Internet is a system of inter-connected computer networks and is today’s
significant platform of information and transmission. Its far-flung utilisation
has led to its entrance in the sphere of trade and commerce . The government of
India has passed the Information Technology Act with a view of taking the
benefit of digital technology and new emerging communication system. Business
transactions are being made with the help of computers. Business community as
well as individuals are increasingly using computers to create, transmit and
store information in the electronic form instead of traditional paper documents
Meaning Of Digital Signatures
Like the pen and paper method, a digital signature attaches the identity of the
signer to the document. Digital signature provides a viable solution for
creating legally enforceable electronic records closing the gap in going fully
paperless by completely eliminating the need to print documents for signing.
Digital signature enabled the replacement of slow and expensive paper based
approval processes with fast and fully digital ones. 
Electronic signature was defined in the Information technology ( Amendment )
Act, 2008 . Whereas the earlier Information technology Act ,2000 covered in
detail about digital signature defining it and elaborating the procedure to
obtain the digital signature certificate and giving it legal validity.
Digital signature was defined as “authentication of electronic record”
procedure laid down in section 3, which discussed the use of asymmetric crypto
system and the use of public key infrastructure and hash function, etc . This
was criticised to be technology dependent i.e relying on the specific technology
of asymmetric crypto system and the hash function generating a pair of public
and private key authentication, etc.
Thus , chapter II which was originally ‘Digital signature’ was renamed as
‘Digital signature and electronic signature’ in Information Technology (
Amendment ) Act, 2008 thus introducing technological neutrality by adoption of
electronic signatures as legally valid mode . 
Meaning Of Certifying Authorities
Internet is a open system of communication which has its own set of problems,
these problems relate to the integrity, confidentiality and authentication of
communication channels and processes . so a system of identity authentication is
thus required , which is done by trusted third party which is referred to as ‘
certifying authority’ whose function is to verify and authenticate the identity
of subscriber . 
According to Section 2 (1) (g) of the Information technology Act,2000
‘certifying authority is a person who has been granted a licence by the
controller of certifying authority to issue electronic signature certificates to
In general , a certifying authority is a body either public or private that
seeks to fill the need for trusted third party services in the e-commerce by
issuing digital signature certificates. The role played by the certifying
authorities is similar to that of a notary public in the real world. A notary
attests that the person who signs the documents is really that person .
Similarly, a certifying authority grants digital signature certificates to
subscribers after proper identification and verification.
Appointment Of Controller And Other Officers
The central government may appoint controller of certifying authorities after
notifying the official gazette. They may also appoint Deputy controllers and
assistant controllers as it deems fit.
The controller discharge his responsibilities subject to the general control and
directions of the central government . The Deputy controllers and Assistant
controllers shall perform the functions assigned to them by the controller under
general superintendence and control of the controller . 
Role Of Controller In Issuing Digital Signature Certificates
Licence to issue electronic signature certificate:
Any person may approach the controller for a licence to issue electronic
signature certificates including digital signature certificates. A controller
can issue a licence only if the applicant fulfils all the requirements with
respect to qualification ,expertise, manpower, financial resources and also
infrastructure facilities for the issuance of digital signature certificates.
And the licence granted is valid for a period of 5 years from the date of issue
and the said licence is not transferrable and heritable. 
Application for licence:
An application can be made for obtaining a licence to operate a certifying
authority. Requirements need to be fulfilled by the applicant for issue of
licence to operate certifying authority . The form for application for grant of
a licence to operate as a certifying authority that is required to be submitted
to the controller and every application for issue of licence shall be
Renewal of licence:
- A certification practice statement.
- A statement including the procedures with respect to identification of the
- Payment of fees, not exceeding 25 thousand rupees.
An application for renewal of licence shall be in such a form , accompanied by
such fees which should not exceed 5 thousand rupees and renewal of licence shall
be made not less than 45 days before the date of expiry of the period of licence
. Further, the application for renewal of licence may be submitted in the form
of electronic record.
Procedure for grant or rejection of licence:
The controller may on receipt of an application after considering the documents
accompanying the application and such other factors, he may grant the licence or
reject the application. 
The controller may within 4 weeks from the date of receipt of the application
examine the documents and information accompanying the application before he
grants the licence or rejects the application. 
The controller has been empowered to refuse the grant or renewal of a
certifying licence if:
- The applicant has not provided the controller with such information relating to
its business as the controller may require.
- The applicant or any trusted person has convicted, whether in India or out of
- A certifying authority commits breach of or fails to observe and comply with
,the procedure and practices as per the certification practice statement.
- A certifying authority fails to conduct or does not submit, the returns of thr
However the principles of natural justice would be followed before
rejection unless the applicant is given a reasonable opportunity of presenting
his case . 
Suspension of licence:
The controller after making an inquiry if he feels that the certifying
authorities , has:
- Made a statement , in relation to the application for the renewal of licence is
false or incorrect.
- Failed to comply with the terms and conditions subject to which the licence
- Failed to maintain procedures and standards.
- Contravened any of the provisions of the Act, rule, regulation or order made
thereunder , can revoke the licence. 
Powers And Functions Of The Controller:
Some of the powers of the controller mentioned under the Act are as follows:
- Recognition of foreign certifying authorities:
Section 19 of the IT Act gives the power to the controller to recognise any
certifying authorities for the purposes of the Act. Once the foreign certifying
authority is recognised by the controller , the digital signature certificates
issued by such certifying authority shall be valid for the purpose of the
Act, such recognition can be withdrawn or revoked by the controller in case
there are any contravention of any conditions and restrictions subject to
which the recognition was granted to the foreign certifying authority.
Power to delegate:
Section 27 of the IT Act provides that , the controller may authorise the Deputy
controller, assistant controller or any officer to exercise of any of the powers
of the controller. However such delegation should be made in writing. But his
quasi judicial power to resolve any dispute between certifying authorities and
subscribers cannot be delegated.
Power to investigate contraventions:
Section 28 of the IT Act provides that , the controller or any other officer
authorised by him shall take up for investigation any contraventions of the
provisions of the Act, rules or regulations.
Access to computers and data:
During the course of investigations the controller requires certain powers to be
able to gather evidence, for this purpose searching of computer systems is
required , so under section 29 of the IT Act the controller has been given the
power to have access to any computer system , any apparatus , data or any other
material connected with such system if he has reasonable cause to suspect that
any contravention of the provisions of this Act, rules or regulations made , has
- Power of controller to give directions:
To ensure compliance of provisions of the Act , rules or regulations made under
the controller has been authorised to give directions to certifying authorities,
section 68 (1) empowers the controller to give such directions by way of an
Functions Of The Controller
The functions of the controller have been enumerated under section 18 of the Act
. These functions basically relate to certifying authorities or digital
signature certificate. It is the controller’s duty to regulate and control
almost each and every activity of the certifying authorities and to ensure their
smooth working and functioning from its very inception to even resolving of
disputes. In general , the controller has the power to exercise supervision over
the activities of the certifying authorities.
In specific the controller can lay down the standards to be maintained by the
certifying authorities, specify the conditions subject to which the certifying
authorities shall conduct their dealings with the subscribers, specify the form
and manner in which accounts shall be maintained by the certifying authorities,
specifying the terms and conditions subject to which auditors may be appointed
and the remuneration to be paid by them, facilitating the establishment of any
electronic system by a certifying authority either solely or jointly with other
certifying authorities and the regulations of such systems, laying down the
duties of the certifying authorities and maintaining database containing the
disclosure record of every certifying authorities containing such particulars,
which shall be accessible to public.
The controller also has the function of specifying the form and the content of a
digital certificate and the key as also specifying the contents of the written,
printed or visual materials and advertisements that may be distributed or used
in respect of a digital signature certificate and the public key.
The office of the controller of certifying authority is a fulcrum on which the
information technology Act, 2000 operates. It has a statutory role to identity,
apply and draw awareness regarding the application of specific form of
technology. Furthermore it establishes functional attributes for certifying
authorities. And the IT Act also provides for the controller of certifying
authorities to licence and regulate the working of certifying authorities.
The controller of certifying authority being the highest administrative body
recognised under the Act has been given a lot of importance .
- The Information technology Act, 2000 available at https://www.indiacode.nic.in/
- The Information technology( certifying authorities ) rules https://www.meity.gov.in/writereaddata/files/Information%20Technology%20%28Certifying%20Authority%29.pdf
- https://www.legalbites.in/digital-signature-electronic-signature/ last
cited on 07-04-2021
- Umrav singh ‘cyber laws in India’ (May 2016 ) , available at https://www.researchgate.net/publication/303522263_Cyber_Laws_in_India ,
last cited on 08 -04-2021
- Vakul Sharma ‘ Information technology : law and practice’ ( lexis nexis
, Haryana , 6th edn , 2019)
- Gupta and Agarwal ‘cyberlaws’ ( premier publishing company , Allahabad,
2012 ) p. 469
- Section 17 of the Information Technology Act, 2000
- Section 21 of the Information Technology Act, 2000
- Rule 13 of the Information technology ( certifying authorities ) Rules,
- Section 22 of the Information Technology Act, 2000.
- Section 23 of the Information Technology Act, 2000
- Section 24 of the Information Technology Act, 2000
- Rule 16 of the Information technology ( certifying authorities ) Rules,
- Supra note 4 , at page 239
- Section 25 of the Information Technology Act, 2000
- Devashish baruka ‘purview of Information technology Act, 2000’ available
at http://220.127.116.11:8080/jspui/bitstream/123456789/722/18/Purview%20of%20the%20Information%20Technology%20Act%2C%202000.pdf last
cited on 08 -04-2021
Award Winning Article Is Written By: Mr.Naveen B Talawar
Authentication No: MA34185107161-28-0521