Regulation of Certifying Authority under Information Technology Act, 2000

Regulation of Certifying Authority under Information Technology Act, 2000

 By Amit Sheoran (Symbiosis Law School, Nagpur)


Modern era is the era of science and technology. Science and technology make our life easy, fast, and smart. We can keep our documents in digital form and also can share with any authority and any person whom we want to share. Today we see the authority of various organization and institutions create and send our certificate or any important documents by online mode. Our documents in electronic mode was created and sent by the certifying authority. This certifying authority is the trusted authority or entity that issues various certificates and documents in digital mode. The role of this certifying authority is to provide guarantee that this is the same person in the certificate that is claim to be. A certifying authority is considered as the trusted 3rd party which is responsible for the physically verifying the legitimacy of identity of individual and party. These certifying authority have to work under various rules and regulation so that the working in digital mode continues smoothly.

Certifying Authority

It is the authority that has power to grant a license to issue digital certificates and also verify the person by certificate who is claim to be the same person. It is the authority that is established with main objective to provide the required infrastructure for digitally formed and interchange of documents and certificate. These authority works under various rules and regulations, these regulations are given as below.

Structure of function of certifying authority

It consist of various components for the proper working of the certified authority, the component and their functions are given below:-

  1. Controller of Certifying authority (CCA):- These are those officers which issue license to the certifying authority to do that particular work.
  2. Certifying Authorities (CAs):- These are those authorities which issues Digital Signature Certificate to the users.
  3. Subscriber: – These are the users of digital signature certificate.

Regulations of certifying authorities

The regulations of certifying authorities are mentioned in chapter 6 of Information Technology Act 2000 from the section 17 to section 34. These regulations tells about the various authority are required for various purpose and they have to work according to their post and by various ways that are mentioned in regulations for their proper and smooth working on the digital platform.

Appointment of controller and other officers 

The central government appoint controller of certifying authority, Deputy controller, assistant controllers, other officers and various employees that are deems to be fit by notification or subsequent notification in the official gazette as per mentioned in sec 17 of Information Technology Act 2000.

  1. The controller discharges his duty under Information Act to control and give directions to the central government that what to do and how to do.
  2.  The Deputy controller and assistant controllers perform their duty that is given by Controller under the control and superintendence of him.
  3. The central government provides various terms and conditions for qualification, experience and service to the controller, deputy controller and other assistant controllers and employees.
  4. The office of head and branch office of the controller shall be at that place where the central government wants to establish so that it may fit for them.
  5. There shall be a seal of offices of the various appointed authority by central government.

The controller may perform all or any functions from these which are mentioned below

The function of controller is mentioned in section 18 of IT act.

  1. He can keep eyes on the activity of certifying authority and can also certifying the keys of this authority.
  2. He can specify the conditions for qualification and experience of certifying authority and can also laid down various standard that are mentioned by the certifying authority.
  3. He can specify various subjects in which this authority can conduct their business as they want to do.
  4. He can specify the forms and content and the standard for electronic signature and the key provision for the dealing with subscriber.
  5. He has power to resolve the issues between the various employees and other officers and also lay downs the duties that are performed by various officers and employees.

Recognition of foreign Certifying Authority

The central government gives approval to the controller to specified conditions and restriction for the recognition of any foreign certifying authority under the purpose of IT act, like validity of electronic signature on certificate that is ideas by certifying authority. He has power to ask for the satisfaction from any certifying authority regarding any granted certificate to any individual. He has power to omitted vide under this act under the section 20 of IT act.

License to issue electronic signature certificates

It is mentioned in section 21 of IT act. Any person can apply an application to issue license in electronic signature certificate form. Only that person can get the electronic signature certificate that fulfills the terms and conditions that are necessary to fulfill. The granted license will be valid for the period that is prescribed by central government and it shall not be transferable and heritable.

Application for license

Application for license shall be applied in the format and guidelines that is issued by central government, these includes certification for practice statement, procedure with respect to identification of the applicant and payment of fees not exceeding more than 25000 rupees as the government prescribed. All these guidelines relating to the apply for application of license under section 22 of IT act. While section 23 of IT act tells about the renewal of license. Renewal of license should be in the form that is prescribed by government as the same for application for license.

Procedure for grant and rejection of license

The controller has power to give grant PR reject the application letter of applicant. About the grant and rejection of license is described under section 24 of IT act. After making the entire enquiry if controller thinks that the license is not fit as according to issued guidelines then he has power to suspense the license. It basically happens when any applicant fails to apply as according to format in which government asks to apply. If any certifying authority proved that the provided license exceeding the time limit that is prescribed by government, then the controller can suspend the license. Various rules and condition for suspension of license is written in section 25 of IT act.

Notice of Suspension or revocation of License

If any authority suspend or revoked the license then controller can publish notice about the suspension of the license. And this notice will be available in the website or other sites also where controller thought it should be appropriate at that place. Controller has power to publish notices of more than one repository. Notice of suspension or revocation of license is discussed under section 26 of IT act.

The controller has power to delegate to deputy controller, assistant controller or other officers and employers as per section 27 of IT act. The controller or any other authorized person by controller can investigate into the contravention of rules and regulations that are made under this act.

Access to computers and data

The certifying authority can access computer and data in case of reasonable cause to suspect any contravention, or any wrong committed. The controller can direct any authorized person to access the computer to investigate into it and check details regarding to wrong. Certifying authority follow certain procedure, this procedure is given as below:-

  • They use a proper system of hardware, software and procedure so that they can keep secure digital certificate from misuse and intrusion.
  • They try to adhere a security procedure to ensure that their electronic signature is assured to the security and private.
  • They provide a reliable service so that it can suit to performance of intended work.
  • They observe the standard which is specified by the rules and regulations.

Certifying authority shall ensure that every authorized person under the certified authority will follow the rules and regulation that are mentioned under the Information Technology Act 2000. Certifying authority is also responsible to display the license and at its website and other places also where they think it is suitable. If certifying authority found any fraud or misrepresentation in the license then it can surrender the license. If the certifying authority fails to revoke or cancel license under the fault found in various section or subsection then the authority will be liable, and can be punished.

  Every certifying authority has needed to disclose the format of applying application form and for other purpose in the manner that is specified as per regulations, Like it is given below:-

  • Electronic signature certificate
  •  Notice of revocation or suspension of any license or documents.
  • Use particular source to notify person so that everyone get understand.


As we know certifying authority plays a very crucial role in making our records and issues various certificate and documents. These authorities are certified by various organizations according to their work. There are various rules and regulations are guided to this certified authority so that they can do proper functioning in their prescribed limits and help the organization to work smoothly. These authorities have a proper mechanism to work like controller of certifying authority issue License to the certifying authority and these certifying authority issue digital signature certificate to the users or subscriber. The controller of the certifying authority is considered as the supreme regulatory body in India that keep eyes on and monitoring the certifying authorities. The function of controller of certifying authority is to maintain standard lay down by central government and supervise on the activities of various other officers and employee. The controller grant license to the certifying authority. The power of Controller is to investigate, direct a certifying authority, issue guidelines to various certified authority, and power to access data in case of reasonable cause. There are a lot of rules that are followed by certifying authority to get license, these rules are to be fulfilled to get license, like application for license, submission of application, granting of license, validity of license, renewal of license and like that. These authority help to keep our documents secure from misuse and steal. The certifying authority can be considered as the important component which is very helpful to make India digitally successful.


0 thoughts on “Regulation of Certifying Authority under Information Technology Act, 2000

Leave a Reply

Your email address will not be published. Required fields are marked *