DocSigner

About

Document Signer Certificate, or simply DocSigner, is a recognised digital signature under the IT Act that can be used by an organisation to securely eSign documents in its name. 

Doc Signer

Unlike DSC tokens which are issued to individuals, Doc Signer Certificates are issued only to organisations. Doc Signers do not operate through a USB device like DSC tokens. Rather, they are saved on the organisation’s servers. Along with the certificate, configurations are installed on the server to use that certificate for signing. 

Doc Signers are typically used to automatically sign documents that are required to be executed by the organisation itself. For example, under the RBI’s Digital Lending Guidelines, Banks and NBFCs needed to sign the hundreds and thousands of loan kits on a daily basis - this is not possible with standard electronic signatures. However, thanks to Doc Signer they can do this very easily.

Legal Validity

By virtue of Sections 2(p), 2(1)(ta), 3, and 5 of the Information Technology Act, 2000, signing an electronic document with DocSigner is a legally valid mode of entering into a contract.

Section 2(p) defines a digital signature as a process of authenticating electronic records in accordance with Section 3.

Section 3 lays down the technological processes (asymmetric cryptographic system and hashing functions) that an eSign type must necessarily adhere to in order to qualify as a digital signature under the IT Act. DocSigner uses both these processes to securely eSign a document and hence qualifies as a digital signature.

Doc Signer certificates qualify as Special Purpose Certificates under the Controller of Certifying Authorities' Interoperability Guidelines for Digital Signature Certificates. This is because while digital signature certificates are issued to persons for the purpose of digital signing, there are some special uses of these certificates for which some technical parameters vary. Doc Signer is one such use case as it is issued only to organisations. 

As per section 2(1)(ta), digital signatures are a subset of electronic signatures. Hence, all digital signatures, including DocSigner, also qualify as an electronic signature.

Section 5 of the IT Act grants electronic signatures identical validity to wet-ink signatures, i.e., an “electronic signature” like DocSigner is seen as legally identical to a wet-ink physical signature - even if its form and design may be different.

Digital signatures like DocSigner can therefore be used to legally sign all types of documents.

The only exception to this rule is that it cannot be used to eSign documents listed in the First Schedule of the IT Act, 2000.

Here is a handy table which tells you where can you legally use DocSigner:

eSign type
Documents listed in the First Schedule of the IT Act
ALL other types of documents
DocSigner
Image
Image
eSign type
DocSigner
Documents listed in the First Schedule of the IT Act
Image
ALL other types of documents
Image

Legal Enforceability

The legal enforceability of any eSign type depends on:

  1. How well it can establish the identity of the signer (Authentication)
  2. Whether the document can be altered after the signatures are affixed (Integrity)
  3. Whether the parties can deny their acceptance of the terms and conditions at a later stage (Non-repudiation)

DocSigner is very easy to enforce because it performs these 3 functions very well.

eSign type \ Goal
Authentication
Integrity
Non-repudiation
DocSigner
Image
  • DocSigner is issued to an organisation only after a thorough KYC process. Furthermore, the secure key pair encryption/decryption process helps to clearly establish the signer’s identity, details of which are contained in the electronic signature certificate
Image
  • The underlying technology (asymmetric crypto system + hash matching process) ensures that anyone opening the document on a PDF reader is alerted if the document has been altered after the signatures were affixed.
Image
  • The private key is saved safely on the organisation’s servers. Therefore, the private key remains under the exclusive control of the signer in the case of Doc Signer. For the signer to deny their DocSigner eSign - they would need to prove that someone else got access to their servers. This is extremely unlikely.
eSign type \ Goal
DocSigner
Authentication
Image
    • DocSigner is issued to an organisation only after a thorough KYC process. Furthermore, the secure key pair encryption/decryption process helps to clearly establish the signer’s identity, details of which are contained in the electronic signature certificate
Integrity
Image
  • The underlying technology (asymmetric crypto system + hash matching process) ensures that anyone opening the document on a PDF reader is alerted if the document has been altered after the signatures were affixed.
Non-repudiation
Image
  • The private key is saved safely on the organisation’s servers. Therefore, the private key remains under the exclusive control of the signer in the case of Doc Signer. For the signer to deny their DocSigner eSign - they would need to prove that someone else got access to their servers. This is extremely unlikely.

In addition to the underlying technology, there are certain legal presumptions in favour of DocSigner which make enforcement even easier:

  • Section 67A - if a signer uses DocSigner to execute a document then it will be presumed that such eSign belonged to the signer herself and not to any other person. The signer cannot later on refute her eSign on the document.
  • Section 85A - an agreement which has been executed using DocSigner will be presumed to have been concluded between the parties and attained finality. This lends certainty as to the finality of the terms and conditions agreed between parties to the agreement.
  • Section 85B(1) - it is legally presumed that the document has not been altered once it has been signed using DocSigner
  • Section 85B(2) -  if the signer signs a document using DocSigner, it is presumed that the signer signed it with the intention of signing or approving the document
  • Section 85C - it is presumed that the details mentioned in the Electronic Signature Certificate affixed on the document, such as name of the signer, email ID and time of signing is true. This helps in establishing the identity of the person who signed the document.

Want to try out eSigning for your own documents?