Section 32

Section 32 imposes two foundational operational compliance duties on every Certifying Authority. The first duty — displaying the licence at a conspicuous place in the premises where it carries on business — is a transparency obligation. It allows subscribers, auditors, and regulatory visitors to immediately verify that the CA is operating under a valid, current licence. The display requirement also creates a practical deterrent against unauthorised operation: a CA operating without displaying a licence invites scrutiny and makes it harder to claim ignorance of licensing requirements. The second duty is more substantive: the CA must ensure compliance by all its employees with the IT Act, rules, regulations, and orders. This creates organisational liability — the CA cannot outsource responsibility for employee conduct by claiming individual employees were acting on their own initiative when they violated IT Act requirements. A CA whose employee issues fraudulent certificates, fails to follow revocation procedures, or improperly accesses subscriber data is in breach of Section 32(b) regardless of whether the CA formally approved the conduct. This provision creates a strong incentive for CAs to implement robust internal compliance programmes, employee training, and access controls. Failure to ensure employee compliance is a ground for licence action under Section 25 (contravention of the IT Act by the CA).