Digital Signature and E-Signature - Concept

Use of digital contracts have been on a rise due to several dynamic factors such as technological developments and globalization. These factors have acted as a catalyst to the growing trend of digitalization of commercial business models and transactions. This in turn has given a significant rise to digital contracts and electronic records. E-commerce businesses rely on digital contracts to conduct and conclude the transactions electronically. E-contracts in India and their validity are covered in our previous blog.

In such a scenario the validation of such contracts through digital and electronic signature is a must. To execute the digital agreements and give it the legal effect under Indian Contract laws, the parties to the transaction must express their consent via digital signature. The ambiguity surrounding the legal enforceability and recognition of these signatures must be cleared up and explained.

This post aims to differentiate the digital signature and electronic signature and further provides information about its execution and legal framework.

What is Digital Signature?

Digital Signature ("DS") is an electronic signature used to secure an electronic record or digital contracts. Like a traditional signature its purpose is to authenticate the document, thereby authenticating the parties to an agreement. It is used to ensure that there are no alterations in the original data while transferring them from sender to receiver. It has also become essential to authenticate the users often to ensure safety and to avoid fraud, DS cannot be imitated by anyone else hence provides protection.

Basically, it provides legitimacy and assurance to the receiver that the message was generated by the known sender. The need for DS majorly arises for financial transactions, software distribution, e-commerce, etc. It could very well be considered as a digital equivalent of a traditional handwritten signature or stamped seal. However, to validate such DS, the user must register and get issued a "Digital Signature Certificate" ("DSC") from the relevant authorities, only then can they use DS for any kind of message whether encrypted or plaintext. DS relies on public and private key infrastructure which means that it comes with encryption standards. The empanelled ES service providers, as per the Controller of Certifying Authorities ("CCA"), include Safescrypt, (n)Code Solutions, eMudhra Ltd., C-DAC, Verasys, IDSign, Panta Sign, CSC, CDSL Ventures Ltd., Capricorn Identity Services Pvt. Ltd., NSDL e-Governance Infrastructure Ltd., RajCOMP Info Services Ltd.

Section 2 (1) (p) of the Information Technology Act, 2000 ("IT Act") defines "digital signature" as "authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3".

What is an Electronic Signature?

Electronic Signature ("ES") is less secure compared to the DS, however it is mainly used for the purpose of verifying and not securing unlike DS.

ES is a digital form of a "wet ink signature" which is legally binding and secure, but it does not incorporate any encryption standards. ES could be in the form of an image, symbol, scanned signature, process attached to the message or document to recognize the identity and to give consent on it. The authentication of ES is not executed by any trusted certificate authorities or verification service providers, so it is not usually authorized. ES is comparatively easy to use as compared to DS. It may be less secured and less authentic than DS, but it still has legally validity and enforceability.

The term "Electronic Signature" is defined under section 2(1) (ta) of the IT Act as "authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature". Second Schedule lays down the ES or electronic authentication technique and procedure. It includes:

  • e-authentication technique using Aadhar or other e-KYC services.
  • E-authentication technique or procedure for creating and accessing subscriber's signature key facilitated by a trusted third party. Here, the Certifying Authorities ("CA") has to ensure the subscriber identity verification, secure storage of the key by the trusted third party and subscribers' sole authentication control to the signature key.

A subscriber may authenticate by any such electronic authentication technique which is considered reliable and may be specified in the Second Schedule of the IT Act or Section 3A of the IT Act.1 The ES or electronic authentication technique will be reliable if:

  • The data of signature creation or authentication are linked to the signatory or the authenticator and to no other person;
  • Such data were under the control of the signatory / authenticator at the time of signing;
  • Alteration made to the ES after affixing such ES is detectable;
  • Alteration made to the information post its authentication by ES is detectable; and
  • Any other prescribed conditions.

Difference between Digital Signature and E-Signature

Sr. No.

ELECTRONIC SIGNATURE ("ES")

DIGITAL SIGNATURE ("DS")

ES is a digital form of a "wet link signature" which is legally binding and secure.

DS is a secured signature which works with ES and rely on public key infrastructure.

It can be a symbol, image, process attached to the message or document to recognize the identity and to give consent on it. Main types of ES include verbal, electronic ticks, or scanned signatures. (Any such signature mentioned under Second Schedule of the IT Act)

It can be visualized as an electronic fingerprint which encrypts and identifies a person's identity. Other common types include digital signatures based on Adobe and Microsoft.

3.

It is used for verifying a document.

It is used for securing a document.

4.

The validation of ES is not performed by any trusted certificate authorities or trust service providers.

The validation of DS is performed by trusted CA or trust service providers.

5.

It is vulnerable to tampering.

It is highly secure.

6.

ES is not usually authorized.

DS is usually authorized.

7.

ES cannot be verified.

DS can be verified (by using public key).

8.

Less security features are involved in ES.

DS comprises of more security features.

9.

It does not incorporate any coding or standards.

DS comes with encryption standards.

Footnotes

1. Section 3A, IT (Amendment) Act, 2008

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.