The Legality And Admissibility Of Electronic Signatures In The Modern World– A Look At The Laws In India

Given that Indian law recognizes electronic signatures or e-signatures, there has been an increase in the usage of e-signatures in recent times. This, in part, is due to the Government's decision to focus on enabling electronic transactions using Aadhaar, the unique identification number issued by the Indian Government to all Indian residents.

Indian law treats electronic signatures as equivalent to physical signatures, subject to a few exceptions, and generally allows documents to be signed using e-signatures. However, the e-signatures must satisfy a number of conditions and certain checks must be done before it can be relied upon. This article provides an overview of the law relating to e-signatures in India including its viability and admissibility.

E-signatures under the IT Act

Under Indian law, a written signature/signature in manuscript is not necessarily required for a valid contract. Validity of a contract is determined basis the legal capacity/competency of the parties to enter into a contract, the subject matter of the contract (i.e., the contract must be for a lawful purpose) and acceptance of the offer by the parties.

The Information Technology Act, 2000 ("IT Act") identifies e-signatures and deals with the legality of such signatures. The IT Act was amended by the Information Technology Amendment Act, 2008 ("IT Amendment Act") to permit the use of electronic signatures. The amendment (by way of Section 3A of the IT Amendment Act) provides the procedure for authentication of any electronic record by electronic signature. Such amendment provides that such electronic signature should be reliable and which may be specified by the Central government in the second schedule to the IT Amendment Act.

Further, the Central Government vide the Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015 has incorporated guidelines with respect to e-authentication technique using Aadhaar e-KYC services in the Second Schedule of the IT Act.

These rules recognise e-authentication technique using Aadhaar e-KYC services as valid authentication of an electronic record. Authentication of an electronic record via e-authentication method is similar to authentication of a digital signature based on public/private key infrastructure.

The IT Act, which provides for the adoption of electronic signatures, read with the relevant rules and regulations acknowledges the following forms of electronic signatures:

• Aadhaar ID method - Electronic signatures using the Aadhaar ID (Aadhaar is a unique identification number issued to all residents of India and contain personal and biometric information of the individual) along with an electronic Know-Your-Customer (e-KYC) method authenticates signatures through information from the Aadhaar and e-KYC method (such as a one-time passcode). Through this method the identity of the subscriber is identified through the Aadhaar authentication process of the Government by using the biometrics or a one-time passcode. This process is managed by accredited service providers; and

• Digital signatures method – Through this method digital signatures are created by an "asymmetric crypto-system and hash function" where is signer is issued a long term (usually 1 – 2 years) certificate based digital identity stored on a USB token which is used along with a personal identification number to sign a document.

Authenticity and legality of e-signatures

The relevant provisions of the IT Act specify that an electronic record can be authenticated by an electronic signature or electronic authentication technique which is considered reliable and is specified in the second schedule of the IT Act.

Further, the IT Act provides that an electronic signature or electronic authentication technique shall be considered reliable if:

• the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person;

• the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;

• any alteration to the electronic signature made after affixing such signature is detectable;

• any alteration to the information made after its authentication by electronic signature is detectable; and

• it fulfils such other conditions which may be prescribed.

Having said that, an e-signature / digital signature cannot be used for executing the following documents or transactions:

• a negotiable instrument (other than a cheque),

• a power of attorney,

• a trust deed,

• a will (including any other testamentary disposition by whatever name called), and/or

• any contract for the sale or conveyance of immovable property or any interest in such property.

Conditions of use for e-signatures using Aadhaar model

For an e-signature, using Aadhaar e-KYC based model, the service provider needs to be either of the following:

(a) a Central/ State Government Ministry / Department or an undertaking owned and managed by Central / State Government,

(b) an authority constituted under a Central / State Act, or

(c) a not-for-profit company / special purpose organization of national importance,

(d) a bank / financial institution / telecom company, or

(e) a legal entity registered in India.

Accordingly, as a first step the service provider providing e-signature facilities to its clients is required to fall in one of the above categories. Further, an application service provider (ASP) (that is the company / organization providing the e-signature service), is required to be empaneled (by signing an agreement) with an authorized certifying authority licensed by the Controller of Certifying Authorities. A list of the certifying authorities, as on date, is as follows:

(a) eMudhra Ltd.,

(b) C-DAC (Centre for Development of Advanced Computed),

(c) (n)Code Solutions,

(d) NSDL e-Governance Infrastructure Ltd., and

(e) Capricorn Identity Services Pvt. Ltd.

Accordingly, only in the event an ASP is empaneled with an authorized certifying agency can it offer e-signature facilities/services to its clients. Thus, it becomes imperative to check for fulfillment of the aforementioned conditions, prior to choosing a service provider to tie up with, in order to be compliant with the applicable law.

Admissibility of e-signatures under Evidence Act

The Indian Evidence Act, 1872 ("Evidence Act") has been amended from time to time, especially to provide for the admissibility of electronic records along with paper based documents as evidence in the Indian courts. Perhaps the most important amendment to the Evidence Act has been the introduction of sections 65A and 65B under the second schedule of the IT Act, which provides for special provisions as to evidence in relation to electronic records and the admissibility of electronic records, respectively.

Section 65B of the Evidence Act, is the guiding law in terms of admissibility of electronic record and provides that, notwithstanding anything contained in the Evidence Act, any information contained in an electronic record (whether it be the contents of a document or communication printed on a paper, or stored, recorded, copied in optical or magnetic media produced by a computer), is deemed to be a document and is admissible in evidence without further proof of the production of the original, provided the conditions set out in section 65B for the admissibility of evidence are satisfied, which have been set out as under:

(a) At the time of creation of the electronic record, the computer output containing the information was produced from a computer that was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer,

(b) During the period, the kind of information contained in the electronic record was regularly fed in to the computer in the ordinary course of the activities,

(c) Throughout the material part of the said period, the computer was operating properly or, if not, then in respect of any period in which it was not operating properly or was out of operation during that part of the period, was not such as to affect the electronic record or the accuracy of its contents; and

(d) The information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities.

As regards admissibility of documents which have been signed electronically, the Evidence Act provides that these will be admissible as evidence, subject to the authenticity and integrity of the electronic/digital signature being proved in the court by the signer. Further the Evidence Act provides for the presumption as to the authenticity of electronic records and electronic signatures. However, such presumption would only be with respect to a secure electronic record or a secure electronic signature.

Conclusion

E-signatures are increasingly becoming popular and useful especially in cases where the parties are in different cities/countries. It helps an individual to gain identity in the digital world. By being digital in nature and made by cryptographic technology it cannot be validated by ordinary authentication procedures. Thus, the chances of tampering with it are minimal.

However, like with every technology, it does have its own limitations and challenges, such as risk of identity theft and publication or creation of false signatures.

Combating such issues become important while using e-signatures. Thus, it is imperative for the person electronically signing documents to keep his/her e-signatures in a safe place, not share it with any third party and verify the contents of the documents being signed prior to electronically signing it.

For any clarification or further information, please contact