Types of Digital Signature Certificate (DSC) in India- Class 1, 2, 3 & Their Uses Explained

In India’s fast-growing digital world, where government processes, tax filings, corporate compliance, and tender submissions are increasingly moving online, Digital Signature Certificates (DSCs) have become essential for secure and legally recognized digital interactions. Whether you're an individual professional, a business entity, or a vendor dealing with eProcurement platforms, understanding the types of DSCs, their classifications, and their specific use cases can save you time, prevent legal hurdles, and ensure smooth digital workflows. However, not all DSCs are the same. They differ by purpose, security level, applicant type, and regulatory compliance. With evolving norms, such as the deprecation of Class 2 certificates and the mandatory shift to Class 3, it’s important to stay updated and make the right choice based on your requirements.

In this comprehensive guide, we’ll explore:

• The classification of DSCs in India: Class 1, Class 2 (deprecated), and Class 3
• The intended users, verification process, and use cases of each class
• Application-based types like Individual vs. Organization DSCs
• Functional types: Sign, Encrypt, and Sign & Encrypt certificates
• A comparison table for quick reference

Let’s begin by understanding how DSCs are classified and why it matters for your digital transactions.

Classification Of Digital Signature Certificates In India

Digital Signature Certificates in India are broadly classified into Class 1, Class 2, and Class 3 categories. Each type offers a different level of security, identity verification, and applicability based on the risk involved in the transaction.

Let’s break down each class and understand who it’s meant for its applications and key features.

1. Class 1 DSC

Meant for:
Private individuals for basic, non-commercial authentication purposes.

Use Case:
Class 1 DSC is generally used for situations where the risk of data compromise is low, such as:

• Logging into email accounts securely
• Accessing online portals that require basic identity verification
• Securing personal data with minimal regulatory implications

Features:

• Validates only the user’s name and email address.
• Issued after basic verification against a database such as Aadhaar or PAN.
• Not legally valid for signing documents or filing government forms.
• Typically used for low-security environments where encryption is preferred but not legally binding.
• Rarely used in modern digital infrastructure due to limited practical applications.

Relevance Today:
With the increasing digitization of official processes, Class 1 DSCs have become largely obsolete in India. They are still offered by some providers for internal or informal use but have no legal recognition for official submissions.

2. Class 2 DSC (Now Deprecated for Some Use Cases)

Meant for:
Professionals, individuals, and authorized signatories who need mid-level verification for interacting with government portals and regulatory bodies.

Use Case:
Before being phased out, Class 2 DSC were widely used for:

• Filing Income Tax Returns (ITR) on the Income Tax portal
• Uploading documents to the Ministry of Corporate Affairs (MCA21)
• Registering for GSTIN and filing GST returns
• Submissions on portals such as EPFO, DGFT, and Trademarks
• Digitally signing business and legal documents

Features:

• Required KYC verification (such as PAN, Aadhaar, or organization proof) via documents or Aadhaar eKYC.
• Issued to both individuals and organizations for official purposes.
• Could be used for digitally signing PDFs, contracts, tax filings, etc.
• Medium-level encryption and identity validation standards.
• Compatible with most USB cryptographic tokens (e.g., ePass2003, ProxKey, Watchdata).

Important Note:
As per the revised guidelines by the CCA, from January 1, 2021, Class 2 DSCs have been discontinued for statutory and regulatory filings in India.
They have been replaced by Class 3 DSCs, which offer stronger identity assurance and higher security protocols.

3. Class 3 DSC (Most Widely Used Today)

Meant for:
Individuals, businesses, professionals, government contractors, and vendors who engage in high-value or sensitive digital transactions require strong legal backing.

Use Case:
Class 3 DSCs are now the default standard for almost all official use cases in India, including:

• e-Tendering and e-procurement on government portals like GeM, IREPS, and CPPP
• Company incorporation, ROC filings, and annual returns on MCA21
• GST filings, return submissions, and e-invoicing
• Income Tax filings and Form 16 issuance for organizations
• Applying for trademarks, patents, copyright registrations
• Signing legally binding documents and contracts
• Secure authentication for services like ICEGATE, EPFO, and DGFT

Features:

• Requires in-person or video-based identity verification under CCA norms.
• Offers the highest level of encryption and legal recognition.
• Provides strong authentication, non-repudiation, and integrity for data and transactions.
• Can be issued to both individual users and organizational representatives.
• Must be stored on a FIPS-certified USB token with cryptographic storage (e.g., ePass 2003 Auto, ProxKey).
• Valid for 1 to 3 years, depending on the applicant’s choice and CA’s policy.

Regulatory Update:
Class 3 DSCs are now mandatory for all government filings and secure online services. They provide end-to-end encryption and are compliant with the latest IT Act and CCA standards.

Categorization Based On Their Application

Apart from the classification into Classes 1, 2, and 3, Digital Signature Certificates (DSCs) are also categorized based on who is using them and why. The application-based categorization ensures the certificate issued is tailored to the identity and purpose of the applicant.

Individual DSCs

Description:
Individual DSCs are issued to a specific person for personal or professional use. These are the most common certificates and are typically used by professionals like chartered accountants, company directors, proprietors, and salaried individuals who need to sign or authenticate documents digitally.

Use Cases:

• Filing Income Tax Returns (ITR)
• GST filing and compliance
• MCA filings for directors or partners
• Signing legal documents and contracts
• eTender participation as an individual or freelancer

Key Features:

• Issued to a single person with identity verification
• May be linked to PAN, Aadhaar, or other government-issued ID
• Cannot be used on behalf of an organization
• Usually includes name, email, and certificate validity period

Organization DSCs

Description:
Organization DSCs are issued to employees or authorized signatories of registered businesses, firms, or government institutions. These certificates bind the individual to the organization and are used for signing on behalf of the company.

Use Cases:

• MCA filings for companies (ROC, annual reports, incorporation)
• eProcurement and eTendering by government contractors and vendors
• Trademark and patent filings
• Document signing by company heads or authorized personnel
• DGFT-related applications for exporters and importers

Key Features:

• Issued to an individual representing an organization
• Requires business documents such as GST Certificate, PAN of the firm, and authorization letters
• The certificate contains both individual and organizational details
• Grants authority to sign on behalf of the organization legally

Other Certificate Types And Specialized Uses

Digital Signature Certificates are also categorized based on functional intent, that is — what the certificate is expected to do. The three most common types under this model are:

Sign

Purpose:
A Sign-only certificate is used exclusively for digitally signing documents. It ensures data integrity and provides authentication that the document was not altered after signing.

Use Cases:

• Signing PDF files and forms
• Tax filing and compliance (ITR, GST, MCA)
• Legal contracts and affidavits
• eTender participation

Key Characteristics:

• Ensures non-repudiation, so the signer cannot deny the signature
• Commonly used by individuals, professionals, and authorized signatories
• Does not encrypt or protect the content from viewing

Encrypt

Purpose:
An encrypted certificate is used to protect the confidentiality of information by encrypting the data during transmission. It ensures that only the intended recipient can decrypt and read the content.

Use Cases:

• Sending sensitive information over email
• Securing confidential documents exchanged online
• Encrypting files shared via portals (e.g., tender bids, legal submissions)

Key Characteristics:

• Used to encrypt data, not for signing
• Ensures that only the receiver with the corresponding private key can access the data
• Common in corporate, legal, and government communication

Sign and Encrypt

Purpose:
This is a dual-purpose certificate that allows the holder to both digitally sign documents and encrypt information. It is often issued to users who require a comprehensive solution for secure and authenticated communication.

Use Cases:

• eTender submissions (where documents must be both signed and encrypted)
• Secure file sharing with legal validity
• Government filings that require both a signature and data protection

Key Characteristics:

• Provides both authentication (through signature) and confidentiality (through encryption)
• Ideal for users who handle sensitive or regulated information
• Required in many public procurement and bidding processes

Comparison Table: Types Of DSC At A Glance

To help you quickly understand the differences between the various types of Digital Signature Certificates, the table below provides a side-by-side comparison based on issuance, verification level, usage, token requirement, and validity.

Conclusion

Digital Signature Certificates (DSCs) are essential for ensuring the authenticity, integrity, and legal validity of digital transactions in India. As government and corporate processes move increasingly online, the role of DSCs has become critical for individuals, professionals, and organizations alike. While Class 1 and Class 2 certificates served their purpose in earlier years, current regulatory standards have established Class 3 DSCs as the most secure and widely accepted form for official filings, e-tendering, and high-value digital communications. Choosing the correct type of DSC - whether based on the applicant (individual or organization) or the intended function (signing, encrypting, or both) - ensures seamless compliance with regulatory requirements and enhances digital security. Understanding these classifications helps users avoid delays, rejections, or misuse and ensures their digital identity is accurately represented in every transaction. As a result, selecting the right DSC is not just a compliance step but a foundation for trustworthy digital engagement.