HIGHLIGHTS OF ELECTRONIC TRANSACTIONS ACT, 2006
28 August 2022
The Electronic Transactions Act, 2006 (“Act”) came into effect on 02 September 2006. The objective of this Act is to ensure the reliability and security of electronic transactions including the control of unauthorized use of electronic records or alteration in such records through illegal manner. This article seeks to provide a brief overview of some of the distinctive provisions of the Act.
1) Electronic record and digital signature
The Act ensures every subscriber’s right to authenticate to any electronic record by their personal digital signature.
a. Legal validity
2) License for certifying authority
An application with required documents must be submitted to the Controller appointed pursuant to the Act to obtain license as a “Certifying Authority”. The license must be renewed every year by filing an application in the prescribed format to the Controller at least 2 months prior to the expiry period.
3) Digital signature and certificates
3.1 Procedure of obtaining digital signature certificate
- a. An application must be submitted to the Certifying Authority along with the applicable fees.
- b. Certifying Authority must issue a digital signature certificate within 7 days affixing their signature if it decides to issue such certificate.
- c. If the Certifying Authority decides to reject the application, the applicant must be notified with the reasons for rejection within 7 days.
3.2 Suspension of certificate
The certificate may be suspended in following conditions:
- a. If the subscriber obtaining the certificate or any person authorized to act on behalf of such a subscriber, requests to suspend the certificate;
- b. If it is found necessary to suspend the certificate that contravenes public interest;
- c. If it is found that significant loss might be caused to those persons who depend on the certificate by the reason that provisions of this Act or the rules framed hereunder were not followed at the time of issuance of the certificate; or
- d. If the Controller instructs to suspend the certificate having specified the aforementioned grounds.
3.3 Revocation of certificate
The certificate may be revoked in following conditions:
- Where the subscriber or any other person authorized by such person request to revoke a certificate;
- If it is necessary to revoke in a certificate that contravenes the public interest;
- Upon the death of the subscriber;
- Upon the insolvency, winding up or dissolution of the company or corporate body under the prevailing laws, where the subscriber is a company or a corporate body;
- If it is proved that a requirement for issuance of the certificate was not satisfied;
- If a material fact represented in the certificate is proved to be false; or
- If a key used to generate key pair or security system was compromised in a manner that affects materially the certificate’s reliability.
4) Offence relating to computer
5) Tribunal
The Act contemplates the formation of Information Technology Tribunal consisting of 3 members for proceedings for offences under the Act. Further, Information Technology Appellate Tribunal formed under this Act will hear the appeal against the decision or order made by the Controller, Certifying Authority and Information Technology Tribunal.
Disclaimer: This article is for informational purposes only and shall not be construed as legal advice, advertisement, personal communication, solicitation or inducement of any sort from the firm or its members. The firm shall not be liable for consequences arising out of actions undertaken by any person relying on the information provided herein.