Everything you need to know about e-signature laws in India

Digitization has transformed India’s business landscape. Today, SMBs across many verticals leverage digital solutions to make critical business processes – including sales and marketing – more efficient.

According to a report published by KPMG and Google, digital SMBs in India grow their profits twice as fast as offline companies. E-signatures represent one of the biggest opportunities to accelerate this shift towards digitization.

Contrary to popular belief, e-signatures have been legally valid in India for over 18 years now: the Information Technology Act (IT Act), passed in 2000, granted e-signatures the same legal status as handwritten signatures.

With SMBs being encouraged to adopt the latest digital technologies including digital signatures in India as part of the Digital India initiative, there has been a recent increase in e-signature adoption. However, even today, many businesses do not have a clear understanding of electronic signature laws in India.

This blog will help you better understand what it takes for e-signatures to be legally binding in India.

What types of e-signatures are recognized under the IT Act?

The IT Act recognizes two types of signatures:

(1) E-signatures that combine an Aadhaar with an eKYC service

Users with an Aadhaar ID, the unique identification number issued by the Indian government to all Indian residents, are free to use an online e-signature service to securely sign documents online. In this case, the online e-signature service integrates with an Application Service Provider (ASP) to provide users with a mobile or web app interface that they can interact with.

The users then use this app interface to apply e-signatures to any online document by authenticating their identity using an eKYC service such as OTP (one time passcode) provided by an e-sign service provider. The online e-signature service works with an accredited service provider to provide certificates and authentication services that comply with government guidelines.

(2) Digital signatures that are generated by an asymmetric crypto-system and hash function

An ‘asymmetric crypto system’ refers to a secure pair of keys: a private key and a public key. Both are unique to each user, and can be leveraged to verify and create an e-signature.

In this scenario, users obtain a digital signature from a reputed Certifying Authority (CA) in the form of a digital certificate. These certificates typically include the user’s name, public key, the expiration date of the certificate, and other necessary information about the user. Operating systems and browsers typically maintain a list of trusted CA root certificates that are used to verify digital certificates issued by a CA.

The user might also be issued a USB token containing the digital-certificate-based ID, along with a personal PIN, to sign a document.

Which factors make e-signatures valid in India?

Here are the 5 criteria that e-signatures must satisfy in order to be valid, as per the IT Act:

(1) E-signatures must be uniquely linked to the person signing the document. This condition is often met by issuing a digital-certificate-based digital ID.

(2) At the time of signing, the signer must have total control over the data used to generate the e-signature. Most online e-signature service providers allow signers to directly affix their e-signature to the document in order to meet this requirement.

(3) Any alteration to the affixed e-signature or the document to which the signature is affixed must be detectable. This can be done by encrypting the document with a tamper-evident seal.

(4) There should be an audit trail that details steps taken during the signing process.

(5) The digital signature certificate must be issued by a Certifying Authority (CA) recognized by the Controller of Certifying Authorities (CCA) appointed under the IT Act.

Can document of all kinds be executed using e-signatures?

No. Certain documents that require a notarial process, or documents must be registered with a Registrar or Sub-Registrar, can only be executed using handwritten signatures to be legally enforceable. These include:

(1) Negotiable instruments such as a promissory note or a bill of exchange other than a cheque

(2) Powers of attorney

(3) Trust deeds

(4) Wills and any other testamentary disposition

(5) Real estate contracts such as leases or sales agreements

Your search for India’s simplest e-signature solution ends here

If you are looking to adopt an e-signature solution to quickly sign contracts, invoices, quotes, or other crucial documents in a legally-compliant manner, try Aadhaar e-sign by Signeasy.

What makes it the simplest e-signature solution? Aadhaar e-sign does away with the complicated process required to obtain a USB token with a digital-certificate-based digital ID. Instead, it allows you to create a digital signature on the fly using your Aadhaar ID.

It also offers a complete fill-and-sign functionality that couples well with business workflows, allowing users to complete their documents in one shot.

Sign up for a free trial of Aadhaar eSign to run a productive, paper-free business.

Recommended Reads