Professional Documents
Culture Documents
Adoption of DSC, E-Sign, EVC
Adoption of DSC, E-Sign, EVC
Acknowledgement System
1. Introduction
All filings under Goods and Service Tax will be electronic. To ensure non-repudiation, these
need to be digitally signed by the authorized signatory of the taxpayer. Use of Digital
Signature Certificate (DSC) has been recommended to be mandatory for all taxpayers who
are mandated to use the same under any other Act. Thus all Companies will have to use DSC
for signing the return or invoice information etc. as they have to file all documents with
MCA online using DSC. However, the business process document allows filing of papers
based reports in few cases as enumerated below:
This was suggested by the Committee on the ground that small taxpayers may face difficulty
in getting the DSC especially in small places. Also, poor Internet connectivity in semi-urban
and rural areas was cited as another reason for this concession.
Information Technology Act, 2000 grants legal recognition to electronic records and
electronic signatures. IT Act,2000 provides that where any law requires that information or
any other matter shall be authenticated by affixing signature then notwithstanding anything
contained in the law, such requirement shall be deemed to be fulfilled if such information is
authenticated by means of electronic signatures affixed in a manner prescribed by the Central
Government. Under the IT Act, 2000, Electronic signatures means authentication of an
electronic record by a subscriber by means of electronic technique specified in second
schedule and includes Digital signatures. Digital Signature means authentication of any
electronic record by a subscriber by means of procedure specified in Section 3 of the IT Act,
2000. More information on Digital Signature Certificate is given at Annexure-2.
1
2.2 eSign: e-authentication technique using Aadhaar e-KYC services
i. Easy and secure way to digitally sign information anywhere, anytime eSign is an
online service that offers functionality to authenticate signers and perform the digital
signing of documents using Aadhaar e-KYC service. Hardware tokens are not required
to be used.
ii. Facilitates legally valid signatures eSign process involves consumer consent, Digital
Signature Certificate generation, Digital Signature creation & affixing and Digital
Signature Certificate acceptance in accordance with the provisions of the Information
Technology (IT) Act, 2000. Comprehensive digital audit trail - in-built to confirm the
validity of transactions is also preserved.
iii. Flexible and easy to implement - eSign provides configurable authentication options
in line with Aadhaar e-KYC service and also records the Aadhaar ID used to verify the
identity of the signer. The authentication options for eKYC include biometric
(fingerprint or iris scan) or OTP (through the registered mobile in the Aadhaar
database). eSign enables millions of Aadhaar holders easy access to legally valid Digital
Signature service.
2
iv. Respecting privacy - eSign ensures the privacy of the signer by requiring that only the
thumbprint (hash) of the document be submitted for signature function instead of the
whole document.
More details on eSign are at Annexure-3. Comparison of DSC and eSign are at Annexure-4.
After the Committee on Business Processes under GST submitted its report, the Central
Board of Direct Taxes (CBDT) issued detailed procedures to enable Paperless e-filing via
Electronic Verification Code (EVC) vide Notification No. 2/2015 of Directorate of Income
Tax (Systems) dated 13th July 2015 (annexure-1). This is in addition to use of DSC and eSign
for signing online return under Income Tax Act. The EVC mechanism is meant to verify the
identity of the person furnishing the return of income (called the verifier) thus obviating
need of paper based acknowledgment, handling of which is a major task. Generation of EVC
can be done using Net Banking, Aadhaar based authentication using OTP, ATM generated
OTP and registered email/mobile number.
The EVC does not stand in the same category as DSC, however, mechanisms identified in
this notification are worth consideration for adoption under GST, especially for smaller
taxpayers. The highlights of the EVC system are given below:
i. EVC is a 10 digit alpha numeric code which is unique for each Permanent Account
Number (PAN), and is generated for the purpose of electronic verification of the
person in the e-filing website. Small taxpayers are generally do not have presence
3
in more than one state and hence a GSTIN holder can avail this facility as GSTIN is
based on PAN and EVC is unique for each PAN. Those having registration in more
than one State or having multiple units registered in a State under the same PAN
cannot use EVC.
ii. Each EVC can be used to validate only a single return of the taxpayer, irrespective
of the year or return filing.
iii. Generally, an EVC is valid for 72 hours.
The EVC generation process under Income Tax varies depending on the risk category of
the taxpayer, method of accessing the e-filing website or interface with third party
authenticating entity (like banking institutions). The various methods to generate the EVC
are detailed hereunder.
i. Netbanking - Several banks have registered with the income-tax department and
provide direct access to the e-filing website to a verifier through their internet
banking facility. Only those taxpayers would be able to use this facility whose bank
accounts as primary account holders have a validated PAN (which is the tax
registration number) provided as part of the Know Your Clients (KYC) norms of
the banks. After logging into their online bank account, the account holder can
choose to be redirected to the e-filing website, where an EVC can be generated. The
EVC will be displayed on the screen and also sent to the mobile number registered
with e-filing website, which can then be used to verify the return.
ii. Aadhaar authentication using Aadhaar One Time Password (Aadhaar OTP) A
verifier can provide his Aadhaar number for linking with his PAN on the e-filing
website which will be verified on the basis of his name, date of birth and gender as
per PAN database with similar data available under his Aadhaar with UIDAI. If the
Aadhaar authentication in this manner is successful, the Verifiers Aadhaar will be
linked to his PAN. Thereafter, an OTP will be generated by UIDAI and sent to the
Verifiers mobile number registered with UIDAI. This Aadhaar OTP will be the
EVC generated under this Aadhaar authentication and OTP mode and can be used
to verify the Assessees Income Tax return.
4
iii. Automated Teller Machine (ATM) - A verifier can generate an EVC through this
mode if the verifiers bank is registered with the income-tax department. Either a
Debit/ Credit card can be used for generation of EVC. This mode can be used only
at ATMs of registered banks, where the option to generate an EVC will be made
available. Upon selecting this option on the ATM screen, the bank will
communicate this request to the e-filing website, which will generate the EVC and
send it to the taxpayers mobile number registered with the e-filing website. This
EVC can then be used to verify the return.
iv. Registered email and mobile number A verifier can use the e-filing website to
generate an EVC, which will be sent to the registered email id and mobile number
of the taxpayer as updated by the verifier on his on-line account on the e-filing
website. This mode, however, is only available to those whose total income is INR
0.5 million or below and there is no refund claim. This option may further be
restricted to taxpayers based on other risk criteria that may be determined from time
to time.
The EVC mode has been adopted by more than 40 lakhs taxpayers under Income Tax for
filing returns after July 2015 notification. The Certifying Authority under Department of
Electronics and IT has notified two agencies as providers of eSign in India. These modes, if
adopted, will ensure 100% electronic filing under GST, which is the ultimate aim.
Elimination of paper based acknowledgement will eliminate manual system of paper
collection, categorization which is not only time consuming but also expensive. Secondly, if
paper based acknowledgement does not reach the CPC, the return or the application for
registration will be declared invalid. Unlike Income Tax where only one return is filed in a
year, GST is going to have 12 monthly returns or 4 quarterly returns apart from one annual
return. Thus paper based acknowledgement system handling will be more difficult to handle
under GST.
Keeping in view above mentioned new modes added by Income Tax department, following
suggestions are made for consideration of the Empowered Committee of Finance Ministers:
5
3.1 Mandatory Use of Digital Signature Certificate: All companies and LLPs are
mandated to use Digital Signature Certificate (DSC) as per the Companies Act. Hence for
them use of DSC should be mandatory under GST. Others are also welcome to use DSC.
3.2 Use of eSign: Taxpayers other than those registered under Companies Act, that dont
have a DSC (significant in numbers) may use the eSign Service for the purpose of digitally
signing the documents under GST. Currently CDAC and e-Mudra are two eSign providers
approved by CCA, Government of India.
Note:
i. Taxpayers having all Indian turnover of Rs 1.5 Crores and above will have to use
either DSC or eSign. (The turnover limit has been suggested keeping in view the
limit prescribed for writing of HSN as mandatory)
ii. Those seeking refund will have to use either DSC or eSign.
iii. Those having operations in more than one State (one PAN with multiple GSTIN)
will have to use DSC or eSign
3.3 Use of EVC: EVC as implemented by CBDT can also be provided to taxpayers having
annual turnover below Rs 1.5 Crores as per details given below:
By enabling e-filing in GST through e-Sign/ EVC, all types of user groups that need to sign
documents on GSTN system would get covered, obviating the need for paper based summary
sheet or acknowledgement for those who are unable to obtain DSC. It would also help in
overcoming other challenges associated with paper based filing such as:
Cost associated with paper handling (setting up CPC) that would have an impact on
the per transaction cost and has not been included in the total project cost presently.
6
Cost associated with sending acknowledgement to Central Processing Centre (CPC) to
be incurred by the taxpayer (if sent by Speed-Post it will lead to saving of Rs 650 (13
returns X Rs 50).
Retrieval of paper is time consuming
Environment non-friendly exercise
7
Annexure-1
Notification of CBDT No. 2/2015 of CBDT, Directorate of Income Tax (Systems) dated 13th
July 2015 on Electronic Verification Code (EVC)
8
9
10
Annexure-2
Any person can make an application to Certifying Authority for issue of an Electronic
signature Certificate in such form as may be prescribed by the Central Government. For
issuance of Digital Signature Certificates, the applicants Personal identity, address and other
details to be included in the DSC need to be verified by CAs against an identity document.
For class III, physical presence of the individual is also required. Digital signatures are
widely used for authentication in the electronic environment. The cost of verification of
individuals identity and address and also the secure storage of private keys are the
stumbling block in the widespread usage of Digital Signature in the electronic
environment.
X.509 Certificate Policy for India PKI states that the certificates will confirm that the
information in the application provided by the subscriber does not conflict with the
information in well-recognized consumer databases. The database of individuals
information maintained by Unique Identification Authority of India (UIDAI) is deemed
as authentic information by Government.
The Unique Identification Authority of India (UIDAI) has been established with the mandate
of providing a Unique Identification Number (Aadhaar Number) to all residents of India.
During enrolment, the following data is collected:
1) Demographic details such as the name of the resident, address, date of birth, and gender;
2) Biometric details such as the fingerprints, iris scans, and photograph; and
3) Optional fields for communication of such as the mobile number and email address.
11
The UIDAI offers an authentication service that makes it possible for residents to
authenticate their identity biometrically through presentation of their fingerprints or non-
biometrically using a One Time Password (OTP) sent to the registered mobile phone or e-
mail address.
Verification of the Proof of Identity (PoI) and Proof of Address (PoA) is a pre-requisite
for issuance of Digital Signature Certificates by Certifying Authorities. As part of the e-
KYC process, the resident authorizes UIDAI (through Aadhaar authentication using either
biometric/OTP) to provide their demographic data along with their photograph (digitally
signed and encrypted) to service providers.
Service providers can provide a paperless KYC experience by using e-KYC and avoid the
cost of repeated KYC, the cost of paper handling and storage, and the risk of forged
documents. The real-time e-KYC service makes it possible for service providers to provide
instant service delivery to residents, which otherwise would have taken a few days for
activation based on the verification of KYC documents, digitization, etc.
12
Annexure-3
Controller of Certifying Authorities (CCA): The IT Act provides for the Controller of
Certifying Authorities (CCA) to license and regulate the working of Certifying
13
Authorities in compliance with the provisions of the Act. Certifying Authorities (CAs)
issue Digital Signature Certificates for authentication of users in cyberspace. CCA is
appointed under the IT Act to promote the use of Electronic Signatures in the Country.
When a subscriber needs to sign a document using the application of an ASP, following
will be the process:
14
Annexure-4
15
Highlights DSC issuance and Integrated Digital signature and DSC
applying digital signature issuance based on Aadhaar authentication
is independent process
Obtain DSC one time and Each time for digital signature, new DSC is
use unlimited time till the issued. DSC is of 30 minutes validity only.
validity of DSC
16