SP & SC — Legal and Taxation Service

Class 3 Digital Signature for MCA and GST: Buying and Renewing

By SP & SC EditorialUpdated 13 July 20268 min read

Why Class 3 is the MCA/GST default, licensed certifying authorities, and how to renew before expiry.

Class 3 Digital Signature for MCA and GST: Buying and Renewing

A Digital Signature Certificate (DSC) is essential for online transactions with government portals like MCA and GST. For MCA, specifically, a Class 3 DSC is mandatory for company incorporation, annual filings, and various compliance submissions. It ensures the authenticity and integrity of electronic documents, providing a secure and legally valid way to sign documents digitally. Understanding its nuances, from procurement to renewal, is crucial for founders and professionals.

What is a Digital Signature Certificate (DSC)?

A Digital Signature Certificate (DSC) is a secure digital key that validates the identity of the person holding it, much like a physical signature. It is issued by Certifying Authorities (CAs) licensed by the Controller of Certifying Authorities (CCA) under the Information Technology Act, 2000. When you "sign" a document digitally with a DSC, it creates a unique encrypted hash of the document, ensuring that the document has not been tampered with and confirming the signer's identity.

Why is a Class 3 DSC mandatory for MCA and GST?

A Class 3 DSC is mandatory for MCA and GST because it offers the highest level of security and assurance for online transactions. The Ministry of Corporate Affairs (MCA) and the Goods and Services Tax (GST) portal require Class 3 DSCs for all filings to ensure the authenticity and non-repudiation of electronic submissions. This requirement stems from the need to prevent fraud and maintain the integrity of official records, especially for critical corporate and tax compliance matters.

The Information Technology Act, 2000, provides the legal framework for digital signatures in India. While earlier, Class 2 DSCs were acceptable, the CCA mandated Class 3 DSCs for most government-related filings due to their enhanced security features.

What is the difference between Class 2 and Class 3 DSCs?

The primary difference between Class 2 and Class 3 DSCs lies in their level of security and verification processes, with Class 3 offering a higher assurance level.

FeatureClass 2 DSC (Retired)Class 3 DSC (Current Standard)
PurposeEarlier used for basic e-filing (ITR, ROC filings)Mandatory for MCA, GST, e-Tendering, PF, IEC, Trademark, etc.
VerificationIdentity verified against pre-verified databasesIdentity verified directly by CA through physical presence or video verification
SecurityModerateHigh
Risk LevelSuitable for transactions where risks are moderateSuitable for high-value transactions and sensitive data
StatusDiscontinued for new issuance since 2021 by CCACurrent standard, widely accepted and mandated

As per the Controller of Certifying Authorities (CCA) guidelines, Class 2 DSCs are no longer issued, and Class 3 DSCs have become the standard for all government and high-security online transactions. This shift ensures greater security and reduces the risk of identity theft or document tampering.

How do I obtain a Class 3 DSC?

To obtain a Class 3 DSC, you must apply through a Certifying Authority (CA) licensed by the CCA, undergoing a stringent verification process. The process typically involves submitting an application form, identity proof (PAN card), address proof (Aadhaar card, passport, driving license), and a passport-sized photograph. Most CAs also require a video verification or in-person verification to confirm the applicant's identity.

Here’s a general step-by-step process:

  1. Choose a Licensed CA: Select a CA authorised by the CCA, such as eMudhra, Sify, Capricorn, or NSDL.
  2. Fill Application Form: Complete the DSC application form, either online or offline.
  3. Submit Documents: Provide self-attested copies of your PAN card, Aadhaar card, and a photograph. For organisations, additional documents like incorporation certificates and board resolutions may be required.
  4. Verification: Complete the video verification (preferred) or in-person verification as guided by the CA. This step is crucial for Class 3 DSCs.
  5. Payment: Pay the applicable fees for the DSC and the USB crypto token.
  6. Issuance: Once verified, the CA will issue the DSC, which will be downloaded onto a FIPS 140-2 certified USB crypto token.

What is a USB crypto token and why is it required?

A USB crypto token is a physical hardware device, similar to a pen drive, that securely stores your Digital Signature Certificate. It is required because it provides a tamper-proof environment for your private key, ensuring that your digital signature cannot be copied or misused. The token is password-protected, adding an extra layer of security.

When you sign a document, the token performs the cryptographic operations internally, meaning your private key never leaves the secure environment of the token. This compliance with FIPS 140-2 standards ensures the highest level of security for your digital signature.

What is the validity period of a DSC and how do I renew it?

A DSC typically has a validity period of one, two, or three years, after which it needs to be renewed. Renewing your DSC involves a process similar to obtaining a new one, requiring re-verification of your identity and payment of renewal fees.

To renew your DSC:

  1. Contact your CA: Approach the same Certifying Authority or any other licensed CA before your DSC expires.
  2. Submit Renewal Application: Fill out the renewal application form.
  3. Re-verification: Undergo the identity verification process again, which may include video verification.
  4. Payment: Pay the renewal fees.
  5. Download to Token: The renewed DSC will be downloaded onto your existing USB crypto token or a new one if specified.

It is advisable to renew your DSC before its expiry to avoid any disruption in your online filings and compliance activities.

How do I use my DSC on MCA V3 portal?

Using your DSC on the MCA V3 portal involves installing the necessary emSigner utility and ensuring your DSC is properly registered and associated with your MCA user ID. The MCA V3 portal uses a browser-based signing utility, which requires specific configurations.

Steps to use DSC on MCA V3:

  1. Install emSigner: Download and install the latest version of the emSigner utility from the MCA portal. Ensure Java Runtime Environment (JRE) is also installed and updated.
  2. Plug-in DSC Token: Insert your USB crypto token into your computer.
  3. Register DSC: Log in to the MCA V3 portal. Navigate to "Associate DSC" or "Register DSC" under your profile. Select the type of DSC (e.g., Director, Professional) and upload the DSC. The system will read your DSC details from the token.
  4. Sign Documents: When filing forms, the system will prompt you to sign using your DSC. Select your certificate from the emSigner pop-up, enter your token password, and click "Sign."

Common issues include outdated emSigner versions, browser compatibility problems (use recommended browsers like Chrome or Firefox), and Java issues. Ensure your browser is configured to allow pop-ups and run Java applets.

What are common signing failures and how can I troubleshoot them?

Common signing failures often stem from technical glitches, incorrect software installations, or expired DSCs. Troubleshooting these issues typically involves checking software versions, browser settings, and DSC validity.

Here are some common failures and troubleshooting tips:

  • "DSC not registered" or "Invalid DSC":
    • Troubleshoot: Ensure your DSC is correctly registered on the MCA portal and associated with your user ID. Check if the DSC has expired.
  • "emSigner not running" or "Connection error":
    • Troubleshoot: Verify that the emSigner utility is running in the background. Restart emSigner. Check your internet connection. Ensure no firewall or antivirus is blocking emSigner.
  • "Certificate not found" or "No certificates available":
    • Troubleshoot: Ensure your USB crypto token is properly inserted and detected by your computer. Check if the token driver is installed. Try another USB port.
  • "Java error" or "Browser compatibility issue":
    • Troubleshoot: Update your Java Runtime Environment (JRE) to the latest version. Use a recommended browser (e.g., Chrome, Firefox) and ensure it's updated. Clear browser cache and cookies.
  • "Incorrect PIN" or "Token locked":
    • Troubleshoot: Enter the correct token password. If locked, you might need to contact your CA for assistance in unlocking or resetting the PIN, which may require re-issuance.
  • "Form already signed" or "Signature mismatch":
    • Troubleshoot: This can happen if the form was partially signed or if there's a discrepancy. Re-upload the form or re-attempt signing after verifying the details.

For persistent issues, it's advisable to contact the helpdesk of the respective government portal (MCA, GST) or your Certifying Authority.

How SP & SC helps

Navigating the complexities of digital signatures, especially for critical compliance filings, can be daunting. SP & SC Legal and Taxation Services assists founders and small business owners in obtaining and managing their Class 3 DSCs, ensuring seamless company incorporation and ongoing compliance. Visit our Company Incorporation services page to learn more about how we can support your business journey.

Frequently asked questions

Can I use the same DSC for both MCA and GST filings?

Yes, a single Class 3 DSC can be used for both MCA and GST filings, as well as for other government portals like the Income Tax Department and PF. The Class 3 DSC is universally accepted for high-security online transactions in India.

What documents are required to obtain a Class 3 DSC for a company director?

For a company director, the primary documents required are a self-attested copy of their PAN card, Aadhaar card, and a passport-sized photograph. Additionally, proof of directorship, such as a copy of the company's incorporation certificate or a board resolution, might be requested by the Certifying Authority.

Is video verification mandatory for Class 3 DSC?

Yes, video verification is mandatory for obtaining a Class 3 DSC. This process ensures that the applicant's identity is verified directly by the Certifying Authority, enhancing the security and authenticity of the digital signature. This is a key differentiator from the older Class 2 DSC process.

What happens if my DSC token is lost or stolen?

If your DSC token is lost or stolen, you must immediately report it to your Certifying Authority (CA) and request revocation of the certificate. This prevents any misuse of your digital signature. You will then need to apply for a new DSC.

Can I get a DSC with a validity of more than three years?

No, as per the guidelines issued by the Controller of Certifying Authorities (CCA), the maximum validity period for a Digital Signature Certificate (DSC) is three years. After this period, the DSC must be renewed.

Do I need to install any software to use my DSC?

Yes, you need to install specific software. Primarily, you'll need the driver for your USB crypto token (provided by the token manufacturer or CA) and a signing utility like emSigner for MCA and GST portals. Ensure your Java Runtime Environment (JRE) is also up-to-date for optimal functionality.

WhatsAppCall usFile ITR