BACK TO IT ACT
IT Act 2000

Section 3

Authentication of Electronic Records

THE STATUTE

Original Text

(1) Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature. (2) The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. (3) Any person by the use of a public key of the subscriber can verify the electronic record. (4) The private key and the public key are unique to the subscriber and constitute the functioning key pair.

Simplified

Section 3 establishes the technical and legal framework for digital signature authentication in India. Asymmetric cryptography works as follows: each subscriber holds a mathematically linked key pair — a private key (kept secret) and a public key (distributed openly). To sign a document, the subscriber's software first creates a hash — a fixed-length cryptographic fingerprint of the document's content. This hash is then encrypted with the private key, producing the digital signature. To verify: any person applies the subscriber's public key to decrypt the signature and recover the hash, then independently computes the hash of the document received. If both hashes match, two facts are established: the document was signed by the holder of the private key (authentication), and the document has not been altered since signing (integrity). Section 3(4) emphasises that the key pair is unique to the subscriber — two subscribers cannot share a key pair, and a single subscriber cannot have two different key pairs that are identical. This uniqueness underpins the non-repudiation property of digital signatures: having signed, the subscriber cannot credibly deny it. Section 3 covers only PKI-based digital signatures using asymmetric cryptography. Section 3A (inserted by the 2008 Amendment) added a second track for broader electronic signatures using other government-approved authentication technologies such as Aadhaar eSign.

Common Queries

Yes, Section 1(2) specifically states that it applies to any offence or contravention committed outside India by any person (including non-citizens) if the act involves a computer resource located in India.
Initially, no. However, through subsequent amendments and the introduction of the Negotiable Instruments (Amendment) Act 2002, electronic cheques and truncated cheques are now legally recognised.

Legal Evolution

Section 3 was in the original IT Act 2000, implementing Article 6 of the UNCITRAL Model Law on Electronic Commerce (1996) and drawing on the PKI frameworks of the Singapore Electronic Transactions Act 1998 and the US Electronic Signatures in Global and National Commerce Act. In 2000, PKI was the dominant electronic signature technology globally. The Controller of Certifying Authorities was established under Section 17 specifically to oversee the trust hierarchy that makes Section 3 authentication operationally reliable.

Key Amendments

Section 3A added by IT (Amendment) Act 2008 — created a second authentication track for non-PKI electronic signatures.

eSign (Aadhaar-based) notified under Section 3A framework — reducing practical dependence on traditional Section 3 PKI certificates.

Landmark Precedents

Trimex International FZE Ltd. v. Vedanta Aluminium Ltd. (2010)

(2010) 3 SCC 1
RELEVANCE

Supreme Court confirmed electronic authentication satisfies legal requirements for contracts — foundational authority for the Section 3 authentication framework.