Double spending digital payment: Double-spending occurs when
To assist e-governance to encourage the use and acceptance
someone alters a blockchain network and inserts a special one that
allows them to reacquire a cryptocurrency. Double-spending can
happen, but it is more likely that a cryptocurrency is stolen from a
wallet that wasn't adequately protected and secured.
Difference between digital payment and cryptocurrency: Digital
payments are electronic payments that transfer value from one account
to another using a digital device or channel. Cryptocurrencies are
decentralized digital currencies that use cryptography to manage their
ledgers and balances.
Hash key  Asymmetric keys
Crypto mining: Crypto mining is the process of validating a
cryptocurrency transaction. Cryptocurrencies like Bitcoin use
distributed public ledgers to record all financial transactions. Each
transaction is linked to the previous and subsequent transactions,
which creates a chain of time-stamped records called a blockchain.
Who will be liable if anything is posted on social media?
Digital signature: is an electronic signature that can be used to
authenticate the identity of the sender of a message or the signer of the
document and to ensure that the original content of the message or
document that has been sent is unchanged. A person has to obtain a
digital signature certificate from certifying authorities. The person
whose name the certificate is issued is know as the subscriber. Main
uses of affixing digital signature: 1. To authenticate the identity of
signature, 2. To authenticate the document sent, 3. Non repudiation.
Asymmetric key system: it means there is 2 keys one is private key
and other one is public key.
Private key and public key and how do you create and verified digital
signature?
Enactment of information technology act.
Advancement in technology made transaction a lot easier faster and
cheaper. Traditional paper, documents were replaced by transactions
taking place in electronic medium with a help of Electronic Data
Interchange (EDI). In the modern times most of the transaction of a
daily life for instance e-transactions, e-banking and e-contracts have
incalculable benefits, however, people reluctant to interact
electronically because there was no legal protection under existing
laws. Internationally countries switched their trade and commerce to
e-commerce from traditional paper-based arrangement it benefited the
international trade tremendously. The UN citral united nation
commission on international trade law (UN Citral)adopted the model
of on electronic commerce in 1996 for the first time and there was a
need felt toward bringing uniformity in laws of different countries the
general assembly of the united nations by resolution number 51/162
dated 30th January 1997, recommended that all states should give
favorable consideration to this modern law when they enact and revise
their laws modern law provides for equal legal treatment of users of
electronic communication and paper based communication.
Furthermore, in Indian contest there was no suitable law to deal with
tampering of computer source documents, publishing information
which is obscene in nature and issues relating to damage o computers
and computer system through a system of appropriate penalties and
punishments.
After the adoption of modern law on electronics in 1996 India being a
signatory had to modify its national laws therefore Information
technology act, 2000 was pass sence their was no controller or body to
supervise the certifying authorities (sec 2g) who would issue digital
signatures. It was also absorve in 1998 the WTO switched there work
programme to e-commerce this was the one reason of enactment of
proper law to recognize and facilitate any thus IT law.
The objectives of IT law:
1. The most important objective was to make the law in tune
with modern law on e-commerce adopted by UN Citral in
1996.
2. To provide legal recognition to transactions caried out by
means of electronic communication it also facilitates
electronic filing of documents.
3.
of electronic records and digital signatures.
4. Provide legal recognition to digital signatures and
documents filed electronically.
5. Enable finalization of contract and creation of rights and
obligation in digital space.
6. A provide for appointment of a controller to supervise the
certifying authorities who issue digital signature certificates.
7. Deal with tampering of computer source document, public
information which is obscene in nature and issues related to
damage to computers and computer systems.
8. Make consequential amendments in IPC, Evidence Act and
to provide for essential changes in other related legal laws
too.
Digital Signature
The technical behind digital signature. Digital signature is most
developed and secured technology for electronic authentication it is
based on cryptography which data encryption technic. It uses
mathematics to encrypt and decrypt data. The process work through a
cryptographic algorithm which is called Cipher. Cipher is a
mathematical function used for encryption and decryption of the
message it works in the combination of keys. The key is used to
encrypt sender’s plain text and decrypt the encrypted text for the
receiver’s access.
Data which can be read without any special means is called the plain
text whereas the one that needs to be decoded is the Cipher text so
plain text + key that will result in Cipher text (When sender aapne
plain text ko private key se pair karega vo encrypt hoga them it will
become Cipher Banega, public key is open to the open domain which
is use for Decrypting and private key is available to encrypting person
which is sender) private key is accessible to each party it is not
available in the public domain.
What is Hash function is?
A hash function is a mathematical algorithm that transforms data of
arbitrary size into fixed-size values. These values are commonly
referred to as hash codes, hash digests, or simply hashes. Here are
some key points about hash functions:
1. Purpose: Hash functions are used for various purposes,
including data storage, retrieval, and security. They take an
input (called a key) and produce a fixed-length output (the
hash value).
2. Mapping: A hash function maps the input key to an integer
value, which is typically used as an index in a data structure
like a hash table.
3. Fixed Size: Regardless of the input size, the output from a
hash function is always of fixed length.
4. Deterministic: Hash functions are deterministic, meaning
the same input will always produce the same hash value.
5. Uniform Distribution: Good hash functions aim for
uniform distribution of hash values to minimize collisions
(when two different inputs produce the same hash).
6. Examples: Common hash functions
include SHA-256, MD5, and SHA-2.
What is PKI process?
Public Key Infrastructure (PKI) encompasses everything used to
establish and manage public key encryption. It plays a crucial role in
securing and authenticating digital communications. Let’s delve into
the details:
1. Digital Certificates: PKI relies on digital certificates.
These certificates cryptographically link a public key with
 the device or user who owns it. They serve as digital
passports, ensuring that the sender is who they claim to be.
2. Components of PKI:
o Certificate Authority (CA): The CA is a trusted
entity that issues, stores, and signs digital
certificates. They sign the certificate with their
private key and publish the corresponding public
key.
o Registration Authority (RA): The RA verifies
the identity of users or devices requesting digital
certificates. It can be a third party or the CA itself.
o Certificate Database: This database stores digital
certificates and their metadata (e.g., validity
period).
o Central Directory: A secure location where
cryptographic keys are indexed and stored.
o Certificate Management System: Manages
certificate delivery and access.
3. Use Cases:
o Web Security: PKI secures and authenticates
traffic between web browsers and servers. For
instance, when you visit a website, PKI ensures
secure communication between your browser and
the server.
o Internal Communications: PKI can also secure
internal communications within organizations,
ensuring confidentiality and integrity.
4. Goals of PKI:
o Privacy: Ensures the privacy of messages being
sent.
o Authentication: Verifies that the sender is who
they claim to be.
Remember, PKI is foundational for technologies like digital signatures
and encryption, enabling secure interactions across large user
populations.
Sec 3, 3a
1. Authentication of Electronic Records (Section 3):
o Any subscriber may authenticate an electronic
record by affixing their digital signature.
o The authentication process uses an asymmetric
crypto system and a hash function to transform
the initial electronic record into another electronic
record1.
2. Electronic Signature (Section 3A):
o Subject to the provisions of this section, any
subscriber may authenticate an electronic record
by affixing their electronic signature.
o The concept of electronic signatures ensures the
integrity and authenticity of digital transactions
and communications2.
These sections play a crucial role in establishing the legal framework
for electronic records and signatures in India, promoting secure and
reliable digital interactions
31.01.2024
The IT act 2000 has facilitated the development of Digital Signature
which is the functional equivalent of hand written or physical
signatures. In cyber space the basic legal functions of a signature are
performed by way of method that identify the sender of an electronic
record and confirmed that the sender approves the content of that
record any attempt to change the content must be seen to be
incompatible with the signature. It is the technologically specific act
that accept digital signature section: 2(1)(p) as an authentication
standard.
Digital signature means authentication of an electronic record by a
subscriber by means of an electronic method in accordance with
section: 3.
Section: 3 talks about the whole process
Asymmetric Signature
Sec. 3: authenticating physical signature, corresponding to something
which is similar to physical, it is technologically specific. Only that
digital signature is valid in which asymmetric technology is been used.
Works on the asymmetric algorithm. Technology should be
asymmetric signature. Digital signature endorses the electronic
signature
In government
1. Basic
2. b/w parties
3. product sharing contract (contract b/w government and
private entity) revenue sharing model, E-tenders, high-tech
news, notices by the RBI.
Certain amendments in 2008 in IT Act:
Fishing, identity theft, imp. Insertion of sec 3A.
Sec 3a: international contract which not based on the cryptography
based on those contract parties are contentesting that they have right
over those, what is the imp and enforceability of that contract, if your
saying it will authenticate only if it asymmetric contract what will we
do about contract which are not asymmetric technology.
giving room for other kind of signature. It doesn’t mean that every
signature is right.
Who has the power under sec 3 and 3a to take away signature? Ans.
Central government
Digital signature is full of statutory obligations having certain
evidentially attributes such as signers’ identity, intent and approval and
therefore they are like power with hand written signatures. Law
doesn’t give recognition to digital signature alone but recognizes the
whole PKI (public key infrastructure process) including standards
which verify and create digitals signatures. The PKI is the regulation
and management of keys and listing the licensing the norms for
certifying authority and establishing different processes the idea is to
develop a rational and efficient PKI for systematic allocation and
verification of digital signature certificates. 1. The first step the
subscriber can apply for digital signature certificate to certifying
authority, 2. certifying authority would check the identity of the
subscriber and verify the documents and the issues the certificate
accordingly. 3. Third the certifying authority forwards the certificate to
the repository maintained by the controller of certifying authority. 4.
Next step subscribers send the digital signed message to relying party
(could be individual or organization acts and reliance on certificate). 5.
Next the relying party verify the digital signature by using public key
of the subscriber and check the validity of the certificate from the
depository. 6. Lastly the depository checks the status of certificate and
inform the relying party accordingly.
Countries that have adopted the technologically neutral approach:
India, Canada, Germany, France, Austraia, US and UK.
Technologically specific: Italy, Columbia, Argentina
Hand written digital signature is electronic signature. Retina scanner is
also a electronic signature.
Read the document on Electronic Signature in India
Digital signature being the most advanced and secured method has
been endorsed and recognized by sec 3 of the IT Act, 2000. However,
sec. 3 faces a lot of criticism as it only recognizes digital signature and
excluded all other methods of signing a electronic record. Existing
laws are incompatible with technological changes and 2008
amendment ended the monopoly of digital signatures. The objective
was to maintain balance between security and flexibility and therefore
sec 3a was added.
Electronic signature: is a generic in nature and it technologically
neutral term which includes all methods by which an electronic record
can be signed.
Digital Signature: it is a specific way of signing the electronic records.
Electronics signature allows all kind of digital signature and Digital
Signature uses publicly also know as asymmetric technology.
KN Govind acharya vs. Union of India: directed the central govt. to
make its stands clear on second schedule.
Intermediary carrier(BSNL, Airtel, intermediary publisher(yahoo),
intermediary seller(Amazon, Flipkart), Avnish Bajaj vs. NCT Delhi
(Bazzi.com case) read section. 79 of the Act
Avinsh Bajaj v. State (NCT) of Delhi (Bazee.com Case)
In the Bazee.com case, Avnish Bajaj, the then Managing Director of
Bazee (later taken over by E-Bay), faced legal proceedings related to
online content. Here are the key details:
1. Background:
o Bazee.com was an online platform and
marketplace where sellers listed goods and
services, and buyers could choose to purchase.
o An obscene advertisement for a pornographic
video titled “DPS Girls having fun” was listed on
Bazee’s website. The safety filters failed to detect
this listing initially.
o Although the listing was removed within a couple
of days, several buyers had already purchased the
videos during that short period.
2. Charges:
o Avnish Bajaj was accused of committing offenses
under:
▪ Section 292 of the Indian Penal Code
(IPC): Related to the advertisement/sale
of obscene objects.
▪ Section 67 of the Information
Technology Act (IT Act): Related to
causing the publication of obscene
objects on the internet.
3. Legal Proceedings:
o A summoning order was issued against Avnish
Bajaj by the competent court.
o Avnish Bajaj filed a petition under Section
482 before the Delhi High Court seeking the
quashing of the summoning order.
o The court observed a prima facie case for the
offense under Section 292 (2) (a) and 292 (2) (d)
IPC against the website, both in respect of the
listing and the video clip.
o Notably, the Indian Penal Code does not recognize
automatic criminal liability attaching to the
director when the company is an accused. As a
result, Avnish Bajaj could be acquitted under
Sections 292 and 294 of IPC1.
4. Supreme Court Clarification:
o In 2012, the Supreme Court overturned the earlier
judgment, ruling that Avnish Bajaj wasn’t
vicariously liable for the company’s actions. He
couldn’t be implicated under the provisions of the
IT Act because the company wasn’t arraigned as
an accused in the case2.
This case significantly shaped the concept of intermediary liability in
India and clarified the responsibilities of online platforms regarding
objectionable content
*Intermediary platforms must abide by the safe harbor mechanism
given in the IT Rules 2021 in order to get the protection from third
party content on their platforms.
The courts have, in the past, in cases of obscenity over the internet,
considered the provisions of both the IPC as well as the IT Act. For
instance, in Maqbool Fida Husain v Raj Kumar Pandey, in which an
allegedly obscene painting was offered for sale over the internet, the
Delhi High Court reasoned that since the test to determine obscenity
under both the IT Act as well as the IPC was similar, it was 'necessary
to understand the broad parameters of the law laid down by the courts
in India, in order to determine obscenity.
This judgment of the Supreme Court gives welcome relief to
intermediaries. The apex court, in reaffirming the principle of
generalia specialibus non derogant, held that in cases of obscenity
appearing on the web, once the criminal act had a nexus with the
electronic record, the provisions of the IT Act, particularly the safe
harbor principle under Section 79, could not be ignored.
2008 amendment act what were the changes in
intermediary(originator-intermediary-receiver)
Gate keeper liability in art. 19(1) of Constitution of India
Certifying authorities
Intermediary liability is defined under Sec 2(w) of the IT Act, 2000
Read the document on intermediary liability GATEKEEPER
LIABILITY AND ARTICLE 19(1)(A) OF THE CONSTITUTION OF
INDIA (manupatra.in)
[(w) ―intermediary, with respect to any particular electronic records,
means any person who on behalf of another person receives, stores or
transmits that record or provides any service with respect to that
record and includes telecom service providers, network service
providers, internet service providers, web-hosting service providers,
search engines, online payment sites, online-auction sites, online-
market places and cyber cafes;]
Function of intermediary can be understood in terms of its role as a
facilitator with respect to particular electronic message between an
originator and an addressee. Different role that the intermediary can
identify with are: information carrier (are intermediaries they
transmit the electronic message without examining its content. These
intermediaries provide access to the internet and are mainly network
service provider like Airtel and BSNL, information publishers (they
publish and transmit information like Yahoo and Google, etc.) and
information seller (these are intermediaries which sell the
information like Amazon, Flipkart, etc.).
Before the amendment in 2008 safe harbor protection was not there for
intermediaries. Before amendment safe harbor protection was only
provided to the network service provider or information carriers but
information publishers and E-commerce websites were exempted from
it.
AVNISH BAJAJ VS. STATE OF NCT DELHI.
CHRISTIAN LOUBOUTIN SAS Versus NAKUL BAJAJ & ORS.,
2018 253 DLT 728: In this case, Delhi High Court had to decide on
the liability of an e-commerce platform, darveys.com for infringement
of trademark rights of Christian Louboutin whose products were being
sold on the platform. The court distinguished ‘active’ and ‘passive’
intermediaries and held that Section 79 of the IT Act is to protect
genuine intermediaries and cannot be abused by extending it to those
persons who are not intermediaries and are active participants in the
unlawful act. The Court also laid down certain factors to identify an
active intermediary, namely identification of the seller and providing
details of the seller; providing quality assurance, authenticity
guarantees or storage facilities; assistance for placing a booking of the
product; creating a listing of the product; packaging of the product
with its own packing; transportation; delivery; and advertising
products on the platform, etc. If a large number of elements
enumerated above are present, then such intermediary shall be deemed
to be an active participant and would not be exempted under Section
79 of the IT Act.
Google France Sarl vs. Louis Vuitton Malletier SA and Ors. : lay
down the liability of intermediaries and how do you limit the
intermediary liability. Purpose to forter the environment of
intermediary liabilities.
Syllabus of Tutorial: Topic 1: Digital signature and digital signature
certificate (A Digital Signature Certificate (DSC) is a secure digital
key that verifies the identity of the certificate holder. It's the electronic
equivalent of a physical certificate, such as a driver's license or
passport. DSCs are used to sign documents electronically, and are
embedded in emails, electronic documents, and other digitally
transmitted documents.), Public key and Private key (The public key
is used to encrypt the data, while the private key, which is securely
stored on the recipient's device, is used to decrypt the data. This
asymmetric encryption ensures that only the intended recipient can
access and read the encrypted information, even if the data passes
through unsecured networks), Asymmetric Cryptography
(Asymmetric cryptography, also known as public-key cryptography,
is a method for encrypting and decrypting messages using a pair of
related keys. The keys are a public key and a private key), electronic
signature (An electronic signature (e-signature) is a digital version of
a handwritten signature. It is a legally binding computer data
compilation that is used to sign documents online.), Certifying
Authorities and there role, read IT Act along IT certifying authorities
rules, 2000, the types of certificate (class I,II ,III) and uses, issuance
and renewal of certificate (issuance process-application, verification,
key pair generation, certificate issuance) (renewal- application for
renewal, verification of continued legitimacy, renewal issuance),
Regulatory Compliance and standard in digital signatures (read IT Act
and CA rules, 2000), Functions and responsibility of CA, and
obligation and standards they must adhere to in term of issuance and
management of digital signature certificates, used cases and practical
aspects of digital signature (eg: E-governance, E-tenders, Business &
commercial transaction, Banking & finance, use in legal regulatory
documents) (Trimex international FZE Ltd. Vs. Vedanta Aluminum
Ltd.- dispute relating to authenticity and legal validity of electronic
records and digital signature in a contractual agreement between
Trimex and Vedanta Aluminum, the key issues were: 1. Examination
of legal recognition of Digital Signature and there status under IT Act,
2000, . determination of the admissibility of electronic signed
documents as evidence in the court; the court upheld the legal validity
of digital signature and recognized the electronic signature and records
as evidence.
Topic 2 Intermediary Liability: What is Safe Habor Protection for
intermediary under section 79 (Shreya Singhal vs. Union of India,
2015- section 62A held unconstitutional in India), Due Diligence
Guidelines which is the IT Intermediary Guidelines Rule, 2011 and
also Digital Ethic Media Code, 2021[Social media intermediary-rule
3&4], conditions for availing safe harbor protection given under
section 79, (Avnish Bajaj vs. State of NCT of Delhi) (safe harbor
protection and its scope)
Shreya Singhal v. Union of India (2015)
In a landmark judgment, the Supreme Court of India declared Section
66A of the Information Technology Act, 2000 unconstitutional. This
ruling, delivered on March 24, 2015, had significant implications for
free speech and expression in India12.
Background:
• Section 66A was inserted into the Information Technology
Act in 2009.
• It criminalized the sending of offensive messages through
computer resources or communication devices.
• The section was widely criticized for its vague language and
potential misuse to curb free speech.
Key Points from the Judgment:
1. Unconstitutionality: The court held that Section
66A violated the fundamental right to free speech and
expression guaranteed under Article 19(1)(a) of the Indian
Constitution.
2. Overbreadth and Vagueness: The provision was found to
be overbroad and vague, allowing for arbitrary interpretation
and misuse.
3. Chilling Effect: The court emphasized that the provision
had a chilling effect on free speech, leading to self-
censorship.
4. No Saving under Article 19(2): The court ruled
that Section 66A was not saved by the reasonable
restrictions provided under Article 19(2).
Impact:
• The judgment clarified the boundaries of free speech in the
digital age.
• It set a precedent for challenging restrictive laws related to
online expression.
• Section 66A was struck down, ensuring greater protection
for online speech and expression3.
This case remains a significant milestone in safeguarding digital
liberties and upholding the right to express opinions freely in India
https://www.tandfonline.com/doi/epdf/
10.1080/13600869.2022.2164838?needAccess=true-Look due
diligence norms, significant social media intermediary (rule 4), normal
intermediary (rule 3), due diligence requirement, [read page no. 1-13]
https://www.mondaq.com/india/social-media/1266276/a-brief-into-
the-information-technology-guidelines-for-intermediaries-and-digital-
media-ethics-code-rules-2021
A Brief Into The Information Technology (Guidelines For
Intermediaries And Digital Media Ethics Code) Rules, 2021
Introduction
The Information Technology (Guidelines for Intermediaries and
Digital Media Ethics Code) Rules of 2021 (hereinafter referred to as
'the Rules') has been enacted by the Central Government under the
powers conferred to it by Section 69A(2), 79(2)(c) and 87 of the
Information Technology Act, with thorough coordination with the
Ministry of Electronics and Information Technology and the Ministry
of Information and Broadcasting. The formulation of these Rules is in
response to the growing criticism against the government, while it
recognizes the right to criticize and disagree as an essential element of
democracy. It aims to provide a robust complaint mechanism for social
media and OTT platform users to address their grievances, a
mechanism earlier inexistent.
The proposed framework has been quoted to be progressive, liberal
and contemporaneous, as it lays a special emphasis on the protection
of women against the progression of sexual offences on social media.
It emphasizes on the need of social media intermediaries and online
content providers, whether for entertainment or informative purposes,
to strictly comply with the Constitution and domestic laws of India. It
extends its approach to instill a sense of accountability against misuse
and abuse by social media users and is the first of its kind to bring
social media use under the regulatory framework of the Information
Technology Act.
These rules have been in light of the recent run-down on the OTT
platforms by the government, which have been actively, rather
vehemently, lobbying for stronger and more stringent regulations in
place. However, contrary to such a view, as per the PIB, the Rules
have been formulated keeping in mind the importance of free speech
and journalistic and creative freedoms. Regardless of the political
connotations, the enactment of these Rules puts India at par with
international regimes on digital media regulation, providing a more
comprehensive and holistic protection to its users.
Obligation of Due Diligence on Intermediaries
General Guidelines for All Intermediaries
These general guidelines extent their scope over all intermediaries,
including social media intermediaries as well as significant social
media intermediaries. Rule 2(1)(z) omits from the scope of social
media intermediaries those intermediaries that facilitate commercial or
business transactions, provide access to networks, search-engines and
certain other types as specified.
Due Diligence: Rule 4 enlists certain due diligence obligations of an
intermediary, which include the duty to publish their rules and
regulations, privacy policies and user agreements for access, either on
its website and/or application, to allow its users to access the same.
The material so published must crystalize the user's responsibility not
to "host, display, upload, modify, publish, transmit, store, update or
share"1 any form of information which:
i. Belongs to another person
ii. Is defamatory, obscene, pornographic, pedophilic, invasive
of one's privacy, libelous, or inconsistent to the laws of the
land
iii. Is dangerous for minors
iv. Results in the infringement of any intellectual property right
v. Is deceiving or misleading regarding the origin of the
message
vi. Impersonates another person
vii. Hampers the integrity, defense, security or sovereignty of
the country, friendly relations with foreign states, public
order or results in the incitement of any cognizable offence
viii. Contains any software virus or any program designed to
corrupt or interrupt the functionality of any computer
resource
ix. Or is patently false and untrue, regardless of its form is
published or in order to mislead or harass a person
Notifications provided to the User: Apart from merely publishing
such obligations, the intermediary must notify the user that non-
compliance with the above mentioned may result in the termination of
their access or usage rights.2 Also, these rules and regulations, privacy
policies or user agreements may be subject to periodical amendments,
which ought to be notified to the users in due time.3
Enforcement Action to be Undertaken: Intermediaries are amenable
to halt the hosting, storage or publication of any information
prohibited by law, in the interest of national sovereignty, integrity,
security, etc., as prescribed under Rule 4(1)(d), on the knowledge of
the same through an order of a court of competent jurisdiction or a
Government notification. The intermediary has been provided a strict
time limit of thirty-six (36) hours to remove or restrict access to such
information. Following the removal of such information, the evidence
collected must be preserved for one hundred and eighty (180) days for
investigative purposes.4 Further, the process has been prescribed
under Rule 4, with respect to the intermediaries' duty to fully
cooperate with Government and law enforcement agencies. In order to
address the complaints raised by users or victims, the intermediaries
must appoint a Grievance Officer, whose details must be made public,
who would acknowledge and resolve such complaints within a period
of one month.5
Additional Compliance Measures for Significant Social Media
Intermediaries
Due Diligence: A peculiar feature about the Rules is that it creates a
distinction between social media intermediaries and significant social
media intermediaries. The demarcation is based on the user size and
once it has been defined through the notification of the Government, it
would act as the threshold between the two.6 The reason behind this is
clarified through Rule 5 which provides additional compliance
measures for significant social media intermediaries due to the large
volume of users and content that they process. Barring the criteria of
the user size, the Government can prescribe the provisions of Rule 5
on any other intermediary as well through a notification.7 The
following due diligence ought to be observed by such intermediaries
within three months of publication of these rules:8
i. Appointment of a Chief Compliance Officer, assuming the
responsibility to ensure compliance and oversight of the
functions of significant intermediaries
ii. Appointment of a nodal person of contact, who would act as
a link between law enforcement agencies
iii. Appointment of a Resident Grievance Officer, whose
responsibilities would lay parallel to that of the Officer
appointed under Rule 4(1)(n)
iv. Publishing the compliance report on a periodical basis of six
months, containing the details and contents of complaints
handled and information removed or interrupted by
intermediaries in pursuit of their monitoring activities
In order to facilitate the processing of complaints, with respect to the
violations mentioned under this Rule, an appropriate mechanism shall
be developed by the significant intermediary under Rule 5(6). In such
a process, the intermediary must notify the complainant of the extent
of action taken.
First Originator: Rule 5(2) provides an additional responsibility on
significant social media intermediaries involved in providing
messaging services to assist the law enforcement agencies to identify
and track the first originator of any contentious or problematic
information. This can only be executed through an order of a
competent court or the Competent Authority under Section 69 of the
Act. This power can only be exercised in order to curb any offence
threatening the integrity or security of the State, inciting the
commission of rape, child sexual abuse or other grievous offences.
However, this may not be resorted to on the availability of less
intrusive means and must be employed as a measure of last resort.
Special Measures for Sexual Offences: Other means have been
provided to significant intermediaries in order to curb the commission
or instigation of the offences of rape or child sexual abuse, such as
under Rule 5(4). Such intermediaries must deploy certain technology-
based measured to promptly identify any material that may depict or
simulate such offences. This must be done in the absence of any bias
or discrimination, with the highest regard to privacy and free speech.
Voluntary Verification of Users: Users of significant social media
intermediaries must be provided a facility to voluntarily verify
themselves under Rule 5(7). The verification can take place on the
basis of their number or account and would provide the user with a
visible mark of verification. This method to regulate the users has
been undertaken to eliminate the misuse of these services and provides
a greater level of surveillance over their activities.
Notification to Originators on Removal of Information: In the
situation that a significant intermediary has removed or restricted
access to any information or data, they must ensure that the originator
is made aware of the same, including the grounds for such action, after
providing them a reasonable opportunity. Further, Rule 5(8) provides
that this process must be overseen by the Resident Grievance Officer.
Procedure and Safeguards for Digital/Online Media
Digital media, as defined under Rule 2(1)(k), represents any digitized
content transmittable through the internet or other networks and
includes the same content as stored or transmitted by intermediaries as
well as publishers of news or online curated content. It includes:9
• news and current affairs publishers,
• intermediaries enabling the transmission of news and current
affairs,
• online curated content publishers, and
• intermediaries enabling the transmission of online curated
content,
which operate in India and conduct their business activities by making
content available in India, targeting Indian users10. However, these
following rules applicable to such entities would only come into force
after the lapse of a three month period from the publication of these
rules.11
Grievance Mechanism
An Online Grievance Portal, established by the Ministry within three
months of the commencement of the rules, would act as the central
repository for accepting and disposing of grievances, with respect to
the Code of Ethics, as per Rule 9(1). In pursuance to this, the Rules
provides a three-tiered grievance mechanism, consisting of:
i. Level I: Self-regulation by the applicable entity
ii. Level II: Self-regulation by the self-regulating bodies of the
applicable entities
iii. Level III: Oversight mechanism by the Central Government
Level I: Under Rule 9(4), the applicable entity would be informed of
the grievance and encouraged to address it themselves, while keeping
the complainant and the Grievance Portal in the loop. In exercise of
such a power, the applicable entity is required to appoint a Grievance
Redressal Officer, who would be governed by the Code of
Ethics.12 The applicable entity is to classify the online curated content
that it transmits, granting it with an appropriate certificate, as per the
Schedule.13 The certification may take place on the basis of the
content, its impact, target audience, etc. and must be displayed in a
conspicuous place, allowing the users to be notified of the same before
accessing the content14.
Level II: If the procedure under the first level does not take place
within 15 days, the matter would escalate with the appeal of the
complaint to a Self-regulating Body, of which the entity is a member.
Such bodies ought to be independently constituted by such entities or
their association and headed by a retired judge of the Supreme Court
or a High Court.15 This body would provide guidance on the Code of
Ethics and decide on the grievances passed on from the first level. For
the enforcement of such decisions, a self-regulating body can issue
warnings, censoring, require an apology, reclassify ratings of online
curated content, make appropriate modifications in the content
descriptor, or refer the matter to the Oversight Mechanism under Rule
12. 16
Level III: In case the Self-regulating bodies fail to offer any solace to
the complainant, they have the last resort of the Oversight Mechanism
of the Central Government for a resolution, under Rule 12. Such a
measure would be coordinated by the Ministry, who would constitute
an Inter-Departmental Committee for addressing grievances,
under Rule 13. This committee would consist of representatives from
the Ministry of Information and Broadcasting, Ministry of Women and
Child Development, Ministry of Law and Justice, and other relevant
Ministries as mentioned.17 The purpose of this Committee is to obtain
a holistic and all-encompassing view on the violations under the
Rules. The violations may arise through grievances of Level I and II,
on a suo motu basis, or those referred by the Ministry.18 Similar
powers granted under Rule 11(5) would be applicable, including the
right to initiate the procedure under Rule 14. This allows the
Committee to take action to ascertain the creator of violative content
and block the same content.
Code of Ethics
The underlying thread that binds the whole Rules together is the Code
of Ethics, mentioned under the Appendix. This spans over News and
Current Affairs, Online Curated Content and Advertisements.
Online Curated Content
Providing a comprehensive and an in-depth take on regulating online
curated content, the Code makes reservation for the multi-racial and
multi-religious sphere of India, where due caution and respect ought to
be paid in the depiction of their activities, beliefs or practices. It
classifies content on the basis of its target audience, assigning a:
• 'U' rating for content suitable for children and people of all
ages
• 'U/A 7+' for content that can only be viewed by a person
below the age of 7 years with parental guidance
• 'U/A 13+' which requires parental guidance for viewers
below the age of 13 years
• 'U/A 16+' for persons below 16 years requiring parental
guidance, and
• 'A' for content solely reserved for viewing by adults
Further classifications may be made on the basis of themes and
messages, violence, sex, nudity, drug and substance abuse, etc. These
classification ratings must be displayed in a conspicuous and
unambiguous manner and place, allowing the user to be aware and
informed. Provisions for access control mechanisms, such as parental
locks, ought to be made for content classified as U/A 13+ or higher,
and in spirit of the same, establishing a reliable verification
mechanism of the age of the viewer for content rated 'A'.
Criticism
The introduction of the concept of tracking the first originator
under Rule 5(2) has been perceived as rather contentious and
worrisome. It enables significant social media intermediaries
providing messaging services to allow the enforcement mechanism to
access the originator of any information. This is attempted towards
curbing the spread of fake news and illegal activities taking place over
messaging applications. However, cyber experts fear that this would
eventually result in the overriding of the end-to-end encryption,
allowing for the formation of a surveillance state. This may result in a
major privacy breach, which most messaging applications wear on
their sleeve as a badge of honor. The authority of tracking the
originator can also be enforced in order to prevent or investigate into
an offence relating to the sovereignty, integrity and security of the
State. What the Rules fail to identify is the unimaginable scope of
misuse of such a wide and discretionary power.
In addition to this, members of the media fraternity emphasize on the
Rule's implementation to dissolve the freedom of speech. While
analyzing the grievance redressal mechanism, the executive has been
authorized to rule over the suitability of content published by the
media through the Oversight Mechanism, an unprecedented move that
may be perceived as ultra vires of the Constitution. The inter-
ministerial committee of bureaucrats have been granted the authority
to adjudicate on matters relating to free speech and journalistic
freedoms, which may in turn prove not to be conducive for the same.
Safe Harbor Protection:
Safe Harbour Protection for E-Commerce Platforms in India
The concept of safe harbour protection is crucial for e-commerce
platforms operating in India. It shields intermediaries from liability for
third-party content hosted on their platforms, provided they meet
certain conditions. Let’s explore this topic and relevant case laws:
1. Definition of Intermediaries:
o E-commerce entities acting as third-party
facilitators between buyers and sellers fall under
the category of intermediaries.
o Inventory-based e-commerce entities directly
selling goods/services they own do not qualify as
intermediaries.
2. Section 79 of the Information Technology Act, 2000 (IT
Act):
o Section 79(1) provides safe harbour immunity to
intermediaries for third-party information, data, or
communication links hosted by them.
o To avail this protection, intermediaries must fulfill
conditions specified in Sections 79(2) and 79(3).
3. Active vs. Passive Intermediaries:
o The distinction between ‘active’ and ‘passive’
intermediaries is crucial.
 o In the Louboutin Case, the Delhi High Court
identified factors that determine whether an e-
commerce platform qualifies for safe harbour
protection:
▪ Identification of the seller and providing
seller details.
▪ Quality assurance, authenticity
guarantees, or storage facilities.
▪ Assistance for product booking
(including call center support).
▪ Creating product listings, packaging,
transportation, delivery, and advertising.
o When an e-commerce website actively participates
in these elements, it crosses the line from being an
intermediary to an active participant1.
4. Impact and Ongoing Evolution:
o The jurisprudence around safe harbour standards
for e-commerce entities is still evolving in India.
o Recent developments, such as the 2021
Intermediary Rules, have brought safe harbour
protection into the spotlight.
o Courts continue to interpret and refine the scope of
safe harbour for e-commerce platforms1.
In summary, safe harbour provisions play a critical role in balancing
free speech, innovation, and liability concerns in the digital
ecosystem. E-commerce platforms must navigate these legal nuances
to ensure responsible and compliant operations
“Myspace Inc. v. Super Cassettes Industries Ltd., (2017) 236 DLT
478 (DB)”
Statutes and Provisions Involved
• The Information Technology Act, 2000 (Section 79, 81)
• The Copyright Act, 1957 (Section 51(a)(ii))
• The Information Technology (Intermediary Guidelines)
Rules, 2011 (Rule 3(4))
Relevant Facts of the Case
• The appellant was a social media website owner where third
parties could upload and review content. The respondent is a
well-known audio and video cassette production music
company.
• The appellant claimed to be an Internet Service Provider
(ISP) and an internet intermediary having global outreach.
• In 2008, the appellant offered the respondent the registration
for its Rights Management Tools upon which the respondent
found infringing content on the appellant’s website.
• The appellant in turn told the respondent that their content
has been taken down and placed in a filter to prevent future
violations.
• The respondent claimed to have sent notice to the appellant
for the removal of content to which no heed was paid by the
appellant.
• The plaintiff was granted an interim injunction. The
appellant was dissatisfied with the order of the court and
hence, filed an appeal in the High Court.
Prominent Arguments by the Advocates
• The appellant’s counsel argued that the relief provided by
the single Judge was vague, general, and near impossible to
comply with.
• The appellant’s counsel stated that the appellant was
immune as per Section 79 of the Information Technology
Act, 2000, as it acted as an intermediary.
• The appellant’s counsel states that Section 79 should be read
in consonance with Section 81. This would mean that
intermediaries would not be liable if they carry due diligence
and have no actual knowledge of infringement.
• The respondent’s counsel stated that the respondent incurred
business losses as the infringing content was uploaded on
the appellant’s site.
• The respondent’s counsel also states that exceptions under
Section 51(a)(ii) of the Copyright Act, 1957 would not be
applicable as the appellant had the knowledge that infringed
content is being uploaded on their website.
Opinion of the Bench
• The court opined that Sections 79 and 81 of the Information
Technology Act, 2000 and Section 51(a)(ii) of the Copyright
Act, 1957 have to be harmonious.
• The bench concluded that to impose liability on an
intermediary, the conditions mentioned under Section 79 of
the Information Technology Act, 2000 have to be fulfilled.
• The bench held that having apprehension of unlawful
activities and having precautions for that would not amount
to actual knowledge.
• The court ordered the respondent to furnish the list of work
to the appellant to be removed within one week.
• In the case of internet intermediaries, interim relief should
directly point at the rights being infringed.
Final Decision
• The impugned order was set aside.
• The appeal allowed.
Electronic signatures in India
Introduction to electronic signatures.
Indian law has recognised electronic signatures, or e-signatures, under
the Information Technology Act, 2000 (IT Act) for over 18 years. With
its increased emphasis on improving the ease of doing business;
streamlining the storage of records; and improving the safety, security,
and cost-effectiveness of records, the Government of India has
promoted the use of digital technologies by Indian citizens and
corporations. As a result, there has been a recent increase in the use of
e-signatures,
with more and more services using them.
The IT Act treats electronic signatures recognized under it as
equivalent to physical signatures, subject to a few exceptions. It also
generally allows documents to be signed using any form of e-
signatures. However, an e-signature must satisfy a number of
conditions, and certain checks must be done before it can be relied
upon. This white paper provides an overview of the law in India in
relation to e-signatures and briefly describes how Adobe Sign, an
electronic signature solution from Adobe, simplifies electronic
signatures and allows you to sign documents securely.
Requirements for validity.
The IT Act broadly provides for the enforcement of electronic
signatures and recognises two types of electronic signature as having
the same legal status as handwritten signatures. This lets companies
choose the method best suited to their unique requirements. The
methods specifically recognised under the IT Act are:
 • Electronic signatures that combine an Aadhaar
identity number with an electronic Know-Your-
Customer (eKYC) method (such as a one-time
passcode). This method is known as the eSign online
electronic signature service.
• Digital signatures that are generated by an
“asymmetric crypto-system and hash function.” In
this scenario, a signer is typically issued a long term
(1- to 2-year) certificate-based digital ID stored on
USB token, which is used—along with a personal
PIN—to sign a document.
For the two types of e-signatures to be valid under Indian law, they
must satisfy these additional conditions (Reliability Conditions):
• E-signatures must be unique to the signatory (they must be
uniquely linked to the person signing the document and no
other person). This condition is met with a certificate-based
digital ID.
• At the time of signing, the signatory must have control over
the data used to generate the e-signature (for example, by
directly affixing the e-signature to the document).
• Any alteration to the affixed e-signature, or the document to
which the signature is affixed, must be detectable (for
example, by encrypting the document with a tamper- evident
seal).
• There should be audit trail of steps taken during the signing
process.
• Signer certificates must be issued by a Certifying Authority
(CA) recognised by the Controller of Certifying Authorities
appointed under the IT Act. Only a CA licensed by the
Controller of Certifying Authorities can issue e-signature or
digital signature certificates. View a list of licensed
Certifying Authorities.
If each of the Reliability Conditions is satisfied, then there is a legal
presumption in favour of the validity of any document signed using an
electronic signature.
Validity of other forms of electronic signing:
Documents signed using an electronic means, other than an e-
signature as prescribed under the IT Act, are not invalid. Section 10A
of the IT Act states that contracts that are otherwise validly concluded
will not be rendered invalid merely because they were made in
electronic form. In the case of Tamil Nadu Organic Private Ltd G
Others v. State Bank of India,* the Madras High Court observed that
“contractual liabilities could arise by way of electronic means and that
such contracts could be enforced through law.” The High Court further
stated that Section 10A of the IT Act enables the use of electronic
records and electronic means for the conclusion of agreements,
contracts, and other purposes.
A contract executed using email as the first authentication method or
that adds a second factor of authentication, such as a password or
phone PIN, may be valid under Indian
law, provided it satisfies the requirements of the IT Act. The Supreme
Court in the case of Trimex International Fze Limited, Dubai v.
Vedanta Aluminium Limited† held that unconditional offer and
acceptance through emails constituted a valid contract under the
Indian Contract Act, 1872 (Contract Act). The Apex Court ruled that
once the contract is concluded orally or in writing, the mere fact that a
formal contract is yet to be prepared and initialed by the parties would
not affect either the acceptance of the contract so entered into or
implementation thereof, even if the formal contract has never been
initialed.
This follows the principles enumerated under the Contract Act, which
recognizes even oral and unwritten contracts, provided that principles
relating to contract formation such as offer, acceptance, lawful
consideration, and capacity of the parties are satisfied. Multiple
judgments by Indian courts have held that the formation of a contract
can be inferred based on the conduct of parties and that they need not
be in writing. This means that a party cannot successfully argue that a
contract was never formed when he/she has acted upon the contract.
For instance, an employee cannot dispute the existence of an
electronic contract, if she acted upon it by coming to the workplace
and performing her duties or drawing salaries or benefits under the
employment contract.
The documents that are executed using such other methods are not
treated the same as documents signed with wet signatures. Therefore,
if the validity of an electronic contract is disputed, the party claiming
validity of the contract must be able to demonstrate that the essentials
of a valid contract are fulfilled and that the parties in fact did execute
the contract using a technology that followed the Reliability
Conditions.
If email or another form of authentication is used to sign a document
electronically, then the following industry best practices should be
implemented to help satisfy the requirements of the IT Act:
• Include a mechanism for verifying the identity of the party
who signed the document (for example, by sending a
verification request to a unique email address, or sending an
OTP to the signing party’s mobile phone).
• Obtain the signing party’s consent to do business
electronically.
• Be able to demonstrate clearly that the signing party intended
to sign the document electronically by the particular method
used.
• Track the process securely and keep an audit trail that logs
each step.
• Secure the final document with a tamper-evident seal.
Government use of e-signatures.
Government authorities such as the Ministry of Corporate Affairs,
Department of Revenue, and Ministry of Finance accept electronic
records authenticated using digital signatures. In the case of e-filing
with the Ministry of Corporate Affairs, income tax and GST (goods
and service tax) filings, digital signatures are the preferred mode of
execution.
The Reserve Bank of India (RBI) has allowed small finance banks and
payment banks to rely on electronic authentication for confirmation of
the terms and conditions of the banking relationship. The RBI also
allowed a one-time PIN (OTP) based eKYC process for onboarding
customers by all regulated entities, subject to certain conditions.
These examples indicate the shii towards the use of e-signatures.
Where electronic signatures cannot be used:
The following documents cannot be electronically signed and must be
executed using traditional “wet” signatures in order to be legally
enforceable:
• Negotiable instruments such as a promissory note
or a bill of exchange other than a cheque
• Powers of attorney
• Trust deeds
• Wills and any other testamentary disposition
• Real estate contracts such as leases or sale
agreements
Other considerations when signing electronically:
Requirement to stamp.
In India, certain documents must be stamped before or at the time of
execution. Currently, no law in India prescribes a method for stamping
electronic documents.
Some states such as Maharashtra, Karnataka, and Delhi specifically
extend the requirement for stamping to electronic records. When
stamps are accepted electronically, solutions like Adobe Sign can be
tailored to meet those requirements.
Companies should always confirm with their internal legal team
whether a document needs to be stamped before signing and executing
the document electronically. If a document is signed and executed
electronically and is required to be stamped, then the company should
ensure that a physical copy of the document is prepared and stamped.
If a document is not properly stamped, then in some circumstances,
financial penalties may be imposed. Some states penalise deliberate
non-stamping of documents with imprisonment and/or fine (although
these provisions are rarely enforced).
If a document is not properly stamped, then in some circumstances
financial penalties may be imposed. Some states penalise deliberate
non-stamping of documents with imprisonment and/or fine (although
these provisions are rarely enforced).
Summary:
The Government of India’s Digital India initiative focuses on digital
infrastructure and aims to transform India into a paperless economy. In
the past few years, the government’s initiative to promote a digitised
economy has resulted in a widespread acceptance of electronic records
and electronically signed documents by government authorities.
For organisations implementing e-signatures, it is recommended that
only electronic and digital signatures as recognised by the IT Act be
used to avoid any risks, such as admissibility and enforceability of
documents or contracts signed electronically, before the authorities.
Application service providers, like Adobe, offer electronic signature
based dedicated solutions designed to address the requirements
discussed in this paper.
under the provisions of IT Act, 2000. There are a total of eight
Certification Agencies authorised by the CCA to issue Digital
Signature Certificates (DSCs). The details of these Certification
Agencies are available on the portal of the Ministry Certifying
Authorities External link image.
3. Class of DSCs: The Ministry of Corporate Affairs has stipulated
a Class-II or above category signing certificate for e-Filings
under MCA21. A person who already has the specified DSC for
any other application can use the same for filings under MCA21
and is not required to obtain a fresh DSC.
4. Validity of Digital Signatures: The DSCs are typically issued
with one year validity and two year validity. These are renewable
on expiry of the period of initial issue.
5. Costing/ Pricing of Digital Signatures: It includes the cost of
medium (a UBS token which is a one time cost), the cost of
issuance of DSC and the renewal cost after the period of validity.
The company representatives and professionals required to obtain
DSCs are free to procure the same from any one of the approved
Certification Agencies as per the MCA portal. The issuance costs
in respect of each Agency vary and are market driven.
However, for the guidance of stakeholders, the Ministry has
obtained the costs of issuance of DSCs at the consumer end from
the Certification Agencies. The costs as intimated by them are as
under:
6. Obtain Digital Signature Certificate
• Digital Signature Certificate (DSC) Applicants can directly
approach Certifying Authorities (CAs) with original
supporting documents, and self-attested copies will be
sufficient in this case
• DSCs can also be obtained, wherever offered by CA, using
Aadhar eKYC based authentication, and supporting
documents are not required in this case
• A letter/certificate issued by a Bank containing the DSC
applicant’s information as retained in the Bank database can
be accepted. Such letter/certificate should be certified by the
Bank Manager.

Certifying Authorities (CAs) are entities designated under

the Information Technology Act, 2000 (IT Act). Their primary role is
to issue Digital Certificates and manage public-private key pairs.
CAs verify the identity of individuals or organizations before granting
digital certificates, ensuring the authenticity of electronic transactions.
They play a crucial role in maintaining trust and security in the digital
realm by adhering to established standards and guidelines. Certifying
Authorities (CA) has been granted a license to issue a digital signature
certificate under Section 24 of the Indian IT-Act 2000. One can
procure Class 2 or 3 certificates from any of the certifying authorities.

Obtain Digital Signature Certificate

About Digital Signature Certificate (DSC)

The Information Technology Act, 2000 has provisions for use of

Digital Signatures on the documents submitted in electronic form in
order to ensure the security and authenticity of the documents filed
electronically. This is secure and authentic way to submit a document
electronically. As such, all filings done by the companies/LLPs under
MCA21 e-Governance programme are required to be filed using
Digital Signatures by the person authorised to sign the documents.

1. Legal Warning: You can use only the valid Digital Signatures
issued to you. It is illegal to use Digital Signatures of anybody
other than the one to whom it is issued.

2. Certification Agencies: Certification Agencies are appointed by

the office of the Controller of Certification Agencies (CCA)