Section 36

Section 36 defines the statutory representations that a Certifying Authority (CA) makes to the world when it issues a Digital Signature Certificate. These representations are not contractual warranties to the subscriber alone — they are made to any person who relies on the certificate. The six representations cover compliance with the IT Act and regulations; publication and subscriber acceptance of the certificate; the subscriber's possession of the corresponding private key; the functionality of the key pair (both keys work together correctly); the accuracy of the certificate's information (subscriber name, public key, validity period, etc.); and the absence of any known material fact that would undermine the certificate's reliability. Clause (f) is particularly significant: it imposes a knowledge-based duty of disclosure on the CA. If a CA knows something material — for example, that the subscriber's identity verification was incomplete, or that there are concerns about the subscriber's key management — it cannot issue the certificate without disclosure. These representations create the legal foundation for relying party trust in the PKI system. A bank, court, or government agency that relies on a Digital Signature Certificate to authenticate a transaction is entitled to rely on Section 36's representations. If a CA issues a certificate while knowing these representations are false — for instance, the identity verification was fraudulent — the CA faces civil liability to affected relying parties and regulatory consequences from the Controller of Certifying Authorities.