Digital signature
Digital signatures were given legal status in India, by Information Technology (IT ACT 2000) in the year 2000. It granted e-signatures on electronic documents, the same legal status as the handwritten signatures on physical documents. The IT Act 2000 applies to whole of India and it provides for enabling a person to use digital signature just like the traditional signature. The basic purpose of digital signature is same as a conventional signature, ie to authenticate the document, to identify the person and to make the contents of the document binding on person putting digital signature. Under Indian law, a written signature is not necessarily required for a valid contract - contracts are generally valid if legally competent parties reach an agreement, whether they agree verbally, electronically or in a physical paper document. The Information Technology Act, 2000 (IT Act) specifically confirms that contracts cannot be denied enforceability merely because they are concluded electronically.
Though most electronic documents are allowed to be signed digitally, there are few exceptions that need to be executed using handwritten signatures. These documents are:
- a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881 (such as promissory note or bill of exchange);
- a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
- a trust deed as defined in section 3 of the Indian Trusts Act, 1882;
- a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called;
- a contract for the sale or conveyance of immovable property or any interest in such property
- Digital signature” is defined under section 2(p) of IT Act 2000 as follows: "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;
Section 3 explains the digital signature technology as:
- Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature.
- The authentication of the electronic record shall be effected by the use of asymmetric crypto system (use of private and public keys) and hash function which envelop and transform the initial electronic record into another electronic record
- The private key and the public key are unique to the subscriber and constitute a functioning key pair.
Digital signing is enabled using Digital Signature Certificates (DSC) that contains unique private and public key pair that serves as an identity of an individual / signer. As per the Act, DSC is issued by the authorities known as CA (Certifying Authorities) after following a prescribed procedure. Signing using digital signature certificates (DSC) issued by CA is considered legal.
There are three types of digital signatures based on security levels: Class-1, Class-2 and Class-3 certificates. Class 1 certificates do not carry legal recognition since its validation is done on the basis of a valid e-mail and is not based on direct verification. In case of Class-2 certificates the identity of the person is verified against a trusted pre-verified database. Class-3 is the highest level where a person is required to be present in front of a RA(Registration Authority) to prove his/her identity. Typically Class 2 certificate is required for signing most of the documents. DSC is typically issued on a USB token containing the digital-certificate-based digital ID, along with a personal PIN, to sign a document.
Businesses in India have been using DSC based digital signatures to sign documents like invoices, form 16’s, PO’s, HR letters, reports, agreements and other documents. More use cases for digital signatures: https://www.ezzus.com/services/class-2-digital-signature
Other type of digital signatures recently allowed in India is the Aadhaar based signing. Aadhaar ID is a unique identification number issued by the Indian government to all Indian residents. In this method, signers can apply e-signatures to any online document by authenticating their identity using an eKYC service such as OTP (one time passcode) provided by an eSign Service Provider.