BACK TO IT ACT
IT Act 2000AMENDED 2008
Section 3A
Electronic Signature
THE STATUTE
Original Text
(1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which — (a) is considered reliable; and (b) may be specified in the Second Schedule. (2) For the purposes of this section any electronic signature or electronic authentication technique shall be considered reliable if — (a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person; (b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person; (c) any alteration to the electronic signature made after affixing such signature is detectable; (d) any alteration to the information made after its authentication by electronic signature is detectable; and (e) it fulfils such other conditions which may be prescribed. (3) The Central Government may prescribe the procedure for the purpose of ascertaining whether the electronic signature is that of the person by whom it is purported to have been affixed or authenticated. (4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule.
Simplified
Section 3A, inserted by the 2008 Amendment, creates a flexible technology-neutral second track for electronic authentication separate from the PKI-based digital signature under Section 3. The key innovation is the Second Schedule mechanism: the Central Government can approve any new authentication technology by gazette notification, without requiring parliamentary amendment. This future-proofed the Act against technological change. In practice, Section 3A enabled MeitY to approve eSign — an Aadhaar-linked electronic signature service — in 2015. Under eSign, a person authenticates using their Aadhaar number and OTP or fingerprint, and a certificate is instantly issued and applied to the document. The process takes seconds rather than the days required for traditional PKI certificate procurement. The reliability criteria in Section 3A(2) are technology-neutral: the authentication data must be uniquely linked to the signatory, under the signatory's control at the time of signing, and any post-signing alteration must be detectable. These functional requirements — rather than specifying PKI or any particular cryptographic method — allow a wide range of technologies to qualify as long as they meet the reliability standard. eSign is now used for online loan agreements, insurance documents, e-stamping, government service applications, and HR onboarding across India.
Common Queries
Under Section 2(o), 'data' is defined very broadly as any representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner.
Yes. Section 2(j) defines 'computer resource' to include computer systems, networks, and communication devices. Modern smartphones qualify as both computers and communication devices.
Legal Evolution
Section 3A was added because PKI-based digital signatures had failed to achieve mass adoption in India by 2008. Certificates required physical USB tokens, cost ₹1,000–₹3,000 per year, had complex renewal procedures, and required visits to Registration Authorities. The Aadhaar infrastructure — reaching hundreds of millions — provided a far more accessible authentication backbone. MeitY's 2015 notification approving eSign under the Second Schedule democratised electronic signing in India, enabling paperless service delivery at scale.
Key Amendments
Inserted by IT (Amendment) Act 2008 — no equivalent in original IT Act 2000.
eSign (Aadhaar-based electronic signature) approved under Second Schedule by MeitY notification in 2015.
Second Schedule mechanism allows future technologies to be approved without parliamentary amendment.