Digital signatures forged. A company taken over in secret.

Digital signatures obtained with forged documents. A company taken over in secret. The Bombay High Court called it — "a most alarming state of affairs." The case of DDPL Global Infrastructure Pvt Ltd v. Alok Mishra was not about a technical glitch or a routine corporate dispute. It was about a company's control being snatched away through the quiet, invisible misuse of a technology meant to guarantee trust. The stakes were existential: if a digital signature could be weaponised this easily, what faith could any business—or any court—place in it?

The forged signatures that moved a company

DDPL Global Infrastructure Pvt Ltd did not lose control in a boardroom vote. It did not fall to a hostile takeover bid. The company's management was changed without a single shareholder meeting. The mechanism was submission of forged documents to a Certifying Authority. The Certifying Authority issued digital signature certificates. Those certificates were used to execute the takeover. By the time the company's directors discovered what had happened, the new management was already in place.

The company went to the Bombay High Court. On one side: DDPL Global Infrastructure, arguing the signatures were born from fraud. On the other: Alok Mishra, who defended the takeover by pointing at the certificates. The certificates existed. They appeared valid. The court had to decide one question: when a digital signature certificate exists, does the law simply accept it as genuine, or must the court look behind the certificate at how it was obtained?

The presumption that almost ended the case

Section 85C of the Indian Evidence Act creates a powerful presumption. It says: "The Court shall presume, unless contrary is proved, that the information listed in a Electronic Signature Certificate is correct." The party who relied on the signatures invoked this provision. The argument was simple. The certificate says the signature belongs to a particular person. The court must accept it. The burden of proving otherwise is heavy.

But the challenging party did not attack the certificate's contents. They attacked the process. They argued that the foundational requirement of a secure key creation and proper subscriber identity verification had been fatally compromised. The signatures were issued based on forged documents. The Certifying Authority had not followed the mandated standards. The presumption, they said, could not protect a signature born out of fraud.

When the court looked behind the certificate

The Bombay High Court did not stop at the certificate. It examined the evidence of how the signatures were obtained. What it found disturbed it deeply. The court observed that digital signatures appeared to be issued "willy-nilly without sufficient checks and balances and without proper verification or adherence to standard KYC norms." The Certifying Authority had failed in its most basic duty. The signatures were not the product of a secure system. They were the product of a broken one.

The court called it "a most alarming state of affairs." It recognised that such failings "throws into doubt the viability of using digital signature at any level that demands security, from companies to courts." This was not a minor procedural lapse. It was a systemic failure that struck at the heart of the technology's reliability. If a digital signature could be issued without proper verification, then every transaction relying on that signature was built on sand.

The judicial focus shifted. The court was no longer concerned with whether the certificate looked valid. It was concerned with whether the issuance process was valid. The court concluded that whenever an electronic signature certificate is challenged, "not only its contents but also documents submitted for its procurement would be of great relevance." This was the turning point. The presumption under Section 85C was not absolute. It could be rebutted—and rebutted decisively—when evidence showed that the integrity of the issuance process had been compromised.

The warning for every business that uses digital signatures

For any advocate or founder who relies on digital signatures—and that is virtually everyone in modern business—this judgment is a warning and a shield. The warning is that a digital signature is only as strong as the process that created it. If the Certifying Authority cut corners, the signature may be worthless. The shield is that you are not helpless. You can challenge a signature by attacking the issuance process, not just the certificate. You can demand to see the documents submitted to obtain the signature. You can argue that the presumption under Section 85C is rebutted when the regulatory framework was ignored.

THE PLAY: When challenging a digital signature, do not stop at the certificate—demand the KYC documents and issuance records from the Certifying Authority to expose whether the signature was procured through fraud.