Regulation of Certifying

Authorities
Source:
https://meity.gov.in/content/rules-information-technology-act-200
0
Chapter 8, Regulatory framework, pp 103-134, Sharma J P and
Kanojia S, 2018, bharat law house.
Chapter 7, Regulators, pp98-112, Rattan j, 2011, bharat law house
Regulation of Certifying Authorities
The Act provides the following four authorities
for the effective implementation and
enforcement of the provisions, which have been
discussed in detail in the next section.
– Controller of Certifying Authorities
– Certifying Authority
– Adjudicating Officer
– Cyber Appellate Authority
Regulation of Certifying Authorities
• Controller of Certifying Authorities
• The controller of and other officers are appointed as per the provisions of
Sec 17 and they function according to clauses of Sec 18 of the Act. The
provisions of these sections are discussed herein.

• Appointment of Controller and Other Officers

• The provisions of section 17 highlight the procedure for the appointment
of the Controller and other officers under the Act.
• The Central Government may, by notification in the Official Gazette,
appoint a Controller of Certifying Authorities for the purposes of this Act
and may also by the same or subsequent notification, appoint such
number of Deputy Controllers and Assistant Controllers as it deems fit.
[sec 17(1)]
• The Controller shall discharge his functions
under this Act subject to the general control
and directions of the Central Government.
[sec 17(2)]
• The Deputy Controllers and Assistant
Controllers shall perform the functions
assigned to them by the Controller under the
general superintendence and control of the
Controller. [sec 17(3)]
• The qualifications, experience and terms and
conditions of service of Controller, Deputy Controllers
and Assistant Controllers shall be such as may be
prescribed by the Central Government. [sec 17(4)]
• The Head Office and Branch Office of the Controller
shall be at such places as the Central Government may
specify, and these may be established at such places as
the Central Government may think fit. [sec 17(5)]
• There shall be a Seal of the Office of the Controller.
[sec 17(6)]
 Functions of Controller

• According to section 18, the Controller may

perform all or any of the following functions,
namely:
• Exercising supervision over the activities of
the Certifying Authorities.
• Certifying public keys of the Certifying
Authorities.
• Laying down the standards to be maintained
by the Certifying Authorities;
• Specifying the qualifications and experience which
employees of the Certifying Authority should possess.
• Specifying the conditions subject to which the
Certifying Authorities shall conduct their business.
• Specifying the contents of written, printed or visual
materials and advertisements that may be distributed
or used in respect of a Digital Signature Certificate and
the public key.
• Specifying the form and content of a Digital Signature
Certificate and the key.
• Specifying the form and manner in which
accounts shall be maintained by the Certifying
Authorities.
• Specifying the terms and conditions subject to
which auditors may be appointed and the
remuneration to be paid to them.
• Facilitating the establishment of any electronic
system by a Certifying Authority either solely or
jointly with other Certifying Authorities and
regulation of such systems.
• Specifying the manner in which the Certifying
Authorities shall conduct their dealings with the
subscriber.
• Resolving any conflict of interests between the
Certifying Authorities and the subscribers.
• Laying down the duties of the Certifying
Authorities.
• Maintaining a database containing the disclosure
record of every Certifying Authority containing
such particulars as may be specified by
regulations, which shall be accessible to public.
 license to issue digital signatures
certificate
• According to Sec 2(g), Certifying Authority means a
person who has been granted a license to issue a
Digital Signature Certificate as per the provisions of
section 24. The provisions in this respect are as
follows:

 Application for License

• All applications to obtain license are to be made to the
Certifying Authority, as prescribed under Sec 22. The
procedure is as follows:
• Every application for issue of a license shall be in such
form as may he prescribed by the Central
Government.
Every application for issue of a license shall be
accompanied by:
– (a) A certification practice statement.
– (b) A statement including the procedures with
respect to identification of the applicant.
– (c) Payment of such fees, not exceeding twenty-
five thousand rupees as may be prescribed by the
Central Government.
– (d) Such other documents, as may he prescribed
by the Central Government.
 Renewal of license
• According to the provisions of Sec 21, following are
the conditions for the issue Digital Signature
Certificates and grant of license:
• Subject to the provisions of sub-section (2), any person
may make an application to the Controller for a license
to issue Digital Signature Certificates.
• No license shall be issued under sub-section (1), unless
the applicant fulfills such requirements with respect to
qualification, expertise, manpower, financial resources
and other infrastructure facilities, which arc necessary
to issue Digital Signature Certificates as may be
prescribed by the Central Government.
A license granted under this section shall:
– (a) Be valid for such period as may be prescribed
by the Central Government.
– (b) Not be transferable or heritable.
– (c) Be subject to such terms and conditions as may
be specified by the regulations.
 Renewal of license

As per the provisions of Sec 23 an application for

renewal of a license shall be:
– (a) In such form.
– (b) Accompanied by such fees, not exceeding five
thousand rupees, as may be prescribed by the
Central Government and shall be made not less
than forty-five days before the date of expiry of
the period of validity of the license.