Section 3A of ITA, 2000 : Section 3A: Electronic Signature

Bare Act

3A Electronic signature - (1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which -

• (a) is considered reliable; and
• (b) may be specified in the Second Schedule.

(2) For the purposes of this section any electronic signature or electronic authentication technique shall be considered reliable if -

• (a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person;
• (b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
• (c) any alteration to the electronic signature made after affixing such signature is detectable;
• (d) any alteration to the information made after its authentication by electronic signature is detectable; and
• (e) it fulfils such other conditions which may be prescribed.

(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated.

(4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule :

Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless such signature or technique is reliable.

(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.

Simplified Act

Simplified Explanation of Section 3A of The Information Technology Act, 2000

Electronic Signatures

(1) Even though section 3 says something different, as long as you follow the rules in part (2), you can use an electronic signature or a way to prove who you are online to sign any digital document. This electronic signature method must be:

• (a) trusted, and
• (b) possibly listed in a specific part of the law called the Second Schedule.

(2) An electronic signature or way to prove who you are online is trusted if:

• (a) it's connected to the person who is supposed to be signing or proving their identity, and no one else;
• (b) the person had control over their signature or identity proof at the time of signing, and no one else did;
• (c) if the signature is changed after it's been made, you can tell;
• (d) if the information is change...

Explanation using Example

Let's consider a scenario where John, a subscriber to an online banking service, wants to make a transaction. According to Section 3A of The Information Technology Act, 2000, John can authenticate his transaction using an electronic signature or authentication technique specified in the Second Schedule and considered reliable.

John's bank uses a two-factor authentication technique where John receives a one-time password (OTP) on his registered mobile number. This authentication technique is linked only to John (as per 2a), and at the time of signing, the OTP is under John's control only (as per 2b).

If anyone tries to alter John's electronic signature ...