A subscriber under the Information Technology Act, 2000 is an individual or entity in whose name a Digital Signature Certificate (DSC) is issued. The Act places several important duties on subscribers to ensure the security, credibility, and legal reliability of digital signatures and electronic records. Since digital signatures operate through cryptographic key pairs, the private key—which the subscriber alone controls—is central to maintaining the trustworthiness of electronic transactions. Therefore, the primary duty of the subscriber is to exercise reasonable care to retain control over their private key and prevent its disclosure to any unauthorized person. This obligation is fundamental because any misuse of the private key is legally attributable to the subscriber unless promptly reported.

Another major responsibility of the subscriber is to ensure that their private key is used only for authorized and legitimate purposes, consistent with the terms and conditions of the Digital Signature Certificate. If the subscriber becomes aware that the private key has been compromised, lost, or potentially misused, the Act mandates that they must inform the concerned Certifying Authority (CA) without delay. Upon such notification, the CA is required to revoke the certificate to prevent further misuse. Failure to inform the CA in time can result in the subscriber being held liable for any damage arising from the unauthorized use of the key during the period of negligence.

Subscribers also have the duty to verify the accuracy of the information provided to the Certifying Authority at the time of obtaining their Digital Signature Certificate. Any misrepresentation or false information may lead to revocation of the certificate and possible legal consequences. Furthermore, the subscriber must ensure that they accept a DSC only after verifying that it correctly contains their identifying information and public key. Once the certificate is issued, the subscriber is responsible for immediately reporting any inaccuracy or need for modification so that the CA can update or re-issue the certificate.

In addition, the Act emphasizes responsible use of the digital signature. A subscriber must not use the private key to sign an electronic record when they know or have reason to believe that the digital signature certificate is expired, revoked, or suspended. Using a key under such circumstances may amount to fraud or unauthorized authentication and can attract penalties or criminal liability. These duties collectively ensure that confidence in India’s electronic authentication system is preserved and that the use of digital signatures remains secure, reliable, and trustworthy for all electronic transactions and governance processes.