Certifying Authority
A licensed entity under the IT Act authorised to issue Digital Signature Certificates — operating under the supervision of the Controller of Certifying Authorities.
Full Definition
A Certifying Authority (CA) is an entity licensed under the IT Act (Sections 21–34) to issue, suspend, and revoke Digital Signature Certificates (DSCs). The CA verifies the identity of applicants and binds their public key to a certificate, creating the trust anchor for PKI-based digital signatures in India. CAs must maintain a Certificate Revocation List (CRL), operate a 24/7 online certificate status service, conduct regular security audits, and comply with the IT (Certifying Authorities) Regulations 2001. They operate under the Controller of Certifying Authorities (CCA), which is the government body responsible for licensing and regulating all CAs in India.
In Indian Law
IT Act Sections 17–34 govern the CA framework. Licensed CAs in India include eMudhra, Sify Technologies, NSDL e-Gov, and the National Informatics Centre (NIC) for government DSCs. The Controller of Certifying Authorities (CCA) operates under MeitY. Foreign CAs can be recognised under Section 19. CA obligations include: physical and logical security requirements, HSM (Hardware Security Module) use for key generation, and regular audits.
Related Legal Sections
Frequently Asked Questions
Can I get a Digital Signature Certificate from any organisation?
No. Only entities licensed by the Controller of Certifying Authorities (CCA) under the IT Act can issue legally valid DSCs in India. Currently licensed CAs include eMudhra, Sify, NSDL e-Gov, and NIC (for government use).