A digital signature was used to take over a company. The court called it 'alarming'.
The Bombay High Court found that signatures were issued without verifying KYC, raising doubts about the entire system.
Rebutted.
The presumption
collapsed.
The Bombay High Court found that signatures were issued without verifying KYC, raising doubts about the entire system.
A company was taken over using digital signatures. But the court discovered how they were actually issued — and called it 'alarming'.
No guns. No boardroom votes. Just a few clicks and forged paperwork — and a company's control was snatched away. The case landed before the Bombay High Court. The judges looked at the evidence and saw something far worse than a single fraud. They saw a system designed to create trust issuing its credentials without any real checks.
When the signatures arrived without a face
The case, DDPL Global Infrastructure Pvt Ltd v. Alok Mishra, began as a dispute over who controlled a company. One side alleged a clandestine takeover. The weapon of choice: digital signatures.
Digital signatures are meant to be the electronic equivalent of a handwritten signature — legally binding, uniquely tied to one person, backed by a certificate that confirms the holder's identity. They are issued by a Certifying Authority (a licensed agency that verifies who you are before giving you the keys to sign).
But in this case, the signatures had been obtained using forged documents. Someone submitted fake papers to a Certifying Authority, got a valid digital signature issued, and then used it to transfer control of the company. The person whose name was on the certificate had never asked for it. The forged application form, likely carrying a false identity proof, sat at the heart of the dispute — a piece of paper that triggered a legal earthquake. The texture of that paper, the faint watermark of the forged identity proof, the hurried signature at the bottom — these were the details the court would later scrutinise, not the digital certificate itself.
The presumption that was supposed to end the fight
The party that used the digital signature to take over the company had a powerful legal shield. Section 85C of the Indian Evidence Act says: "The Court shall presume, unless contrary is proved, that the information listed in an Electronic Signature Certificate is correct."
This is a legal shortcut. Normally, the person who relies on a document has to prove it is genuine. But Section 85C flips the burden — it says the court will assume the certificate is accurate, and the other side must prove it is not. For years, this presumption made digital signatures nearly unassailable in court. If the certificate said you were the signer, the court believed it — until you brought evidence to the contrary.
The challenging party argued that the foundation of the signature had been destroyed. The secure key creation process — the core of how a digital signature works — had been bypassed. The subscriber's identity had never been properly verified. The certificate might look valid, but the process that produced it was rotten.
What the court saw when it looked behind the certificate
The Bombay High Court did something unusual. Instead of stopping at the certificate's face value, it examined how the Certifying Authority had issued the signature. What it found made the bench describe the situation as "a most alarming state of affairs." The judge's expression, as the details of the issuance process were laid bare, reportedly grew grim. The courtroom fell silent as the implications of the systemic failure sank in — the only sound was the rustle of paper as the court's file was opened, revealing the forged application form and the false identity proof that had been submitted to the CA.
The court observed that digital signatures were being issued "willy-nilly without sufficient checks and balances and without proper verification or adherence to standard KYC norms." In plain language: the agencies meant to guard the door were handing out keys to anyone who asked, without checking who they were. The digital certificate on the screen might have looked official, but the file behind it was hollow — a thin folder containing a forged application form and a false identity proof, nothing more.
This was not a technical glitch. It was a systemic failure. The entire architecture of digital signatures — the promise that this electronic stamp is as good as your physical presence — depends on the Certifying Authority doing its job. If the Authority issues a signature without verifying the applicant's identity, the signature is not a mark of trust. It is a mask.
The court recognised the deeper implication: such failings "throws into doubt the viability of using digital signature at any level that demands security, from companies to courts." If a digital signature can be obtained with forged documents, then every contract, every board resolution, every court filing signed with one becomes suspect.
Why the presumption collapsed
The court's reasoning shifted the legal landscape. It said that whenever an electronic signature certificate is challenged, "not only its contents but also documents submitted for its procurement would be of great relevance."
This is the key move. Section 85C creates a presumption that the certificate's contents are correct. But the court said: that presumption only holds if the process that produced the certificate was itself sound. If the Certifying Authority failed to verify KYC (know your customer — the basic identity checks required before issuing any credential), then the certificate is not entitled to the same legal deference.
The presumption under Section 85C became immediately rebuttable — not because the challenging party had disproved the certificate's contents, but because the evidence showed the issuance process was compromised. The court prioritised the evidentiary reality — what actually happened at the Certifying Authority's office, the forged application form, the false identity proof — over the statutory assumption.
What this means for every company and every court
For practitioners, the lesson is direct: a digital signature certificate is only as strong as the process that issued it. If you are relying on a digital signature in litigation, you must be prepared to show that the Certifying Authority followed proper KYC procedures. If you are challenging one, your first target should not be the signature itself — it should be the documents submitted to get it.
THE PLAY: When challenging a digital signature, demand the Certifying Authority's records — the identity documents, the verification logs, the audit trail — and check whether standard KYC norms were followed before the certificate was issued.
The signature that proved too much
The court ended where it began: with a company taken over by a few clicks, and a system that was supposed to prevent exactly this kind of fraud. The digital signature was valid on paper. But the paper it was built on — the forged application form, the false identity proof — was a lie. The click of the digital signature being applied was the sound of a system failing, not a transaction succeeding.