eSignature Legality
in India
In India, an electronic signature consists of different methods of attaching identity to a document; they use electronic process and can be as simple as a picture of a hand-written signature or could be as complex as a digital signature certificate generated using public key interface (PKI). Depending on the specific use case, different types maybe used- each offering different level of authentication of the identity attached. Moreover, the Government of India has promoted the use of digital technologies by Indian citizens and corporations. Electronic and certificate based digital signatures are regulated by the Information Technology Act, 2000 (IT Act) and the following rules made under this Act:
- Information Technology (Certifying Authorities) Rules, 2000
- Digital Signature (End Entity) Rules, 2015
- Information Technology (Use of Electronic Records and Digital signatures) Rules, 2004 and
- Electronic Authentication Technique and Procedures Rules, 2015
The IT Act of 2000, according to its preamble, is a law that establishes legal recognition for transactions involving electronic data interchange and other forms of electronic communication, generally referred to as “electronic commerce,” and that involve the use of non-paper-based methods of communication and information storage. As a result, an electronic signature is used to verify an electronic record.
An electronic signature can be in any form, such as- a text, sound, any pattern, password or a symbol. For e.g., various methods used to unlock our mobile system are all types of electronic signatures.
Electronic signatures have been recognized under the IT Act for over 21 years now and it provides for various benefits such as ease of doing business, streamlining the storage records, improving the safety, security, and cost effectiveness of records. As per the Indian law, a valid electronic signature must include an electronic authentication technique or procedure as specified under the Second Schedule of IT Act. Further, the second schedule currently prescribes the following e-KYC authentication techniques and procedures:
- Aadhaar e-KYC
- Other e-KYC services (e.g., e-KYC using PAN)
- Through trusted third parties
Requisite reliability conditions for validity:
In India, compared to other “non-recognized” electronic signatures, reliable electronic and digital signatures have a presumption of validity. For an e-sign to be considered reliable and presumptively valid under the IT Act the following reliability conditions should be satisfied:
- E-signature must be uniquely linked to the signatory signing the document
- At the time of signing, the signatory must have control over the data used to generate the e-signature which is affixed to the document
- Any alterations to the affixed signature or to the document to which the signature is affixed must be detectable or should be encrypted with a tamper-evident seal
- There should be audit trails of the steps taken during the signing process
- Signer certificate must be issued by a Certifying Authority (“CA”), recognized by the Controller of Certifying Authority (“CCA”) who is appointed in accordance with the IT Act
There is a presumption in favor of the validity of any document signed with an electronic signature if each of the above-mentioned reliability conditions is met.
Validity of other forms of electronic signatures:
As per Section 10A of the IT Act, contracts that are otherwise valid will not be rendered invalid merely because they were executed or made in electronic form. Therefore, documents signed using electronic means other than those prescribed under the It Act are not invalid.
Therefore, in case of dispute concerning validity of an electronic contract, the onus of proving fulfilment of essentials of a valid contract and execution of contract using a technology that followed Reliability Conditions lies on the party claiming the validity.
In the afore-mentioned situation, the following industry best practices should be implemented to help satisfy the requirements of the IT Act:
- Include a mechanism for verifying the identity of the party who signed the document (for example, by sending a verification request to a unique email address or sending an OTP to the signing party’s mobile phone).
- Obtain the signing party’s consent to do business electronically.
- Be able to demonstrate clearly that the signing party intended to sign the document electronically by the method used.
- Track the process securely and keep an audit trail that logs each step.
- Secure the final document with a tamper-evident seal.
Government use of e-signatures:
Electronic records validated with digital signatures are accepted by government agencies such as the Ministry of Corporate Affairs, the Department of Revenue, and the Ministry of Finance. Digital signatures are the preferred way of execution for income tax and GST (goods and services tax) e-filings with the Ministry of Corporate Affairs.
The Reserve Bank of India (RBI) has given small financing banks and payment banks permission to use electronic authentication to authenticate the terms and conditions of their banking relationships. The RBI also permitted all regulated firms to use a one-time password (OTP) based e-KYC process for onboarding customers, subject to certain circumstances.
Where electronic signatures cannot be used:
To be legally enforceable, the following documents cannot be signed electronically and must be signed using traditional “wet” signatures:
- Negotiable instruments such as a promissory note or a bill of exchange other than a cheque
- Powers of attorney
- Trust deeds
- Wills and any other testamentary disposition
- Real estate contracts such as leases or sale agreements
Other considerations when signing electronically: Requirement to stamp
Certain documents in India must be stamped before to or at the time of execution. In India, there is currently no law that stipulates a procedure for stamping electronic documents.
Some governments, such as Maharashtra, Karnataka, and Delhi, have made it mandatory to stamp electronic records.
Before signing and executing a document electronically, companies should always confirm with their internal legal department to see if it needs to be stamped. If a document is signed and executed electronically but also needs to be stamped, the business should print and stamp a physical copy of the document.
In some cases, financial penalties may be imposed if a document is not correctly stamped.
Conclusion:
The Digital India plan of the Indian government focuses on digital infrastructure and aspires to make India a paperless economy. The government’s aim to develop a digital economy has resulted in widespread acceptance of electronic records and electronically signed documents by government bodies over the last few years.
Only electronic and digital signatures recognized by the IT Act should be used by organizations employing e-signatures to prevent any concerns, such as admissibility and enforceability of documents or contracts signed electronically, before the authorities.
DISCLAIMER
Certinal is making available the information and materials in this article for informational purposes only and is meant to help companies understand eSignature’s application in a legal framework. Laws change rapidly and Certinal makes every reasonable effort to keep the content of this article current, hence Certinal makes no claims or representations that the information contained in this article is true, accurate, correct, or current. The law is different from jurisdiction to jurisdiction, and even similar laws may be interpreted differently in different courts or in different places. Since these factors differ according to individuals and businesses, Certinal is not liable for any consequence of any action taken by any third party relying on material/ information provided under this article. The contents hereof should not be construed as legal advice in any manner whatsoever. In cases you require any assistance; you must seek independent legal advice.