top of page

Information Technology Act 2000 Section 28

IT Act Section 28 empowers the Controller to investigate and examine digital signature certificates and related matters.

Section 28 of the Information Technology Act, 2000, deals with the powers of the Controller to investigate matters related to digital signature certificates. It authorizes the Controller to examine and verify the issuance, suspension, or revocation of digital signatures to ensure compliance with the law. This section is vital in maintaining trust in electronic transactions and digital authentication.

In today’s digital world, where electronic signatures facilitate secure online dealings, Section 28 safeguards the integrity of the digital signature framework. It impacts users, businesses, and law enforcement by providing a mechanism to address irregularities and enforce accountability in digital signature management.

Information Technology Act Section 28 – Exact Provision

This section empowers the Controller to conduct investigations to ensure that digital signature certificates are issued and managed according to the Act’s provisions. It helps prevent misuse or fraudulent issuance of digital signatures, thereby protecting electronic transactions' authenticity and security.

  • Grants investigative authority to the Controller.

  • Focuses on digital signature certificates.

  • Ensures compliance with IT Act provisions.

  • Supports enforcement of digital signature regulations.

  • Prevents misuse of digital signatures.

Explanation of Information Technology Act Section 28

Section 28 authorizes the Controller to investigate digital signature certificate matters to uphold legal compliance.

  • The section states the Controller’s power to investigate digital signature-related issues.

  • Applies to the Controller, Certifying Authorities, and related entities.

  • Triggered by suspicion or complaints regarding digital signature misuse or non-compliance.

  • Legal criteria include adherence to the IT Act and related rules.

  • Allows investigation but does not specify penalties directly.

  • Prohibits unauthorized issuance or misuse of digital signatures.

Purpose and Rationale of IT Act Section 28

This section aims to maintain trust in digital signatures by empowering the Controller to investigate compliance. It ensures the digital signature ecosystem functions securely and reliably.

  • Protects users relying on digital signatures.

  • Prevents cyber fraud related to digital certificates.

  • Ensures secure electronic authentication.

  • Regulates Certifying Authorities’ conduct.

When IT Act Section 28 Applies

Section 28 applies when there is a need to verify compliance or investigate irregularities in digital signature certificates.

  • When complaints or suspicions arise about digital signature misuse.

  • Invoked by the Controller or authorized officials.

  • Requires evidence of non-compliance or irregularity.

  • Relevant to digital signature issuance, suspension, or revocation.

  • Does not apply to unrelated cyber offences.

Legal Effect of IT Act Section 28

Section 28 creates the Controller’s authority to investigate digital signature certificate matters. While it does not directly impose penalties, findings from investigations can lead to actions under other provisions. It supports the enforcement framework ensuring digital signature integrity. This section complements other IT Act provisions and IPC laws related to fraud or forgery.

  • Establishes investigative rights for the Controller.

  • Supports enforcement of digital signature regulations.

  • Indirectly aids in penalizing violations under related sections.

Nature of Offence or Liability under IT Act Section 28

Section 28 itself does not define an offence but empowers investigation into digital signature certificate compliance. It is a regulatory provision enabling oversight rather than imposing direct criminal liability. Investigations may lead to actions under other sections involving criminal or civil liability.

  • Regulatory compliance provision.

  • Does not create standalone offence.

  • Investigations may trigger criminal or civil proceedings elsewhere.

  • Non-cognizable nature as it relates to inquiry powers.

Stage of Proceedings Where IT Act Section 28 Applies

Section 28 applies primarily at the investigation stage to verify compliance with digital signature rules. It supports evidence collection and fact-finding before formal complaints or prosecution under other sections.

  • Initiates investigation by Controller.

  • Involves examination of digital signature records.

  • Supports gathering of digital evidence.

  • Precedes filing of complaints or legal action.

  • May inform trial and appeal stages indirectly.

Penalties and Consequences under IT Act Section 28

While Section 28 itself does not prescribe penalties, investigations may reveal violations leading to penalties under other IT Act provisions. These can include fines, suspension or revocation of certificates, or prosecution for offences like forgery or fraud.

  • No direct penalties under Section 28.

  • Findings may lead to certificate suspension or revocation.

  • Possible fines or imprisonment under related sections.

  • Corporate or intermediary liability possible if violations found.

Example of IT Act Section 28 in Practical Use

X, a Certifying Authority, is suspected of issuing digital signature certificates without proper verification. The Controller invokes Section 28 to investigate the matter. During the inquiry, records and procedures are examined. The Controller finds non-compliance with IT Act rules and recommends suspension of the certificates and penalties. This action restores trust and prevents misuse of digital signatures in electronic transactions.

  • Section 28 enables Controller’s inquiry into digital signature irregularities.

  • Supports enforcement actions to maintain digital trust.

Historical Background of IT Act Section 28

The IT Act was introduced to regulate electronic commerce and digital signatures. Section 28 was included to empower the Controller to oversee digital signature management. The 2008 Amendment further strengthened regulatory mechanisms. Over time, interpretation has evolved to address emerging digital authentication challenges.

  • Introduced to regulate digital signature framework.

  • Amended in 2008 for enhanced oversight.

  • Evolved with technological advancements.

Modern Relevance of IT Act Section 28

In 2026, with growing digital transactions, Section 28 remains crucial for cybersecurity and trust. It supports data protection, fintech operations, and digital identity verification. Social media and intermediary reforms also rely on robust digital signature regulation.

  • Supports digital evidence authenticity.

  • Enhances online safety and trust.

  • Addresses enforcement challenges in digital authentication.

Related Sections

  • IT Act Section 24 – Duties of Certifying Authorities.

  • IT Act Section 25 – Suspension and revocation of digital signature certificates.

  • IT Act Section 26 – Controller’s powers to grant licenses.

  • IT Act Section 43 – Penalty for unauthorized access and data theft.

  • IPC Section 420 – Cheating, relevant for digital fraud.

  • Evidence Act Section 65B – Admissibility of electronic evidence.

Case References under IT Act Section 28

No landmark case directly interprets this section as of 2026.

Key Facts Summary for IT Act Section 28

  • Section: 28

  • Title: Controller’s Investigation Powers

  • Category: Digital signature regulation, compliance

  • Applies To: Controller, Certifying Authorities

  • Stage: Investigation

  • Legal Effect: Empowers investigation, supports enforcement

  • Penalties: Indirect, via related provisions

Conclusion on IT Act Section 28

Section 28 is a vital regulatory provision empowering the Controller to investigate digital signature certificate matters. It ensures that digital signatures, which are essential for secure electronic transactions, are managed in compliance with the law. This oversight helps maintain trust in the digital ecosystem.

Although it does not prescribe penalties directly, Section 28 supports enforcement actions under other IT Act provisions. It plays a key role in preventing misuse and ensuring the integrity of digital authentication, benefiting users, businesses, and law enforcement alike.

FAQs on IT Act Section 28

What authority does Section 28 grant to the Controller?

Section 28 empowers the Controller to investigate any matter related to digital signature certificates to ensure compliance with the IT Act and its rules.

Does Section 28 impose penalties directly?

No, Section 28 itself does not prescribe penalties but enables investigations that may lead to actions under other sections involving penalties.

Who can be investigated under Section 28?

The Controller can investigate Certifying Authorities and related entities involved in issuing or managing digital signature certificates.

When is Section 28 invoked?

It is invoked when there are suspicions or complaints regarding misuse, irregularities, or non-compliance in digital signature certificate management.

How does Section 28 impact digital transactions?

By enabling investigations, Section 28 helps maintain the authenticity and security of digital signatures, fostering trust in electronic transactions.

Get a Free Legal Consultation

Reading about legal issues is just the first step. Let us connect you with a verified lawyer who specialises in exactly what you need.

K_gYgciFRGKYrIgrlwTBzQ_2k.webp

Related Sections

CGST Act 2017 Section 169

Detailed guide on Central Goods and Services Tax Act, 2017 Section 169 covering offences and penalties under GST law.

IPC Section 320

IPC Section 320 defines grievous hurt and lists specific injuries considered grievous under Indian law.

CGST Act 2017 Section 104

Detailed guide on Central Goods and Services Tax Act, 2017 Section 104 covering appeals to the Appellate Authority for Advance Ruling.

Is Prostitute Is Legal In India Or Not

Understand the legal status of prostitution in India, including laws, rights, and enforcement realities.

Companies Act 2013 Section 24

Companies Act 2013 Section 24 governs the alteration of a company's memorandum of association.

Is Self Defense Baton Stick Legal In India

Understand the legality of owning and carrying self-defense baton sticks in India, including restrictions and enforcement details.

Are Multiple Vendors Legal Forapartment In India

Multiple vendors are conditionally legal for apartments in India, subject to RERA and local laws.

Income Tax Act 1961 Section 194

Section 194 of the Income Tax Act 1961 governs tax deduction at source on payments other than salaries in India.

Is It Legal Two Finger Test In India

In India, the two-finger test is not legally valid and has been widely criticized and banned in courts.

CGST Act 2017 Section 76

Detailed guide on Central Goods and Services Tax Act, 2017 Section 76 covering assessment of unregistered persons.

Is Horse Legal In India

In India, horses are legal to own and use with regulations on animal welfare and transport.

Is Collecting Hd Access Fee In India Legal

Understand the legality of collecting HD access fees in India and related regulations.

Is Playing Ludo For Cash Legal In India

Playing Ludo for cash in India involves legal complexities with gambling laws and regional variations.

IPC Section 490

IPC Section 490 punishes marrying again during the lifetime of a spouse, addressing bigamy and protecting marital fidelity.

CGST Act 2017 Section 80

Detailed guide on Central Goods and Services Tax Act, 2017 Section 80 covering demand, recovery, and related procedures.

CrPC Section 24

CrPC Section 24 defines who is a 'public servant' for legal and procedural purposes under the Code of Criminal Procedure.

Is Indian Army Brass Logo Legal

The Indian Army Brass Logo is legal to own but restricted for official use only under Indian law.

Companies Act 2013 Section 137

Companies Act 2013 Section 137 mandates filing of financial statements with the Registrar of Companies for transparency and compliance.

Are Crocodile Leather Legal In India

Crocodile leather is legal in India with strict regulations under wildlife laws and permits.

Is It Legal To Sell User Data In India

Selling user data in India is conditionally legal under strict data protection laws and user consent requirements.

Income Tax Act 1961 Section 92CB

Income Tax Act Section 92CB mandates transfer pricing documentation and adjustments for international transactions to ensure fair taxation.

CGST Act 2017 Section 84

Detailed guide on Central Goods and Services Tax Act, 2017 Section 84 concerning assessment of unregistered persons.

CrPC Section 32

CrPC Section 32 details the admissibility of statements made by a person who is dead or cannot be found as evidence in court.

Income Tax Act 1961 Section 188

Section 188 of the Income Tax Act 1961 governs transactions between related parties to prevent tax evasion in India.

Is Indian Occupation Of Kashmir Legal

The Indian occupation of Kashmir is legally complex, involving constitutional claims and international disputes under Indian and global law.

CGST Act 2017 Section 13

Detailed guide on Central Goods and Services Tax Act, 2017 Section 13 covering place of supply of goods rules.

Is Wagering Legal In India

Wagering is generally illegal in India except for certain regulated activities like horse racing and lotteries under specific laws.

bottom of page