The Information Technology Act of 2000 ("ITA"), the Indian Contract Act of 1872 ("ICA"), and the Electronic Signature or Electronic Authentication Technique and Procedure Rules of 2015 ("ESEATPR") all recognise electronic signatures as valid legal documents in India.

 

The ITA, the ICA, the ESEATPR, the Indian Stamp Act of 1899, and the pertinent state stamp acts are the pertinent legislation and regulations pertaining to the usage of electronic signatures in India. These laws provide the framework for:

 

What "electronic signatures" are accepted by the government of India;

What paperwork or agreements cannot be made electronically;

What requirements all contracts, including those using electronic signatures but not in compliance with the ITA's officially recognised standards, must satisfy; and

Whether stamp duty is required to be paid on a specific electronic transaction.

 

A contract cannot be denied enforceability solely because it was executed electronically, according to the ITA, as long as it satisfies the requirements of a legal contract under the ICA.

Section 10 of the ICA lists the prerequisites for a legal contract. These components are listed below:

 

It is entered into by persons who are legally able to do so; it results from their free will (i.e., a valid offer and acceptance); it provides for reciprocal consideration between the parties; and it does not call for the performance of any illegal acts.

An electronic signature, according to the ITA, is "authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature."

 

According to the ITA, a "digital signature" is the "authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3 [of the ITA]."

 

An "electronic signature" must meet certain requirements to be lawfully accepted under the ITA.

 

"Reliable" behaviour 

 

Utilise a method of authentication listed in the Second Schedule to the ITA.

 

An electronic signature is considered “reliable” if:

·       The signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or to the authenticator and to no other person;

·       The signature creation data or the authentication data were, at the time of signing, under the control of the signatory or the authenticator and of no other person;

·       Any alteration to the electronic signature made after affixing such signature is detectable;

·       Any alteration to the information made after its authentication by electronic signature is detectable;

·       There is an audit trail of steps taken during the signing process; and

·       The digital signer certificates are issued by a Certifying Authority recognized by the Controller of Certifying Authorities appointed under the IT Act.

·       The Second Schedule provides that an “electronic signature” or electronic record can be authenticated by using either of the following methodologies:

·       Aadhaar e-KYC services, or

·       A third-party service by subscriber's key pair-generation, storing of key pairs on hardware security modules and creation of digital signature provided that the trusted third party providing such services shall be offered by any of the licensed Certifying Authority.

·       To create a digital signature, a user obtains a digital certificate from a licensed Certifying Authority.