The Legal Framework for Aadhaar eSign

In this post, we will be giving you a concise recap of the legal framework behind India’s most common electronic signing technique - the Aadhaar eSign.

If you’re unfamiliar with Aadhaar eSign - we would recommend you start with Aadhaar eSign post first

What makes Aadhaar eSign valid?

Aadhaar eSign’s validity stems from a notification passed by the Central Government on January 28, 2015 (Gazette Notification No. 2015 Jan -GSR 61(E) entitled “Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015). Through this notification, Aadhaar eSign was inserted into Schedule II of the Information Technology Act as a valid electronic signature.

The Central Government could do this because of the powers it had to notify new electronic signatures under Section 3A of the Information Technology Act, 2000 (Electronic Signatures)

Aadhaar eSign operates as an interaction between 3 processes:

  1. e-Authentication
  2. Hashing Function
  3. Asymmetric Cryptographic function

Under Schedule II - the technical and regulatory framework of these processes are delegated to the Controller of Certifying Authorities (“CCA”) - the apex regulator of electronic signatures in India.

The CCA has codified the regulatory framework under which Aadhaar eSigns happen in the e-Authentication Guidelines dated May 3rd, 2019.

What is the regulatory framework for Aadhaar eSign?

The framework that makes Aadhaar eSign possible involves multiple parties:

  1. The Apex Regulator - Controller of Certifying Authorities (CCA) - an entity setup by the Ministry of Information Technology (MeiTY) under the Information Technology Act 2000
  2. The Identifier: UIDAI - the body entrusted with maintaining, developing and regulating the Aadhaar infrastructure in India
  3. Certifying Authority - a regulated entity certified by the CCA. Certifying Authorities are the only authorities permitted to issue “Electronic Signature Certificates” in India. 

    Currently there are only 2 authorities permitted to issue Electronic Signature Certificates for Online Aadhaar eSign - NSDL and CDAC.
  4. eSign Service Provider (ESP) - the central entity that facilitates the Aadhaar eSign transaction between the signer, the UIDAI and the Certifying Authority. Under India’s regulatory framework - the eSign Service Provider or “ESP” must be owned and operated by a Certifying Authority. 

    The only 2 eSign Service Providers for Online Aadhaar eSign in India today are - NSDL and CDAC.
  5. Application Service Provider (ASP) - an entity that provides front-end tools and services that allow signers to Aadhaar eSign documents. An ASP must be empanelled with an ESP by way of an agreement in order to function.

    Leegality’s parent company, Grey Swift Private Limited, is an Application Service Provider for Online Aadhaar eSign registered with NSDL. 

How does Aadhaar eSign work behind-the-scenes?

We’ve written about how Aadhaar eSign works from a signer perspective

But here, let’s look at how this transaction works in the back-end:

1) Signers view the document and give consent to Aadhaar eSign. The document viewing and consent interface is provided by an Application Service Provider

2) Once they click on the signing link, Signers are redirected to an eSign portal maintained the ESP. 

3) On the eSign portal, signers enter their Aadhaar number and perform an authentication – either via OTP, Biometric or Iris. The authentication is conducted by UIDAI and result is relayed to the ESP

4) If the authentication is successful, the ESP “orders” an electronic signature from the Certifying Authority. The Certifying Authority, upon receipt of the order, transmits an electronic signature certificate back to the ESP. This is a super-fast process that takes milliseconds.

5) The ESP passes the electronic signature certificate to the ASP - which ensures affixture on the document. The ASP also ensures that all parties received the signed document - along with an audit trail.

NSDL - one of the only 2 ESPs for Online Aadhaar eSign in India - has a great visualisation of this flow:

What kind of documents can be eSigned via Aadhaar eSign?

Aadhaar eSign can be used to eSign ALL types of documents.

There are only 5 exceptions to this rule - the documents mentioned in Schedule I of the IT Act:

  1. Negotiable instruments (other than cheques)
  2. Powers-of-attorney
  3. Documents that create trusts
  4. Wills and other testamentary depositions
  5. Contracts for the sale of conveyance of immovable property or any interest in such property (We’ve described how this affects Housing Finance companies in our HFC Deck which can be downloaded here

How do I enforce an Aadhaar eSigned document in Court?

You can enforce Aadhaar eSigned documents in Court in the same way you produce and enforce other pieces of evidence in Court! 

Since Aadhaar eSigned documents are electronic evidence, you will need to comply with the requirements of Section 65B in order to produce such a document in Court. 

We have written an eBook detailing how businesses can use Section 65B to produce electronic agreements in Court. 

Alternatively you can also access our Section 65B FAQs.

What does the Evidence Act say about Aadhaar eSign?

The Evidence Act contains provisions which make it easier to produce electronically signed documents (like Aadhaar eSigned documents) in Court:

  1. Section 47A - talks about how the opinion of a Certifying Authority can be used as a relevant piece of information to prove an eSign in Court (by law Certifying Authorities maintain transactional logs for a period of at least 7 years)
  2. Section 67A - In case of a secure electronic signature (like Aadhaar eSign) it is presumed that it belongs to the signatory
  3. Section 85A - Creates a presumption which states that eSigned documents are presumed to have been concluded by the eSigns. This means that parties cannot make frivolous claims that the document was modified subsequent to execution unless they have solid evidence to back up the claim.
  4. Section 85B - This section lists 2 useful presumptions of validity

    A. The first presumes that Secure Electronic Records i.e documents signed by way of secure digital signatures are untampered since the time they were digitally signed. Parties who seek to allege modification or tampering will need solid evidence to back up their claims

    B. The second presumption states that if a document is signed with a Secure eSign - then the party eSigning it affixed it on the document with the intention of approving the document. So if a party makes frivolous claims that it “had no idea about what it was signing” - then it will need to back up these claims with solid evidence.
  5. Section 85C - This section presumes that information stated on an Electronic Signature Certificate is correct

Are audit trails necessary for producing Aadhaar eSigned documents in Court?

Audit trails are not necessary per se. However they make it significantly easier to produce and enforce electronically signed documents in Court.

If you still have questions regarding Aadhaar eSign, you can check our Aadhaar eSign FAQ page and clear your doubts. Alternatively, you can also check out Digital Stamping FAQ, Virtual Sign FAQ and Section 65B FAQ to get more insights.

Leegality
October 8, 2021

Related Articles

Our demo call is shorter than the time you spend fixing printer jams

Plot no.444, Phase III, Udyog Vihar III,
Sector 18, Gurugram
+ (91)11411 70704
For enquiries - enquiry@leegality.com
For support - support@leegality.com