "Exemption" Trap

Many managements assume they sit entirely outside the tax net because education is a charitable activity. They do not.

GST Nuances (Circular 149/05/2021): Core tuition fees are exempt from Goods and Services Tax (GST), but allied services often are not. If a school directly sells uniforms, shoes, or stationery, those sales attract GST. Transport or catering the school provides directly to students stays exempt; the moment those services are outsourced to third-party vendors, the vendors must charge GST to the school.
Section 12AB / 10(23C) Scrutiny: To hold tax-exempt status, trusts and societies are scrutinised for related-party transactions. Funnelling school surplus into a privately held infrastructure company owned by the same trustees through inflated lease rentals is a primary trigger for the Income-Tax department to revoke exemption (see the Related Party Transactions framework above).
02

The Principal Employer Liability

Schools outsource housekeeping, security, and fleet management to cut HR overhead, but the legal liability cannot be outsourced.

Contract Labour (Regulation and Abolition) Act: If an outsourced security agency defaults on Provident Fund (PF) or Employees' State Insurance (ESI) for guards working on campus, the school, as the Principal Employer, is legally bound to pay the default and faces the penal consequences.
POSH Act 2013: Schools focus intently on child protection under the POCSO Act, but often neglect the mandatory Internal Complaints Committee (ICC) for adult female staff. Failing to file the annual POSH return with the district officer is grounds for immediate operational penalties.
03

The Inclusion Mandate

Compliance with the Rights of Persons with Disabilities (RPwD) Act 2016 goes far beyond an anti-discrimination policy. Section 16 mandates hard infrastructure and academic change.

Infrastructure: Barrier-free access means more than wheelchair ramps: tactile paving for the visually impaired, accessible washrooms on every floor, and elevators fitted with auditory signals.
Human Resources: The Act mandates specific ratios of qualified special educators to students, so the curriculum is genuinely adapted for neurodivergent learners and children with Specific Learning Disabilities (SLDs).
04

Environmental Health & Safety (EHS)

The moment a campus feeds students, draws groundwater, or upgrades its hardware, three environmental regimes attach.

FSSAI Licensing: A cafeteria, tuck shop, or mid-day-meal kitchen makes the school a food business. It needs an active Food Safety and Standards Authority of India (FSSAI) licence, bi-annual water potability testing, and medical fitness certificates for every food handler.
CGWA No Objection Certificate: Boarding facilities, swimming pools, and large grounds often run on borewells. Operating them without a Central Ground Water Authority (CGWA) NOC, which usually mandates rainwater harvesting and recharge pits, can lead to the borewells being sealed.
E-Waste Management Rules: Upgraded computer labs and retired digital devices must be handed to authorised e-waste dismantlers with documentation. Passing old hardware to unregistered local scrap dealers breaches the rules.
05

The Data Privacy Frontier

Schools process vast volumes of sensitive minor data: biometrics for attendance, medical records, psychological assessments, and parental financials.

Data Fiduciary status: Under the Digital Personal Data Protection Act (DPDPA) 2023, schools are classified as Data Fiduciaries and are fully accountable for the data they hold.
No behavioural monitoring: Schools are prohibited from any behavioural monitoring or tracking of children.
Verifiable parental consent: Robust, verifiable parental consent mechanisms must be in place before any student data is collected, processed, or stored on Enterprise Resource Planning (ERP) systems.

Get a Compliance Diagnostic for Your School

RAYSolute Consultants maps your school against all 111 compliance requirements across 17 domains and delivers a priority-ranked gap report with a remediation roadmap.

1
Compliance Audit (Week 1-2)We assess your school against all 17 domains and 111 requirements
2
Gap Report & Risk Matrix (Week 3)Priority-ranked findings with statute references and penalty exposure
3
Remediation Roadmap (Week 4-8)Actionable compliance plan with documentation templates and training
4
Compliance Certification (Week 9-12)Mock inspection simulation and audit-ready evidence repository
No obligation. No spam. Just a clear picture of your compliance gaps.
AS

Aurobindo Saxena

Founder & CEO, RAYSolute Consultants

CMA, CS, MBA (E-Commerce). Forbes India contributor with 90+ published articles and 30+ industry reports on Indian education. 23+ years in institutional consulting across K-12, higher education, and EdTech. RAYSolute is one of the first education consultancies to offer Generative Engine Optimization (GEO) for educational institutions.

aurobindo@raysolute.com · www.raysolute.com

Frequently Asked Questions

A fully compliant Indian school must satisfy regulatory requirements across at least 17 distinct domains, generating 111 individual compliance obligations. The 15 core operational domains cover 92 requirements spanning child protection, data privacy, labour law, food safety, transport, accessibility, financial compliance, and environmental regulations. Two further tiers add 19 obligations: advanced vectors that activate at scale (foreign exchange, IP, advanced health infrastructure, residential operations, new Labour Codes, and related-party transactions) and cross-cutting tripwires that surface in surprise audits.
Beyond the standard 92 requirements, schools that scale or diversify face advanced compliance vectors. Foreign exchange rules (FEMA 1999, FRRO, and FCRA 2010) apply to international boards, foreign staff, and overseas funding. Intellectual property and media obligations cover the Copyright Act 1957, PPL and IPRS performance licences, ASCI advertising standards, and commercial software licensing. Advanced health rules (the Clinical Establishments Act and Bio-Medical Waste Management Rules 2016) apply once an infirmary is staffed and bedded. Residential and specialised infrastructure law covers State Hostel Acts, the NDMA School Safety Policy 2016, lift and escalator licensing, and State Pollution Control Board consent for diesel generator sets. Two further frameworks now dominate financial risk: the new Labour Codes effective November 2025 (the 50 percent wage rule, pro-rata gratuity for fixed-term staff, leave-encashment caps, and principal-employer liability) and Related Party Transaction scrutiny under Sections 12AB, 13 and 92BA, where unreasonable dealings with promoter-owned sister concerns can cost a trust its tax exemption. See Advanced Compliance Vectors for the full breakdown.
Under Section 21 of the POCSO Act 2012, failure by any person (including school staff) to report a known or apprehended sexual offence against a child is punishable with imprisonment up to six months, a fine, or both. Where the person in charge of an institution fails to report an offence against a child under their control, Section 21(2) raises the imprisonment to up to one year. Schools must constitute Child Protection Committees, conduct annual POCSO awareness training for all staff, and display POCSO e-Box information prominently on campus.
Yes. Schools are classified as Data Fiduciaries under the Digital Personal Data Protection Act 2023, legally responsible for all personal data they process: student records, Aadhaar numbers, photographs, biometric attendance, medical information, CCTV footage, and payment details. Section 9 imposes enhanced protections for children's data, requiring verifiable parental consent. Penalties reach Rs 250 crore for failure of security safeguards, and Rs 200 crore each for failure to notify a breach and for failure to protect children's data.
Board inspections assess infrastructure norms, teacher qualifications, mandatory public disclosures, record maintenance, student-teacher ratios, and safety compliance. Under CBSE, non-compliance triggers a progressive enforcement model: show-cause notice, affiliation downgrade (Senior Secondary to Secondary), and ultimately full disaffiliation. Schools with documented compliance frameworks and evidence repositories can respond to show-cause notices rapidly and avoid escalation.
The 100 SOPs article answers "what procedures should my school have?" This Compliance Framework answers "what laws and regulations apply to my school?" The SOPs are the operational response to the compliance obligations listed here. Together, they form a complete operating system: this article maps the regulatory terrain; the 100 SOPs provide the documented procedures to navigate it.
Yes. RAYSolute Consultants offers a structured School Compliance Diagnostic that maps your school against all 111 requirements across 17 domains, identifies gaps with priority ratings and penalty exposure, and delivers a customized Compliance Roadmap with remediation timelines. Contact aurobindo@raysolute.com or visit www.raysolute.com for an assessment.

More from RAYSolute

Explore our case studies, reports, and thought leadership

All Articles & Media