1|Page IT LAW- TUTORIAL TEST

INFORMATION TECHNOLOGY
LAW- TUTORIAL TEST
FACULTY OF LAW, ALIGARH MUSLIM UNIVERSITY

REGULATIONS OF CERTIFYING AUTHORITY UNDER

INFORMATION TECHNOLOGY ACT, 2000

SUBMITTED BY - SHIVAM GARG

16 BALLB-31
GJ-6016
B.A.LL.B [IX SEM]

SUBMITTED TO - MRS. TABASSUM

CHAUDHARY MAM
2|Page IT LAW- TUTORIAL TEST

ACKNOWLEDGEMENTS

I, SHIVAM GARG, would like to humbly present this project to

Tabassum Chaudhary mam. Firstly, I would like to express my
most sincere gratitude to her for her encouragement and
guidance regarding this project. I am thankful for being given
the opportunity of doing a project on this topic.

I take this opportunity to thank the university, and Dean and

Chairman Sir for providing extensive database resources online
during this pandemic. I would like to thank God for keeping me
in good health and senses to complete this project. I would also
like extend my hand of gratitude towards the friends and family,
without whose support and encouragement this project would
not have been a reality.
3|Page IT LAW- TUTORIAL TEST

INTRODUCTION

The electronic signature infrastructure in India comprises of Controller of Certifying Authority

(CCA), and Certifying Authorities (CAs). The hierarchy of administrative mechanism for digital
signature certificate consists of:

i. Controller of Certifying Authority (CCA)

ii. Certifying Authorities (CAs)

iii. Subscriber (End user)

CONTROLLER OF CERTIFYING AUTHORITY

Controller of Certifying Authority is the apex regulatory body in India for monitoring and
governing Certifying Authorities.

(A) Appointment of Controller of Certifying Authority (Section 17)

The Central Government may, by notification in the Official Gazette, appoint a Controller of
Certifying Authorities.

• The Central Government is also empowered to appoint such number of Deputy

Controllers, Assistant Controllers, other officers and employees as it deems fit, either by
the same or subsequent notification.
• Further, the Controller shall discharge his functions under this Act subject to the general
control and directions of the Central Government.
• The Deputy Controllers and Assistant Controllers shall perform under the general
superintendence and control of the Controller.
• The qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers, Assistant Controllers, and other officers and employees shall be prescribed
by the Central Government. Similarly, the Head Office and Branch Office of the office of
the Controller shall be at such places as the Central Government may specify. There shall
be a seal of the Office of the Controller.

(B) Functions of Controller of Certifying Authority

4|Page IT LAW- TUTORIAL TEST

The IT Act provides for the following functions of CCA:

1) To act as regulator of Certifying Authorities- Section 18 states that in respect of certifying

authorities, the CCA may perform all or any of the following functions

a) To exercise supervision over the activities of the Certifying Authorities;

b) To certify public keys of the Certifying Authorities;
c) To lay down the standards to be maintained by the Certifying Authorities;
d) To specify the qualifications and experience which employees of the Certifying Authority
should possess;
e) To specify the conditions subject to which the Certifying Authorities shall conduct their
business;
f) To specify the contents of written, printed or visual materials and advertisements that
may be distributed or used in respect of a electronic signature certificate and the public
key;
g) To specify the form and manner in which accounts shall be maintained by the Certifying
Authorities;
h) To specifying the terms and conditions subject to which auditors may be appointed and
the remuneration to be paid to them;
i) To specify the manner in which the Certifying Authorities shall conduct their dealings
with the subscribers and to resolve any conflict of interests between the Certifying
Authorities and the subscribers;
j) To lay down the duties of the Certifying Authorities;
k) To maintain a data base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which shall be accessible
to public.

2) To recognise foreign Certifying Authorities- Section 19 provides that the Controller may
with the previous approval of the Central Government, and by notification in the Official
Gazette, recognise any foreign Certifying Authority as a Certifying Authority for the purposes of
this Act. Further, the Controller may, also revoke such recognition if he is satisfied that
Certifying Authority has contravened any of the conditions and restrictions by giving a
notification in the Official Gazette.
5|Page IT LAW- TUTORIAL TEST

3) To grant license to certifying authorities- Section 21 of the Act states that the controller
may issue license to any person who applies to act as certifying authority for the purpose of
issuing electronic signature certificate to the users. However, the license shall be granted only if
the said person fulfils requirements with respect to qualification, expertise, manpower, financial
resources and other infrastructure facilities. The license shall be valid for such period as may be
prescribed by the Central Government and shall not be transferable or heritable.

4) Suspension of license- According to Section 25, the Controller may revoke the license if after
making an inquiry, he is satisfied that a Certifying Authority has

➢ made a statement in, or in relation to, the application for the issue or renewal of the
license, which is incorrect or false in material particulars;
➢ failed to comply with the terms and conditions subject to which the license was granted;
➢ failed to maintain the procedures and standards specified in section 30
➢ contravened any provisions of this Act, rule, regulation or order made there under,

Provided that no licence shall be revoked unless the Certifying Authority has given a reasonable
opportunity of showing cause against the proposed revocation. The Controller may, however,
suspend such license for a maximum period of ten days pending the completion of any enquiry
ordered by him. No Certifying Authority whose license has been suspended shall issue any
electronic signature certificate during such suspension.

The Controller shall publish notice of such suspension or revocation in the data base maintained
by him which would be available through a web site accessible round the clock.

C) Powers of Controller of Certifying Authority (CCA)

The CCA has been conferred with several powers under the Act for smooth functioning and
ensuring better regulation of certifying authorities. These powers are given as follows:

i. Power to delegate, in writing, any of his powers to deputy or assistant controller or any
officer for the purposes of the Act (Section 27)
ii. Power to investigate contravention of any provision or rule or regulation made under the
Act [Section 28(1)]
6|Page IT LAW- TUTORIAL TEST

iii. Power to direct a certifying authority or any employee of such authority to take such
measures or cease to carry on such activities as is necessary to ensure compliance with
the provisions of the Act or rules or regulations made there under [Section 68(1)].
iv. Power to issue directions to any agency of the government to intercept any information
transmitted through any computer resource, in the interest of sovereignty or integrity of
India and its friendly relations with foreign state etc. [Section 69(1)]. Further, the
Controller shall also have the power to issue directions for blocking public access of any
information through any computer resource in specified circumstances (Section 69A).
v. Power of access to computers and data (Section 29)- The Controller or any person
authorised by him shall have the power to access to and conduct a search in any computer
system, any apparatus, data or any other material connected with such system if he has
reasonable cause to suspect that any contravention of the provisions of this Chapter has
been committed.
vi. Power to make following regulations after consultation with Cyber Regulation
Advisory Committee and with the prior approval of Central Government:
➢ Particulars regarding maintenance of database containing disclosure record of
every CA [Section 18(n)]
➢ Conditions and Recognition of Foreign Certifying Authority [Section 19(1)]
➢ Terms and Conditions for grant of licence to CA [Section 30(d)]
➢ Standards to be observed by CA [Section 30(d)]
vii. Power to exercise such powers which are conferred on Income-tax authorities under
Chapter XIII of the Income-tax Act, 1961

RULES REGARDING ISSUE OF LICENCE TO BECOME CERTIFYING AUTHORITY

1. Application for licence- The following persons can apply for grant of licence to issue
electronic signature certificates:

a) An individual, being a citizen of India and having a capital of Rs. 5 crore or more in his
business or profession;
b) A company having paid up capital of not less than Rs. 5 crore and net worth of not less
than Rs. 50 crore. However, a company in which the equity share capital held in
7|Page IT LAW- TUTORIAL TEST

aggregate by the Non-resident Indians, Foreign Institutional Investors, or foreign

companies, exceeds 49% of its capital, shall not be eligible for grant of licence:
c) A firm having capital subscribed by all partners to the amount of Rs. 5 crore or more and
net worth of not less than Rs. 50 crore. Provided that no firm, in which the capital held in
aggregate by any Non-resident Indian, and foreign national, exceeds 49% of its capital,
shall be eligible for grant of licence.

2. Submission of application- Every application for issue of a licence shall be in such form as
may be prescribed by the Central Government and be accompanied by

a) A certification practice statement;

b) A statement including the procedures with respect to identification of the applicant;
c) Payment of such fees, not exceeding Rs. 25000;
d) Such other documents, as may be prescribed by the Central Government.

3. Granting of licence- On submission of application along with required documents fee, an

auditor empanelled by the CCA prepares an audit report based on which the decision to grant
licence is made.

4. Validity of licence- A licence issued to operate as a Certifying Authority shall be valid for a
period of 5 years from the date of issue and it shall ne nontransferable.

5. Renewal of licence- An application for renewal of a licence shall be in such form and be
accompanied by such fees, not exceeding Rs. 5000, as may be prescribed by the Central
Government. The application for renewal of licence shall be made at least 45 days before the
date of expiry of the period of validity of the licence.

6. Suspension of licence- The Controller may revoke the license if after making an inquiry, he is
satisfied that a Certifying Authority has made a statement which is incorrect or false in material
particulars and

a) failed to comply with the terms and conditions subject to which the license was granted;
b) failed to maintain the procedures and standards specified in section 30
c) Contravened any provisions of this Act, rule, regulation or order made there under.
8|Page IT LAW- TUTORIAL TEST

REFERENCES

A. THE INFORMATION TECHNOLOGY ACT, 2000 (No. 21 OF 2000)

B. Chris Reed (Ed.), COMPUTER LAW , 5th edition , Reprint 2000 .
C. Mishra R.C , “ Cyber crime: impact in the new millennium”, 2002 Edition .
D. E.K. Bharat Bhushan , Information Technology Act 2000 & Amendments
E. Rodney D. Ryder , Introduction to Internet Law and Policy , 1st Edition 2007.

WEB REFRENCES

A. http: // www.westlaw.com
B. http://www.cyberlawconsulting.com/cyber-cases.html
C. http://en.wikipedia.org/wiki/International_cybercrime