Moonlighting in India: Guarding Your Business

Aarthi

Hello and welcome back to The People Stack. I’m Aarthi, here with Raj—hi Raj!—and today we’re digging into a topic that’s been keeping Indian founders up at night. Moonlighting. Why so much noise, right? And well… just look at the Wipro case from 2022. Wipro terminated 300 employees for—let’s call it what it is—side hustling, dual employment, whatever you call it. Their chairman used the word "cheating," and honestly, while Twitter had a field day debating the ethics, Wipro was laser-focused on one thing: protecting its business. And they had absolutely everything documented to do it legally.

Raj

Yeah, it’s wild. The scale of it too! This wasn’t just a few folks freelancing nights. It was organized, systemic. I mean, you see employees building rival products right on their company laptops, or straight up consulting for your own clients—all under the radar. And look, there’s this Kotak survey from the same year—65% of IT workers said they knew someone who was moonlighting while fully employed. That’s not “a rotten apple”; that’s the whole basket!

Aarthi

Exactly. And the scariest part, for most employers, is your investment—the teams you train, the playbooks you sweat over, sometimes your own codebase—getting used by competitors or funneled into someone else’s “side project.” And worse, the people doing it actually believe they’re not doing anything wrong. So it’s not about, like, being the “bad guy boss.” It’s about survival at this point. If you aren’t watching, you’re probably already bleeding knowledge and money. Should we go straight into what people can do, Raj?

Raj

Let’s dive in! So, everyone loves to talk about “rights,” but here’s the thing—Indian law actually puts a lot of power in the employer’s hands, if you know how to use it. Exclusive service clauses? Absolutely valid—as long as you say, “work for me exclusively” and not just, “don’t work anywhere else.” There’s a difference. Courts want you to frame it as a positive obligation to serve your company, not a ban on all work. Same with IP ownership: anything built using your platform, your resources, inside or outside office hours, and especially if it's remotely related to your business—that's yours! Copyright, Patents Act, all that backs you up.

Aarthi

And don’t forget confidentiality obligations, non-solicitation, and conflict of interest clauses—those are your magic bullets. These are enforceable. Draft them right and courts support you, especially if you document it in clear, written contracts. No airy-fairy language: spell out what is confidential, what is not allowed, what happens if it’s breached. You get to set the conditions for any side work or consulting, and you need to make employees formally disclose anything they’re involved in outside.

Raj

Yep, you need a three-tiered system in every solid policy. Tier one—only passive stuff allowed, like personal investments. Tier two, ask for disclosure and approval for anything else—teaching, freelancing, even board positions. Tier three—not negotiable: no work for competitors, no using company IP, no serving your clients on the side, nothing during official hours. First offence? Immediate termination. No “one small warning.”

Aarthi

Actually, the best policies spell out every term in readable language. Something like, “Employee will not work for any competitor or engage in any business activities that conflict with Company interests.” And here’s a pro tip for founders—don’t get soft on IP clauses! Assign all intellectual property, no exceptions—and if someone breaches, you’re entitled to immediate legal action, damages, sometimes even a slice of profits they made out of your property… if you’ve set it up right.

Raj

I wanna throw in a real example here. At Offrd.co we’ve actually seen this play out. We ran pre-employment checks for a client, and it threw up two active EPF numbers—two provident fund accounts being paid at the same time! That’s basically proof of dual employment. Because of our check, the client avoided a major liability, and of course, didn’t get stuck cleaning up a compliance mess months down the line. Background checks like this—totally non-negotiable, and super easy to automate, honestly.

Aarthi

Right, and this stuff isn’t just “good to have”—it’s your shield against revenue loss, customer churn, even regulatory penalties. If you get the contract structure and employment agreements rock solid, you can actually enforce them, meaning you’re not left chasing people after the damage is already done.

Aarthi

So Raj, let’s say you’ve got policies, contracts, all sorted. What’s left is detection—because policies without enforcement are basically just wishful thinking. How do you actually catch moonlighters before they do the damage?

Raj

It’s a mix of tech and tactics. On the technical side, deploy monitoring tools. Things like Data Loss Prevention—DLP—scans outgoing company email, endpoints monitoring for suspicious downloads or usage patterns, and regular network traffic analysis. If you notice big files moving out after hours or code commits appearing in public repositories that match your tech stack—you have something worth checking out. And you need to be upfront in the contracts that device usage will be monitored, okay? No surprises.

Aarthi

Oh, and don’t forget about quarterly audits. Actually go check public Github or LinkedIn profiles, do those searches on the Ministry of Corporate Affairs site—especially for folks in technical or client-facing roles. Red flags? Sudden LinkedIn changes, or employees with unexplained “consultancies.” And then, incentivize whistleblowing. I know it sounds intense, but when you put rewards for reporting undisclosed moonlighting, people will come forward. I’ve seen programs offer ₹25,000, even ₹50,000 for verified tips.

Raj

And once you spot something, you act, fast. Investigation within 48 hours—lock down devices, preserve email and files, hold access, do a full evidence sweep. If it’s breach of policy, that’s immediate termination, no severance—and, if necessary, legal action. It’s important for the rest of the team to see there’s zero tolerance, otherwise the word spreads that you’re lenient. You don’t want that.

Aarthi

Absolutely. And when you do update or enforce a policy, communicate it company-wide. Announce the changes or reminders, spell out the approval process, and reiterate—failure to disclose is the quickest way to lose your job and reputation. All of this together—monitoring, clear contracts, fast investigations, and open communication—is how Indian startups and SMEs truly protect themselves. So whether you’re a two-person team or a 2,000-person org, you can stay on top of this and not just… hope for the best.

Raj

Yeah, if there’s one thing to remember, it’s this: You’re not being harsh, you’re just making sure your business survives. Policies, monitoring, legal tools—they’re your way to draw a line. Anyway, that’s our playbook for today, Aarthi. This is a topic that’ll only get trickier as remote and hybrid work becomes the norm, so we’ll definitely be back with more stories from the trenches. You can read more in detail about htis topic on our website or on offrd's medium channel

Aarthi

Thanks, Raj! Always a blast. And to everyone listening—take care of your teams, but seriously, protect your business. We’ll be back with more deep-dives soon. Bye Raj!

Raj

Bye Aarthi, see you next time!