INTRODUCTION
The contemporary landscape is defined by the relentless march of science and technology, shaping a world that is increasingly digital, efficient, and interconnected. In this era, our lives have been streamlined, made faster and smarter through the utilization of digital documents. Institutions and organizations have embraced online modes of communication, facilitated by certifying authorities. These trusted entities issue digital certificates, ensuring the legitimacy of electronic documents and the identities they represent. Operating under a web of rules and regulations of certifying authority are the linchpin in maintaining the smooth functioning of the digital realm.
THE ROLE OF CERTIFYING AUTHORITY
At the heart of the digital transformation lies the certifying authority, a trusted third party endowed with the authority to grant licenses for issuing digital certificates. These certificates, often in the form of Digital Signature Certificates (DSCs), play a crucial role in verifying the identities of individuals and parties involved in online transactions. The certifying authority acts as a sentinel, physically verifying the legitimacy of identities and ensuring a seamless transition to the digital mode of document interchange.
STRUCTURE AND FUNCTION OF CERTIFYING AUTHORITY
Understanding the intricacies of Certifying Authorities under Information Technology Act,2000 involves dissecting their structure and functions:
1.Controller of Certifying Authority (CCA)
- The pivotal figure responsible for issuing licenses to certifying authorities.
2.Certifying Authorities (CAs)
- Entities tasked with issuing Digital Signature Certificates (DSCs) to users.
3.Subscribers
- End-users, individuals, or entities utilizing digital signature certificates.
REGULATIONS GOVERNING CERTIFYING AUTHORITIES
Delving into the regulatory framework, the guidelines for Certifying Authorities are delineated in Chapter 6 of the Information Technology Act, 2000, spanning sections 17 to 34. These regulations outline the various authorities required for different purposes, prescribing their roles and responsibilities for the effective functioning of the digital platform.
APPOINTMENT OF CONTROLLER AND OTHER OFFICERS
Section 17 of the Information Technology Act,2000 empowers the central government to appoint a Controller of Certifying Authority, along with Deputy Controllers, Assistant Controllers, and other officers deemed fit. The Controller plays a pivotal role in directing and guiding the government on matters related to certifying authorities.
FUNCTIONS OF THE CONTROLLER
As per Section 18 of the Information Technology Act,2000 the Controller’s functions include:
- Vigilance over certifying authority activities.
- Certification of the keys employed by certifying authorities.
- Specification of conditions for the qualification and experience of certifying authorities.
- Definition of subjects for certifying authority business.
- Specification of forms, content, and standards for electronic signatures and key provisions for dealing with subscribers.
- Resolution of disputes among employees and officers.
RECOGNITION OF FOREIGN CERTIFYING AUTHORITY
Under Section 20 of the Information Technology Act,2000 the central government grants approval to the Controller to specify conditions and restrictions for recognizing foreign certifying authorities. This includes validating the electronic signatures on certificates issued by these foreign authorities.
LICENSE TO ISSUE ELECTRONIC SIGNATURE CERTIFICATES
Section 21 of the Information Technology Act,2000 details the process for obtaining a license to issue electronic signature certificates. An individual can apply for a license by fulfilling the specified terms and conditions. The granted license is valid for a prescribed period determined by the central government and is non-transferable and non-heritable.
APPLICATION FOR LICENSE AND RENEWAL
Sections 22 and 23 outline the application process for obtaining and renewing a license, respectively. Applications must adhere to the format and guidelines issued by the central government, encompassing certification for practice statements, procedures for applicant identification, and payment of fees not exceeding INR 25,000, as prescribed by the government.
PROCEDURE FOR GRANT AND REJECTION OF LICENSE
Section 24 empowers the Controller to grant or reject license applications. If, after an inquiry, the Controller deems a license unfit according to issued guidelines, they can suspend it. This typically occurs when an applicant fails to adhere to the prescribed application format.
NOTICE OF SUSPENSION OR REVOCATION OF LICENSE
In the event of the suspension or revocation of a license, the Controller, as per Section 26, can publish notices. These notices are disseminated on websites or other platforms as deemed appropriate by the Controller, with the power to publish notices in multiple repositories.
DELEGATION OF AUTHORITY AND INVESTIGATION
Section 27 allows the Controller to delegate authority to Deputy Controllers, Assistant Controllers, or other officers and employees. The Controller or an authorized person can investigate contraventions of rules and regulations outlined in the IT Act.
ACCESS TO COMPUTERS AND DATA
Certifying authorities, when there is reasonable cause to suspect contravention or wrongdoing, can access computers and data. The Controller can direct authorized personnel to investigate and scrutinize details related to any alleged wrongdoing. Certifying authorities follow a prescribed procedure, including he use of proper hardware and software systems to secure digital certificates, adherence to security procedures to guarantee the confidentiality of electronic signatures, providing reliable services for intended purposes, and observing standards specified by rules and regulations.
RESPONSIBILITIES OF CERTIFYING AUTHORITY
Certifying authorities bear several responsibilities, including ensuring authorized personnel comply with the regulations outlined in the Information Technology Act, 2000. They are also responsible for displaying their licenses on their websites and other suitable locations. In case of fraud or misrepresentation in the license, a certifying authority has the right to surrender it. Failure to revoke or cancel a license under specified conditions may render the authority liable to punishment.
Every certifying authority must disclose the format of application forms and other relevant information as per regulations. This includes details related to:
- Electronic signature certificates.
- Notices of revocation or suspension of any license or documents.
- Utilization of specific sources for notifying concerned individuals.
CONCLUSION
Certifying Authorities under Information Technology act,2000 emerge as linchpins in the digitalization narrative, issuing certificates and documents while meticulously adhering to established rules and regulations. These entities, certified by various organizations, operate within a comprehensive regulatory framework outlined in the Information Technology Act, 2000. The Controller of Certifying Authority, positioned as the supreme regulatory body in India, diligently oversees certifying authorities, ensuring adherence to standards set by the central government.
The functions of the Controller encompass maintaining standards, supervising activities of various officers and employees, granting licenses, investigating, issuing guidelines, and accessing data in cases of reasonable cause. A plethora of rules guide certifying authorities through the licensing process, covering application submission, granting, validity, renewal, and more. These authorities play a pivotal role in safeguarding digital documents, contributing significantly to India’s digital success.
REFERENCE
- THE TIMES OF INDIA
- THE HINDU
- LEGAL GLOSSARY – CERTIFY
- LEGAL GLOSSARY -DELEGATE
- LEGAL GLOSSARY – ELECTRONIC SIGNATURE