I often get asked about the legal validity of electronic signatures/ e-signatures and consequently electronic contracts/ e-contracts under Indian law. The questions often range from whether the electronic signing methods are recognized under Indian law to how one can pay stamp duty an electronic document. During the last few years e-signing and e-contracting has assumed significance and specially when businesses are working remotely it is efficient and cost effective to have a document e-signed rather than co-ordinating physical signatures.
This post explores broadly the law regarding (i) usage and validity of e-signatures and (ii) enforcement of electronic contracts. Also given that there are various e-signing services available from various vendors in India, I have provided a table with comments on their validity towards the very end of this post.
Recognized forms of electronic signatures under Indian law
The Information Technology Act, 2000 (IT Act) governs the use of electronic signatures in India. The IT Act recognizes two types of e-signatures to authenticate electronic records/ documents: (a) digital signatures using asymmetric crypto systems and hash function, and (b) electronic signatures or electronic authentication techniques specified in the Second Schedule of the IT Act (Second Schedule).
Digital signatures are technically any signature that use an asymmetric crypto system and hash function. Digital Signatures are considered a subset of electronic signatures. These are commonly available in the form of a physical token (USB) which you have to use to sign a document. This involves submitting you a form (like the one available here) along with ID proofs and undergoing a video verification. Post this the USB token is issued to you.
Electronic signatures include any electronic authentication techniques or procedures specified in the Second Schedule. At present, the Second Schedule specifies the following:
biometric and One-Time-Password (OTP) based Aadhaar e-KYC (Know Your Customer). An example of this is also known as Aadhaar e-Sign (eSign);
other e-KYC services apart from online Aadhaar e-KYC. These include Offline Aadhaar e-KYC, Organizational eKYC or Banking eKYC. You can find the Identity Verification Guidelines issued by Controller of Certifying Authority (CCA) for details regarding the various forms of identity verification used forms of user identification for generation of digital signature certificates; and
e-authentication technique and procedure for creating and accessing subscriber's signature key facilitated by trusted third parties,
as electronic authentication techniques and procedures. A trusted third party will be a certifying authority (CA) licensed under the IT Act.
The above methods are used to issue digital signature certificates (DSC) on successful verification of the identity and addresses credentials of the applicant. It is pertinent to note that - the DSC is issued by a CA licensed under the IT Act. A CA is an entity licensed by the CCA to issue electronic/ digital signature certificates. The CCA is the authority appointed under the IT Act to license and regulate the CAs. The current list of CAs is available here.
Validity of electronic records and electronic signatures
Section 4 and section 5 of the IT Act provides for legal recognition of electronic records and electronic signatures respectively. As per these sections, any requirement of physical records would be deemed satisfied if such records are made available and accessible electronically and any requirement of signature would be deemed satisfied if the document is authenticated by means of an electronic signature (as mentioned above) affixed in such manner as prescribed under the IT Act.
To summarize, there is no difference between the enforceability/ admissibility of Digital Signatures and other types of valid Electronic Signatures - both have the same status as handwritten signatures under Indian law. There is a presumption of validity for electronic records signed using a valid electronic signature (as recognized under the IT Act), which is treated as equivalent to a wet signature.
Please note that the criteria for electronic signature to be valid is two fold - (i) it should be considered reliable; and (ii) recognized under the Second Schedule.
For electronic signatures to be considered reliable they must satisfy the following conditions (together, the Conditions):
electronic signatures must be unique to the signatory (i.e. it must be uniquely linked to the person signing the document and to no other person);
at the time of signing, the signatory must have control over the data used to generate the electronic signature (for example, by directly affixing the electronic signature to the document);
any alteration to the affixed Electronic Signature, or to the document to which the signature is affixed, must be detectable (for example, by encryption of the document with a tamper-evident seal);
there should be an audit trail of steps taken during the signing process; and
signer certificates must be issued by a CA recognised by the CCA.
The methods listed in the Second Schedule satisfies these Conditions.
Validity of electronic signatures not specifically recognized under the IT Act
Electronic contract formation methods such as click-wrap, non-CA issued certificates etc. are not explicitly recognized under the IT Act but may be used for e-contract formation. Under Section 10-A of the IT Act, the formation of an agreement by electronic means would not be held invalid solely on the ground that the agreement was formed electronically. However, such non-recognised electronic signatures do not have the presumption of validity of recognized electronic signatures and the validity of electronic contracts signed using such electronic signatures may be disputed.
In such a case, the signatory may be required to prove:
the generated signature can be linked only to the signatory and to no other person;
only the signatory had access to and control over the document at the time of signing;
any alteration to the signature or the information made after the signature is affixed is detectable; and
the essentials of a valid contract under the Indian Contract Act, 1872, such as offer, acceptance and intention to create legal relationship, capability of the parties, consideration etc., are met.
The conduct of the parties with respect to the subject matter of the contract/ electronic record may also be relevant in this context.
Admissibility as evidence
Section 3 of the Indian Evidence Act, 1872 (Evidence Act) recognizes electronic records as 'documentary evidence'. As per Section 65B of the Evidence Act, any information contained in an electronic record is deemed as a document and will be admissible as evidence in any proceedings without further proof of the original, if it is accompanied by a certificate stating that:
the computer through which the electronic record was produced, was in regular use by a person having lawful control over the system at the time of producing it;
the information contained in the electronic record was stored or received in the said computer during the ordinary course of activities;
the output computer was in a proper operating condition, or, operational difficulties, if any, with the computer must not have affected the accuracy of the data entered; and
the information contained in the electronic record reproduces information fed into the computer in the ordinary course of activities.
There is no specific format for this and drafted on a case to case basis. Please leave a message through the contact form in case you need a format for this.
Moreover, Section 85A of the Evidence Act states that every contract that purports to be an agreement containing the electronic signatures of the parties shall be presumed to be concluded by affixing the signatures of the parties. However, this presumption extends only to electronic signatures as recognised under the IT Act.
As per Section 85B of the Evidence Act, in any proceeding involving secure electronic/digital signatures, the court is required to presume that the secure electronic/digital signature is affixed by the subscriber with the intention of signing or approving the electronic record, unless proved otherwise.
Therefore, as mentioned earlier, recognised electronic signatures will be deemed to be valid unless proven otherwise.
Documents that cannot be signed using digital and electronic signature
The following documents cannot be electronically signed and must be executed using traditional ‘wet’ signatures in order to be legally enforceable:
A negotiable instrument (other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881. A negotiable instrument includes a promissory note, bill of exchange or a cheque.
A power-of- attorney as defined in section 1-A of the Power-of-Attorney, Act, 1882.
A trust as defined in section 3 of the Indian Trusts Act, 1882.
A will as defined in section 2(h) of the Indian Succession Act, 1925, including any other testamentary disposition.
Any contract for sale or conveyance of immovable property or any interest in such property.
Therefore, the documents and transactions mentioned above, if executed using electronic signature will not be legally enforceable.
Stamping of electronic documents
The Indian Stamp Act, 1899, as applicable to various states and the other relevant State legislations dealing with stamp duty (Stamp Acts), requires stamp duty to be paid on 'instruments', i.e. every document by which any right or liability is, or purports to be, created, transferred, limited, extended, extinguished or recorded.
Therefore, most instruments including agreements are required to be stamped prior to or at the time of execution. Under the Stamp Acts applicable stamp duty is required to be paid by the parties to the agreement. Unstamped agreements or instruments may not be admissible as evidence in a proceeding and courts may direct parties to stamp the document before submitting it to them. Even though the Stamp Acts do not specifically deal with electronic records, some States (e.g. Maharashtra and Karnataka) recognize electronic records as instruments which must be stamped as per the applicable stamp duty in that particular State. In some States, criminal liability may also be imposed for intentional evasion of stamp duty.
Indian law does not lay down a procedure for stamping of electronic records. In the event that an electronic agreement has to be admitted as evidence before a court of law, an additional step of stamping of a physical copy of the agreement and payment of applicable stamp duty, along with applicable penalty if any, will have to precede such admission. In practice, a copy of the physical stamp paper is attached to the printed version of the electronic contract or an e-copy of the stamp paper is attached to the electronic contract. This is a common practice in India.
Electronic signature services and their validity under Indian law
I often get asked by clients whether the particular service they are using is valid under Indian law. Please note that often such service providers have multiple solutions ranging from eSign online signature service, to just ensuring that the document is encrypted and tamperproof. Please note that almost all the CAs (as was listed earlier) have their own electronic signature service. Other service providers tie up with the CAs to generate the electronic signature certificate for their users. Below is a list of popular service providers and the services offered by them. Remember that only a USB token based DSC or electronic signature as mentioned under the second schedule are recognized and presumed to be valid under the IT Act. Kindly verify this prior to signing up for any such electronic signature service.
Sify Safescrypt - CA which provides USB based DSC tokens.
eMudhra - is a popular CA, providing various types of digital certificates. Also, provides eSign.
Adobe Sign - Adobe provides eSign as an electronic signature solution. Please do note that this is a paid service and the signing process available within Acrobat Reader as default is not eSign.
Digio - offers solutions such as Aadhaar eSign, USB based DSC token. They also provide automated digital KYC and documenting solutions for businesses which lets you order and attach e-stamps.
SignDesk - provides business documentation workflow using eSign. API integration is also offered.
Leegality - offers workflow based automated documentation solutions similar to Digio.
DocuSign - is a popular solution outside India. However, to my knowledge their e-signature service in India is not eSign based. So I would recommend verifying whether their offering includes eSign as recognized under Indian law.