Everything you need to know about e-signature laws in India

Digitization has transformed India’s business landscape. Today, SMBs across many verticals leverage digital solutions to make critical business processes – including sales and marketing – more efficient.

According to a report published by KPMG and Google, digital SMBs in India grow their profits twice as fast as offline companies. E-signatures represent one of the biggest opportunities to accelerate this shift towards digitization.

Contrary to popular belief, e-signatures have been legally valid in India for over 18 years now: the Information Technology Act (IT Act), passed in 2000, granted e-signatures the same legal status as handwritten signatures.

With SMBs being encouraged to adopt the latest digital technologies including digital signatures in India as part of the Digital India initiative, there has been a recent increase in e-signature adoption. However, even today, many businesses do not have a clear understanding of electronic signature laws in India.

This blog will help you better understand what it takes for e-signatures to be legally binding in India.

What types of e-signatures are recognized under the IT Act?

The IT Act recognizes two types of signatures:

(1) E-signatures that combine an Aadhaar with an eKYC service

Users with an Aadhaar ID, the unique identification number issued by the Indian government to all Indian residents, are free to use an online e-signature service to securely sign documents online. In this case, the online e-signature service integrates with an Application Service Provider (ASP) to provide users with a mobile or web app interface that they can interact with.

The users then use this app interface to apply e-signatures to any online document by authenticating their identity using an eKYC service such as OTP (one time passcode) provided by an e-sign service provider. The online e-signature service works with an accredited service provider to provide certificates and authentication services that comply with government guidelines.

(2) Digital signatures that are generated by an asymmetric crypto-system and hash function

An ‘asymmetric crypto system’ refers to a secure pair of keys: a private key and a public key. Both are unique to each user, and can be leveraged to verify and create an e-signature.

In this scenario, users obtain a digital signature from a reputed Certifying Authority (CA) in the form of a digital certificate. These certificates typically include the user’s name, public key, the expiration date of the certificate, and other necessary information about the user. Operating systems and browsers typically maintain a list of trusted CA root certificates that are used to verify digital certificates issued by a CA.

The user might also be issued a USB token containing the digital-certificate-based ID, along with a personal PIN, to sign a document.

Which factors make e-signatures valid in India?

Here are the 5 criteria that e-signatures must satisfy in order to be valid, as per the IT Act:

(1) E-signatures must be uniquely linked to the person signing the document. This condition is often met by issuing a digital-certificate-based digital ID.

(2) At the time of signing, the signer must have total control over the data used to generate the e-signature. Most online e-signature service providers allow signers to directly affix their e-signature to the document in order to meet this requirement.

(3) Any alteration to the affixed e-signature or the document to which the signature is affixed must be detectable. This can be done by encrypting the document with a tamper-evident seal.

(4) There should be an audit trail that details steps taken during the signing process.

(5) The digital signature certificate must be issued by a Certifying Authority (CA) recognized by the Controller of Certifying Authorities (CCA) appointed under the IT Act.

Can document of all kinds be executed using e-signatures?

No. Certain documents that require a notarial process, or documents must be registered with a Registrar or Sub-Registrar, can only be executed using handwritten signatures to be legally enforceable. These include:

(1) Negotiable instruments such as a promissory note or a bill of exchange other than a cheque

(2) Powers of attorney

(3) Trust deeds

(4) Wills and any other testamentary disposition

(5) Real estate contracts such as leases or sales agreements

Key Legislation and Regulations

Information Technology Act, 2000: The Information Technology Act, 2000, is a crucial legislation that provides the legal framework for electronic transactions, including the use of electronic signatures, digital certificates, and data protection.

Indian Evidence Act, 1872: The Indian Evidence Act, 1872, establishes the rules for the admissibility of evidence in Indian courts. It recognizes electronic signatures and electronic records as evidence, subject to certain conditions.

The Information Technology (Certifying Authorities) Regulations, 2001: These regulations outline the requirements and procedures for the operation of certifying authorities, which issue digital certificates used in digital signatures.

The Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016: These rules pertain to intermediaries offering digital locker facilities and specify the obligations for preserving and retaining electronic documents.

Requirements for Valid Electronic Signatures

Consent and Intention to Sign: For an electronic signature to be valid, it is essential to obtain the consent and intention of the signatory. The signatory should understand and agree to the content of the document being signed electronically.

Verification and Authentication Mechanisms: Valid electronic signatures require verification and authentication mechanisms to ensure the integrity and authenticity of the signed document. This may involve using secure cryptographic methods, such as public-key infrastructure (PKI), to verify the identity of the signatory and protect against tampering.

Compliance with Technical Standards and Security Measures: Electronic signatures should comply with technical standards and security measures to ensure their reliability and effectiveness. Compliance with encryption standards, secure storage and transmission protocols, and adherence to industry best practices is essential to maintain the security and integrity of electronic signatures.

Compliance and Best Practices

Recordkeeping and Retention of Electronically Signed Documents: It is essential to maintain proper records and retain electronically signed documents in compliance with legal and regulatory requirements. Establishing robust document retention policies and securely storing electronic records helps ensure their accessibility and integrity for future reference.

Audit Trails and Tamper-Evident Technology: Implementing audit trails and tamper-evident technology provides an additional layer of security and accountability for electronically signed documents. These measures help track any changes or unauthorized alterations made to the signed documents.

Data Protection and Privacy Considerations: When using electronic signatures, it is crucial to consider data protection and privacy laws. Safeguarding personal information and complying with applicable data protection regulations, such as the Personal Data Protection Bill, helps protect the privacy rights of individuals.

Compliance with the Personal Data Protection Bill (Expected to Become Law): It is important to stay updated with the evolving data protection laws in India, such as the Personal Data Protection Bill. Compliance with these laws ensures the lawful handling and processing of personal data associated with electronic signatures.

Challenges and Limitations of E-Signatures in India

Lack of Awareness and Adoption: One of the challenges is the limited awareness and adoption of electronic signatures, particularly among certain segments of the population and industries. Education and awareness initiatives are crucial to promote the benefits and legitimacy of electronic signatures.

Risks and Security Concerns: Risks associated with the security and integrity of electronic signatures, such as unauthorized access, data breaches, or forged signatures, pose challenges to their widespread adoption. Implementing robust security measures and encryption protocols helps address these concerns.

Ongoing Developments and Updates in E-Signature Laws: E-signature laws and regulations in India are subject to continuous developments and updates. Keeping abreast of these changes and adapting to new legal requirements is important to ensure ongoing compliance and the continued validity of electronic signatures.

Your search for India’s simplest e-signature solution ends here

If you are looking to adopt an e-signature solution to quickly sign contracts, invoices, quotes, or other crucial documents in a legally-compliant manner, try Aadhaar e-sign by Signeasy.

What makes it the simplest e-signature solution? Aadhaar e-sign does away with the complicated process required to obtain a USB token with a digital-certificate-based digital ID. Instead, it allows you to create a digital signature on the fly using your Aadhaar ID.

It also offers a complete fill-and-sign functionality that couples well with business workflows, allowing users to complete their documents in one shot.

Sign up for a free trial of Aadhaar eSign to run a productive, paper-free business.