Information Technology Act 2000 of India

Ch	Title
-	Preamble
1	Preliminary
2	Digital and Electronic Signature
3	Electronic Governance
4	Attribution, Acknowledgement Despatch of Electronic Records
5	Secure Electronic Records and Secure Digital Signatures
6	Regulation of Certifying Authorities
7	Electronic Signature Certificates
8	Duties of Subscribers
9	Penalties and Adjudication
10	The Cyber Appellate Tribunal
11	Offences
12	Network Service Providers Not to be liable in Certain cases
12A	Examiner of Electronic Evidence
13	Miscellaneous
Amendments to Other Acts
Part III	Indian Penal Code
Part IV	Indian Evidence Act
Schedules
1	Excluded Documents
2	Electronic Signature Procedure
Reference
	Objectives
	Notes on clauses
	Compendium of Rules

THE SECOND SCHEDULE [See sub-section (1) of section 3A] Electronic Signature or Electronic Authentication Technique and Procedure (Substituted vide ITAA-2006)
Sl No	Description	Procedure
1	e-authentication technique using Aadhaar e-KYC services	Authentication of an electronic record by e-authentication Technique which shall be done by- (a) the applicable use of e-authentication, hash, and asymmetric crypto system techniques, leading to issuance of Digital Signature Certificate by Certifying Authority (b) a trusted third party service by subscriber's key pair-generation, storing of key pairs ~~on hardware security module~~ [Ref GSR 539(E) of 30th June 2015] and creation of digital signature -provided that the trusted third party shall be offered by the certifying authority. The trusted third party shall send application form and certificate signing request to the Certifying Authority for issuing a Digital Signature Certificate to the subscriber. (c) Issuance of Digital Signature Certificate by Certifying Authority shall be based on e-authentication, particulars specified in Form C of Schedule IV of the Information Technology (Certifying Authorities) Rules, 2000, digitally signed verified information from Aadhaar e-KYC services and electronic consent of Digital Signature Certificate applicant. (d) The manner and requirements for e-authentication shall be as issued by the Controller from time to time. (e) The security procedure for creating the subscriber’s key pair shall be in accordance with the e-authentication guidelines issued by the Controller. (f) The standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant. (g) The manner in which information is authenticated by means of digital signature shall comply with the standards specified in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 in so far as they relate to the creation, storage and transmission of Digital Signature Certificate." (Inserted on 28th January 2015 vide GSR 61(E) (g) The manner in which the information is authenticated by means of digital signature shall comply with the manner and standards specified in rules 3 to 12 of the Digital Signature (End entity) Rules 2015 in so far as they relate to the creation, storage and verification of Digital Signature (Replaced vide GSR 446(E) of 27th April 2016

PS: The third schedule and fourth schedule of ITA-2000 is omitted vide ITAA 2006.

However Amendments have been made to Indian Penal Code and Indian Evidence Act concurrent with the ITAA-2006 which is considered Part III and IV of the Information Technology Amendment Act 2006