ZeeroTrust

Everything You Need to Know About Digital Signatures and CCA Compliances.

, ,

How to Become a CCA Certified Certifying Authority (CA) in India

Becoming a Certifying Authority (CA) in India is an important process for entities that wish to issue Digital Signature Certificates (DSCs) as per the provisions of the Information Technology (IT) Act, 2000. A CA needs to be licensed under the IT Act and comply with strict guidelines set by the Controller of Certifying Authorities (CCA). Below are the detailed steps and requirements for obtaining this certification.

1. Application for License

To operate as a Certifying Authority under the IT Act, 2000, an application must be submitted to the Controller of Certifying Authorities (CCA) as per Section 21 of the IT Act. This application is crucial for obtaining the necessary license to operate as a CA.

The application must be submitted in the prescribed format outlined under Rule 10 of the IT Act. Before submitting the application, the applicant must ensure that all the necessary infrastructure is in place, including:

  • Technical Infrastructure
  • Physical Infrastructure
  • Procedural Setup
  • Manpower Requirements

Once the application is received, CCA will examine it along with the supporting documents. If all requirements are met, the CCA will appoint an empanelled auditor to conduct an audit. Based on the audit report, a decision will be taken on whether the license to operate as a Certifying Authority will be granted.

2. Non-Compliance and Corrective Actions

If the audit reveals non-compliance with the requirements stipulated in the IT Act or its associated Rules and Regulations, the applicant will be required to take corrective action. After addressing these issues, a re-audit will be conducted to assess whether the applicant is now compliant with the regulatory requirements.

3. Supporting Documents Required

To complete the application process, several key documents must be provided. In addition to the documents listed under Rule 10 of the IT Act, applicants must submit:

  • Company Profile/Experience of Individuals: The experience of the company or individuals applying for the license should be included.
  • Proof of Capital: For individuals, proof of capital of Rs. 5 crores or more is required. For companies, the paid-up capital must be at least Rs. 5 crores and a net worth of at least Rs. 50 crores.
  • Proof of Equity Ownership: A certificate proving that equity share capital held by NRIs, FIIs, or foreign companies does not exceed 49% of the total capital.
  • Undertaking for Performance Bond or Banker’s Guarantee: An undertaking to provide a performance bond or a banker’s guarantee valid for 6 years for an amount not less than Rs. 50 lakhs, in accordance with Rule 10(ii)(h) of the IT Act.
  • Application Fee: A crossed cheque or bank draft of Rs. 25,000 for new applications or Rs. 5,000 for renewals, payable to the Pay & Accounts Officer, MeitY, New Delhi.
  • Certified Copies of Company’s Incorporation Documents: These include the company’s incorporation certificate, articles of association, and other relevant documents.
  • Audited Accounts for the Last Three Years: Audited financial reports are required to demonstrate the financial health of the company.
  • Certification Practice Statement (CPS): The CA’s Certification Practice Statement, as outlined in Annexure I of the CCA Guidelines, is a key document.
  • Technical Specifications and Security Policies: Details about the CA system’s technical specifications, security policies, standards, and infrastructure are mandatory.
  • IT and Security Policies: The applicant must outline their Information Technology and Security Policy to be followed under Rule 19 of the IT Act.
  • Organizational Chart: This includes details of trusted personnel involved in the CA’s operations.
  • Audit and Operational Readiness: Applicants must specify when they are ready for audit and when they plan to commence operations, as operations can only begin after compliance with Rule 20.
  • Auditor Payment Undertaking: An undertaking that payment will be made to the auditor at a rate prescribed by the CCA.

4. Additional Considerations

  • Bank Account Details: The fee can also be paid through NEFT/RTGS to the specified account at Bank of India, with the account number and IFSC code provided for processing payments.
  • Right to Call for Additional Information: The CCA reserves the right to request additional information if needed during the application process.

Conclusion

The process to become a CCA certified Certifying Authority in India involves detailed preparation, compliance with technical and procedural standards, and financial transparency. Applicants must ensure that they meet the regulatory requirements outlined by the IT Act, 2000 and follow the necessary steps, including submitting appropriate documents, passing audits, and maintaining robust security policies.

By following these steps and ensuring full compliance with CCA regulations, an entity can secure a license to operate as a trusted Certifying Authority in India, thereby contributing to the digital signature ecosystem that is crucial for securing online transactions and legal documentation.

Leave a comment

Navigation

About

Zeero Trust is your trusted source for insights on Digital Signatures, PKI, and CCA compliance in India