Legal & Commercial Implications of India’s Digital Signature

With the present business scenario, the move from traditional paper documents to electronic transactions has revolutionized the implementation and verification of transactions to their very core. The digital economy promoted by technology and policy drives like Digital India has made government and non-governmental agencies adopt digital media as the medium of communication and contract formation. One of the factors that have driven this change has been the concept of digital signatures, the modern-day equivalent of physical written signatures, offering a secure and legally recognized method of authentication of electronic records and transactions.

A digital signature, which is based on cryptography-based algorithms, not only verifies the signatory but also secures the integrity of the document on which it is applied. Such a process is especially relevant to commercial transactions, as large numbers of contracts, bills, orders, and other legally significant documents are being sent electronically. The Information Technology Act of 2000 in India provides the legal framework for the acceptance and authentication of digital signatures, with a view to creating confidence and legal certainty in electronic transactions.

However, to the extent that the implications of digital signatures are beyond the scope of the IT Act, in view of the fact that commercial contracts are founded on contracts, the Indian Contract Act of 1872 continues to be relevant in regard to the enforceability of agreements made electronically. Similarly, the Sale of Goods Act of 1930, which governs the sale and purchase of goods all over India, is increasingly getting aligned with digital methods, particularly in the arena of e-commerce and electronic invoicing in the context of the GST regime. The overlap of these legislations is indicative of a necessity to redefine traditional commercial laws in view of the changing modern technologies.

Though digital signatures are used widely across diverse sectors—e-commerce, banking, insurance, logistics, and government procurement—the system still has a number of legal and operational challenges. Uncertainty about the enforceability of contracts signed digitally, difficulties in establishing proof in legal proceedings, privacy and data security concerns, risks to cybersecurity, and enforceability in jurisdictions remain issues for the system. Besides, the recognition of such digitally signed contracts by Indian courts, regulatory bodies, and quasi-judicial bodies continues to evolve within the context of changing legal principles.

This study aims at presenting an extensive legal and commercial examination of digital signatures in India by analyzing their impact on the making, operation, and enforcement of business contracts. This measures the understanding and regulation of digital signatures from the perspective of Indian legal frameworks and evaluates their connection to settled legal principles as enshrined in the Contract Act and the Sale of Goods Act. This study aims at filling a lacuna in existing legal scholarship by focusing on applied use, judicial response, and statutory meaning regarding digital authentication in commercial transactions.

The legal framework governing digital signatures in the Indian context will be investigated in subsequent chapters, with a specific analysis of their conformity with the doctrines of contract law and their application in the business practice of sales of goods. It will also evaluate the operational function of digital signatures in practical business practice and identify areas of legal reform and institution building.

LEGAL INFRASTRUCTURE REGULATING DIGITAL SIGNATURES IN INDIA

The Indian law of digital signatures traces its origin to the Information Technology Act of 2000 (IT Act). The Act was enacted in order to give legal recognition to electronic records and electronic communication as a legislative response to the growing need for a safe and secure regime of electronic commerce and governance. The key aspect of this Act is the explicit empowerment of digital signatures as a state-backed means of authentication and, therefore, the enablement of contracts and other transactions in the digital domain.

LEGAL RECOGNITION UNDER THE IT ACT, 2000

The foundation of digital signatures is given by Section 3 of the IT Act by stating that digital signatures will be considered legal when they are created in a manner that is both secure and reliable. Section 3 further states how authentication of an electronic record is possible by affixing a digital signature derived from an asymmetric cryptographic system and a hash function, both of which need technical security and must be identified in terms of the rules as stated by the Central Government.

This is followed by Section 3A, introduced by an amendment, which is broader in the sense that it acknowledges electronic signatures, a broader term that encompasses all technologically secure methods of authentication and not the cryptographically specific definition of digital signatures. But for such signatures to be enforceable in law in India, they have to be in compliance with the requirements of reliability, integrity, and verifiability prescribed by the Central Government.

Section 5 is of paramount significance in the context of commercial transactions because it brings digitally signed electronic records at par with their physically signed equivalents. It provides that if a law mandates a signature or a document to be signed, such requirement is fulfilled if the document gets signed with a digital signature complying with the requirements under the IT Act.

Apart from that, Section 10A of the Information Technology Act legitimates contracts made through electronic means by providing that such contracts shall not be considered legally ineffective simply because the communication and acceptance were made electronically. This section is especially significant for commercial contracts made through emails, online websites, or cloud-based contracting platforms.

Certifying Bodies and Infrastructure

In order to give authenticity and legal force to digital signatures, the Information Technology Act creates a regulatory framework that includes Certifying Authorities (CAs) and a central regulating body in the shape of the Controller of Certifying Authorities (CCA). Under Section 18, the CCA is authorized to issue licenses and regulate CAs, which are allowed to issue Digital Signature Certificates (DSCs) to individuals and companies.

They form the core of the field of digital verification since they are issued only after a rigorous verification of the candidate’s identity. They guarantee that the digital signature is traceable, tamper-evident, and duly time-stamped. Hence, the Digital Signature Certificate serves not only as a verification mechanism but also as a mechanism for achieving non-repudiation in business transactions. The regulations notified under the Information Technology Act, including the Information Technology (Certifying Authorities) Rules of 2000 and the Information Technology (Use of Electronic Records and Digital Signatures) Rules of 2004, lay down the technical and procedural specifications of digital signatures for aspects such as key generation, security controls, and certificate lifecycle management.

Author:  Kaustubh Kumar, in case of any queries please contact/write back to us via email to chhavi@khuranaandkhurana.com or at  Khurana & Khurana, Advocates and IP Attorney.

References

1. Debasis Nayak & Girija Prasad Rath, Impacts of Digital Signature on Society: A Review, 5 INT’L J. OF ADVANCED RSCH. IN COMPUTER SCI. & SOFTWARE ENG’G 1, 2-3 (2015).
2. Information Technology Act, 2000, § 3 (India).
3. Nishith Desai Associates, Digital Signatures: A Primer, NISHITH DESAI ASSOCIATES 3-5 (2022), https://www.nishithdesai.com/fileadmin/user_upload/pdfs/Research_Papers/Digital_Signatures_A_Primer.pdf.
4. Indian Contract Act, 1872 (India).
5. Sale of Goods Act, 1930 (India).
6. Central Board of Indirect Taxes and Customs, E-invoice under GST: Concept and Implementation, MINISTRY OF FINANCE, GOVERNMENT OF INDIA (2021), https://www.cbic.gov.in/resources/htdocs-cbec/gst/E-invoice-under-GST.pdf.
7. Information Technology Act, 2000 (India).
8. Supra note 02.
9. Information Technology (Amendment) Act, 2009, § 6 (India).
10. Information Technology Act, 2000, § 5 (India).
11. Information Technology Act, 2000, § 10A (India).
12. Information Technology Act, 2000, § 17 (India).
13. Information Technology Act, 2000, § 18 (India).
14. Controller of Certifying Authorities, Digital Signature Certificates (DSC), MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY (2023), https://www.cca.gov.in/en/digital-signature-certificates.html.
15. Information Technology (Certifying Authorities) Rules, 2000 (Oct. 17, 2000) (India).
16. Information Technology (Use of Electronic Records and Digital Signatures) Rules, 2004 (Feb. 18, 2004) (India).