How eSign Transformed Digital Signatures at a Population Scale in India

On 1 July 2015, the Prime Minister of India launched several initiatives under Digital India. Among them were eSign and Digital Locker - two Aadhaar-based trust services that I had the opportunity to conceive and drive. Of the two, eSign came first, because I believed that without a simple, low-cost way to digitally sign documents, the promise of paperless governance would remain incomplete.

Why digital signatures were not working

At the time, the legal and technical framework for digital signatures already existed. The Information Technology Act, 2000, clearly recognised digital signatures and provided them legal sanctity. Yet, despite this, their adoption in India was minimal.

The reason was not a lack of law, but a lack of usability.

The highest level of assurance, Class 3 Digital Signature Certificates, required physical identity verification, followed by issuance of a hardware cryptographic token in the form of a USB dongle. The user could sign documents only by physically possessing this dongle and entering a PIN. The cost was around ₹1,500 for a certificate valid for two years.

In practice, most citizens needed a digital signature very occasionally, perhaps once a year to file income tax returns. The economics simply did not work. As a result, digital signatures remained confined to a small group of users, mostly government officials and professionals. Across a country of over a billion people, there were barely about 10 million such certificates in circulation.

To me, this was a classic case of infrastructure designed for scarcity, operating in an era that demanded scale.

Rethinking the problem

When Aadhaar reached scale, it fundamentally changed how I looked at this problem. Aadhaar introduced online, real-time, paperless identity verification through eKYC, backed by cryptographic assurance and legal validity.

I asked a simple question: If identity verification is the hardest and costliest part of issuing a digital signature, and Aadhaar can now do that instantly and electronically, why are we still issuing digital signatures through physical dongles?

The traditional process had two steps:

1. Verify the identity of the applicant
2. Issue a digital signature certificate stored in hardware

Aadhaar solved the first problem decisively. The second, I felt, was no longer necessary.

The Core Idea

The idea I proposed was straightforward but disruptive: Digital signatures should be available on demand, in real time, without requiring citizens to own or manage cryptographic hardware.

Using Aadhaar authentication—either biometrics or OTP—UIDAI could issue a digitally signed eKYC. This eKYC could serve as the trigger for issuing a one-time digital signature certificate, valid only for that specific transaction.

In this model, a fresh cryptographic key pair is generated online each time a document is signed. The document hash is encrypted using the private key, and the corresponding public key is certified for that transaction alone. Every signing event is independent, secure, and non-reusable.

This approach not only simplified the user experience, but also resulted in stronger key management than long-lived certificates stored on physical devices.

Addressing Regulatory Concerns

The biggest hurdle was not technology; it was the interpretation of the rules.

The existing Certifying Authorities Rules required that the subscriber retain “control” over the digital signature certificate. Historically, this had been interpreted as physical control over the USB dongle.

I took the position that control does not mean physical possession. True control means that no one can use the signature without the explicit consent of the individual. Aadhaar-based authentication—tied to biometrics or OTP- provides far stronger control than a hardware token that can be handed over, shared, or misused.

This was a judgment call, and it required conviction.

We documented the design, examined the legal framework carefully, and introduced appropriate modifications to the rules to enable this new category of digital signatures. This service came to be known as eSign—digital signatures on demand.

Creating the Ecosystem

Under this framework, Certifying Authorities could now operate in two modes:

Traditional issuance of long-term DSCs using physical tokens

Real-time issuance of transaction-specific digital signatures after Aadhaar authentication

Over time, a healthy ecosystem emerged. Today, multiple licensed Certifying Authorities—including eMudhra, C-DAC, NSDL, Verasys, CSC, and CDSL Ventures—provide eSign services at national scale.

What Changed on the Ground

The real test of any digital public infrastructure is whether it simplifies life for citizens.

Take income tax filing. Earlier, even after filing returns online, citizens had to print, sign, and physically mail documents to Bengaluru. With eSign, the entire process became electronic. Aadhaar authentication triggers the digital signing of the return in real time, and submission is completed instantly—without paper, postage, or delay.

The cost of a single eSign transaction is typically between ₹5 and ₹15. Compare this with ₹1,500 for a USB-based certificate. The shift from upfront capital cost to pay-per-use transformed adoption.

Why eSign matters

eSign did more than reduce cost or improve convenience. It democratised trust.

For the first time, any citizen with Aadhaar could digitally sign documents anytime, anywhere, without specialised hardware or technical knowledge. Digital signatures moved from being a niche, professional tool to a mass, inclusive capability. Number of eSign transactions are no more in millions but in billions!

In my view, eSign is a foundational layer of India’s digital public infrastructure—quietly enabling paperless governance, frictionless services, and legally valid digital transactions at population scale.

Stay tuned for more such updates on Digital Health News