The Information Technology Act,2000 was amended in the year 2008 to introduce Electronic Signature.
Electronic Signatures & 2018 Aadhaar Verdict
Till 2015, though there was a provision of Electronic Signature in the Information Technology Act, 2000 there was no mode of electronic signature prescribed in Second Schedule till 2015. In 2015, by way of GSR 61(E) Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015, the eAuthentication Technique using Aadhaar e-KYC Services were introduced in the Second Schedule.
As a result, the Aadhaar Electronic Signature was being utilized by entities and Organizations for identifying customers and enabling customers to sign documents using Aadhaar based Electronic Signatures. The use cases of the signature were various.
However, post the Supreme Court verdict on Aadhaar, whereby the Supreme Court disallowed the use of Aadhaar Authentication by private entities, questions were raised on the validity of Aadhaar based Electronic Signature. The stand as taken by the industry players in the absence of any information to the contrary remained that the use of Aadhaar Authentication for the purpose of Electronic Signature is backed by law, i.e, the IT Act,2000, and the same is permissible even after the Supreme Court verdict.
2019 Amendment to IT Act, 2000
On 5th March 2019, the Ministry of Electronics and Information Technology amended the Second Schedule to the Information Technology Act, 2000 and inserted the word “Other” after Aadhaar e-KYC.
The Second Schedule post the amendment would read as ‘e-Authentication technique using Aadhaar and other e-KYC services’. This indicates that Electronic Signature can now be generated by the Certifying Authority, using e-Authentication techniques which may or may not be Aadhaar, as long as it is issued in accordance with the e-Authentication Guidelines issued by the Controller of Certifying Authority.
Consequent Amendments have been made to Form C Schedule IV of the Information Technology Certifying Authority Rules, 2000. Instead of Aadhaar Number, the form now contains a provision for collection of eKYC Number, thereby widening the scope of KYC which may be used for generation of eSign.
Impact of the Amendment
The impact of the
aforesaid amendment is as follows
Authentication has been substituted with eKYC Based Identity
Aadhaar Number has
been substituted with eKYC Number.
This is also being
interpreted by various players to mean that, due to the fact that
the Amendment has not eliminated Aadhaar eKYC as a mode of
Authentication for eSign and only added other eKYC methods, the
Aadhaar eKYC based eSign still remains valid.
The CCA is yet to
issue guidelines as to which other modes of authentication can be
used to generate Electronic Signature.
It requires to be said
that it’s time the law relating to Electronic Signature in India is
made Technology Neutral at Par with other countries. The prescription
of standards of usage of Electronic Signature and reliability of
Signature should be left to the decision specific industry
regulators, as per the use case, if the signature satisfies other
requirements of Reliability.