An international compliance checklist is a structured framework of legal, regulatory, and operational verifications that a company must carry out before and during its expansion into a foreign market. For companies expanding into Australia, the United Kingdom, or India — the three core markets where Expandys operates directly — this checklist is not generic. Each country carries its own registration requirements, employment laws, tax obligations, and sector-specific regulations that must be addressed before you begin trading.
Skipping or sequencing these verifications incorrectly is one of the leading causes of delayed market entry, financial penalties, and operational crises in all three markets.
|
Checkpoint |
Australia |
United Kingdom |
India |
|---|---|---|---|
|
Company registration |
ASIC |
Companies House |
MCA / ROC |
|
Tax registration |
ABN + GST |
HMRC / VAT |
GST + PAN + TAN |
|
Data protection |
Privacy Act 1988 |
UK GDPR |
DPDP Act 2023 |
|
Employment law |
Fair Work Act |
Employment Rights Act 2025 |
Labour Codes (4 codes) |
|
Supplier verification |
ASIC registry |
Companies House |
MCA21 + GST portal |
|
Foreign investment review |
FIRB approval thresholds |
No general restriction |
FEMA / RBI guidelines |
Before any contractual commitment or commercial activity, you must confirm the legal existence and standing of your own entity and any local partners.
Foreign companies entering Australia register with the Australian Securities and Investments Commission (ASIC) either as a registered foreign company or by incorporating a local subsidiary. You will also need an Australian Business Number (ABN) and, if annual turnover exceeds AUD 75,000, a GST registration. The Foreign Investment Review Board (FIRB) reviews acquisitions and investments above certain thresholds — factor approval timelines into your entry plan.
To verify an Australian partner or supplier, search the ASIC Connect registry and confirm their ABN status on the ABN Lookup tool managed by the Australian Business Register.
Foreign companies operating in the UK register with Companies House. You can operate as a registered foreign company (overseas entity), or incorporate a UK limited company. VAT registration is required once taxable turnover exceeds £90,000. The UK's Serious Fraud Office has intensified corporate enforcement in 2026, and the new Failure to Prevent Fraud offence significantly increases expectations around internal controls.
Verify UK partners directly on the Companies House public register — free, online, and available in real time.
India offers several entry routes for foreign companies: Wholly Owned Subsidiary (WOS), Joint Venture (JV), Branch Office (BO), or Liaison Office (LO), each governed by RBI guidelines under FEMA (Foreign Exchange Management Act). Registration is filed with the Ministry of Corporate Affairs (MCA) via the ROC (Registrar of Companies). Additional registrations include GST, PAN, TAN, and — for companies with 20 or more employees — EPF and ESIC enrollment.
Verify Indian partners on the MCA21 portal and cross-reference GST registration status on the GST portal. Foreign companies with Branch, Liaison, or Project Offices must also submit an Annual Activity Certificate (AAC) to their authorized dealer bank by 30 September each year.
Key rule: Never begin commercial activity in any of these three markets without completing legal registration first. Operating without registration exposes the company to penalties, director disqualification, and reputational risk — all three jurisdictions have intensified enforcement in 2026.
Due diligence on a local partner or supplier covers legal legitimacy and financial soundness — this is separate from, and must precede, any operational or factory audit.
Documents to request across all three markets:
Market-specific additions:
Key distinction: Partner verification covers legal legitimacy and financial stability. Operational audits cover delivery capacity and quality. Both are necessary — in that precise order. A partner who delays or refuses document requests is already showing a red flag.
Employment law is one of the highest-risk compliance areas in all three markets — and one of the most frequently underestimated by companies entering for the first time.
Australia's Fair Work Act governs employment relationships. Key obligations include: correct classification of employees vs contractors, adherence to the National Employment Standards (NES), payment at or above the applicable Modern Award rates, and superannuation contributions (currently 11.5% of ordinary time earnings). Misclassifying workers as contractors when they are legally employees is an active enforcement priority.
The UK's Employment Rights Act 2025 significantly expanded employee protections, making this one of the most significant shifts in UK employment law in years. Key changes include strengthened unfair dismissal rights from day one of employment, enhanced rights for zero-hours contract workers, and increased obligations around flexible working requests. Companies must also comply with PAYE, National Insurance contributions, and the National Minimum Wage — which increases annually in April.
India's labor compliance landscape is in active transition as the government consolidates 29 central labor laws into 4 Labor Codes: the Code on Wages, the Industrial Relations Code, the Code on Social Security, and the Occupational Safety Code. While full implementation continues to roll out at the state level, foreign companies should align HR policies with both existing and incoming requirements. Key recurring obligations include PF (Provident Fund) contributions, ESIC (Employee State Insurance), TDS on salaries, and compliance with India's Industrial Relations Rules 2026, which introduce a more documentation-intensive and digitally-driven labor environment.
Practical tip: Engage a local HR or employment law specialist in each market before your first hire. The cost of getting this wrong — in back pay, penalties, or litigation — consistently exceeds the cost of getting it right from the start.
Tax obligations in Australia, the UK, and India each carry their own filing calendars, thresholds, and penalty regimes. The table below summarizes the primary obligations.
|
Obligation |
Australia |
United Kingdom |
India |
|---|---|---|---|
|
Corporate tax rate |
25% (base rate) / 30% (large) |
25% (main rate) |
22% (domestic) / 40% (foreign branch) |
|
GST / VAT |
10% GST (threshold: AUD 75K) |
20% VAT (threshold: £90K) |
18% GST standard rate (multiple slabs) |
|
Transfer pricing |
ATO rules apply |
HMRC arm's length standard |
Section 92 Income Tax Act |
|
Annual filing |
Company tax return to ATO |
Corporation Tax return to HMRC |
ITR filing + MCA ROC forms |
|
Foreign investment reporting |
FIRB (above thresholds) |
No general screening |
FLA Return to RBI by 15 July |
India-specific note: From April 2026, India's Updated ITR window expanded from 2 to 4 years, allowing companies to correct or supplement prior filings. Foreign entities with External Commercial Borrowings must file Form ECB-2 monthly through their authorized dealer bank. Non-compliance with ROC filings attracts late fees of ₹100 per day per form with no upper cap.
Data protection obligations differ meaningfully across the three markets and must be addressed before you process any customer or employee data locally.
The Privacy Act 1988 governs personal information handling for companies with annual turnover above AUD 3 million (and some smaller entities). The Australian Privacy Principles (APPs) set out requirements for data collection, storage, use, and disclosure. Cross-border data transfers require either the recipient to be bound by equivalent privacy protections, or the disclosing entity to take reasonable steps to ensure compliance.
Post-Brexit, the UK operates its own UK GDPR and Data Protection Act 2018, which closely mirror the EU GDPR but are administered by the Information Commissioner's Office (ICO). Standard data transfer mechanisms between the UK and EU remain in place under the current adequacy decision. Maximum fines reach £17.5 million or 4% of global annual turnover, whichever is higher.
India's Digital Personal Data Protection (DPDP) Act 2023 is now in force and represents the most significant data regulation shift in the country's history. Foreign companies processing data of Indian residents must comply with consent requirements, data localization obligations for certain sensitive categories, and breach notification timelines. The Act is part of broader regulatory reforms under the Jan Vishwas 2.0 initiative.
Data protection checklist across all three markets:
Depending on your industry, additional certifications and verifications apply in each market.
|
Sector |
Australia |
United Kingdom |
India |
|---|---|---|---|
|
Food & beverage |
FSANZ standards, state licensing |
FSA registration, allergen rules |
FSSAI license |
|
Medical / healthcare |
TGA registration |
MHRA approval, MDR compliance |
CDSCO approval |
|
Financial services |
ASIC license (AFS) |
FCA authorization |
RBI / SEBI / IRDAI license |
|
Manufacturing |
State EPA / WHS compliance |
HSE regulations, UKCA marking |
BIS certification under QCO framework |
|
Technology / SaaS |
Privacy Act APPs |
UK GDPR, Cyber Essentials |
IT Act 2000, DPDP Act 2023 |
On supplier certifications: Always verify ISO certifications directly on the public registries of SGS, Intertek, or Bureau Veritas — never accept a PDF copy. Counterfeit certificates circulate across all three markets and can be purchased for negligible cost on unregulated platforms.
Expandys operates directly in Australia (Sydney), the United Kingdom (London), and India (Bangalore) — with local teams on the ground in each market. This means the compliance support we provide is not remote advisory: it is in-market, operational, and accountable.
Our support covers three pillars:
Strategy and market entry — market study and strategic analysis, identifying the right entry mode, regulatory mapping, and Go/No-Go assessment for your specific sector and business model.
Subsidiary set-up and management — end-to-end company registration with ASIC, Companies House, or MCA; bank account opening and KYC support; accounting and tax compliance; and ongoing administrative management of your local entity.
Recruitment and HR services — local talent sourcing, Employer of Record (EOR) solutions for companies that want to hire before establishing a legal entity, payroll outsourcing, and HR compliance aligned to each market's employment law framework.
Expandys has supported 600+ companies across 17 years and 1,200+ projects. Our local teams in Sydney, London, and Bangalore provide the operational depth that remote advisory firms cannot.
|
Point |
Details |
|---|---|
|
Register before you operate |
ASIC (AU), Companies House (UK), MCA (IN) — registration precedes all commercial activity |
|
Verify partners through official registries |
ASIC Connect, Companies House, MCA21 — free, real-time, authoritative |
|
Employment law is high-risk in all three markets |
Fair Work Act, Employment Rights Act 2025, and India's Labor Codes each carry significant penalties |
|
Data protection obligations differ per market |
Privacy Act (AU), UK GDPR (UK), DPDP Act (IN) — one framework does not cover all three |
|
Sector-specific licenses are non-negotiable |
TGA, MHRA, CDSCO, ASIC AFS, FCA — these must be in place before launch |
|
Local presence reduces compliance risk |
On-the-ground support in each market is more reliable than remote advisory |
Legal registration is the first and non-negotiable step in all three markets. In Australia, register with ASIC and obtain an ABN. In the UK, register with Companies House. In India, register with the MCA via the ROC and obtain GST, PAN, and TAN registrations. Operating without registration exposes the company to penalties in all three jurisdictions.
Timelines vary. UK company incorporation via Companies House can be completed in 24 to 48 hours for standard cases. Australian registration with ASIC typically takes one to two weeks. India is the most complex — a Wholly Owned Subsidiary typically takes four to eight weeks depending on the sector, documentation readiness, and state of incorporation.
In Australia, the primary risk is worker misclassification under the Fair Work Act. In the UK, the Employment Rights Act 2025 introduced day-one unfair dismissal rights and stronger protections for flexible and zero-hours workers. In India, the Labor Codes consolidation is still rolling out at state level, creating jurisdiction-specific variations that require monitoring.
The UK operates its own UK GDPR, administered by the ICO, which closely mirrors EU GDPR but is a separate legal framework. Transfers between the UK and EU are currently covered by a mutual adequacy decision, but this must be monitored as it is subject to review.
India's Digital Personal Data Protection Act 2023 applies to any entity processing the personal data of individuals located in India, regardless of where the company is incorporated. Foreign companies must comply with consent requirements, breach notification timelines, and data localization obligations for certain sensitive data categories.
The Foreign Investment Review Board (FIRB) reviews foreign acquisitions and investments above specific monetary thresholds, which vary by sector and investor type. Sensitive sectors — including media, telecommunications, and critical infrastructure — carry lower thresholds and stricter scrutiny. Expandys can advise on whether your specific transaction requires FIRB notification.
Expandys has local teams and offices in Sydney, London, and Bangalore. We support companies with subsidiary creation, company registration, bank account setup, accounting and tax compliance, payroll, EOR services, and HR management — across all three markets simultaneously if needed. Contact our team for a first diagnostic at expandys.com.
Tell us where you want to expand — Australia, the UK, or India — and our local team will assess your current compliance posture, flag the critical gaps, and outline a practical first step. Takes 2 minutes to request.