Section 19

Section 19 is India's cross-border PKI recognition framework — it provides the legal mechanism for foreign-issued Digital Signature Certificates to be valid in India. Without Section 19, every cross-border transaction requiring a digital signature would require the foreign party to obtain an Indian DSC from a CCA-licensed CA. Section 19 enables mutual recognition: the Controller may, with Central Government approval, publish a notification in the Official Gazette recognising a foreign CA. Once recognised, that CA's DSCs are valid in India for IT Act purposes. The recognition can be granted on conditions and restrictions specified by the Controller, and can be revoked or suspended if those conditions are breached. The process requires Central Government approval (unlike most Controller functions, which are independent), reflecting the diplomatic and trade-policy dimensions of cross-border PKI recognition — recognising a foreign CA implicitly validates that country's PKI standards. Section 19(5) allows the Controller to specify additional acceptance conditions for individual foreign CAs' certificates, enabling a calibrated approach: a CA from a jurisdiction with strong PKI standards might face lighter conditions than one from a jurisdiction where standards are less developed. In practice, formal Section 19 recognition has been relatively rare — India's cross-border e-commerce typically operates through other authentication mechanisms — but the provision is increasingly relevant for cross-border legal proceedings and international trade documentation.