The Information Technology Act, 2000 has established a Certifying Authority to regulate the electronic transactions. In this article, we will look at the various aspects of the regulation of certifying authorities.
IT Act, 2000; Regulation of Certifying Authorities
The following sections pertain to the regulation of certifying authorities:
Section 17 – Appointment of the Controller and other officers
- The Central Government may appoint a Controller of Certifying Authorities after notifying the Official Gazette. They may also appoint Deputy Controllers and Assistant Controllers as it deems fit.
- The Controller discharges his responsibilities subject to the general control and also directions of the Central Government
- The Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by the Controller under the general superintendence and also control of the Controller.
- The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers, and Assistant Controllers shall be such as may be prescribed by the Central Government.
- The Head Office and Branch Office of the office of the Controller shall be at such places as the Central Government may specify, and these may be established at such places as the Central Government may think fit.
- There shall be a seal of the Office of the Controller.
Functions of Controller (Section 18)
A Controller performs some or all of the following functions:
- Supervise the activities of the Certifying Authorities and also certify their public keys
- Lay down the standards that the Certifying Authorities follow
- Specify the following:
- qualifications and also experience requirements of the employees of all Certifying Authorities
- conditions that the Certifying Authorities must follow for conducting business
- the content of the printed, written, and also visual materials and advertisements in respect of the digital signature and the public key
- the form and content of a digital signature certificate and the key
- the form and manner in which the Certifying Authorities maintain accounts
- terms and conditions for the appointment of auditors and their remuneration
- Facilitate the Certifying Authority to establish an electronic system, either solely or jointly with other Certifying Authorities and its regulation
- Specify the manner in which the Certifying Authorities deal with the subscribers
- Resolve any conflict of interests between the Certifying Authorities and the subscribers
- Lay down the duties of the Certifying Authorities
- Maintain a database containing the disclosure record of every Certifying Authority with all the details as per regulations. Further, this database is accessible to the public.
Recognition of Foreign Certifying Authority (Section 19)
- A Controller has the right to recognize any foreign certifying authority as a certifying authority for the purpose of the IT Act, 2000. While this is subject to the conditions and restrictions which the regulations specify, the Controller can recognize it with the previous approval of the Central Government and notify in the Official Gazette.
- If a controller recognizes a Certifying Authority under sub-section (i), then its digital signature certificate is also valid for the purpose of the Act.
- If the controller feels that any certifying authority has contravened any conditions or restrictions of recognition under sub-section (i), then he can revoke the recognition. However, he needs to record the reason in writing and notify in the Official Gazette.
Controller to act as a repository (Section 20)
- The Controller will act as a repository of all digital signature certificates under this Act.
- The Controller will:
- Make use of secure hardware, software, and also procedures.
- Observe the standards that the Central Government prescribes to ensure the secrecy and also the security of the digital signatures.
- The Controller will maintain a computerized database of all public keys. Further, he must ensure that the public keys and the database are available to any member of the public.
License to issue Digital Signature Certificates (Section 21)
(1) Subject to the provisions of sub-section (2), any person can apply to the Controller for a license to issue digital signature certificates.
(2) A Controller can issue a license under sub-section (1) only if the applicant fulfills all the requirements. The Central Government specifies requirements with respect to qualification, expertise, manpower, financial resources, and also infrastructure facilities for the issuance of digital signature certificates.
(3) A license granted under this section is –
(a) Valid for the period that the Central Government specifies
(b) Not transferable or inheritable
(c) Subject to the terms and conditions that the regulations specify
6. Power to investigate contraventions (Section 28)
- The Controller or any other Officer that he authorizes will investigate any contravention of the provisions, rules or regulations of the Act.
- The Controller or any other Officer that he authorizes will also exercise the powers conferred on Income-tax authorities under Chapter XIII of the Income Tax Act, 1961. Also, the exercise of powers will be limited according to the Act.