Casela Advisors

Business Enquiries +91 9819 000 227 / +91 9819 000 511 / +91 9819 000 147 / +91 9765 000 966

Get in Touch

Information Technology & SaaS Advisory Services in India – STPI / SEZ Setup, Software Export & GST (LUT), ESOP Structuring, Transfer Pricing, DPDP Act Data Compliance & IP Protection

Information Technology and SaaS companies operate across borders from day one, which puts them at the intersection of several specialised regimes — STPI and SEZ registration for export units, GST on export of services with Letter of Undertaking (LUT), transfer pricing under Sections 92–92F for captive and group billing, ESOP taxation and pooling, the Digital Personal Data Protection Act 2023 and the IT Act 2000 with CERT-In directions, and FEMA rules for foreign investment, ECB, and overseas structures.

Our IT and SaaS advisory practice supports founders, product companies, GCCs, and IT services firms across the full stack — entity and STPI / SEZ setup, software-export GST and LUT compliance, transfer-pricing documentation and Form 3CEB, ESOP design and tax, DPDP and data-protection readiness, IP protection (trademark, copyright, software licensing), FEMA / FDI structuring, and contract drafting (MSA, SOW, SLA, DPA). Whether you are setting up a global capability centre, billing a US parent, rolling out an ESOP, or preparing for a data-protection audit, we keep your structure efficient, compliant, and investor-ready.

STPI / SEZ
Export Unit Setup
LUT
Zero-Rated Export GST
Sec 92
Transfer Pricing
DPDP 2023
Data Protection
Laws & Frameworks We Work Under
STPI Scheme
SEZ Act 2005
Sec 10AA Deduction
GST Export / LUT
OIDAR Rules
Sec 92–92F TP
ESOP (Sec 17 / 192)
DPDP Act 2023
IT Act 2000
CERT-In Directions
FEMA NDI Rules
ECB Framework
Trademark / Copyright
DPIIT Startup

IT & SaaS Engagements We Handle

Setup

GCC / Export Unit Setup

Establishing a global capability centre or software-export unit — entity, STPI / SEZ registration, and the cross-border billing and compliance backbone.

  • Entity & bank / AD-code setup
  • STPI unit registration
  • SEZ unit (where eligible)
  • Softex & export reporting
  • Inter-company agreement
  • Payroll & PF / PT setup
GST

Software-Export GST & LUT

Treating cross-border software / SaaS as zero-rated export of services and claiming refunds of accumulated input tax credit.

  • Export-of-service test
  • Letter of Undertaking (LUT)
  • Zero-rated supply
  • ITC refund (Rule 89)
  • OIDAR analysis
  • Place-of-supply opinions
Transfer Pricing

Transfer Pricing & 3CEB

Arm's-length benchmarking for captive development centres and group billing, with the full documentation and reporting suite.

  • Cost-plus benchmarking
  • Form 3CEB certification
  • TP study & comparables
  • Master File (3CEAA)
  • CbCR (3CEAB / 3CEAC)
  • Safe-harbour / APA advisory
ESOP

ESOP Design & Taxation

Building an employee stock-option pool, drafting the scheme, and managing perquisite tax at exercise and capital gains at sale.

  • ESOP pool & scheme design
  • Vesting & cliff structuring
  • Perquisite tax (Sec 17)
  • Startup TDS deferral (Sec 192)
  • Valuation for ESOP
  • Cap-table & grant tracking
Data

DPDP & Data Protection

Readiness for the Digital Personal Data Protection Act and IT Act / CERT-In obligations across products that handle personal data.

  • DPDP gap assessment
  • Consent & notice design
  • Data-processing agreements
  • Breach-response & CERT-In
  • Privacy policy & records
  • Cross-border transfer review
FEMA / IP

FEMA, FDI & IP

Foreign-investment structuring, external commercial borrowing, and protection of code, brand, and product IP.

  • FDI & FC-GPR reporting
  • ECB / convertible notes
  • ODI for overseas subsidiary
  • Trademark & copyright
  • Software / SaaS licensing
  • IP assignment & escrow

Key IT & SaaS Concepts You Must Know

STPI

Software Technology Parks

The STPI scheme lets software-export units operate as 100% export-oriented, simplifying Softex filing, foreign-exchange realisation, and duty-free imports.

Export Unit Softex Filing
Sec 10AA

SEZ Deduction

Units in a Special Economic Zone can claim a profit-linked deduction under Section 10AA, available to units that commenced before the statutory sunset date.

SEZ Profit Deduction Sunset Applies
GST Export

Zero-Rated Services

Export of software / SaaS is a zero-rated supply — exportable under LUT without paying IGST, with refund of accumulated input tax credit.

LUT Route ITC Refund
OIDAR

Online Information Services

Cross-border digital services to Indian consumers can fall under OIDAR rules, creating GST registration and payment obligations for foreign suppliers.

Digital Services Reverse / Forward
Sec 92

Arm's-Length Pricing

Transactions with associated enterprises must be at arm's length, supported by a TP study, Form 3CEB, and — above thresholds — Master File and CbCR.

Form 3CEB Benchmarking
ESOP Tax

Two-Point Taxation

ESOPs are taxed as a perquisite on the spread at exercise and as capital gains at sale; eligible startups may defer the TDS on the perquisite.

Exercise Perquisite Sale Capital Gain
DPDP 2023

Data Protection Law

The DPDP Act sets consent, notice, purpose-limitation, and breach-notification duties for entities (Data Fiduciaries) processing personal data of Indian users.

Consent & Notice Breach Duty
CERT-In

Cyber Incident Reporting

CERT-In directions require reporting of specified cyber incidents within a tight timeline and retention of logs, applicable to most digital service providers.

Incident Report Log Retention

Our IT & SaaS Advisory Services

01

Entity & GCC Setup

Incorporation, AD-code and bank setup, STPI / SEZ registration, and the inter-company and payroll framework for a capability centre or export unit.

02

Software-Export GST & LUT

Zero-rated export structuring, Letter of Undertaking, ITC refund filing under Rule 89, OIDAR analysis, and place-of-supply opinions.

03

Transfer Pricing & 3CEB

Benchmarking studies, Form 3CEB certification, Master File, CbCR, and safe-harbour or Advance Pricing Agreement advisory.

04

ESOP & Equity Compensation

ESOP / RSU pool design, scheme drafting, valuation, perquisite-tax computation, startup TDS deferral, and cap-table management.

05

DPDP & Data Compliance

DPDP gap assessment, consent and notice architecture, data-processing agreements, breach-response playbooks, and CERT-In readiness.

06

IP Protection & Licensing

Trademark and copyright registration, software / SaaS licensing, IP assignment from founders and contractors, and source-code escrow.

07

FEMA & FDI Structuring

Inbound FDI and FC-GPR, ECB and convertible notes, overseas-subsidiary (ODI) structuring, and reverse-flip planning.

08

Contract Drafting

Master service agreements, statements of work, SLAs, data-processing addenda, NDAs, and SaaS subscription terms.

09

Direct Tax & Corporate Tax

Tax-regime selection, Section 10AA / deduction planning, tax audit, advance tax, withholding on foreign payments, and assessments.

10

Startup Recognition & Funding

DPIIT recognition, Section 80-IAC tax-holiday eligibility, SAFE / CCPS structuring, and term-sheet and shareholders-agreement review.

11

Payroll & HR Compliance

Payroll processing, EPF / ESI / PT, contractor compliance, equity-linked payroll, and remote-employee structuring across states.

12

Virtual CFO & MIS

Revenue recognition for subscription / SaaS, ARR / MRR reporting, board MIS, runway tracking, and investor-reporting packs.

When an IT / SaaS Business Needs an Advisor

Setting Up a GCC

A new global capability centre needs the right entity, STPI / SEZ registration, transfer-pricing model, and payroll from day one to bill the parent cleanly.

Billing a Foreign Parent

Cross-border invoicing of a related entity triggers transfer-pricing, GST-export, and FEMA realisation requirements that must be documented and reported.

Rolling Out an ESOP

Launching an option pool needs a valuation, scheme document, board / shareholder approval, and a clear tax position for employees at exercise and sale.

Data-Protection Audit

Enterprise customers and the DPDP Act increasingly require a documented privacy program, DPAs, and a breach-response process before contracts close.

Raising Foreign Capital

Inbound investment, convertible notes, or SAFEs require correct FEMA pricing, FC-GPR reporting, and clean cap-table and IP-assignment records.

Claiming GST Refunds

Export-led SaaS firms accumulate input tax credit that can be refunded — but only with correct LUT, documentation, and Rule 89 filings.

Reverse-Flip to India

Moving a holding company from offshore back to India for an IPO involves layered FEMA, tax, and corporate-law steps that need careful sequencing.

DPIIT & Tax Holiday

Eligible startups can claim a three-year profit deduction under Section 80-IAC — recognition and conditions must be secured before the sunset date.

Documents Needed for an IT / SaaS Engagement

Corporate & Constitutional

  • Certificate of Incorporation, MOA / AOA
  • Cap table & shareholders' agreement
  • STPI / SEZ registration
  • Board & shareholder resolutions
  • ESOP scheme & grant letters
  • Group structure chart
  • Director DIN / KYC

Financial & Tax

  • Audited financials (3 years)
  • Income-tax returns & 3CEB
  • GST returns & LUT
  • Transfer-pricing study
  • Foreign-remittance (FIRC) records
  • Revenue / ARR schedules
  • Withholding-tax records

Contracts & Compliance

  • Master service agreements / SOWs
  • Customer & vendor contracts
  • Data-processing agreements
  • IP-assignment deeds
  • Privacy policy & consent records
  • FEMA / FC-GPR filings
  • Trademark / copyright records

Our IT & SaaS Engagement Process

1

Structure & Diagnostic

Review of entity, cross-border billing, cap table, and data flows, with a gap analysis across tax, GST, FEMA, and data-protection.

2

Setup & Registration

STPI / SEZ, GST and LUT, AD-code, ESOP scheme, and the inter-company agreement and payroll framework.

3

Compliance & Documentation

Transfer-pricing study and 3CEB, DPAs and privacy program, IP assignments, and FEMA reporting.

4

Filings & Refunds

Periodic GST / income-tax / TP filings, ITC refunds, FC-GPR, and representation in scrutiny and assessments.

5

Review & Scale

Compliance calendar, board MIS, and periodic review to keep the company investor-ready and audit-ready as it scales.

Why Choose Us for IT & SaaS Advisory

GCC & export-unit setup
Software-export GST & refunds
Transfer-pricing & 3CEB
ESOP design & taxation
DPDP & data-protection readiness
FEMA & FDI structuring
IP protection & licensing
Investor-ready compliance

FAQs on IT & SaaS Compliance in India

Is export of software or SaaS subject to GST?
Export of software and SaaS generally qualifies as a zero-rated supply under GST when the recipient is outside India, payment is received in convertible foreign exchange, and the place-of-supply conditions are met. The exporter can supply without paying IGST under a Letter of Undertaking (LUT) and claim a refund of accumulated input tax credit under Rule 89, or pay IGST and claim a refund of the tax. Care is needed where the customer is a related party or the service may fall under OIDAR rules.
Why do IT companies billing a foreign parent need transfer pricing?
When an Indian unit provides development or support services to an associated enterprise (such as a parent or group company), the pricing must be at arm's length under Sections 92–92F. The company must maintain a transfer-pricing study, file Form 3CEB with the tax return, and — above turnover / group thresholds — file a Master File (3CEAA) and Country-by-Country Report. Captive centres often use a cost-plus mark-up benchmarked against comparables; safe harbour or an APA can add certainty.
How are ESOPs taxed for employees in India?
ESOPs are taxed at two points. At exercise, the difference between the fair market value and the exercise price is a perquisite taxed as salary under Section 17. At sale, the gain over the value taxed at exercise is a capital gain (long- or short-term depending on the holding period). Employees of eligible DPIIT-recognised startups can defer the TDS on the perquisite under Section 192(1C) for a specified period, easing the cash-flow burden at exercise.
What does the DPDP Act 2023 require of an IT / SaaS company?
The Digital Personal Data Protection Act 2023 treats a company that decides how and why personal data is processed as a Data Fiduciary, with duties to obtain valid consent, provide a clear notice, limit processing to the stated purpose, implement reasonable security safeguards, honour data-principal rights, and notify breaches. SaaS vendors that process data for customers act as processors and need data-processing agreements. Obligations apply alongside the IT Act 2000 and CERT-In incident-reporting directions; phased implementation follows the Rules.
What is the STPI scheme and is it still beneficial?
The Software Technology Parks of India (STPI) scheme allows a software-export unit to operate as a 100% export-oriented unit, simplifying Softex filing, foreign-exchange realisation, and duty-free import of equipment. While the earlier income-tax holiday for STP units has expired, STPI registration remains useful for export documentation, single-window compliance, and bonded operations, and is often preferred by smaller exporters who do not need a full SEZ. We compare STPI and SEZ against your scale and growth plans.
Can a startup defer or reduce tax under any special provision?
Yes. An eligible startup recognised by DPIIT can claim a 100% deduction of profits for three consecutive years out of its first ten years under Section 80-IAC, provided it is incorporated before the notified sunset date (currently extended to 31 March 2030) and meets turnover and eligibility conditions. Separately, the angel tax under Section 56(2)(viib) has been abolished from assessment year 2025-26, removing the premium-valuation risk on share issues. We secure recognition and align funding to preserve these benefits.
What FEMA compliance applies when an IT company raises foreign investment?
Foreign investment into an Indian IT / SaaS company is generally permitted up to 100% under the automatic route, but must comply with FEMA Non-Debt Instruments Rules — including pricing guidelines, receipt of funds through banking channels, and reporting in Form FC-GPR within the prescribed time. Transfers between residents and non-residents are reported in FC-TRS, external borrowings follow the ECB framework, and overseas subsidiaries require ODI compliance. Convertible notes and SAFEs need careful structuring to fit Indian rules.

Borderless Billing. Bulletproof Compliance. Investor-Ready Books.

Partner with our IT and SaaS experts for GCC / export-unit setup, software-export GST, transfer pricing, ESOP design, DPDP readiness, and FEMA structuring for FY 2026–27.

Talk to an IT & SaaS Expert