Introduction
The phrase 'electronic signature' covers a surprisingly wide range of technologies — from clicking an 'I agree' checkbox to cryptographically signed certificates backed by biometric identity verification. When Indian businesses evaluate their options, understanding where Aadhaar based eSign sits within this spectrum matters enormously, both for legal validity and operational security.
The Three Tiers of Electronic Signatures in India
Indian law, guided by the IT Act 2000, effectively recognises three categories of electronic signatures in practice:
Simple Electronic Signatures: These include typed names, scanned signature images, or checkbox acceptances. They are technically permissible in many low-stakes contracts but offer little protection against repudiation. Anyone can claim they didn't actually click or type.
OTP-Based Verification: Some platforms send an OTP to the signer's registered number to confirm intent. This adds a layer of identity linkage but doesn't involve a proper digital certificate, so the evidence trail is limited.
Aadhaar Based eSign: This is the highest standard available for consumer-facing document signing at scale in India. It uses Aadhaar authentication (OTP or biometric) to trigger the issuance of a digital certificate by a licensed Certifying Authority. The certificate is cryptographically bound to the document, creating a tamper-evident, legally robust record.
What Makes Aadhaar eSign Technically Distinct
The critical technical difference lies in the certificate. When a document is signed via Aadhaar based eSign, a public-key infrastructure (PKI) certificate is generated in real time. This certificate contains a cryptographic hash of the document — meaning any subsequent alteration to the document, even a single character change, will invalidate the signature.
Contrast this with a scanned image of a signature, which can be copied and pasted onto any document without any technical mechanism to detect the fraud.
Legal Admissibility
The Second Schedule of the IT Act explicitly recognises Aadhaar Authentication as a valid method for electronic signatures. This means Aadhaar-signed documents carry a presumption of validity in Indian courts that generic e-signatures do not.
For sectors with regulatory signing requirements — such as SEBI-regulated brokers who must collect KYC signatures, or IRDAI-regulated insurers who need policyholder authorisations — this legal standing isn't optional. It's a compliance requirement.
The Identity Assurance Difference
Aadhaar eSign links the act of signing directly to a biometrically enrolled identity. When someone signs using Aadhaar OTP, UIDAI has confirmed that the OTP was sent to the mobile number registered against that specific Aadhaar number. The signer cannot later credibly claim ignorance or impersonation without challenging UIDAI's own records.
This level of identity assurance is why platforms like Meon — which provides Aadhaar eSign API and web portal access to financial institutions — have seen significant adoption in sectors where dispute risk is high.
Practical Limitations
Aadhaar based eSign does have constraints. It requires that the signer have a valid Aadhaar with a linked and active mobile number. For cross-border signers or individuals who haven't updated their Aadhaar-linked mobile number, the method isn't available.
For these edge cases, businesses sometimes fall back to DSC (Digital Signature Certificate) tokens or accept simple electronic signatures for lower-risk documents. A robust eSign solution should ideally support a fallback hierarchy.
Conclusion
Aadhaar based eSign occupies a legally and technically superior position compared to most alternatives available for mass-market document signing in India. Its combination of Aadhaar identity assurance, PKI-based tamper detection, and IT Act recognition makes it the appropriate choice for any document where fraud risk, regulatory compliance, or dispute probability is non-trivial. Understanding this distinction helps businesses choose the right signing method for each document type rather than applying a one-size-fits-all approach.
Sign in to leave a comment.