Digital Signature Compliance Under It Act
Digital Signature Compliance under the Information Technology Act, 2000
1. Legal Recognition of Digital Signatures
The IT Act gives legal validity to:
Electronic records
Digital signatures / electronic signatures
A valid digital signature = same legal effect as handwritten signature.
2. What is a Digital Signature?
A digital signature uses:
Asymmetric cryptosystem
Private key (signing)
Public key (verification)
Digital Signature Certificate (DSC)
It ensures:
✔ Authentication
✔ Integrity
✔ Non-repudiation
3. Legal Provisions Governing Digital Signatures
| Provision | Purpose |
|---|---|
| Section 3 | Authentication of electronic records |
| Section 3A | Electronic signatures |
| Section 5 | Legal recognition |
| Section 15 | Secure electronic records |
| Section 16 | Secure digital signatures |
| Controller of Certifying Authorities (CCA) | Supervises CAs |
4. Compliance Requirements for Companies
A. Use of Licensed Certifying Authority
Digital signatures must be issued by a licensed CA.
B. Secure Key Management
Company must ensure:
Private keys not compromised
Controlled access
Secure storage
C. Use in Statutory Filings
Mandatory in:
MCA filings
Income tax filings
GST returns
SEBI disclosures
D. Record Integrity
Electronic records must be maintained without alteration.
E. Revocation & Expiry Management
DSC must be revoked if compromised
Expired signatures invalid
F. Employee Use Controls
Where employees sign on behalf of company:
Authorization records
Role-based access
5. Legal Effect of Digital Signatures
A properly affixed digital signature:
Binds the company
Creates enforceable contracts
Valid for evidence in court
6. Risks of Non-Compliance
| Violation | Consequence |
|---|---|
| Forged digital signature | Criminal liability |
| Compromised key | Invalid transactions |
| Unauthorised use | Corporate liability |
| Failure to secure system | IT Act penalties |
7. Key Case Laws on Digital Signatures & Electronic Records
Case 1: Anvar P.V. v. P.K. Basheer (2014)
Held: Electronic records must meet statutory standards.
Principle: Authenticity of digital evidence critical.
Case 2: Arjun Panditrao Khotkar v. Kailash Kushanrao (2020)
Principle: Electronic evidence integrity requirements reaffirmed.
Case 3: Trimex International FZE v. Vedanta Aluminium (2010)
Held: Contracts formed electronically are valid.
Principle: E-communications can create binding contracts.
Case 4: Shafhi Mohammad v. State of Himachal Pradesh
Principle: Admissibility of electronic records requires procedural safeguards.
Case 5: State of Maharashtra v. Dr. Praful B. Desai
Principle: Technology-enabled processes legally valid.
Case 6: Gujarat Urja Vikas Nigam v. Essar Power
Principle: Electronic communications in corporate transactions enforceable.
Case 7: Global Reference — Adobe E-Signature Litigation Trends
Principle: Digital authentication creates enforceable obligations.
8. Corporate Digital Signature Governance Policy Should Include
| Area | Policy Element |
|---|---|
| DSC issuance | Authorized personnel only |
| Key storage | Secure hardware/token |
| Revocation process | Immediate action |
| Logging | Signature activity logs |
| Audit | Periodic compliance review |
9. Legal Principles
| Principle | Meaning |
|---|---|
| Functional equivalence | Digital = physical signature |
| Authentication | Identity verification |
| Integrity | Record must remain unchanged |
| Non-repudiation | Signer cannot deny |
| Accountability | Company liable for use |
Conclusion
Digital signatures are:
Legal identity tools + contract authentication mechanism + compliance requirement
Poor governance over digital signatures can invalidate transactions and create civil + criminal exposure.
RELATED Blog
comments