ELECTRONIC SIGNATURES & 2018 AADHAAR VERDICT
Till 2015, though there was a provision of Electronic Signature in the Information Technology Act, 2000 there was no mode of electronic signature prescribed in Second Schedule till 2015. In 2015, by way of GSR 61(E) Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015, the eAuthentication Technique using Aadhaar e-KYC Services were introduced in the Second Schedule.
As a result, the Aadhaar Electronic Signature was being utilized by entities and Organizations for identifying customers and enabling customers to sign documents using Aadhaar based Electronic Signatures. The use cases of the signature were various.
However, post the Supreme Court verdict on Aadhaar, whereby the Supreme Court disallowed the use of Aadhaar Authentication by private entities, questions were raised on the validity of Aadhaar based Electronic Signature. The stand as taken by the industry players in the absence of any information to the contrary remained that the use of Aadhaar Authentication for the purpose of Electronic Signature is backed by law, i.e, the IT Act,2000, and the same is permissible even after the Supreme Court verdict.
2019 AMENDMENT TO IT ACT, 2000
On 5th March 2019, the Ministry of Electronics and Information Technology amended the Second Schedule to the Information Technology Act, 2000 and inserted the word “Other” after Aadhaar e-KYC.
The Second Schedule post the amendment would read as ‘e-Authentication technique using Aadhaar and other e-KYC services’. This indicates that Electronic Signature can now be generated by the Certifying Authority, using e-Authentication techniques which may or may not be Aadhaar, as long as it is issued in accordance with the e-Authentication Guidelines issued by the Controller of Certifying Authority.
Consequent Amendments have been made to Form C Schedule IV of the Information Technology Certifying Authority Rules, 2000. Instead of Aadhaar Number, the form now contains a provision for collection of eKYC Number, thereby widening the scope of KYC which may be used for generation of eSign.
IMPACT OF THE AMENDMENT
The impact of the aforesaid amendment is as follows
- Aadhaar based Authentication has been substituted with eKYC Based Identity Verification
- Aadhaar Number has been substituted with eKYC Number.
- This is also being interpreted by various players to mean that, due to the fact that the Amendment has not eliminated Aadhaar eKYC as a mode of Authentication for eSign and only added other eKYC methods, the Aadhaar eKYC based eSign still remains valid.
- The CCA is yet to issue guidelines as to which other modes of authentication can be used to generate Electronic Signature.
It requires to be said that it’s time the law relating to Electronic Signature in India is made Technology Neutral at Par with other countries. The prescription of standards of usage of Electronic Signature and reliability of Signature should be left to the decision specific industry regulators, as per the use case, if the signature satisfies other requirements of Reliability.