logo
English

Digital Signature Certificate (DSC)

DSC is an electronic signature facility enabled for ease of on-boarding of FPI clients

  • Home
  • Digital Signature Certificate (DSC)

FPIs are permitted to use digital signatures for the purpose of execution of CAF and other registration related documents, provided such digital signatures are in accordance with the provisions of the Information Technology Act, 2000.

Operational modalities to implement the same have been worked out by industry stakeholders in India as explained below.

Steps to follow for DSC Procurement:

  1. Log in to the NSDL FPI Portal.Click Here
  2. Click on New Application for FPI Registration or open an existing draft application.
  3. After entering all the required details in the FPI application, navigate to the ‘Declaration & Undertaking’ tab for DSC procurement.
  4. Enter the Name and Designation of the authorized DSC signatory(ies).
  5. Select ‘Apply for DSC (Digital Signature Certificate approved by CCA)’ and
    1. Choose ‘Yes’ and
    2. Click on ‘DSC Enrollment’
  6. After clicking ‘DSC Enrollment’, the DSC Application Form open.
  7. Fill in all mandatory details and upload the required documents based on the type of DSC being procured i.e.,
    1. Individual (Self), or
    2. Organization (on behalf of the organization).
  8. After completing the form, click on ‘Submit’.
  9. A confirmation message will appear with a Video KYC link, and an email will be sent to the authorized signatory for which the DSC Application is being submitted.
  10. For completing the application process, the authorized signatory(ies) must:
    1. Open the link received via email from eMudhra.
    2. You will be redirected to the eMudhra portal.
    3. On the login/registration screen, select the User Type:
      - Individual, or
      - Organization
    4. Select the Resident Type:
      - Indian, or
      - Foreign
    5. Enter your registered Email ID for OTP Verification
    6. Click on Generate OTP.
    7. Enter the OTP received on your registered email ID to proceed.
    8. Complete the Video KYC (Know Your Customer) process as per on-screen instructions.
    9. Verify your mobile number by entering the OTP received on your registered mobile number.
    10. Set up your secure PIN as prompted by the system.
    11. Complete the enrolment process
  11. Once enrolment is successfully completed, the DSC is approved

Disclaimer: Response to the queries is in the nature of providing basic guidance and any explanation/clarification provided herein should neither be regarded as an interpretation of law nor be treated as a binding opinion/decision of the Securities and Exchange Board of India (SEBI). Different facts or conditions may entail different interpretations. For full particulars of laws governing FPIs, please refer to actual text of the Acts/Regulations/Circulars appearing under the legal framework section on the SEBI website. Further digital signatures are legally valid in India when they are created using a Digital Signature Certificate (DSC) issued by a licensed Certifying Authority under the Controller of Certifying Authorities (CCA), India Root, as defined under the Information Technology Act, 2000.

FPIs may use digital signatures for purposes including execution of CAF and other registration, account opening & KYC related documents, provided such digital signatures are in accordance with the provisions of the Information Technology Act, 2000.

1. What is a Digital Signature Certificate?
A Digital Signature Certificate (DSC) is an electronic credential that proves the identity of a person or organization in the digital world. It is issued by a licensed Certifying Authority (CA) under the Controller of Certifying Authorities (CCA), India Root. A DSC allows the holder to sign documents electronically with the same legal validity as a handwritten signature under the Information Technology Act, 2000. It ensures three key things: authenticity (confirming who signed the document), integrity (the document has not been altered after signing), and non-repudiation (the signer cannot deny signing the document later).

2. Are digital signatures legally valid?
Yes, digital signatures are legally valid in India when they are created using a DSC issued by a licensed CA under the CCA, India Root, as defined under the Information Technology Act, 2000. Such digital signatures have the same legal status as handwritten (wet ink) signatures for most regulatory, contractual, and official purposes.

3. Who all can issue a Digital Signature in India? Is this architecture approved by the Government of India (GOI)?
DSCs in India are governed under the Information Technology Act, 2000, making them legally valid and equivalent to handwritten signatures.

  • Ministry of Electronics and Information Technology (MeitY) – Provides overall policy oversight for electronic governance and digital trust in India.
  • Controller of Certifying Authorities (CCA) - A statutory authority under MeitY responsible for licensing, regulating, and auditing Certifying Authorities (CAs).
Only CA licensed by the CCA are permitted to issue DSCs in India. The CCA itself does not issue DSCs to end users; it regulates and supervises the licensed CAs. India has currently 24 CCA-licensed CA. The official and updated list of CAs issue Class 3 DSCs to public are available at https://cca.gov.in/CAServicesPublic.html
The list and number of licensed CAs are notified and updated by the CCA from time to time on its official website. The current list of CAs that issue Class 3 DSCs and their websites include: Please note that out of the above, only eMudhra, vSign and Capricorn provide eSign service based on CA KYC.

Digital Signatures in India operate on a statutory Public Key Infrastructure (PKI) framework under the IT Act, 2000, with centralized licensing, supervision, and audits by the CCA based on global technical standards.

Each DSC is issued with a unique cryptographic key pair per user, making every signature verifiable and non-repudiable. For DSC-based digital signatures, private keys are generated and stored in FIPS-validated cryptographic tokens under the control of the subscriber; HSM-based key storage applies to CCA approved eSign services.

This combination of legal, regulatory oversight, and security ensures high trust, legal certainty, and interoperability for digital signatures across government, private sector use cases

4. What are the various Types/Classes of DSCs that can be obtained in India?
In India, legally recognised digital signatures can be created using options: Class 3 DSCs or the eSign service.

A Class 3 DSC is a digital signature certificate issued with a long-term, user-specific cryptographic key pair, securely stored in a FIPS-validated USB token under the user’s control, ensuring signatures are verifiable and non-repudiable.

eSign creates legally valid digital signatures on demand, where user authentication is done electronically and the signing keys are securely generated in CCA approved FIPS-validated HSMs.

Both Class 3 DSC and eSign are issued after verifying the user’s identity. They can be used by individuals, by individuals signing on behalf of organizations (for example, contracts or onboarding documents), or by organizations for bulk signing of documents (for example, invoices).

5. What Type/Class of DSC will have to be procured, and which one will be acceptable to Indian Regulators viz., SEBI, RBI, Income Tax etc.?
A Class 3 DSC or eSign is required and accepted by SEBI, RBI, Income Tax, MCA, and other Indian regulators.

DSCs have been widely used in India since the mid-2000s for signing and authenticating documents in business-to-government activities such as company administration, tax filing (Income Tax and GST), eTendering/eProcurement, customs, and foreign trade.

Many of these use cases require foreign citizens to complete KYC to obtain and use DSCs in India. DSCs are already commonly used in trade and services involving foreign entities for signing contracts and other official documents.

6. What documents are required to acquire a DSC?
To apply for a Class 3 DSC or use eSign in India, FPI or its Authorised Signatory(ies) must submit/upload:
  • Proof of Identity
  • Proof of Address
  • Recent passport-style photograph
List of accepted documents - Foreign Individual
  • Proof of Identity – Passport/OCI Passport OR Local Govt issued ID proof OR PAN
  • Proof of Address - Passport/OCI Passport OR Local Govt issued proof with address OR Bank Details having address OR Utility Bills in the name of applicant issued within three months OR Document issued from Embassy with residential address.
List of accepted documents - Foreign Organization
  • Proof of Individual Identity - Passport/OCI Passport OR Local Govt issued ID proof OR PAN
  • Proof of Organization Identity, Existence and Address – Organization ID/ Certificate of Incorporation etc.
  • Board Resolution or Letter of Authority for the authorized signatory to obtain digital signature

7. What certification is applicable to the list of documents and do these need to be submitted in hard copies?
All documents to be submitted are scanned copies of the original and the original must be shown as part of the video recording.

8. How to acquire a DSC?
The facility to acquire DSC has been developed on the FPI Portal of National Securities Depository Limited (NSDL).

Steps to follow for applying DSC is given below:

  1. Log in to the NSDL FPI Portal at Link: https://fpi.nsdl.com/.
  2. Click on New Application for FPI Registration or open an existing draft application.
  3. After entering all the required details in the FPI application, navigate to the ‘Declaration & Undertaking’ tab for DSC procurement.
  4. Enter the Name and Designation of the authorized DSC signatory(ies).
  5. Select ‘Apply for DSC ’ and
    1. Choose ‘Yes’ and
    2. Click on ‘DSC Enrolment’.
  6. After clicking ‘DSC Enrolment’, the DSC Application Form open.
  7. Fill in all mandatory details and upload the required documents based on the type of DSC being procured i.e.,
    1. Individual (Self), or
    2. Organization (on behalf of the organization).
  8. After completing the form, click on ‘Submit’.
  9. A confirmation message will appear with a Video KYC link, and an email will be sent to the authorized signatory for which the DSC Application is being submitted.
  10. For completing the application process, the authorized signatory(ies) must:
    1. Open the link received via email from eMudhra.
    2. You will be redirected to the eMudhra portal.
    3. On the login/registration screen, select the User Type:
      1. Individual, or
      2. Organization
    4. Select the Resident Type:
      1. Indian, or
      2. Foreign
    5. Enter your registered Email ID for OTP Verification
    6. Click on Generate OTP.
    7. Enter the OTP received on your registered email ID to proceed.
    8. Complete the Video KYC (Know Your Customer) process as per on-screen instructions.
    9. Verify your mobile number by entering the OTP received on your registered mobile number.
    10. Set up your secure PIN as prompted by the system.
    11. Complete the enrolment process
  11. Once enrolment is successfully completed, the DSC is approved.
Alternatively, a DSC acquired directly from a licensed CA may also be used by FPIs.

9. What will be the process to procure DSC for Authorised Signatories of Foreign Investors/FPIs?
  • Upload Proof of Individual Identity - Passport/OCI Passport OR Local Govt issued ID proof OR PAN
  • Upload Proof of Organization Identity, Existence and Address – Organization ID/ Certificate of Incorporation etc.
  • Board Resolution or Letter of Authority for the authorized signatory to obtain digital signature
  • Setup User Credentials
  • Complete a one-way video recording by displaying the documents uploaded.

10. Should the video recording for eKYC account opening be performed by the same authorized person who will be e-signing, or can another person perform the recording?
The video recording must be performed by the same authorized person who will be e-signing, as it verifies both identity and intent.

11. Once necessary documentations are uploaded on portal to procure DSC, how does one get a confirmation that KYC is completed for DSC?
After document verification, the CA emails “KYC complete / DSC issued” to the applicant’s registered email. This can also be verified by Status Tracking pages given by CAs

12. Will a hardware crypto token be issued in case of subscription or the entire mechanism be APP / Web Portal based?
Both options are available. A DSC can be issued on a hardware token, or, once KYC is complete, the eSign service provided by a licensed CA can be used to sign documents electronically on the fly. For foreign investors, using eSign is recommended for convenience.

13. What will be cost associated for obtaining new DSC for a Foreign Individual and Organisational DSC?
The cost of obtaining a DSC is as prescribed by the respective CA and may vary based on the validity period and whether the DSC is obtained in capacity of an Individual or on behalf of Organization. The DSC will be approved upon payment of the applicable fee to the CA.
It is around USD 100 but depends on validity and whether it’s Individual or Organization. Digital signature will be approved post payment of the requisite fee.

14. What is the method of payment?
  1. Online payment gateways (credit/debit cards, net banking, UPI) at the time of purchase/renewal,
  2. In some cases, through corporate billing arrangements if bulk accounts are procured.

15. How to get confirmation of payment for DSC?
CAs send email/SMS confirmations on fund receipt. You may also view transaction status in the CA portal or request a payment reference from support.

16. Do Indian DSC Providers have any tie-ups with Global DSC providers such as DocuSign recognised in their respective Home Jurisdiction and whether such tie-ups can be extended to existing or new DSC holders of such Global DSC providers?
In India, DSCs can be issued only by CAs licensed by the CCA under the IT Act, 2000. Global providers such as DocuSign operate under trust frameworks and laws applicable in their home jurisdictions (e.g., US) and are not licensed Indian CAs. As a result, Indian DSC Service Providers cannot rely on or extend Indian legal validity to certificates issued by global providers, nor can existing certificate holders of global providers automatically use those certificates for India-specific regulatory or statutory use cases.

17. Are e-signing applications like DocuSign, Adobe Sign etc. also acceptable, if not, then why?
E-signing applications such as DocuSign and Adobe Sign are not automatically acceptable in India unless they are integrated with a DSC or eSign service issued by a CCA-licensed CA under the IT Act, 2000. Indian regulators, including SEBI, require digital signatures to be created within the statutory framework of the IT Act using Indian DSCs or eSign services. Platforms operating solely under international or foreign trust frameworks, without integration with a CCA-licensed CA, do not meet this requirement.

18. How much time does it take to obtain DSC in India?
The process of obtaining a DSC is an online process which can be done in around 30 minutes subject to keeping the documents ready prior to starting the application process and payment of applicable fees

19. For any concern/issue regarding issuance of DSC, to which authority such concern can be raised by the Foreign Investor?
For any concern or issue regarding the issuance of a DSC, a foreign investor should primarily contact the issuing CA. If the issue is not resolved, or for general concerns related to DSCs, the matter can be raised with the CCA, Ministry of Electronics & Information Technology, India, at email: info@cca.gov.in
To contact the issuing CA, you may reach out at
eMudhra
• Email ID: enterprise.support@emudhra.com
• Contact No.: +91 080 46156966

20. How to renew DSC?
  1. Open the CA portal using the Link: https://emudhradigital.com/Login.jsp
  2. Log in by selecting ‘Login as Existing User’.
  3. Enter the following login details:
    1. Username
    2. PIN
    3. Registered Mobile Number
  4. Click on Generate OTP.
  5. Enter the OTP received on your email address and complete the login process.
  6. After successful login, go to the Dashboard.
  7. Click on the ‘Active Application’ tab.
  8. Under the KYC Accounts section:
    1. Click on the kebab menu (three dots - ⋮) under the Action column.
  9. Select ‘Renew KYC’.
  10. Follow the on-screen instructions to complete the DSC renewal process.
The facility to renew DSC is being developed.

21. What is the fee for renewal of DSC?
A renewal of DSC is treated as a new application and the same fee (as that of purchasing a new DSC) applies

22. Will the CA reach out to remind renewal and fee payment?
Yes. CAs send automated email/SMS reminders at 30, 15, and 7 days pre-expiry. All payments are made via an online payment gateway with exceptions made for accepting wire transfers for organizational certificates.

23. Can the renewal cycle of the digital certificate match the renewal cycle of the FPI registration?
Yes. You may request a DSC validity of up to 3 years, aligning with the SEBI FPI-registration renewal cycle. But a KYC for DSC must be done every 2 years.

24. If there are no changes in KYC, can DSC be renewed with just declarations or fresh KYC to be done for procuring DSC?
A renewal process for a DSC requires a fresh KYC to be done (every 2 years). The KYC process itself is an online and digital process and is typically done in less than 30 minutes.

25. Will the organization’s KYC be enough to procure the DSC for multiple individuals or each individual needs to provide KYC individually?
For organization cases, an authorized signatory must first do the KYC to establish that they can sign documents. Further, other applicants of DSC need not reproduce the organization KYC documents but must do an Individual KYC which is then approved by the authorized signatory already on boarded.

26. Can eKYC be completed at the umbrella level for multiple FPIs, or must each individual FPI complete the process separately?
Each FPI must complete eKYC separately; umbrella-level eKYC is not allowed because each FPI is a distinct legal entity. However, where the FPI is in the nature of a sub-fund / segregated portfolio /MIM/ insurance scheme /similar structure, the eKYC done at the legal entity level would suffice for the FPIs.

27. If an FPI has multiple authorized persons, should each person obtain a separate eKYC account to enable e-signing?
Yes, if each authorized person intends to sign, then they must complete separate eKYC and obtain an individual DSC to enable e-signing.

28. How many individuals from an Organization can sign up for the service? Can an authorized signatory for an organization sign on behalf of multiple legal entities using an eKYC account for the individual rather than obtaining "Organization" level eKYC for each individual entity?
There is no regulatory cap on how many individuals from an organization can sign up for a DSC. Each authorized signatory must obtain their own DSC tied to their identity. A separate DSC must be issued for each legal entity. Individual DSCs only bind the individual and not the individual in the capacity of an organization.

29. Whether all the directors and signatories of FPI required to have DSC? If a new FPI account is opened under an existing legal entity, does the signer need a new digital certificate for the new FPI or is the digital certificate at the Legal entity level?
A person authorised by FPI to sign on its behalf to execute the CAF, and other registration, account opening & KYC related documents, shall have to obtain DSC. However, it is clarified that when the FPI is not in the nature of a legal entity, i.e. where the FPI is a sub-fund / segregated portfolio/MIM/ insurance scheme /similar structure, the legal entity remains the same. In such cases, the existing digital signature capturing the individual and legal entity details may be used for digitally signing FPI related documents for such sub-funds / segregated portfolios/ MIM/ insurance scheme/ similar structure under such legal entity.

Further, where an FPI wishes to execute the documents pertaining to multiple registrations (proprietary, on behalf of client, ODI, MIM) considering that the legal entity is the same, separate digital signatures would not be required for such multiple FPI registrations and associated documents.

30. In the event of cessation of service, how can an organization restrict the individual from using the individual DSC to be used for its applications?
Send a revocation request for the individual’s DSC via the CA [Updates for CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol)].

31. Is mobile number validation mandatory for KYC verification while obtaining DSC. Can the OTP be sent directly to the email address of the signatories?
Mobile number validation is mandatory as part of the KYC verification process and it’s a one-time activity at the time of obtaining DSC. Thus, Email OTP cannot be used as an alternative. However, signing of documents can be done through OTP’s sent to the email address of FPIs instead of mobile OTPs.

32. Once a DSC has been procured, does the applicant have an option of using the wet ink signatures?
Yes. You may fall back to wet-ink signatures based on counter-party acceptance.

33. How to verify different classes of certificate by a verifier of documents?
Open the signed PDF → View signature properties → Confirm the issuing CA, certificate class (visible in the certificate details), validity, and revocation status.

34. How to ensure data protection of KYC of those who procure different classes of certificate?
In India, the DSC ecosystem is a well-regulated framework. The CCA under the MeitY, GOI is the regulatory authority. Indian CAs are required to keep all data obtained from applicants confidential (Rule 33, Information Technology (Certifying Authorities) Rules, 2000) and follow the audit and operational guidelines issued by the CCA. The guidelines for Information Security, Audit Criteria, etc., are available at https://cca.gov.in/guidelines.html and mirror global standards (WebTrust, CA/Browser Forum) for running CAs or Trust Service Providers.

All KYC uploads are TLS-encrypted in transit and stored with encryption at rest, with strict access controls. CAs are also mandated to comply with the Digital Personal Data Protection (DPDP) Act, 2023.

CAs are required to retain DSC issuance-related information for 7 years after the expiry of the DSC. Subscriber information may be disclosed only under law or a court order. If any confidential subscriber information needs to be taken out of the country, prior permission of the CCA is required.

35. Most of organisations block firewall of non-trusted websites, in view of the same what are standard firewall instruction to be followed to enable DSC providers?
For token-based DSCs, certain port access may be required on end points to allow signing. These tokens are widely used today for income tax filings, eTender submissions, and other official purposes.
For eSign-based digital signatures, the signing process works over standard HTTPS endpoints, which does not require any additional firewall configuration.

36. Can we download DSC via app store (Google or Apple)?
DSCs are required to be mandatorily downloaded via a FIPS 140-2 Level 2 standards compliant device. As an alternative, eSign-based signing, which does not require downloading a DSC, may be used.

37. What is the validity period of the eSign feature?
  1. The eSign certificate is generated for a single authenticated signing session and is valid for approximately 30 minutes from the time of successful user authentication. Within this session, the eSign certificate may be used to sign up to 5 documents. On expiry of the session, the session ends and the cryptographic keys used for signing are destroyed.
  2. The digital signatures affixed to the documents remain legally valid permanently under the IT Act, 2000.
  3. The underlying eKYC account remains valid for up to 2 years, as per the issuing CA’s policy.


38. Can an e-signature be used once for all documents in an application, or must the signatory repeat the e-signing process for each document?
An eSigning process can be used to sign 5 documents in a single envelope.

39. How do the Certifying Authorities protect FPI data?
Licensed CAs in India operate under the regulatory overview of the CCA in accordance with the Information Technology Act, 2000, the Information Technology (Certifying Authorities) Rules, 2000, and the guidelines issued by the CCA. The regulatory framework prescribes the manner in which applicant and subscriber information, including FPI data, is to be collected, processed, stored, and protected.

CAs obtain and process only those details that are required for the issuance and lifecycle management of DSCs, in line with the applicable legal and regulatory requirements. Applicant data is used strictly for certificate issuance–related purposes and not for any unrelated activity.

CAs protect such data through technical and operational controls such as encryption of data during transmission and at rest, secure system configurations, role-based access controls, audit logging, and physical and logical security safeguards as defined in their approved Certification Practice Statements.

Indian CAs are required to keep all data obtained from applicants confidential in accordance with Rule 33 of the Information Technology (Certifying Authorities) Rules, 2000. Disclosure of subscriber information is permitted only when required under law or pursuant to a lawful order.

In eSign or DSC-based signing processes, the CA systems perform cryptographic operations only on the hash of the document after user authentication and do not access or view the actual content of the document hosted on the application platform.

Compliance with these requirements is periodically verified through audits conducted by CCA-approved independent auditors, and any breach or non-compliance may attract regulatory action, including suspension or cancellation of licence, penalties, and legal liability.

40. Does the signer always has to use the same PC to sign?
The signer may not always use the same PC. The IP address is recorded as part of the audit trail for security and traceability, helping to verify the location and integrity of the session. The signer can use different devices or locations, but each session's IP address will be logged to maintain compliance with regulatory requirements under the CCA, India.

41. Can the document be signed jointly by the signatories?
Yes, digital signatures of more than one signatory can be affixed on a document.
This is typically facilitated by workflow platform (such as NSDL) where multiple parties to the document may be allowed to sign in sequence or in parallel

42. Is it mandatory to sign documents using a digital signature?
No, the use of digital signature is optional, and clients can continue to execute documents via by affixing wet ink signature.

43. Can the DSC availed from NSDL Portal be used for signing subsequent documents post the account opening? If yes, what will be the process?
Yes, this is also typically facilitated by workflow platforms (such as NSDL) or through direct integration of CA’s APIs with existing workflow platforms where such documents may be processed.

44. Can FPIs use digital signature for signing other document apart from execution of CAF and other registration related documents
Yes, FPIs will be able to use a valid digital signature for signing of other documents like intimation of material changes, renewal/surrender documents, tax documents, etc.

45. Is DSC mandatory for all the Authorised signatories for digital execution of CAF? Can one of the two Authorised signatories opt to sign the CAF with DSC, while the remaining choose to sign in wet-ink physically?
CAF is to be digitally signed by same number of Authorised signatories who would be required to sign the physical CAF. If a transaction for digital execution intends to use digital signatures, all parties must sign digitally so as to maintain document integrity

46. Do I need to sign on every page of the document?
No. Each document needs to be e-signed only once.