Most founders set up their company and immediately start selling. The legal scaffolding comes later, "once we have revenue", "once we hire the first person", "once we raise". By then, the cost of fixing it is five times what it would have been to do it right at the start. I have watched companies pay lakhs unwinding mistakes that would have cost nothing to avoid in month one.
This is the list I give to founders when they ask, "what do I actually need to set up legally?" It is not the everything-list. It is the early-stage list: the ten things that protect you from the failure modes that actually happen.
Why legal-first matters more than founders think
Legal is the only function in a startup where small early mistakes compound into existential problems years later. A bad financial model gets revised next quarter. A bad hire gets corrected in months. A bad founders' agreement, an unstamped contract, or an IP assignment that was never signed can sit dormant for three years and then surface during your Series A diligence and kill the round. Or worse, surface in court two years after that.
The good news is that the early-stage legal foundation is genuinely small. Ten documents and decisions. None of them complicated. All of them cheap if done early, expensive if done late.
The 10-point checklist
1. The right entity, with the right paperwork
Pick the entity structure that fits your plans: a Private Limited Company for anything you intend to raise outside funds for; an LLP for service businesses that will stay closely held; sole proprietorship only if you genuinely have no growth ambitions. Get the incorporation done properly, with the Memorandum and Articles of Association reviewed by someone who has read them, not just downloaded a template. Get your PAN, TAN, and a current account opened. None of this is glamorous. All of it has to exist before anything else.
2. A founders' agreement, signed before there is anything to fight about
If there is more than one founder, you need a founders' agreement on day one. Equity split, vesting (four years with a one-year cliff is standard for a reason), what happens if a founder leaves, what happens if a founder is fired, IP assignment from founders to the company, decision rights. Founders sign this when everyone is friends. The moment you need a founders' agreement because there is a problem, it is far too late to draft one.
3. IP assignment from every contributor
Every person who creates anything for your company, code, design, content, branding, business plans, needs to assign that IP to the company in writing. This includes founders, employees, contractors, freelancers, advisors and that friend who designed your logo for free. Without these assignments, the company does not own its own work. Investors will catch this in diligence. Acquirers will catch it. Until then, you have a startup that cannot prove it owns the things it is selling.
4. Standard employment and contractor templates
You will hire faster than you expect. Have two templates ready: an employment agreement (with confidentiality, IP assignment, non-solicitation that survives Section 27 scrutiny, and clean termination terms), and an independent contractor agreement (with deliverables, fees, and very clear IP-assigns-to-company language). Without these, every hire becomes a one-off legal exercise that you will be tempted to skip.
Verbatra generates founder-grade employment agreements and offer letters in 60 seconds, adapted to your jurisdiction and your role. Free during launch.
Open the Employment generator →5. A real NDA, used selectively
Do not send an NDA to every investor before a first meeting. But the moment you are sharing actual diligence material, code, customer lists, or strategy with a vendor, partner or candidate, you need a real NDA. Mutual NDA is the safe default. Use it for the moments it actually matters, not as a paranoia signal.
6. Master Service Agreement and Statement of Work for every customer
The moment you sign your first paying customer, you need a proper Master Service Agreement (MSA) with a Statement of Work attached. Not a one-page invoice with "terms apply", not an email handshake. A real MSA covers scope, fees, payment terms, IP, liability cap, indemnities, termination, data protection and governing law. Get this right once and every future customer reuses the same template with the SOW changed.
7. Data Processing Agreement, if you handle customer data
If you are SaaS, fintech, healthtech, edtech or any business that processes personal data on behalf of your customers, you need a Data Processing Agreement. Under India's Digital Personal Data Protection Act, 2023, this is no longer optional. Without a DPA, your B2B customers cannot legally use you for any work that touches personal data, and you will lose enterprise deals during procurement review.
8. Privacy policy and terms of use on the website
If you have a website that collects any user data (a contact form is enough), you need a privacy policy. If you have a product that users sign up to, you need terms of use. These are legally required, but they also signal seriousness to enterprise buyers, investors and partners. A missing privacy policy is one of the first things an enterprise procurement team flags.
9. Statutory registrations done on time
GST registration above the turnover threshold, professional tax in States where applicable, Shops and Establishments registration for your office, PF and ESI when you cross the employee thresholds, MSME registration if you qualify. None of these are complicated. All of them have penalties for late filing. Build a compliance calendar from day one.
10. A real document repository
Every signed contract, every statutory filing, every IP assignment, every cap table change goes into one organised repository, accessible to the founders and to legal counsel. Cloud-based, version-controlled, with proper file names. The first time you go through a fundraise or an acquisition, you will be asked to produce hundreds of documents in days. Companies that cannot do this either lose deals or pay heavily to clean up the mess in real time.
What this costs if you do nothing
The pattern I see most often: founders skip steps 2, 3, 6 and 7 in the early years. Two years in, they raise their first serious round. Diligence reveals: no founders' agreement (so no clean equity story), incomplete IP assignments (so the company cannot prove it owns its own product), customer contracts that are emails with payment links (so revenue is hard to defend), no DPA framework (so enterprise customers cannot be onboarded properly).
The deal does not die, usually. But it gets repriced, conditions get attached, lawyers get hired to remediate at fundraise speed (which costs four to five times normal), and the founders spend weeks on legal cleanup instead of building. All to avoid two months of cheap, calm legal setup that they could have done in year one.
The bottom line
Legal-first is not a slogan. It is a strategy that costs almost nothing early and saves enormous amounts later. If you are pre-launch or in your first year, work through this list. If you are further along and have skipped some of it, fix it now, before the diligence call that forces you to.
This is the work Verbatra was built for. The tools generate the documents you need; the subscription service runs the ongoing legal operations so that founders do not have to think about any of this at all. If you want to talk through where your company stands on the checklist, the contact details are on the homepage.