MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (Department of Information Technology)
NOTIFICATION New Delhi, the 11th April, 2011
G.S.R. 316(E).—In exercise of the powers conferred by clause (ca) of sub-section (2) of section 87, read with sub-section (2) of section 6A of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:-
1. Short title and commencement.- (1) These rules may be called the information Technology (Electronic Service Delivery) Rules, 2011.
(2) They shall come into force on the date of their publication in the Official Gazette.
2. Definitions.- In these rules, unless the context otherwise requires,- (a) "Act" means the Information Technology Act, 2000 (21 of 2000);
1330 GI/11—5B
THE GAZETTE OF INDIA : EXTRAORDINARY [ PART II-SEC. 3(i)]
(b) "appropriate Government" means the Central Government or the state Government or an Union Territory Administration;
(c) "authorised agent" means an agent of the appropriate Government or service provider and includes an operator of an electronically enabled kiosk who is permitted under these rules to deliver public services to the users with the help of a computer resource or any communication device, by following the procedure specified in the rules;
(d) "certificate" means a certificate required to be issued by a statutory authority empowered under any Act, rule, regulation or Order of the appropriate Government to issue a certificate to confirm the status, right or responsibility of a person, either natural or artificial, and includes a certificate in electronic form printed and delivered in such form as may be specified by the appropriate authority;
(e) "Certifying Authority" means certifying authority as defined in clause (g) of sub-section (1) of section 2 of the Act;
(f) "communication device" means the communication device as defined in clause (ha) of sub-section (1) of section 2 of the Act;
(g) "computer resource" means the computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(h) "Electronically enabled kiosk" means the cyber cafe as defined in clause (na) of sub- section (1) of section 2 of the Act;
(i) "Electronic Service Delivery" means the delivery of public services in the form of filing receipt of forms and applications, issue or grant of any license, permit, certificate, sanction or approval and the receipt or payment of money by electronic means by following the procedure specified under rule 3;
(j) "electronic signature" means the electronic signature as defined in clause (ta) of sub- section (1) of section 2 of the Act;
(k) "Electronic Signature Certificate" means the electronic signature certificate as defined in clause (tb) of sub-section (1) of section 2 of the Act;
THE GAZETTE OF INDIA : EXTRAORDINARY [ PART II-SEC. 3(i)]
(l) "Repository of Electronically Signed Electronic Records" means a collection of all electronically signed electronic records, stored and managed in accordance with these rules;
(m) "service provider" means a service provider as referred to in Explanation to sub-section (1) of section 6A of the Act;
(n) "signing authority " means an authority empowered under any Act, rules, regulations or Order of the appropriate Government to issue a certificate.
3. System of Electronic Service Delivery.- (1) The appropriate Government may on its own or through an agency authorised by it, deliver public services through electronically- enabled kiosks or any other electronic service delivery mechanism.
(2) The appropriate Government or its agencies may specify the form and the manner of Electronic Service Delivery.
(3) The appropriate Government may determine the manner of encrypting sensitive electronic records requiring confidentiality, white they are electronically signed.
(4) The appropriate Government shall notify the service providers and their agents authorised for Electronic Service Delivery.
(5) The appropriate Government may allow receipt of payments made by adopting the Electronic Service Delivery System to be a deemed receipt of payment effected in compliance with the financial code and treasury code of such Government.
(6) The appropriate Government may authorise service providers or their authorised agents to collect, retain and appropriate such service charges as may be specified by the appropriate Government for the purpose of providing such services from the person availing such services:
Provided that the apportioned service charges shall be clearly indicated on the receipt to be given to the person availing the services.
(7) The appropriate Government shall by notification specify the scale of service charges which may be charged and collected by the service providers and their authorised agents for various kinds of services.
(8) The appropriate Government may also determine the norms on service levels to be complied with by the Service Provider and the authorised agents.
THE GAZETTE OF INDIA : EXTRAORDINARY [ PART II-SEC. 3(i)]
4. Notification of Electronic Service Delivery.- (1) The appropriate Government may notify the services that shall be delivered electronically from time to time. (2) The appropriate Government may identify and notify, from time to time, the list or signing authorities in respect of different classes of licenses, permits, certificates, sanctions, payment receipt approvals and local limits of their respective jurisdictions. (3) The notification shall specify the nature of certificate, the names of the signing authorities, as approved by the appropriate Government, the period of effectiveness of the authority and the extent of their jurisdiction. (4)The appropriate Government may notify changes to the list of signing authorities from time to time, taking into consideration the terms and conditions of the services of employees holding positions of signing authorities.
5. Creation of repository of electronically signed electronic records by Government Authorities.- (1) All authorities that issue any license, permit, certificate, sanction or approval electronically, shall create, archive and maintain a repository of electronically signed electronic records of such licenses, permits, certificates, sanctions or approvals, as the case may be, online with due timestamps of creation of these individual electronic records. (2) The appropriate Government may specify the manner of creating, establishing, archiving and maintaining the repository of electronically signed electronic records referred to in sub-rule (1). (3) The authorities may electronically sign the electronic records of such licenses, permits, certificates, sanctions or approvals for each record or as a whole for a specific duration and shall be responsible in administering them online. (4) The appropriate Government may specify the security procedures in respect of the electronic data, information, applications, repository of digitally signed electronic records and information technology assets under their respective control and that security procedures shall be followed by the Head of the Department and the signing authorities.
Explanation.- The expression "security procedures" referred to in sub-rule (4) shall include requirements for the storage and management of
THE GAZETTE OF INDIA : EXTRAORDINARY [ PART II-SEC. 3(i)]
cryptographic keys, restrictions for downloading the certificates on to browsers, and of complying with the requirements of certifying authorities.
6. Procedure for making changes in a repository of electronically signed electronic records.-
(1) The appropriate Government may either suo moto or after receiving an application from an interested party, make or order to make an appropriate change in a repository of electronically signed electronic records along with recording the reasons for making such a change. (2) Any change effected to any record in a repository of electronically signed electronic records and any addition or deletion of a record from such repository shall be electronically signed by the person who is authorised to make such changes along with the time stamps of original creation and modification times. (3) The appropriate Government may determine the manner of electronically signing the event of deletion of a record from the repository of electronically signed electronic records. (4) The appropriate Government may also determine the manner of provisioning secure access to the repository of digitally signed electronic records. (5) The appropriate Government may also determine the requirements for maintaining audit trails of all changes made to repository of digitally signed electronic records.
7. Responsibility of service provider and authorised agents for financial management and accounting.- The appropriate Government may direct every service provider and authorised agent to keep an updated and accurate account of the transactions, receipts, vouchers and specify the formats for maintaining accounts of transactions and receipt of payment in respect of the electronic services delivered and the said records shall be produced for inspection and audit before an agency or person nominated by the appropriate Government.
8. Audit of the Information System and Accounts of service provider and authorised agents.- (1)The appropriate Government may cause an audit to be conducted of the affairs of the service providers and authorised agents in the State at such intervals as deemed necessary by nominating such audit agencies.
THE GAZETTE OF INDIA : EXTRAORDINARY [ PART II-SEC. 3(i)]
(2) The audit may cover aspects such as the security, confidentiality and the privacy of information, the functionality and performance of any software application used in the electronic service delivery and the accuracy of accounts kept by the service providers and authorised agents. (3) The service providers and the authorised agents shall provide such information and assistance to the audit agencies nominated by the appropriate authority, to comply, with the directions given by the audit agencies and to rectify the defects and deficiencies pointed out by the audit agencies within the time limit specified by the audit agency. (4) All service providers and the authorised agents shall submit a due declaration for protecting the data of every individual transaction and citizen and any unauthorised disclosure to anyone without the written consent of either the individual or the appropriate Government shall be debarred from providing such a service any further and the provisions of section 45 of the Act shall be applicable in such cases.
9. Use of special stationery in electronic service delivery.- The appropriate Government may specify different types of special stationery, with accompanying security features for forms, applications, licenses, permits, certificates, receipts of payment and such other documents as part of Electronic Service Delivery.
[F. No. 11 (3)/2011 -CLFE] SHANKAR AGGARWAL, Addl.Secy.
Printed by the Manager, Government of India Press, Ring Road. Mayapuri. New Delhi-110064 and Published by the Controller of Publications, Delhi-1 I0054