What Makes a Signature Legally Valid in India

A signature is one of the most fundamental acts in law — it signals identity, intent, and consent. Yet most people assume that any signature, in any form, automatically carries legal weight. That assumption can be costly.

In India, the legal validity of a signature depends on far more than just a mark on paper or a click on a screen. The type of signature, the method of authentication, the nature of the document being signed, and the evidentiary trail it leaves behind — all of these factors determine whether a signature will hold up when it matters most.

This article breaks down exactly what makes a signature legally valid in India, the critical differences between eSign, DSC, and scanned signatures, how courts view them as evidence, and when to use which.

The Legal Foundation: What Does "Valid Signature" Mean in India?

Indian law does not define a single universal standard for a valid signature. Instead, validity is assessed across multiple statutes depending on the context.

The Indian Contract Act, 1872

Under contract law, a signature is primarily an expression of consent and intent to be bound. There is no mandatory form — a signature can be a handwritten mark, an initial, a stamp, or an electronic authentication — as long as it demonstrates the party's acceptance of the terms. What matters more is that the agreement satisfies the essentials of a valid contract: offer, acceptance, lawful consideration, competent parties, and free consent.

The Information Technology Act, 2000

For electronic signatures specifically, the IT Act is the governing law. Section 5 establishes that electronic signatures carry the same legal recognition as handwritten signatures, provided they comply with the Second Schedule of the Act. The Act further distinguishes between two categories of electronic signatures — Aadhaar-based eSign and Digital Signature Certificates — and sets out the standards each must meet to be considered valid.

The Registration Act, 1908 and Stamp Act

Certain documents — particularly those involving immovable property — must be registered under the Registration Act and stamped under the applicable Stamp Act. For these, the concept of a valid signature extends beyond authentication to include physical presence, stamp duty payment, and sub-registrar verification. Electronic signatures, regardless of their sophistication, do not satisfy these requirements.

The Three Core Elements of Any Valid Signature

Regardless of the form, any signature — physical or electronic — must demonstrate three things to be legally valid:

Identity: The signature must be attributable to a specific, identifiable person. The stronger the authentication method, the easier it is to establish identity beyond doubt.

Intent: The signature must reflect the signer's conscious decision to agree to or authorise the document. A forged signature or one obtained under coercion is void.

Integrity: The document that was signed must be the same document presented in a dispute. If the content has been altered after signing, the signature loses its evidentiary value.

These three elements — identity, intent, and integrity — are the lens through which courts evaluate any disputed signature in India.

Scanned Signatures: Convenient but Legally Fragile

A scanned signature is exactly what it sounds like — a handwritten signature that has been physically signed on paper, scanned or photographed, and then inserted as an image into a digital document.

Why Businesses Use Them

Scanned signatures are widely used because they require no technical setup. Any person with a smartphone can scan their signature and paste it into a Word or PDF document. They look familiar, they feel official, and for low-stakes internal processes, they get the job done.

The Legal Problem

The fundamental weakness of a scanned signature is that it provides virtually no authentication. Anyone who obtains an image of your signature — from a previous document, a scanned ID, or even a photograph — can paste it onto any document without your knowledge or consent. There is no cryptographic protection, no timestamp, and no audit trail.

From a legal standpoint, a scanned signature is classified as a Simple Electronic Signature (SES). It is permissible under Indian law for basic transactions, but it is the easiest to repudiate. In a dispute, the opposing party can simply claim that the signature was copied from another document, and the burden falls entirely on you to prove otherwise — often through forensic analysis that is expensive, time-consuming, and inconclusive in the digital context.

When a Scanned Signature Is Acceptable

Scanned signatures are generally acceptable for internal communications and low-value transactions where the relationship between parties is trusted, the risk of dispute is minimal, and there is supporting context (such as an email chain) that corroborates the signer's intent. They are not recommended for any document that may need to withstand legal scrutiny.

eSign (Aadhaar eSign): Identity-Backed and Court-Ready

Aadhaar eSign is a cloud-based electronic signature service that authenticates the signer's identity in real time through UIDAI's Aadhaar infrastructure. It is offered by MeitY-authorised eSign Service Providers (ESPs) and is the most widely adopted form of legally robust e-signature in India for consumer and business transactions.

How Identity Is Established

When a person signs using Aadhaar eSign, they are not simply clicking a button. They are authenticating their identity against India's national biometric database — either through an OTP sent to their Aadhaar-linked mobile number or through biometric verification. This authentication is logged by UIDAI and creates an immutable record linking the signer's verified identity to the specific document at a specific point in time.

The Cryptographic Layer

Once identity is confirmed, a one-time Digital Signature Certificate is dynamically generated and cryptographically applied to the document. This means the document is sealed — any alteration made to it after signing will be immediately detectable because the cryptographic hash will no longer match.

The Audit Trail

Every Aadhaar eSign transaction generates a comprehensive audit trail that captures the signer's IP address, device information, geolocation, timestamp, and UIDAI authentication response. This audit trail is stored by the ESP and forms a critical piece of evidence in any legal dispute.

Legal Standing

Aadhaar eSign satisfies the requirements of the IT Act, 2000 for a valid electronic signature. It has been explicitly recognised by regulators including RBI, IRDAI, SEBI, and MCA as a valid method for executing regulated documents in their respective sectors. Courts have consistently accepted Aadhaar-eSigned documents as valid electronic records under Section 65B of the Indian Evidence Act.

Where eSign Works Best

Aadhaar eSign is the right choice for loan agreements and NBFC documentation, insurance policy issuance, customer onboarding and KYC agreements, employment contracts and offer letters, vendor and supplier agreements, rental agreements, and mutual fund and investment documentation. Essentially, for any document that is high-value, involves an individual consumer or employee, and needs to be enforceable without physical paperwork — Aadhaar eSign is the standard.

DSC (Digital Signature Certificate): The Highest Assurance Standard

A Digital Signature Certificate is a hardware-based cryptographic credential issued by a licensed Certifying Authority (CA) such as eMudhra, Sify, or NSDL. Unlike Aadhaar eSign, which generates a one-time certificate at the moment of signing, a DSC is a persistent credential stored on a physical USB token (dongle) that belongs exclusively to one individual or organisation.

How a DSC Is Issued

Obtaining a DSC requires formal identity verification with a licensed CA. For a Class 3 DSC — the only class currently issued for business use — this means submitting identity and address proof and undergoing in-person or video-based verification. The CA then issues a certificate containing the holder's public key, which is registered on the CA's publicly accessible directory.

How Signing Works

When you sign a document with a DSC, your private key (stored on the USB dongle) generates a unique cryptographic signature for that specific document. The signature is embedded into the document along with your public key certificate. Anyone who receives the document can verify the signature by checking the CA's directory — confirming both who signed it and that the document has not been altered since signing.

Classes of DSC Currently Valid in India

Class 3 DSC is the only class actively issued in India following the discontinuation of Class 2 in January 2021. Class 3 offers the highest level of assurance and is the mandatory standard for all government portal submissions.

Where DSC Is Mandatory or Strongly Preferred

DSC is legally required or strongly preferred for MCA and ROC filings (company incorporation, annual returns, director appointments), income tax return filing for companies and tax audits, GST tribunal submissions and litigation, e-tendering on government procurement portals (GeM, CPPP), trademark and patent filings with IP India, SEBI filings for listed companies, and digital signing of audit reports by Chartered Accountants.

The common thread across these use cases is that they involve government portals, regulatory filings, or high-stakes legal proceedings where the highest possible assurance of identity and document integrity is non-negotiable.

Key Differences Between eSign, DSC, and Scanned Signatures

Form factor: A scanned signature is a static image with no cryptographic protection. Aadhaar eSign is a cloud-generated one-time certificate created at the moment of signing. A DSC is a persistent hardware credential stored on a physical USB token.

Identity verification: A scanned signature involves no real-time identity verification. Aadhaar eSign verifies identity against UIDAI's live database via OTP or biometric. A DSC requires formal, in-person or video-based verification with a licensed Certifying Authority.

Tamper detection: A scanned signature offers no tamper detection — the document can be altered without any visible indication. Both eSign and DSC use cryptographic hashing, meaning any post-signing alteration immediately invalidates the signature.

Audit trail: Scanned signatures have no audit trail. Aadhaar eSign generates a detailed trail including timestamp, IP, device, geolocation, and UIDAI authentication record. DSC transactions are logged by the CA and can be verified against the public directory.

Ease of use: Scanned signatures require no setup. Aadhaar eSign requires only an Aadhaar-linked mobile number and is accessible via any smartphone. DSC requires a USB token, driver installation, and is tied to a specific computer — making it less suited for mobile or remote signing.

Cost: Scanned signatures have no cost. Aadhaar eSign is priced per transaction by ESPs, typically ranging from ₹5 to ₹30 per signing. DSC tokens cost between ₹1,000 and ₹3,000 and are valid for one to three years.

Best suited for: Scanned signatures work only for internal, low-risk, trusted-party transactions. Aadhaar eSign is best for consumer-facing, regulated, and business-to-business agreements. DSC is best for government portal submissions and regulated filings where it is mandated.

How Indian Courts View Electronic Signatures as Evidence

Understanding how courts treat e-signatures is essential for any business building a legally defensible workflow.

Section 65B of the Indian Evidence Act, 1872

This is the provision that governs the admissibility of electronic records in Indian courts. Under Section 65B, an electronic record — including a digitally signed document — is admissible as evidence if it is accompanied by a certificate that confirms the computer output was produced by a computer that was in regular use, the information was fed into the computer in the ordinary course of activities, the computer was operating properly, and the electronic record accurately reproduces the original information.

In practice, this means that a signed PDF along with the audit trail and a 65B certificate from the signing platform is admissible as documentary evidence in civil and criminal proceedings.

The Supreme Court's Position

In Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020), the Supreme Court of India clarified that a Section 65B certificate is mandatory for electronic records to be admitted as primary evidence. Without this certificate, even an authentic e-signed document may not be admissible — not because the signature is invalid, but because the procedural requirements have not been met. This ruling underscores the importance of using signing platforms that issue proper 65B-compliant certificates.

What Courts Examine in a Dispute

When an e-signed document is challenged in court, judges typically examine the audit trail to determine whether the correct person authenticated the signing event, whether the authentication method was sufficiently robust for the nature of the document, whether the document was altered after signing (detectable via cryptographic hash mismatch), and whether the signer had adequate opportunity to review the document before signing.

A well-generated audit trail from a MeitY-certified ESP is typically sufficient to satisfy all of these inquiries for Aadhaar-eSigned documents. For DSC-signed documents, the CA's public directory provides independent verification.

Scanned Signatures in Court

Scanned signatures are the most vulnerable in litigation. Because they have no cryptographic protection or authentication trail, a party seeking to challenge them can raise a simple claim of forgery, and the burden of proof shifts to the party relying on the signature. Unless there is substantial corroborating evidence — such as a contemporaneous email thread, witness testimony, or metadata from the document — courts may view scanned-signature documents with scepticism.

When Is eSign Sufficient and When Should You Use DSC?

The decision between eSign and DSC is not about which is better — it is about which is appropriate for the specific document and regulatory context.

eSign Is Sufficient When

The transaction is between private parties — businesses, individuals, or a business and its customers — and does not involve a government portal. The document type is not explicitly mandated to use DSC by a regulator. You need mobile-friendly, remote signing capability without requiring signers to carry a USB token. You are signing at volume — hundreds or thousands of documents monthly — where per-transaction pricing of eSign is more economical than managing multiple DSC tokens. Examples include loan agreements, insurance policies, employment contracts, vendor agreements, NDAs, and rental agreements.

DSC Is Preferred or Mandatory When

You are filing documents on government portals that explicitly require DSC — such as MCA21, TRACES, the income tax e-filing portal, GeM, or CPPP. You are a Chartered Accountant signing audit reports or tax documents on behalf of a client entity. You are submitting documents in legal proceedings where the opposing party or court may scrutinise the signature method. You are a company director signing statutory documents for ROC compliance. You are participating in e-tendering for government contracts.

A Practical Rule of Thumb

If the document goes to a government portal or a regulatory authority — use DSC. If the document is between private parties and the law does not mandate DSC — Aadhaar eSign is not just sufficient, it is often the better choice given its stronger audit trail and ease of use compared to scanned signatures.

Common Mistakes Businesses Make with Signatures

Relying on scanned signatures for high-value contracts. The familiarity of a scanned signature gives a false sense of security. For any agreement where enforcement may become necessary, the absence of authentication and a tamper-evident seal is a serious liability.

Using eSign on documents that legally require physical execution. Not all documents can be signed electronically under Indian law. Executing a power of attorney, a will, or a property sale deed using eSign does not make it valid — it makes it void.

Not storing the audit trail. The signed PDF alone is not enough. The audit trail, 65B certificate, and signing platform records must be stored and retrievable. Many businesses sign documents electronically but discard or lose the supporting records, significantly weakening their position in any dispute.

Using expired or revoked DSCs. DSCs are valid for one to three years. Using a DSC after its expiry or after it has been revoked renders the signature invalid. Businesses that rely on DSC for compliance filings must maintain a calendar for renewal.

Confusing eSign with a simple OTP confirmation. Not all OTP-based processes constitute a valid electronic signature under the IT Act. Only OTP-based authentication conducted through a MeitY-licensed ESP as part of a formal eSign workflow generates a legally compliant signature.

Conclusion

A signature is only as strong as the evidence behind it. In an era where disputes increasingly play out over digital documents, the difference between a scanned image, an Aadhaar eSign, and a DSC is not merely technical — it is the difference between a document that holds up in court and one that does not.

For most private business transactions, Aadhaar eSign strikes the right balance between legal robustness, ease of use, and cost. For government filings and regulated submissions, DSC remains the mandatory standard. And for scanned signatures — reserve them only for contexts where the relationship is trusted, the stakes are low, and legal enforcement is never going to be an issue.

If you are unsure which signature method your business should be using for a specific document type, chitthiwale.com can help you navigate the compliance landscape with clarity.