The moonlighting minefield: A governance wake-up call for tech firms

In today’s landscape, moonlighting is not limited to specific hierarchies or harmless side gigs—it has transformed into a sophisticated, high-stakes risk that even skilled and high-profile professionals are engaging in.

In brief

• In India, the legal stance on moonlighting is fragmented, with most tech companies relying on employment contracts to guide their decisions.
• The lack of clear contractual terms leads to ambiguity that can lead to grey areas where someone can pursue dual employment without consequences.
• In addition to well-defined policies and procedures, organizations must establish strong internal controls and frameworks to prevent and identify unauthorized moonlighting activities.

The case earlier this year of a software engineer working across multiple companies had ignited debate around an uncomfortable truth in the tech world: moonlighting is no longer confined to a certain hierarchy or harmless side gigs—it is now a sophisticated, high-stakes risk that even experienced and high-profile professionals are engaging in.  These are individuals who appear credible, talented, and full of promise—often acing interviews, impressing decision-makers, and securing roles in fast-growing or established tech organizations eager for top talent. With most organizations now adept at using AI-based tools and technologies, tech professionals increasingly have the opportunity to deliver work faster and more efficiently, sometimes making it harder to detect whether their billable and non-billable time is being fully dedicated to the employer’s benefit.

At the same time, some take advantage of the speed, informality, and trust-based culture that defines many tech organizations, to engage in dual employment, putting companies at risk of financial losses, data breaches, operational disruption, and reputational harm. However, while start-ups benefit from embracing a flexible work culture since it helps them attract and retain high-value talent in a competitive job market, sectors where Indian tech firms work in US or European markets—especially in SaaS, fintech, or health tech—moonlighting raises serious concerns over data confidentiality, General Data Protection Regulation (GDPR) compliance, and Intellectual Property (IP) protection.

In India, the legal position on moonlighting in tech companies remains fragmented. For most, the decision hinges on employment contracts which may include exclusivity clauses, confidentiality agreements, and non-compete provisions. However, many organizations—particularly those in growth phases—tend to lack robust or standardized employment contracts, often resulting in informal or loosely structured employment terms, especially when hires are made quickly through networks and referrals. The absence of clear contractual terms creates ambiguity, which can be exploited to engage in dual employment without consequence. Even when such clauses exist, enforcement remains a challenge—especially in today’s environment of remote work, and gig economy challenges arising from a growing sentiment amongst employees regarding the desirability of multiple jobs to expand their income sources.

Tech companies can safeguard their interests by focusing on the following considerations:

• Screen for behaviour and ethics, not just skills: Hiring processes should move beyond technical assessments to include behavioural evaluations and ethical judgment tests to reduce the risk of bringing in individuals with questionable integrity. Leveraging employment monitoring tools and implementing robust employment background checks can also help verify credentials, past employment history, and flag potential risks. 

• Define employment terms at the offer stage: Cutting corners in employment contracts can leave the door wide open for ethical grey zones, moonlighting risks, and legal disputes. Key employment terms—such as policies on moonlighting, conflicts of interest, confidentiality, and permissible external work—should be defined from the outset, along with the consequences of violations such as termination, legal action, or financial penalties. This contractual clarity minimizes misunderstandings or manipulative behavior down the line.

• Strike a balance: Consider whether certain critical or sensitive roles benefit from in-person presence. While remote work offers flexibility, it can sometimes make it harder to spot early warning signs of dual employment or misrepresentation. A thoughtful balance between remote and in-office roles can help strengthen oversight where it matters most.

• Protect your IP and data before it is too late: IP and data in the tech sector are the lifeblood of the business—often their most valuable assets. Prioritizing robust data privacy protocols and IP protection measures that go beyond just IT security are critical, including strong confidentiality clauses, controlled data access, and clear expectations for ethical conduct.

• Real-time governance in technology firms: Digital tools and advanced verification technologies can help flag unusual patterns, overlapping employment, or undisclosed affiliations—often before they escalate into larger risks. Continuous, discreet monitoring not only strengthens internal controls but also serves as an early warning system for potential conflicts of interest or ethical breaches. In cases where it is permitted, monitoring should be clearly defined in the organization’s policies, balancing respect for employee privacy and compliance with local employment laws.

• Draw the line before it is crossed: Mandatory declarations and disclosures—clearly articulated in contracts and policies—should define what is permissible and what constitutes a breach of trust. To help inculcate ethics in hiring and establish appropriate guardrails, global standards like ISO 37009:2021 on Conflict of Interest can play a vital role.

An EY analysis of data sourced from over 90 large and medium-sized companies revealed that 45% of discrepant profiles in the IT sector were due to concerns of moonlighting. Dual employment risks include loss of revenue, conflicts of interest, and integrity, compliance, and reputational risks for organizations. In addition to having clearly defined policies and procedures, companies need to implement robust internal controls and sanctions frameworks to prevent and detect unwarranted moonlighting activities. 

This article was first published in The Economic Times on 11 July 2025.