Advancement in technology has changed the way we see everything. The way digitization has transformed has left entrepreneurs with no choice but to catch up with the whole process to maintain their relevance. Critical business processes have leverage business solutions to grow their profits twice as fast, accelerating this shift towards digitization and one of such shifts was towards electronic signatures.
Electronic signatures or esigns are signatures that can be sent on a digital platform in a dedicated digital format. The ease at which electronic signatures have empowered entrepreneurs to obtain signatures in no time, have overpowered the need to print, scan, fax and send documents repeatedly, making it an excruciating and time-consuming process to get signatures. Such a method of obtaining signatures from multiple signatories is faster and efficient which has undoubtedly accelerated business transactions.
This use of signature is legally a mandate. Signatures hold a strong and important legal position in a document, implying the identity and intent of a person to the document. Electronic signatures are as unique as handwritten signatures. Since handwritten signatures are prone to tampering and forgery, international businesses and commerce have shifted to a safe platform to exchange signatures and still maintain the credibility. To ensure that the ecommerce industry doesn't come to a grinding halt, lawmakers of many nations have made it a point to enact on the legislative contract of electronic signature.
With this advancement, around 50 countries, including developed and developing nations have adopted their own set of laws, policies and acts apart from having enacted e-signature legislation. The number of countries to form legislation regarding e-signatures is growing with each passing year. Some of the acts that are strictly abided by are:
The Information Technology Act 2008, India
The Uniform Electronic Transactions Act (UETA) 1999
The E-sign Act 2000, USA
The European Union’s Electronic Signatures Directive, Directive 1999/93/EC
The Electronic Communications and Transactions Act 2002, South Africa
Canada: Personal Information Protection and Electronic Documents Act
Australia: Electronic Transactions Act 1999
European Union: European Directive 199/93/EC
United Kingdom: Electronic Signatures Regulation 2002
India: Information Technology Act 2000
New Zealand: Electronic Transactions Act
United Nations: UNCITRAL Model Law on Electronic Signatures
As the list of countries to form legislation regarding e-signatures continues to grow, we will discuss in this article the electronic signature laws in india.
Let's look at the electronic signatures laws in India
In India, electronic signatures have the same legal status and validity as that of traditional handwritten signatures. Since 2000, India has accepted electronic signatures as a legal platform of online transactions and contracts with the commencement and execution of Information Technology Act(IT Act). With this electronic signature law India has been promoting digital technologies for every citizen and every business operation in India for improving the safety and security of records. The electronic signatures law in India makes e-signature legally admissible in court. As a result there has been an increase in the recent usage of e-signatures encouraging the use of latest digital technologies. However, most of the citizens are unaware of the proper understanding of the electronic signatures laws in India.
Information technology Act, (2000)
The information technology Act, 2000 (IT Act) is an Indian Law that recognizes electronic signatures as equivalent to handwritten signatures. A handwritten signature is not always considered credible, subject to a few exceptions. India follows a hierarchical root of trust model for eSignatures and they are legally valid and admissible in the court of law. Indian law considers the validity of a contract if the legally competent parties agree to the intent verbally, electronically or in a physical paper document.
According to the Information Technology Act, 2000 (IT Act) any digitally signed contract cannot be denied or refused enforceability on the account of being concluded electronically. Section 65B of the Evidence Act (1872) gives electronic signatures the enforceability to be produced as electronic records, admissible as evidence to support authenticity and validity of a contract in court. Any document, if legally required, can be authenticated by affixing the digital signature in the prescribed manner given in the section 5 of the Information Technology Act, 2000 (IT Act).Section 10A of the IT Act further recognizes and validates the contracts that are formed through offer and acceptance by electronic forms.
However, in order to produce any contract, conducted electronically, as an evidence in a court, it should meet certain requirements. Below we have an overview of the electronic signatures law in India.
What types of eSignatures are recognized under the IT Act, 2000?
The IT Act broadly states any contract cannot be enforceable only because they are conducted electronically. The IT Act recognises two types of legally valid electronic signature that have the same legal status as that of the traditional handwritten ones. This helps companies in choosing the method that suits best to their requirements.
eSignatures that combine an Aadhaar with an eKYC service
Users with an Aadhaar ID, can use an online e-signature service to securely sign documents online, if their unique identification number is issued by the Indian government such as KYC services. Users can use any web or mobile app interface to esign any document by authenticating using an eKYC service such as one time password (OTP) by an e-sign service provider. that comply with government guidelines.
Digital signatures with asymmetric crypto-system and hash function
Digital signatures generate asymmetric crypto-systems and hash functions. An ‘asymmetric crypto system’ consists of a secure pair of keys: a private key and a public key, which are unique to each user, and can create an e-signature by leveraging its authentication, from a reputed Certifying Authority (CA) in the form of a digital certificate. These certificates store necessary information about the user user’s name, public key, the expiration date of the certificate, and few other information about the user. A document can also be signed by issuing a USB token that contains the digital-certificate-based ID.
These are the two ways under which a document can be signed for the two types of e-signatures to be valid under Indian law.
Which factors make eSignatures valid in India?
Here are the 5 criteria that e-signatures must satisfy in order to be valid, as per the IT Act:
eSignatures should be uniquely linked to the person who is signing the document that could be in the form of a government issued digital ID.
Signing, the signatory should have total control over the data that is used to generate the e-signature. These signatures can be affixed directly by the prescribed manner by the government in order to meet the requirement.
Any alteration to the document or the affixed e-signature must be easily detectable by encrypting the document with a tamper-evident seal.
There should be an audit trail that should demonstrate the steps detailed taken during the signing process.
The signing certificate should be issued by a Certifying Authority (CA) licensed by the Controller of Certifying Authorities (CCA) appointed under the IT Act(2000).
Electronic signature compliance and security certificates
In the cloud environment, hacking data from any server has become extremely easy. When we are in a business where most of our deliverables happen over cloud it's important for us to transmit that through a secure connection. To enable this, enterprises are complied with certain security and compliance certificates which gives them an upper hand in gaining the customers trust.
Major standards and compliance of digital signatures
It is the web application firewall helping to protect your web applications or APIs from the common web exploits that affect availability, compromise security, or consume excessive resources. The pricing is based on how many rules you deploy and how many web requests your application receives.
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
The Financial Industry Regulatory Authority (FINRA) is an independent, nongovernmental organization that writes and enforces the rules governing registered brokers and broker-dealer firms in the United States. Its stated mission is "to safeguard the investing public against fraud and bad practices." It is considered a self-regulatory organization.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
CSA Star program
The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix.
Use cases for standard electronic signature
Finance - Documents such as Internal approvals on reimbursements forms, Opening and Closings of Account of clients,budgets on purchase of new materials, Expense reports of months, budgets on events, asset’s etc. Client PO/ Invoices approvals on Cygnature, Internal audit reports for approvals from the higher management.
Legal- Documents such as NDA’s between Clients and service providers, Contracts and Legal Agreements between Clients, Approval agreements, Partnership Agreements, Board Resolutions written by legal department, MSA’s, Shareholder Agreements and Joint Venture agreements .
Human Resource- Documents like Offer Letter, The Welcome letter,new hire paperwork, Onboarding documents, Emergency contact form, Basic details form, Handbooks, Tax filing documents.
Sales- Documents like invoice and payments, Non-compete agreements, licensing agreements, sales/purchase orders, change request documents.
Use cases not appropriate for electronic signatures
Below are some of the use cases where signatures are specifically barred from digital or electronic processes like handwritten signatures (e.g. wet ink) that are not appropriate for any digital transaction management. IT Act is not applicable for the below mentioned cases.
Negotiable instruments, other than a cheque (handwritten).
Power of attorney (handwritten).
Trust deed (handwritten).
Testamentary disposition like Will (handwritten).
Contract for sale or interest of an immovable property (handwritten).
The Government of India has taken an initiative to transform the nation into a paperless economy. This initiative towards a digitised economy has led to the widespread adoption of electronically signed documents. However to avoid any risk, it is important to implement eSignatures recognised by the IT Act. If you are looking for a quick and efficient esignature solution, document eSign is the right place for you.