The Indian Information Technology (IT) Act (passed in 2000) holds electronic signatures as legally valid as wet ink signatures. The impact of moving from physical to digital/electronic signatures has been immense, both from a business and from a consumer-standpoint.
Today, we elaborate on the different varieties of digital and electronic signatures, what type would suit what business and the plethora of benefits that come with digitalizing the document signing process.
Digital vs. Electronic Signatures
While digital signature and electronic signature are terms that are often used interchangeably, the two concepts have a few key differences. A digital signature is primarily used to secure a document, and prevent tampering of the document by unauthorized individuals. These are Public Key Infrastructure (PKI) certificate-based and are validated by certifying authorities. Aadhaar-based eSign is an example of a digital signature and is certified by an authority like NSDL, where a one-time-use private key is generated by an eSign Service Provider post successful eKYC, and a certificate is generated by digitally signing a hash of the document. Once a document is digitally signed, any subsequent tampering will render the signature invalid as the hash of the document will change. Digital signatures are primarily used to secure a document.
Electronic signatures, on the other hand, simply imply an intent to sign a document. OTP login with Stylus-based signatures is an example of electronic signatures. Validation/authentication mechanisms for electronic signatures are not defined and are usually based on an individual’s email ID, set PIN, etc. Electronic signatures are used primarily to collect electronic evidence around document authentication like verified email or mobile, IP address, drawing acceleration, etc.
In India, there are three primary types of digital certificate-based signatures:
- USB-based DSC
A Digital Signature Certificate (DSC) is issued to businesses or individuals for digital signing. Public key encryptions are used to create these signatures, and Certifying Authorities issue these keys to validate and authenticate the identity of the individual holding the certificate. There are three classes of DSCs issued by licensed Certifying Authorities in India;
a. Class-I (authenticates email address)
b. Class-II (most commonly used, requires a photograph, copies of proof of identity and address attested by gazetted officer/bank official)
c. Class-III (required In-Person Verification by CA)
The private key for such DSCs are provided in Password or PIN-protected USB dongles and need to be renewed. This is not suitable for bulk and automated digital signing.
- Aadhaar-based eSign
Aadhaar-based eSign allows an Aadhaar-holder to securely digitally sign a document. A business can become an Application Service Provider (ASP) under an eSign Service Provider (ESP) like NSDL, CDAC, etc. following CCA guidelines to use eSign services via web or mobile-based channels. Individual users of ASP can digitally sign documents by authenticating themselves by an OTP that is sent to their Aadhaar registered mobile number by UIDAI.
The OTP-based Aadhaar eSign is equivalent to Class-II DSC.
- Document Signer Certificate
Document Signer Certificates are issued to organizational software applications for the automatic bulk authentication of documents/information attributed to the organization using digital signatures. This certificate is on the more expensive side and only issued to organizations. The most common uses for this type of signature are e-commerce receipts, invoices, credit card bills, etc.
Why Move from Wet Ink to Digital Signatures?
Given the wide variety of digital and electronic signatures available, here’s a quick look at the most common use cases for each type, and their suitability for businesses.
Digio, an Application Service Provider (ASP), offers a simple platform — DigiSign — providing for both digital (Aadhaar eSign, USB DSC, Document Signer Certificate) and electronic (Stylus) signatures. Your business can integrate with DigiSign through APIs and SDKs, or signatures can be requested via the web-based Digio Dashboard.
Here's how DigiSign works:
- Aadhaar eSign
Aadhaar-based eSignatures are identity-linked and validated by Certifying Authorities such as NSDL.
Once the document has been eSigned, the document displays a digital certificate that can be viewed on applications such as Adobe Acrobat PDF Reader as below.
- USB-based DSC Token
This type of digital signature is used primarily for the bulk signing of documents and usually contains information about the signer’s name, pin code, country, email address, date of issuance of the certificate and the Certifying Authority (CA).
The USB-based DSC token can be difficult to use. Digio’s SmartClient makes it extremely easy and can be used to interact with the token on both Windows and OS devices.
- Document Signer Certificate
Document Signer Certificates are issued to organizational software applications to bulk authenticate documents or information attributed to the organization. The document/information is authenticated by the application of a Digital Signature.
With DigiSign, documents can be digitally signed in bulk automatically by the organization without the need for any human intervention, making it quick and convenient.
- Electronic/Stylus Signature
As discussed in an earlier section, electronic signatures are often used to signal a signer’s intent to sign a document. They are not validated by any Certifying Authority (CA), and simply verify a document (rather than secure it).
An OTP for authentication is sent to the entered email ID or mobile number on the Digio platform, after which a signature can be hand-drawn on the requested document. User’s digital footprints are collected and stored during this transaction.
Electronic vs Digital Signatures: What’s best for your business?
All contracts are valid agreements but not all agreements qualify as valid contracts. An enforceable agreement is complete and systematic amalgamation of the necessary elements, which are vital to its validity and existence.
Digital Signatures (PKI framework-based) are recognized by the Indian IT ACT in an “as is” form and have equal weightage with wet ink signatures. The Contract and IT Act together, combined, validate a digitally signed document as per Indian laws, as the user’s identity post KYC by authorized entities is associated with the digital signature. Only 7 pre-defined types of documents can not be digitally signed as per the IT Act.
While electronic signatures are valid evidence, the Contract Act recognizes these signatures as evidence only for agreement creation. Legal Enforceability will not be straightforward and could be evaluated and questioned. Acceptance of terms over email also has similar weightage. Electronic signatures, therefore, are used primarily with non-regulatory flows and scenarios where the risk involved is low.
In order to contest a contract in court, the digital document has to be digitally signed and either e-Stamped or franked. While paying stamp duty is not required for the contract to be legally enforceable, any dispute regarding is unlikely to be addressed by a court without payment of the duty.
Business flows shouldn’t come to a halt because of distance and logistical challenges. With DigiSign, get documents digitally or electronically signed — saving your business valuable resources, and making your customers’ lives easier!
Digio has become the market leader and a major transformer for the Indian eco-system with its comprehensive digital & electronic signing offering. For more information or to request a demo, feel free to reach out to us at support@digio.in.
Comments
Post a Comment