Legality of eSignatures in India and ensuring compliance
for Indian businesses

Understanding the usage, legal aspects, and industry standards.

Sign Up for freeRequest Demo

Electronic signatures: What are they?

Electronic signatures are digital versions of your signature that indicate your agreement to the contents of a document or contract when you sign it online. They provide a hassle-free way to sign documents remotely, eliminating the need for physical paperwork, and enabling faster and more streamlined transactions.

They are legally binding for a variety of purposes and can either be typed, drawn on the screen of an electronic device, or uploaded from your desktop. This modern alternative to "wet" signatures has been adopted across the world, as it empowers individuals and businesses to sign documents online in a legal, secure, and efficient way.

Enhancing business efficiency with e-signatures

In the digital era, electronic signatures have become an indispensable part of business operations, offering convenience, efficiency, and legality. Adoption of Zoho Sign for electronic signatures enhances the signing process by ticking crucial boxes such as:

  • Speed
  • Authentication
  • User experience
  • Security
  • Legal structure
  • Cost-effectiveness

Popular fields of use

Businesses often function across departments, including sales, marketing, finance, legal, human resources, and more. Physical signatures pose security risks and lead to haphazard documentation. Over time, this causes several complications and slows the business down. This is where Zoho Sign can be brought into play, as multiple industries can reap the benefits of time efficiency, cost efficiency, and customer experience. It caters to the unique needs of different fields, a few of which are:

E-signatures and the law

Amidst the pursuit of digital transformation by businesses, it is essential to understand the legal landscape and compliance requirements. This page works as an overview of electronic signature laws in India and how Zoho Sign ensures compliance with these regulations.

Here are the applicable laws and regulations about the use of electronic signatures in India.

  • Information Technology Act, 2000:

    Ensures the legal validity of electronic signatures.

  • Information Technology (Certifying Authorities) Rules, 2000:

    Authentication of the identity of individuals and entities involved in electronic transactions. The rules prescribe the qualifications, obligations, and procedures for CAs to ensure the integrity and security of digital certificates.

  • Information Technology (Use of electronic records and digital signatures) Rules, 2004:

    Allows the use of an electronic or digital signature for (i) filing any form, application or document with any government authority; (ii) issue of any license, permit or approval by the government authority; and (iii) receipt or payment of money in a particular manner, in electronic form.

  • Information Technology (Recognition of Foreign Certifying Authorities not Operating under any Regulatory Authority) Regulations, 2013 and Information Technology (Recognition of Foreign Certifying Authorities Operating under a Regulatory Authority) Regulations, 2013:

    Ensuring interoperability and trust in cross-border electronic transactions.

  • Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015:

    Guidelines for the use of different types of electronic signatures and set standards for their security and integrity.

  • Indian Evidence Act, 1872:

    If a dispute related to an e-signature on any document arises, the signatory has to demonstrate that the electronic signature belongs to them.

What makes a contract valid?

For electronic signatures to be recognised as legally valid and the equivalent to handwritten signatures, the following conditions must be met:

  • Reliability
  • The use of an authentication technique stated in the second schedule of the IT Act.

Conditions for reliability:

  • The signature creation data or the authentication data are within the context in which they are used, and linked to the signatory or the authenticator and to no other person.
  • The signature creation data or the authentication data were, at the time of signing, under the control of the signatory or the authenticator and of no other person.
  • Any alteration to the electronic signature made after affixing such signature is detectable.
  • Any alteration to the information made after its authentication by electronic signature is detectable.
  • It fulfils such other conditions which may be prescribed.

The authentication techniques described in the second schedule:

  • Aadhar or e-KYC services.
  • Key pair-generation, storing of key pairs, and identity verification of digital signatures lays down certain duties on the trusted third party.

This leads to the issuance of a digital certificate from a licensed Certifying Authority.

Zoho Sign's compliance in India

With the passage of the Information Technology Act in 2000, electronic signatures are on equal footing with physical signatures. These signatures are legally valid in court and recognised for a majority of business contracts.

For businesses seeking a reliable and user-friendly electronic signature platform, Zoho Sign can be an asset, as it offers compliance with the IT Act and several electronic signature laws.

  • Uniquely linked to the signatory:

    Unique login credentials or other authentication methods such as SMS-based verification or email verification ensure only the authorised signatory can sign the document.

  • Control over the data being signed:

    Only the signatory is allowed to review the document before signing and provide choices to make changes or reject the document if necessary.

  • Detectable alterations:

    Zoho Sign ensures any alterations to the electronic signature or the document to which the signature is affixed are detectable through an elaborate audit trail of occurrence of all activities during the signing process. This audit trail comprises critical information such as the identity of the signatory, the timestamp of the signature, and changes made to the document.

  • Audit trail:

    Zoho Sign maintains a comprehensive audit trail of all actions taken during the signing process. This leads to improved accountability and transparency.

  • Certificates issued by recognised Certifying Authorities:

    Zoho Sign strictly approves only the digital signer certificates issued by Certifying Authorities recognised by the Controller of Certifying Authorities appointed under ITA. This is done in order to ensure legitimacy and credibility of the certificates.

Zoho Sign joins Aadhaar eSign, and eMudhra eKYC to help Indian businesses sign documents that are legally valid under Section 3A of the IT Act, 2000.

eSign via eMudhra eKYC for Indian businessesAadhaar eSign for Indian businesses

Additionally, Zoho Sign provides alternate options for signing business documents digitally with personal USB tokens and digital certificate-based signing, which is largely used in industries such as banking and financial services.

Zoho Sign uses Public Key Infrastructure (PKI) technology to provide high-level security for signing and verifying documents, offering compliance with the standards followed by the Certifying Authority.

Zoho Sign in the public domain

Government organisations can use Zoho Sign for a wide range of functions within the public domain for its reliable e-signature capabilities. Zoho Sign's inclusion on the Government e-Marketplace (GeM) portal highlights its credibility, guaranteeing its compliance with legal requirements and approval by relevant authorities.

This listing attests to the dependability of Zoho Sign and also exhibits its extensive adoption across public sectors. As a result, government organisations can trust Zoho Sign to optimise document signing procedures and maintain security protocols in their digital workflows.

eStamping in Zoho Sign

In India, certain instruments (contracts, wills, promissory notes, deeds, and statutes passed by competent legislatures) are required to be stamped prior to or at the time of execution. Currently, no law in India specifically deals with electronic records, but some states (Maharashtra, Gujarat, Karnataka, Delhi, Rajasthan, and others) recognise electronic records as instruments which must be stamped as per the applicable stamp duty in that particular state.

In scenarios where electronic stamping is legally accepted, Zoho Sign enables users to effortlessly incorporate legally binding e-stamps into their documents, ensuring compliance and authenticity, helping Indian businesses pay their stamp duties and collect signatures completely online in a single workflow. This is achieved by partnering with SignDesk, a trusted digital stamping solution.

Document timestamping

A digital timestamp is a digitally signed notation that is appended to the electronic data, digital signature, or certificate that indicates that certain digital data exists at a certain point in time. This process securely binds the date and time to the document, ensuring its authenticity and integrity.

Zoho Sign partners with recognised timestamping authorities, GlobalSign and Seiko, to provide trusted digital timestamps for electronic transactions. These timestamps validate the authenticity of e-signatures and verify that the signed document existed in the given form at the time of signing and remains unaltered. This adds a robust layer of security to the signing process. By making signatures tamper-proof, digital timestamps enhance the reliability of signed documents for both legal and commercial purposes.

GlobalSign for Indian businessesSeiko for Indian businesses

Security measures

Electronic signatures are growing in popularity for their convenience and efficiency in signing documents. However, one must take the necessary precautions to keep fraudulent activities and illegal access at bay. Zoho Sign employs the following security measures.

  • Authentication

    Robust authentication techniques are used to confirm the signer's identity. One-time passwords, PINs, knowledge-based authentication, biometric verification, and two-factor authentication are some common methods.

  • Encryption

    For EAR, encryption is done at the application layer using the military-grade AES-256 algorithm, whereas SSL encryption is done while in transit. Zoho Sign is based on PKI (public key infrastructure) to provide top-notch security for your documents.

  • Audit trails

    Detailed audit trails that record all actions taken during the signing process, including who signed the document, when it was signed, and any changes made to the document, are maintained. This helps track and verify the integrity of the signing process and provides a trail of evidence in case of disputes.

  • Document integrity verification

    To ensure the integrity of the signed document, powerful mechanisms like hash functions are employed. These functions generate unique digital fingerprints (hash values) of the document before and after signing. Comparing these hash values allows recipients to verify that the document has not been altered since it was signed.

Instances where e-signatures are prohibited

There are some exceptions where documents cannot be electronically signed to be considered legitimate.

  • A negotiable instrument as defined in Section 13 of the Negotiable Instrument Act, 1881.
  • A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882.
  • A trust as defined in section 3 of the Indian Trust Act, 1882.
  • A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925.
  • Any other testamentary disposition by whatever name called.

Conclusion

As the Government of India has given the nod for businesses to adopt electronic signatures, India's goal of transitioning into a paperless economy is finally taking shape. However, compliance with the laws and regulations surrounding the usage of electronic signatures in India is indispensable. With Zoho Sign, businesses can be assured of a seamless signing process and admissibility of electronically signed documents in the court of law with its array of robust features and compliance with the IT Act.

Sign Up for free

Resources

Disclaimer

The information provided in this document is for general informational purposes only and shall not be construed as legal, regulatory, or any other form of professional advice. Zoho Sign disclaims any liability for any error in the information provided herein. We recommend that you consult your legal counsel for any questions that you may have in this regard.