In the United States, the legal framework for nonprofits begins at the state level with incorporation. Nonprofits are typically formed as corporations under state law, which requires filing articles of incorporation, adopting bylaws, and appointing a board of directors. The Internal Revenue Service (IRS) then grants federal tax-exempt status under Section 501(c)(3) of the Internal Revenue Code, provided the organization operates exclusively for charitable, religious, educational, scientific, literary, or other specified purposes. This two-step process—state incorporation followed by federal exemption determination—creates a dual compliance burden that every founder must navigate from day one.

501(c)(3) status is the gold standard because it allows donors to deduct contributions and the organization to be exempt from federal income tax. However, this designation comes with strict rules: no part of the organization’s net earnings may inure to any private individual, and it must not engage in substantial lobbying or any political campaign activity. The IRS holds 501(c)(3) organizations to high standards of public disclosure and operational purity. The application process itself—Form 1023 or 1023-EZ—requires detailed disclosure of projected finances, governance structures, and planned activities. Many applicants underestimate the depth of scrutiny these forms receive, leading to delays or denials.

Beyond the 501(c)(3) category, nonprofits can also operate under other sections such as 501(c)(4) (social welfare organizations), 501(c)(6) (business leagues), or 501(c)(7) (social clubs). Each carries different tax implications and donor deductibility rules. Understanding which exemption applies is critical for strategic planning and compliance. For example, a community advocacy group may find 501(c)(4) status more suitable if lobbying is central to its mission, even though donations will not be tax-deductible for supporters. Conversely, a foundation seeking maximum donor appeal will almost always pursue 501(c)(3) designation. The choice of exemption category is a foundational strategic decision with long-term consequences for fundraising, operations, and regulatory obligations.

State-Level Incorporation and Governance

Every state has its own nonprofit corporation act. Typical requirements include a minimum number of directors, conflict-of-interest policies, and annual reporting to the state’s secretary of state or attorney general. Some states, like California and New York, impose additional governance mandates, such as audit requirements for organizations above certain revenue thresholds. California, for instance, requires nonprofits with gross revenue exceeding $2 million to file audited financial statements with the Attorney General’s Registry of Charitable Trusts. New York mandates that nonprofits with annual revenue above $500,000 undergo an independent CPA audit. These thresholds create significant cost burdens that must be factored into organizational budgets.

Nonprofits must also file for charitable registration in any state where they solicit donations. This is a patchwork of requirements—over 40 states have separate registration processes, many with annual renewal and reporting obligations. Failing to register can lead to fines, suspension of fundraising activities, or even revocation of tax-exempt status. The Unified Registration Statement (URS) provides a streamlined option for some states, but not all participate. Organizations conducting multistate fundraising campaigns often need dedicated compliance staff or outside counsel to manage the administrative load. The rise of online giving has only intensified this challenge, as a single social media campaign can trigger registration requirements in dozens of states simultaneously.

Federal Regulations and Compliance

The federal government, primarily through the IRS, enforces disclosure and operational standards. The cornerstone of federal compliance is the annual information return, Form 990 (or 990-EZ, 990-N for smaller organizations). This public document details the nonprofit’s revenue, expenses, programs, executive compensation, governance policies, and related-party transactions. Form 990 is more than a tax return—it is a transparency tool used by donors, regulators, and watchdogs. The IRS scrutinizes Form 990 for red flags such as excessive compensation, insider benefits, or insufficient program spending. Nonprofits that fail to file for three consecutive years automatically lose their tax-exempt status.

Form 990 requires organizations to report on their mission, program accomplishments, and even changes in governance practices. The form includes a core section plus multiple schedules—Schedule A for public charity status, Schedule B for donor information, Schedule C for political and lobbying activities, Schedule L for transactions with interested persons, and Schedule R for related organizations, among others. Each schedule demands detailed, accurate disclosure. Errors or omissions can trigger audits, fines, or public embarrassment. Organizations should treat Form 990 preparation as a year-round process rather than a last-minute filing exercise. Engaging experienced tax professionals who specialize in nonprofit law is one of the highest-value investments a nonprofit can make.

Unrelated Business Income Tax (UBIT)

A common pitfall is the Unrelated Business Income Tax (UBIT). Even tax-exempt organizations must pay income tax on revenue generated from activities that are not substantially related to their exempt purpose. For example, a museum that runs a gift shop selling unrelated merchandise may owe UBIT. Understanding what constitutes unrelated business income is vital to avoid unexpected tax liabilities and potential loss of exemption. The IRS defines unrelated trade or business as any activity that is regularly carried on and not substantially related to the organization’s exempt purpose, except for the purpose of generating income.

Common UBIT triggers include selling advertising in newsletters or magazines, operating a commercial parking lot, providing consulting services to for-profit entities, or renting out excess office space to commercial tenants. Even activities that seem mission-adjacent can trigger UBIT if they are conducted in a commercial manner. Organizations should conduct a regular review of all income streams and consult with tax advisors to determine whether any revenues fall into the UBIT category. Note that some forms of passive income—such as dividends, interest, royalties, and certain rental income—are generally excluded from UBIT, but exceptions and nuances abound. Proper documentation and segregation of activities can help organizations minimize UBIT exposure while still diversifying revenue sources.

Lobbying and Political Activity Restrictions

501(c)(3) organizations face strict limits on lobbying. Lobbying must be an “insubstantial” part of their activities. Many organizations elect the 501(h) expenditure test, which provides clearer dollar-based limits and reduces risk. Under the 501(h) election, a nonprofit can spend a specific percentage of its total exempt-purpose expenditures on direct lobbying and grassroots lobbying, with caps that vary based on the organization’s budget size. This election offers predictability and protection that the vague “insubstantial part” standard does not provide. In contrast, 501(c)(4) organizations can engage in unlimited lobbying as long as it relates to their mission, but they cannot have political campaign intervention as their primary activity.

Political campaign activity—endorsing or opposing candidates—is absolutely prohibited for 501(c)(3) organizations. This includes not only direct contributions but also issue advocacy that is thinly veiled campaign messaging. Violations can result in revocation or significant excise taxes. Even seemingly neutral activities, such as hosting candidate forums or distributing voter guides, must be carefully structured to avoid the appearance of endorsement. The IRS and the Federal Election Commission (FEC) both have jurisdiction over different aspects of political activity by tax-exempt organizations, creating a complex regulatory environment that requires expert navigation. Organizations engaged in any form of advocacy should adopt written policies governing lobbying and political activity, train staff and board members on those policies, and maintain detailed records of all advocacy expenditures.

State and Local Regulations

State oversight typically focuses on three areas: charitable solicitation, corporate governance, and property tax exemption. Charitable solicitation registration is required in most states before an organization can ask for donations from residents. This often involves submitting copies of Form 990, financial statements, and a registration fee. Some states have reciprocity agreements, but many do not. The cost and administrative burden of multistate registration can be substantial—filing fees alone can total thousands of dollars annually for organizations operating in many states. Several commercial services now offer software platforms to manage these filings, tracking deadlines, renewals, and state-specific requirements across jurisdictions.

State Attorney General offices have enforcement authority over nonprofits, particularly regarding misuse of charitable assets, self-dealing, and failure to meet donor intent. They can bring civil actions to remove directors, impose penalties, or dissolve an organization. In recent years, state attorneys general have become increasingly active in policing nonprofit governance, focusing on issues such as excessive executive compensation, diversion of charitable assets, and misleading fundraising practices. Organizations should maintain open lines of communication with state regulators, respond promptly to inquiries, and proactively address any compliance gaps before they escalate into enforcement actions.

Property Tax Exemptions

Many nonprofits assume they are automatically exempt from property tax, but this is handled at the local level. Qualifying as a charitable organization for property tax purposes often requires a direct property use for exempt purposes—for example, a homeless shelter housing clients, not a rented office space. Nonprofits should verify exemptions with the county assessor and be prepared for periodic reviews. Some jurisdictions require annual reapplication or documentation of continued exempt use. Property tax exemption laws vary widely by state and even by county within states. For large organizations with multiple facilities, property tax exemptions can represent significant financial savings, but they require diligent tracking and documentation. Organizations that lease property to other nonprofits or commercial tenants may jeopardize their property tax exemption for the leased portion of the building.

Fundraising and Special Event Regulations

Fundraising events, raffles, and other activities often trigger state-specific rules. Raffles may require a separate gaming license, and online fundraising must comply with both state solicitation laws and federal rules regarding donor disclosure. The rise of peer-to-peer fundraising and social media campaigns has complicated compliance, as nonprofits may need to register in every state where a fundraiser resides or where donations originate. Many states have adopted the “Charleston Principles,” which provide guidance on when an online fundraiser triggers registration obligations, but adoption and interpretation vary. Organizations using social media fundraising tools should work with legal counsel to assess registration exposure and implement systems to capture donor location data for compliance purposes.

Commercial co-venture arrangements—where a for-profit business promises to donate a portion of its sales to a nonprofit—are regulated in many states. These arrangements typically require written contracts, disclosure statements, and registration filings. Failure to comply can result in fines and damage to the nonprofit’s reputation. Similarly, cause marketing campaigns on platforms like GoFundMe, Facebook Fundraisers, or Amazon Smile each have their own compliance considerations. Organizations should conduct due diligence on any third-party fundraising platform and ensure that all contractual arrangements clearly define roles, responsibilities, and legal obligations.

Key Challenges and Considerations

The regulatory burden is substantial, especially for smaller nonprofits with limited staff. Compliance costs can consume resources that could otherwise go to programs. Key challenges include:

  • Keeping up with regulatory changes – Laws evolve. The Tax Cuts and Jobs Act of 2017 altered charitable deduction rules, impacting donor behavior. The CARES Act temporarily expanded deductions. Nonprofits must monitor federal and state legislative developments. Recent regulatory shifts include the SECURE Act’s changes to retirement account charitable distributions and state-level variations in charitable deduction cap treatment. Organizations should designate a compliance officer or retain outside counsel to track relevant legal developments and communicate changes to leadership.
  • Digital fundraising compliance – Online donation platforms, crowdfunding, and cryptocurrency acceptance raise new questions about registration, reporting, and valuation. The IRS issued guidance on cryptocurrency donations, but states have been slower to adapt. Nonprofits accepting cryptocurrency must determine the value of donations at the time of receipt, issue proper donor receipts, and consider whether to hold or liquidate digital assets. The volatility of cryptocurrency creates unique accounting and compliance challenges that traditional donation processing does not present.
  • Donor privacy versus transparency – While nonprofits must disclose some donor information to the IRS, public disclosure is limited. However, advocacy groups and journalists increasingly push for transparency, especially regarding dark money. Balancing donor privacy with public accountability remains contentious. Recent court cases have addressed the constitutionality of donor disclosure requirements, with some rulings limiting states’ ability to compel disclosure. Organizations should stay informed about evolving case law and consider adopting transparent donor policies that exceed minimum legal requirements as a matter of public trust.
  • Board governance and fiduciary duties – Boards of directors have a legal duty of care, loyalty, and obedience. Inadequate oversight can lead to personal liability for directors. State laws define these duties, and the IRS expects robust conflict-of-interest policies and independent board oversight. Recent high-profile cases of nonprofit governance failures have led to increased scrutiny from regulators and the public. Boards should conduct regular self-assessments, maintain board meeting minutes that reflect genuine deliberation, and ensure that independent directors constitute a majority of board membership. Director and officer (D&O) insurance is an important risk management tool that every nonprofit should consider.
  • International activities – Nonprofits operating abroad face additional regulations, including anti-terrorism compliance, foreign bank account reporting (FBAR), and compliance with local laws. The IRS Form 990 asks about foreign grants and activities, and the Office of Foreign Assets Control (OFAC) restricts dealings with sanctioned countries. Organizations providing disaster relief, development assistance, or educational programs overseas must conduct due diligence on foreign partners, monitor fund usage, and ensure compliance with both U.S. sanctions and the laws of host countries. The Foreign Corrupt Practices Act (FCPA) also applies to nonprofits operating internationally, prohibiting payments to foreign officials for the purpose of obtaining or retaining business.
  • Cybersecurity and data privacy – Nonprofits collect and store sensitive donor information, employee records, and client data. Data breaches can result in legal liability, regulatory fines, and reputational damage that erodes donor trust. State data breach notification laws, the Health Insurance Portability and Accountability Act (HIPAA) for health-related nonprofits, and the evolving landscape of state privacy laws all impose compliance obligations. Organizations should implement robust cybersecurity policies, conduct regular security assessments, and carry cyber liability insurance appropriate to their risk profile.

Strategies for Managing Regulatory Risk

Forward-looking nonprofits adopt proactive compliance strategies. These include:

  • Engaging qualified legal and accounting professionals who specialize in nonprofit law rather than relying on general practitioners.
  • Implementing an annual compliance calendar to track filing deadlines for Form 990, state charitable registrations, and state corporate reports.
  • Adopting clear written policies for conflicts of interest, whistleblowers, records retention, and expense reimbursement.
  • Using software tools for multi-state charitable registration management.
  • Regularly training staff and board members on legal obligations and ethical standards.
  • Conducting annual risk assessments that identify potential compliance vulnerabilities and prioritize remediation efforts based on severity and likelihood.
  • Establishing a compliance committee of the board or designating a compliance officer with responsibility for overseeing the organization’s regulatory obligations.

Best Practices for Navigating the Regulatory Landscape

Regulatory compliance is not a one-time event—it is an ongoing commitment. The following best practices help nonprofits maintain good standing and avoid common pitfalls:

Stay Informed Through Official Sources

Bookmark the IRS Charities and Nonprofits page for updates. Subscribe to state attorney general newsletters. Join networks like the National Council of Nonprofits, which provides state-by-state resources. Follow the Urban Institute’s Center on Nonprofits and Philanthropy for research and analysis on regulatory trends affecting the sector. Many state nonprofit associations offer compliance webinars, legal updates, and networking opportunities that help leaders stay ahead of regulatory changes.

Maintain Accurate and Detailed Records

Document all financial transactions, board meeting minutes, and grant agreements. Good recordkeeping simplifies Form 990 preparation and serves as evidence of compliance during audits. The IRS can audit nonprofits at any time, and reports must often be retained for at least three years (seven for employment tax records). Implementing a document retention policy that specifies how long different categories of records must be kept—and ensuring the policy is actually followed—is a best practice that protects organizations during audits and litigation. Cloud-based document management systems with access controls and audit trails can enhance recordkeeping while also improving operational efficiency.

Conduct Regular Internal Audits

Periodic self-assessments can identify compliance gaps. For example, review whether fundraising activities are registered in all required states, whether board members have signed conflict-of-interest disclosures, and whether lobbying expenditures stay within legal limits. An annual compliance checkup can prevent costly violations. Internal audits should also examine financial controls, grant compliance, and data privacy practices. Organizations that lack the internal capacity to conduct thorough audits should consider engaging external consultants or pro bono professionals from the legal and accounting communities. Many local bar associations and accounting societies offer pro bono referral programs specifically for nonprofits.

Engage With Professional Associations

Organizations such as the Association of Fundraising Professionals and the National Association of State Charity Officials offer guidance and best practice standards. Many state nonprofit associations provide compliance webinars and legal updates. The Independent Sector publishes advocacy resources and ethical standards that help organizations align their practices with sector-wide expectations. Membership in these organizations also provides access to peer networks where nonprofit leaders can share practical compliance strategies and lessons learned from regulatory experiences.

Conclusion

The regulatory environment for nonprofit organizations is intricate and ever-changing. From federal tax exemption rules to state charitable solicitation laws and local property tax considerations, compliance demands vigilance and expertise. Yet these regulations serve an essential purpose: they uphold the public trust that enables nonprofits to thrive. By understanding the legal foundations, federal and state requirements, key challenges, and best practices, nonprofit leaders can build sustainable organizations that advance their missions without falling into regulatory traps. Investing in compliance is not just a legal necessity—it is a strategic imperative that protects the organization’s reputation, resources, and ability to serve the communities that depend on it. Every nonprofit, regardless of size, should prioritize understanding the regulatory environment and seek professional guidance when needed. The payoff is not just survival, but long-term effectiveness and donor confidence.

Nonprofit leaders who take compliance seriously position their organizations for sustainable growth, stronger relationships with funders, and greater impact in their communities. The regulatory landscape will continue to evolve—driven by technological change, shifting political winds, and emerging societal needs—but the fundamentals of good governance, transparency, and accountability remain constant. By building a culture of compliance from the ground up, nonprofits can focus their energy on what matters most: fulfilling their mission and making a meaningful difference in the world.