IT Act 2000

Section 73

Penalty for Publishing Electronic Signature Certificate False in Certain Particulars

THE STATUTE

Original Text

No person shall publish a Electronic Signature Certificate or otherwise make it available to any other person with the knowledge that — (a) the Certifying Authority listed in the certificate has not issued it; or (b) the subscriber listed in the certificate has not accepted it; or (c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation. (2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Simplified

Section 73 targets the publication or circulation of fraudulent or invalid electronic signature certificates. It addresses three specific scenarios: (a) publishing a certificate that was not actually issued by the CA named in it — creating a forged certificate; (b) publishing a certificate that the named subscriber has not accepted — the certificate may be validly issued but the subscriber rejected it, and circulating such a certificate falsely implies the subscriber's consent to its use; and (c) publishing a revoked or suspended certificate as if it were valid — inducing reliance on a certificate the CA has determined is no longer trustworthy. The exception for revoked/suspended certificates is important: publishing them for the purpose of verifying a digital signature that was created before the revocation is permitted. This preserves the ability to authenticate historical documents — if a contract was signed with a valid certificate that was later revoked, the revoked certificate may still be referenced to confirm the signature was valid at the time of signing. The knowledge requirement ('with the knowledge that') is mens rea — the accused must know the certificate is false or invalid; innocent publication does not attract liability. Section 73 works in tandem with Section 71 (misrepresentation to obtain a certificate) and Section 74 (fraudulent publication) to create a comprehensive PKI fraud framework.

Common Queries

Yes — Section 73(1)(c) carves out one exception: a revoked or suspended certificate may be published for the purpose of verifying a digital signature that was created before the revocation. This allows authentication of historical documents.

Section 73 targets the publisher — anyone who publishes or makes a false certificate available with knowledge of the false particulars. The fraudulent obtainer is caught by Section 71 (misrepresentation) at the earlier stage.

Legal Evolution

Section 73 was in the original IT Act 2000, reflecting the foundational concern with maintaining the trustworthiness of the PKI framework on which legally valid digital signatures depend. The provision follows the structure of similar provisions in US state digital signature laws and the ABA Digital Signature Guidelines.

Key Amendments

Title updated from 'Digital Signature Certificate' to 'Electronic Signature Certificate' to reflect the 2008 Amendment's technology-neutral approach.

Core offence structure unchanged from original IT Act 2000.

Cyber Protocol Info

Section Type: ORIGINAL

OffencePublishing an electronic signature certificate with false information, or publishing without CA authorisation, or inducing reliance on such a certificate

CognizableNon-Cognizable

Trial AuthorityAny Magistrate

Cross-References

71 : Penalty for Misrepresentation 74 : Publication for Fraudulent Purpose 38 : Revocation of Digital Signature Certificate