Digital & Electronic Signatures & Electronic Governance
Section 3. Authentication of electronic records.
3(1).
As long as the conditions laid down in this section are followed:
Any subscriber is allowed to authenticate an electronic record by attaching their digital signature.
3(2).
An electronic record is authenticated using an asymmetric cryptographic system and a hash function.
A hash function converts the original electronic record into a fixed digital value.
An asymmetric crypto system then uses the subscriber’s private key to sign this value.
This process wraps and transforms the original record into a new electronic record, making it secure and tamper-proof.
Explanation:
For 3(2) , a hash function means a mathematical algorithm that:
Converts one set of digital data (bits) into another set of data, usually smaller, called a hash result.
Produces the same hash result every time it is applied to the same electronic record.
Makes it computationally infeasible to change the electronic record without changing the hash result.
A hash function acts like a digital fingerprint of an electronic record.
If the record changes even slightly, the fingerprint changes, making tampering easy to detect.
(a).
A Hash result must be computationally infeasible to derive.
A Hash result is also infeasible to recreate the original electronic record from the hash result produced by the algorithm.
A hash result cannot be reversed to get back the original document.
So , even if someone has the hash value, they cannot figure out what the original electronic record was, which helps keep the data secure.
(b).
It must be computationally infeasible that two different electronic records produce the same hash result using the algorithm.
The hash function should be different for two separate documents.
No document should end up with the same digital fingerprint.
If different records produced the same hash, it would be hard to detect tampering.
3(3).
Anyone can use the subscriber’s public key to check whether an electronic record is genuine.
So , the public key allows others to verify that the electronic record was signed by the subscriber and has not been altered after it was digitally signed.
3(4).
The private key and public key should belong only to the subscriber and work together as a single, matching pair.
The private key is used by the subscriber to sign an electronic record,
The corresponding public key is used by others to verify that signature.
Section 3A. Electronic signature.
3A(1).
Regardless of what Section 3 states , but subject to 3A(2), a subscriber may:
Authenticate an electronic record using an electronic signature or electronic authentication method which:
(a). Is considered reliable.
(b). Is specified in the Second Schedule.
3A(2).
An electronic signature or electronic authentication method will be treated as reliable only if it satisfies the following conditions:
(a).
The signature creation data or authentication data is linked only to the signatory or authenticator, and to no one else.
This is done so the signature clearly belongs to one specific person.
(b).
At the time of signing, the signature creation data or authentication data was under the exclusive control of the signatory or authenticator.
This prevents others from using or misusing the signature data.
(c).
Any change made to the electronic signature after it is affixed should be able to be detected.
This helps identify if the signature has been tampered with.
(d).
Any change made to the information after it has been signed is detectable.
This is done in order to make sure the signed content remains intact and unaltered.
(e).
It satisfies any other conditions that may be prescribed by rules.
This allows the government to add further requirements if needed.
3A(3).
The Central Government has the power to lay down rules to check whether an electronic signature is genuine.
The Central Government can prescribe a specific procedure.
This procedure is used to verify the identity of the person who signed or authenticated the electronic record.
It helps confirm that the electronic signature actually belongs to the person it claims to belong to.
The aim is to prevent impersonation, fraud, or misuse of electronic signatures.
3A(4).
The Central Government has control over which electronic signatures are officially recognised.
The Central Government may issue a notification in the Official Gazette.
Through this notification, it can add new electronic signatures or authentication techniques to the Second Schedule.
It can also remove existing electronic signatures or techniques from the Second Schedule.
The Government can also specify the procedure for affixing such electronic signatures.
Condition: No electronic signature or authentication technique can be included in the Second Schedule unless it is reliable.
3A(5).
Every notification issued under 3A(4) shall be laid before each House of Parliament.
Section 4. Legal recognition of electronic records.
Even if a law requires information to be in writing, typed, or printed, that requirement can still be met in electronic form.
Some laws require information to be written, typed, or printed.
Despite such requirements, the law recognises electronic form as valid.
The requirement of writing or printing is considered fulfilled if the information is provided electronically, subject to the following conditions:
(a).
The information or matter is rendered or made available in electronic form.
This means the content exists digitally, such as in an email, PDF, online form, or any other electronic format, instead of being on paper.
(b).
It is accessible and usable for future reference.
This means the electronic information must be stored or presented in a way that allows it to be opened, read, and used later whenever required.
Section 5. Legal recognition of electronic signatures.
Even if a law requires a document to be signed by hand, that requirement can be fulfilled using an electronic signature.
Some laws require information or documents to be authenticated by a signature.
This usually means a handwritten signature.
Despite such requirements, the law recognises electronic signatures as valid.
The requirement is considered fulfilled if an electronic signature is used.
The electronic signature must be affixed in the manner prescribed by the Central Government.
Explanation:
For the purposes of this section:
The word Signed when used with respect to a person, means:
Putting a handwritten signature.
Making any mark on a document.
The term Signature should be understood in the same sense.
Section 6. Use of electronic records and electronic signatures in Government and its agencies.
6(1).
Where a law requires certain actions to be carried out in a specific way, such as:
(a). Submitting any form, application, or document to a government office, authority, body, or agency in a prescribed manner.
(b). Granting or issuing any licence, permit, sanction, or approval in a prescribed manner, regardless of the name used.
(c). Receiving or making payments of money in a prescribed manner.
Then in such cases even if another law says otherwise, the requirement will be treated as fulfilled when the act is done electronically.
Provided when done electronically ,the actions must follow the method prescribed by the government.
6(2).
In order to give effect to 6(1), the appropriate Government has the power to frame rules for:
(a). The manner and format in which electronic records are to be filed, created, or issued.
(b). The manner or method of payment of any fees or charges for the filing, creation, or issue of electronic records under clause (a).
Section 6A. Delivery of services by service provider.
6A(1).
The appropriate Government can officially allow certain private or public entities to help deliver e-services.
The appropriate Government may issue an order for the purposes of this Chapter.
The aim is to ensure efficient delivery of public services through electronic means.
The Government can authorise a service provider for this purpose.
Such a service provider may be allowed to:
Set up computerised systems.
Maintain and upgrade these systems.
Perform any other related services specified by the Government.
This authorisation must be notified in the Official Gazette.
Explanation:
For this section, an authorised service provider can be:
An individual.
A private agency.
A private company.
A partnership firm.
A sole proprietorship firm.
Any other body or agency.
Such a service provider must have permission from the appropriate Government.
The permission must be to offer services through electronic means.
The services must be provided in line with the policy governing that service sector.
6A(2).
The appropriate Government can allow authorised service providers to charge users for their services.
The appropriate Government may give additional authorisation to a service provider already approved under 6A(1).
This authorisation allows the service provider to collect service charges from users who use the service.
The provider may retain and use these charges.
The amount and manner of such charges must be as prescribed by the appropriate Government.
The charges are taken from the person who avails the service.
6A(3).
Service providers can be allowed to charge for e-services even if the main law or rules do not specifically mention such charges.
This power is subject to 6A(2).
The appropriate Government may authorise service providers to:
Collect service charges.
Retain those charges.
Use (appropriate) those charges.
This authorisation applies even if:
The Act, any rule, regulation, or notification under which the service is provided does not expressly allow service providers to collect e-service charges.
6A(4).
The appropriate Government must officially fix the service charges.
The appropriate Government will issue a notification in the Official Gazette.
Through this notification, it will specify the scale or rate of service charges.
These are the charges that service providers are allowed to charge and collect under this section.
The appropriate Government can fix different fees for different services.
The Government is not required to set one uniform service charge.
It may prescribe separate scales of service charges.
Each scale can apply to a different type of service.
Section 7. Retention of electronic records.
7(1).
Some laws require documents, records, or information to be kept for a fixed period of time.
That requirement is considered fulfilled even if the records are not kept on paper.
It is enough if the documents, records, or information are stored in electronic form, provided that the following conditions are met:
(a).
The information stored in electronic form remains accessible and can be used later whenever needed.
So, the electronic records must be stored in a way that allows them to be opened, read, and referred to in the future.
(b).
The electronic record is kept in the same format in which it was originally created, sent, or received,
It can also be kept in another format that can be shown to accurately reflect the original information.
The idea is to keep the electronic record is preserved without distortion, so it remains a true and reliable copy of the original.
(c).
The electronic record contains details that help identify:
Who sent it (origin).
Who received it (destination).
The date and time when it was sent or received.
These details make it possible to trace when the electronic record was sent and received and by whom.
This requirement does not apply to information that is automatically generated only to enable the sending or receiving of the electronic record.
7(2).
Some laws clearly state how documents, records, or information must be kept in electronic form.
If a law expressly provides for electronic retention, then this section does not override or affect it.
In such cases, the specific law will apply instead.
Section 7A. Audit of documents, etc., maintained in electronic form.
The Audit requirements apply equally to electronic records.
If any existing law requires auditing of documents, records, or information then:
That audit requirement will also apply when those documents, records, or information are processed and stored in electronic form.
Switching from paper to digital records does not remove the obligation of audit & electronic records can also be audited just like physical ones.
Section 8. Publication of rule, regulation in Electronic Gazette.
Some laws require rules, regulations, orders, bye-laws, or notifications to be published in the Official Gazette.
That requirement is treated as fulfilled if the publication is made in:
The Official Gazette.
The Electronic Gazette.
Publication in an Electronic Gazette is legally equivalent to publication in the traditional Official Gazette.
When a rule, regulation, order, bye-law, or notification may be published in both Official & Electronic Gazette:
In such cases, the date of first publication will be treated as the official date of publication.
It does not matter which form was published later.
Section 9. Sections 6, 7 and 8 not to confer right to insist document should be accepted in electronic form.
Sections 6, 7, and 8 allow the use of electronic records, signatures, and payments.
However, these sections do not give any person a legal right to force the Government or its bodies to go electronic.
No one can insist that any:
Ministry or Department of the Central or State Government.
Authority or body established by law.
Authority or body controlled or funded by the Government.
That they must:
Accept documents in electronic form.
Issue or create documents electronically.
Store or preserve records electronically.
Carry out monetary transactions electronically.
Section 10. Power to make rules by Central Government in respect of electronic signature.
The Central Government may frame rules for carrying out the purposes of the Act.
The rules may prescribe the following:
(a).
The Central Government can decide and specify the different types of electronic signatures that may be used under the Act.
(b).
The Central Government can prescribe how an electronic signature is to be applied, including:
The method of affixing the electronic signature.
The format in which the electronic signature must appear.
(c).
The Central Government can lay down the method or procedure that helps identify and verify the person who is affixing the electronic signature.
(d).
The Central Government can prescribe control processes and procedures to:
Protect the integrity of electronic records or payments (so they are not altered).
Maintain security against unauthorised access.
Ensure confidentiality of electronic records or payments.
(e).
The Central Government can prescribe any other rules that are required to make electronic signatures legally valid and effective under the Act.
Section 10A. Validity of contracts formed through electronic means.
During contract formation, actions like:
Making an offer.
Accepting an offer.
Revoking an offer or acceptance,
can be done electronically or through electronic records.
A contract cannot be treated as invalid or unenforceable just because these steps were done electronically.
Using emails, messages, or other electronic records to form a contract does not weaken its legal enforceability.
