This article is written by Samta Sharma from Guru Gobind Singh Indraprastha University and curated by Shruti Chaudhary from Dr. Ram Manohar Lohiya National Law University, Lucknow.
In today’s digital age, there are wide range of inventions that are made for the comfort & smart solution of the population. These new inventions also include ‘Electronic Documentation’, which provides a person with much wider spectra than paper documentation. As managing paper documents is turning out to be a new problem nowadays and also in today’s pandemic-stricken time, the idea of paper work is drooping everywhere. As a result, many sectors are adopting the digital approach at a very steady pace to manage their time & reduce the use of paper to store these documents in a highly efficient and secure manner. It indeed helps in saving the economy and environmental conservation but when we talk about E-documentation, it undoubtedly includes electronic signatories too and subsequently a pertinent question arises that do these documents really contain any authenticity ?
This article will further focus on examining, how an E-documentation is valid & done under statutory framework of Indian Law.
Provisions regarding E-signature under IT Act
In India, the validity or laws of E-signature are covered under the Information Technology Act 2000, which is enhanced with hybrid concept of electronic signature which is based on UNCITRAL Model Law on Electronic Signatures 2001.
An E- signature allows a person to send his consent/approval on an electronic document by saving his time & money. The purpose of electronic signature is similar to that of traditional signature, the only difference is that the person himself does not have to be present over there. According to the IT Act, electronic signatures are legally valid in India. It also focuses on uplifting the safety & security standards of the records.
Let us understand more about the validity of E-signature in India.
Statutory requirements of E-signature
The government of India has recognized E-signature as the most assured and secured kind of signature. However under the IT Act an electronic signature would have to be reliable and specified under the second schedule of the Act. Though there are different types of signatures. However, not all of them are secure to use. Only the techniques notified in the second schedule can be used as a valid electronic signature. It covers two different types of signature recognition under IT Act.
- Electronic Signature combining Aadhaar with eKYC service:
Electronic signatures that combine Aadhar with eKYC service are the first kind of signatures accepted under Information Technology act. Only the signer who has an Aadhar could go for online e-signature service for signing documents online. The eKYC service can be anything, for eg. OTP , which is commonly used in India. A user just needs an access to mobile phone and a web application for completing the process of signature.
- Digital Signature:
Digital form of signature is the second valid type of signature accepted under IT Act. Digital signatures are created with the asymmetric cryptosystem and hash function and are declared as valid and legal under IT Act. In asymmetric cryptosystem, there are a pair of keys. These keys are unique for every user and helps them in creating an e-signature. Users could get a digital signature from a reliable Certifying Authority (CA).
The CA provides a digital certificate that covers the user’s personal information like his name, the public key and the expiry date of the certificate. In some cases the users could also get a USB token for signing a document. The USB token contains a personal PIN that will only be visible to the signer.
Also, Section 3A(2) of The Information Technology Act, 2000 determines the reliability of technique used for electronic signature.
The criteria for valid E- Signatures
The Information Technology Act introduced an important law for E-signature by making an amendment in 2008. The amendment resulted in the addition of the definition of ‘electronic signature’. Section 2(a) of the act defines ‘electronic signature’ as:
“An electronic signature is defined as the authentication of electronic records by subscribers through electronic techniques.”
Now according to the Information Technology Act, e-signature is required to satisfy certain criteria for its legitimacy.
The criteria is outlined as follows:
- There should be a unique ID linked to the E-signature of the person who is signing the document.
- There should be an Audit Trail with the E-signature of the signer, only then it will be declared as legitimate.
- The changes attached to the E-signature or document should be discernible.
- The signatory should have a complete control over the data used to generate E-signature.
- A certifying authority, who is acknowledged by Controller of Certifying Authorities (CCA) always issues a digital signature certificate.
However, there are certain documents which cannot be signed electronically. The Information Technology Act, has laid down some details about those documents that cannot be signed electronically under IT Act, 2000:
- Handwritten negotiable instruments except cheques.
- Handwritten contract for sale.
- Sale and purchase contracts (Real estate documents).
- Handwritten trust deeds documents.
- Handwritten power of attorney.
Offences associated with Electronic Signature
For every wrongdoer, there are punishments laid down under all Indian law. Similarly IT Act also covers some of the punishments for wrongdoers who create any felony related to electronic signature. Some of them are:
- Offences associated with E-signature are mainly related to identity theft (Section 66 C lays down the punishment)
- Fake electronic signature certificate.
- Misrepresentation of the material fact in order to generate any E-signature (Section 71 deals with the misrepresentation of the material fact).
- Publication of E-signature certificate which is not issued by certifying authority (Section 73).
- Creation of E-signature for some fraudulent activity. (Section 74).
The objective of a signature is to mark the authenticity of a writing or to bind it once the consent is given, which was earlier a very time-consuming process as it included shipping, faxing, scanning & filing. But after electronic signatures were legally recognized by the IT Act 2000, it has undoubtedly made signings an easy task for everyone and has finally fulfilled the current need of digital inventions like electronic signature.
Based on the above discussion, it clearly mentions the rules to get an easy and guarded access to the process of E-signature. Section 3A(2) & similar other sections have certainly handled the art of protecting the information.
And finally the discussion focused on an outlined process of offences which will indeed help in decreasing the cybercrime cases and spread the awareness towards the cyber-terrorists about the consequences of attempting any unlawful or illegitimate activity. Since E-signatures have been accepted and declared by the government of India as the most secure & legal process, it is now becoming a more reliable automated process for the population of India.