Registrations & Licences · Core Business Registrations
Digital Signature Certificate (DSC) – including DGFT DSC
A Digital Signature Certificate is the legal equivalent of your wet-ink signature for every government filing in India — MCA company filings, GST portal submissions, Income Tax returns for companies and audit cases, DGFT export applications, and e-tender submissions.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
A Digital Signature Certificate is the legal equivalent of your wet-ink signature for every government filing in India — MCA company filings, GST portal submissions, Income Tax returns for companies and audit cases, DGFT export applications, and e-tender submissions. Without a valid Class 3 DSC, a company cannot file its annual returns, a director cannot be appointed, a contract cannot be submitted on the government procurement portal, and a CA cannot certify an audit. At PNPC Global, we obtain and renew DSCs for directors, partners, authorised signatories, and practising CAs as part of every incorporation and compliance engagement — because the DSC is not a standalone requirement, it is the signature infrastructure that makes every other compliance filing legally valid. We have managed this process for clients across Chennai, Bangalore, Hyderabad, and the UAE since the first generation of digital signature infrastructure was introduced in India — so when a video verification fails, a token is locked, or a portal rejects a DSC at deadline, we have seen it and resolved it before.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
A Digital Signature Certificate (DSC) is an electronic document issued by a government-licensed Certifying Authority (CA) under the Information Technology Act 2000 and the IT (Certifying Authorities) Rules 2000. It contains the holder's identity information, their public key, and the digital signature of the issuing Certifying Authority — creating a cryptographically verifiable proof that a specific, authenticated individual signed a specific document at a specific time. The legal basis for DSC-based signatures in India is Sections 3–15 of the IT Act 2000 and the IT (Certifying Authorities) Rules 2000, which define the framework of licensed Certifying Authorities operating under the Controller of Certifying Authorities (CCA), an office established by the Ministry of Electronics and Information Technology (MeitY). A DSC-signed document carries the same legal weight as a wet-ink signature under Indian law and is specifically mandated by the MCA, CBDT, CBIC, and DGFT for company and entity-level submissions on their respective portals.
DSCs in India are classified by use class. Class 3 is the current active class for all legal, regulatory, and government portal submissions — it involves the highest level of identity verification and is the only class accepted by MCA21 (SPICe+, AOC-4, MGT-7, and all other company and LLP forms), the GST portal for entity-level DSC authentication, the Income Tax e-filing portal for company ITRs and audit reports, DGFT for import-export authorisations, and the Government e-Marketplace (GeM) and central public procurement portal (CPPP) for e-tender submissions. Earlier classes — Class 1 and Class 2 — were phased out for regulatory filings. From 1 January 2021, the MCA mandated that all company and LLP forms filed on MCA21 must use Class 3 DSCs. A Class 2 DSC issued before this transition is no longer accepted even if it has not expired in terms of its validity period.
The DSC is physically stored on a USB crypto token (dongle) issued and configured by the Certifying Authority. The private key — the mathematically unique key that generates your signature — is stored in a tamper-resistant hardware chip inside the token. It never leaves the device, even when the token is plugged into a computer. When you sign a filing, the token generates the digital signature locally using your PIN-protected private key, producing a signature that can be verified by the recipient (or the government portal) using your corresponding public key embedded in the DSC. This architecture makes it technically impossible for a digital signature to be forged — even a person who has physical access to your token cannot use it without your PIN.
For DGFT specifically, the DSC requirement has additional dimensions: exporters and importers applying for Advance Authorisation, EPCG licences, IEC amendments, and other export entitlement schemes on the DGFT portal must use a Class 3 DSC registered to their IEC (Importer-Exporter Code). The DGFT portal requires the DSC to be linked to the entity's GSTIN and IEC in the portal's own authentication system, adding a portal-specific registration step beyond the DSC issuance itself. A firm that assists clients through DGFT applications must coordinate both the DSC and the DGFT portal mapping — which PNPC handles end-to-end as part of every DGFT engagement.
When a Class 3 DSC is required
Company incorporation — SPICe+ filing on MCA21 requires a valid Class 3 DSC from all proposed directors; without it, the form cannot be submitted
All MCA annual filings — AOC-4 (financial statements), MGT-7 (annual return), ADT-1 (auditor appointment) — signed by the director's DSC; filing deadline penalties (₹100/day, no cap) accrue from the due date
LLP incorporation and annual filings — FiLLiP, Form 3, Form 8, Form 11 — signed by the designated partner's DSC; both designated partners must have valid DSCs
GST filings where DSC authentication is chosen — companies (non-individuals) may opt for DSC-based portal authentication rather than EVC; DSC is accepted for all GST filings
Income Tax returns and audit reports — ITR-6 (companies), tax audit reports and transfer pricing audit reports (audit-threshold and international/specified-transaction provisions under the Income Tax Act), Form 3CA-3CD — signed by director and tax auditor DSCs respectively
DGFT applications — Advance Authorisation, EPCG licence, IEC amendments, Annual SION revision submissions for company entities — registered DSC required on the DGFT portal
e-Tender submissions on CPPP, GeM, and state government procurement portals — bids digitally signed with Class 3 DSC
Practising Chartered Accountants — required for certifying audit reports, financial statements, and compliance certificates submitted to MCA and Income Tax portals; CA's DSC includes their ICAI membership number
All MCA director-level event forms — DIR-3 KYC, DIR-3 KYC-Web, DIN allotment, DIR-12 for director appointment and resignation, SH-7 for authorised capital changes, MGT-14 for resolution filings
NCLT and SEBI filings where digital signature is prescribed — merger schemes, capital market applications, and listed company event disclosures where the form specifically requires DSC authentication
When a Class 3 DSC may not be necessary
Udyam MSME registration — uses Aadhaar OTP authentication only; a DSC is neither required nor accepted in the Udyam portal's registration flow
Individual Income Tax return filing (ITR-1, ITR-2, ITR-4 for individuals) where e-verification via Aadhaar OTP, net banking, or bank account is sufficient — DSC is one permitted option but not mandatory
GST registration for individuals and sole proprietors using Aadhaar OTP authentication — DSC is an alternative for those who prefer it, not a requirement in these cases
Proprietorship or individual filings on portals that have fully implemented Aadhaar OTP-based e-verification as the primary method, and where DSC is not specifically mandated by the portal
Startups incorporated as a Pvt Ltd that have already satisfied all DSC requirements for directors — additional DSCs are not needed unless new directors are being added or a new portal (DGFT, GeM) is being used for the first time
One-time agreements and bank KYC using eSign services — Aadhaar-based eSign (operated by NSDL e-Gov and CDSL) is appropriate for transactional document signing where regulatory mandates do not require a hardware-backed DSC
DSC types and authentication alternatives compared
| Feature | Class 3 DSC — Individual | Class 3 DSC — Organisation | Document Signer (Bulk/Server) | Aadhaar eSign (Online) | Aadhaar OTP / EVC |
|---|---|---|---|---|---|
| Who holds it | Named individual — stored on personal USB crypto token | Named individual acting on behalf of a named organisation — organisation name embedded in certificate | Organisation-level system account — typically an HSM or server-side hardware | Any Aadhaar-linked individual — no hardware device | Any Aadhaar-linked or bank-linked individual — no hardware |
| Identity verification level | Aadhaar eKYC + live video verification with Certifying Authority representative | Aadhaar eKYC + video verification + organisation authorisation documents and entity proof | As prescribed by the Certifying Authority for bulk signing systems | Aadhaar OTP only — real-time at time of signing | Aadhaar OTP, bank account, net banking, or DEMAT account |
| Physical token required | Yes — USB crypto token issued by Certifying Authority; private key non-exportable | Yes — USB crypto token; private key non-exportable | No — server-side HSM for bulk signing workflows | No — purely online per-transaction | No — purely online session-based |
| Reusable across multiple filings | Yes — reused for every filing until expiry | Yes — reused for every filing until expiry | Yes — for bulk system integrations | No — each transaction requires a new OTP; not a persistent certificate | No — session-level only |
| MCA21 company / LLP filing | Yes — required for all SPICe+, AOC-4, MGT-7, and other company forms | Yes — same acceptance as individual, with organisation context | No — not accepted for individual director-signed company forms | No — not accepted by MCA21 for company filings | Limited — only for certain non-DSC forms; not for main annual filings |
| DGFT portal filings | Yes — must be registered to IEC on the DGFT portal | Yes — organisation DSC with IEC linkage | Not applicable for standard DGFT submissions | No | No |
| Income Tax — company ITR and audit report | Yes — director DSC for ITR-6; CA DSC for audit report | Yes | Not applicable | No | No — for company returns, DSC is the mandated method |
| GST portal | Yes — accepted for all GST filings by entities opting for DSC auth | Yes | Not applicable | No | Yes — Aadhaar OTP or EVC accepted for individuals and proprietors; companies may choose DSC or EVC |
| Validity period | 1, 2, or 3 years from issuance | 1, 2, or 3 years from issuance | Per CA agreement for bulk systems | Per transaction only — no reuse across separate transactions | Session-only — no validity concept |
| Approximate cost | ₹1,200–₹3,000 depending on validity period and Certifying Authority | ₹1,500–₹3,500 depending on validity and CA | Higher — volume/enterprise pricing; negotiated with CA | Small per-transaction fee via NSDL e-Gov / CDSL eSign service | No cost to user — OTP delivery via telecom |
| Legal standing for regulatory filings | Fully legally valid under IT Act 2000 for all mandated portals | Fully legally valid | Legally valid for system-to-system bulk signing; not for individual attestation | Legally valid for general purpose but not mandated portals | Accepted where specifically permitted by the portal; not a digital signature under IT Act Sec 3 |
| Revocation / loss management | Revocable by Certifying Authority on request — immediate effect; replacement requires fresh issuance | Revocable on request | Revocable via CA system administration | No revocation needed — per-transaction | No revocation needed — session-based |
All cost ranges are approximate market rates as of the content update and vary by Certifying Authority (eMudhra, Capricorn, CDAC, NSDL e-Gov) and validity period. PNPC obtains DSCs through licensed CAs and passes cost through without markup. eSign and OTP are not substitutes for a hardware-backed Class 3 DSC on MCA21, DGFT, or company-level Income Tax portal submissions.
| # | Stage & What PNPC Does | What First-Time Applicants Often Miss | Timeline |
|---|---|---|---|
| 1 | Pre-application advisory: portal mapping and DSC type determination | Not all DSCs are the same even within Class 3. A director's DSC, a practising CA's DSC, an authorised signatory DSC for a company, and an export house signatory DSC for DGFT all have different identity information embedded and may require different documentation. Before applying, PNPC identifies which portals the applicant will use, whether an individual or organisation-type DSC is needed, and whether ICAI membership number or IEC needs to be embedded — avoiding a mismatch that makes the DSC unusable on the intended portal. | Day 1 — no filing started until this is confirmed |
| 2 | Aadhaar and mobile number readiness verification | The Class 3 DSC eKYC process requires an Aadhaar number linked to an active mobile number that is accessible at the time of video verification. A SIM that is inactive, ported, or in a different country will cause OTP delivery failure during the video call — halting the process. PNPC asks every applicant to verify Aadhaar-mobile linkage before scheduling the video call. For NRI applicants, this is the single most common point of failure if not addressed in advance. | Day 1 — checked before Certifying Authority application is initiated |
| 3 | Certifying Authority selection and application initiation | Only organisations licensed by the Controller of Certifying Authorities (CCA) under the IT Act can issue valid DSCs in India. PNPC works with licensed CAs — primarily eMudhra and Capricorn — who are authorised by the CCA and have established video verification infrastructure. The applicant's name, Aadhaar number, PAN, and email are submitted to the CA's portal to initiate the application. The Certifying Authority's name is embedded in the DSC and visible on every signed document — choosing an established, licensed CA matters for portal acceptance. | Day 1 — application submitted same day as advisory |
| 4 | Document preparation and submission to Certifying Authority | The CA application requires a scanned PAN card, Aadhaar card details, a recent passport photograph, and an active personal email address. For organisation DSCs, additional documents — Board Resolution, Certificate of Incorporation, organisation PAN — must match exactly what is in the applicant's Aadhaar and MCA records. Any name discrepancy between PAN and Aadhaar (even a missing middle initial or different spelling) causes CA rejection. PNPC reviews all documents for name consistency before submission. | Day 1 — submitted along with application |
| 5 | Aadhaar eKYC and video verification | The applicant completes a video verification with the Certifying Authority's representative — typically 5–10 minutes, conducted on a smartphone. The purpose: confirm that the physical person matches the Aadhaar identity. The applicant must be in a well-lit environment and produce the original Aadhaar card on camera. The video is retained by the CA as per CCA guidelines. For NRI applicants or applicants outside India, this is done by video call at a scheduled time. PNPC schedules and briefs applicants before the call. | Day 1–2 — completed same day or next day in most cases |
| 6 | USB crypto token configuration and quality check | After video verification is approved, the Certifying Authority configures the DSC onto a USB crypto token (e-Pass, iKey, or equivalent brand depending on the CA). The token contains the private key in a tamper-resistant hardware chip. PNPC confirms token dispatch with the CA and provides applicants with the token's first-use PIN-setting instructions in advance — so that when the token arrives, the applicant can set their PIN immediately without waiting for a separate call. | Day 2–3 — configuration completed within 24 hours of successful verification |
| 7 | Physical crypto token delivery | The configured token is sent by registered courier to the applicant's address. Within India, delivery is typically 2–4 working days from dispatch. For international delivery to NRI applicants, timelines vary by destination country — typically 7–14 working days via international courier. PNPC provides the tracking number and monitors delivery status. The token is sealed on delivery — opening and PIN setup is the applicant's first action upon receipt. | Day 3–6 from successful video verification for domestic; Day 7–17 for international |
| 8 | PIN setup and first-use test | The crypto token arrives with a default factory PIN or a temporary PIN depending on the CA. The applicant sets their personal PIN on first use using the CA's token management software installed on a Windows or Mac computer. PNPC guides the applicant through driver installation (the token requires a USB driver from the CA's website) and confirms the token is recognised by the device before proceeding to portal mapping. A failed driver installation at this stage is a common problem that delays portal mapping. | Day 6–7 — completed after token delivery, guided by PNPC |
| 9 | MCA21 portal DSC mapping — DIN linkage | On MCA21 (V3), the DSC must be registered and mapped to the applicant's DIN (Director Identification Number) before it can be used to sign any company form. This requires the applicant to log into MCA21 using their DIN credentials, navigate to the DSC registration section, and complete the mapping with the token plugged in. PNPC coordinates this mapping step — it is not automatic on token delivery. A DSC that is not mapped to a DIN on MCA21 will be rejected by every form it is used on. | Day 7–8 — immediate priority after token delivery |
| 10 | DGFT portal DSC registration (where applicable) | For clients using the DSC for DGFT applications (Advance Authorisation, EPCG, IEC amendment), the DSC must be separately registered on the DGFT portal under the entity's IEC profile. This is a distinct process from MCA21 mapping — the DGFT portal has its own DSC authentication system. PNPC handles DGFT portal DSC registration as part of DGFT engagement onboarding, and tests the DSC on the portal before the first DGFT application is submitted. | Day 7–10 — alongside or after MCA21 mapping, as applicable |
| 11 | GST and TRACES portal DSC registration (where applicable) | The GST portal allows DSC as an authentication method for all entity-level filings. The DSC must be registered under the entity's GSTIN profile on the GST portal if DSC authentication is to be used. Similarly, TRACES (TDS Reconciliation Analysis and Correction Enabling System) allows DSC registration for TAN-linked DSC authentication for TDS correction statements and other TRACES functions. PNPC registers the DSC on each portal the client will use — not just MCA21. | Day 7–10 — after MCA21 mapping, as part of complete portal setup |
| 12 | First live filing and confirmation | Before the client's first actual regulatory deadline filing using the new DSC, PNPC performs a test signature on a draft form to confirm the token, PIN, driver, browser plugin, and portal mapping are all functioning correctly. Discovering a misconfiguration at deadline pressure — when a DSC error prevents submission of an MCA form due by midnight — is a preventable scenario. The test signature provides assurance that the entire chain works before any real filing is attempted. | Day 8–10 — before any live deadline filing |
| 13 | Expiry tracking and proactive renewal management | A DSC expires at the end of its validity period — 1, 2, or 3 years from issuance. An expired DSC immediately and completely loses its ability to sign any filing — there is no grace period. The renewal process mirrors the original application: eKYC, video verification, token reconfiguration or replacement, and portal re-mapping. PNPC tracks DSC expiry dates for all clients on the compliance calendar and initiates renewal 30 days before expiry — not on the day after a filing is rejected because the DSC expired overnight. | Ongoing — renewal initiated 30 days before expiry as a matter of standard procedure |
| 14 | Post-renewal portal re-mapping | A renewed DSC — even when loaded onto the same physical token — typically requires re-mapping on MCA21, the GST portal, DGFT, and any other portal where the old DSC was registered, because the certificate serial number changes with each renewal. This is a step many clients miss: they renew the DSC, receive the token, and then encounter an 'invalid DSC' error on MCA21 because the old certificate mapping is no longer valid. PNPC performs post-renewal portal mapping as part of every renewal engagement. | Within 1–2 days of token receipt after renewal — before the next filing |
A new Class 3 DSC takes 5–10 working days from initiation to delivered and portal-mapped token in most Indian cities. For time-sensitive filings, initiate at least two weeks before the deadline. Renewal should be initiated 30 days before expiry to ensure no filing is held up by an expired DSC.
Aadhaar Card — must be linked to an active, accessible mobile number for OTP delivery during video verification; name on Aadhaar must match PAN exactly — even a single character discrepancy causes CA rejection
PAN Card — for identity cross-verification with Aadhaar data; name must match Aadhaar exactly; self-attested copy required
Recent passport-sized photograph — white background, taken within the last 3 months; the photo is also used in the video verification process
Active personal email address — used by the Certifying Authority for DSC-related communications, OTP delivery for the portal application, and post-issuance notifications
Active mobile number linked to Aadhaar — must receive OTP at the time of video verification; confirm the SIM is active and in the applicant's possession on the day of the video call
For NRI applicants without accessible Aadhaar OTP: valid Indian passport — the Certifying Authority's NRI process uses passport-based identity verification with additional documentation; specific requirements vary by CA; PNPC coordinates the full NRI process
All individual applicant documents above for the authorised signatory (Aadhaar, PAN, photograph, email, mobile)
Certificate of Incorporation of the company or LLP — to establish the entity's legal existence
Organisation PAN — to link the DSC to the entity on whose behalf the signatory is authorised to act
Board Resolution (for companies) or Partner Resolution / Authorisation Letter (for LLPs) explicitly authorising the named individual to obtain a DSC on behalf of the organisation — this document is retained by the Certifying Authority
Organisation's registered address proof — utility bill or bank statement in the entity's name, dated within 3 months of DSC application
If the authorised signatory's DIN is different from the Aadhaar name (due to old DIN or name change) — additional identity bridging documents as specified by the CA
ICAI Membership Certificate — the membership number (M-number) is typically embedded in the DSC used for MCA and Income Tax audit certifications; required by the CA at application stage
Certificate of Practice (CoP) — if the DSC is specifically being obtained for audit report certifications under the Income Tax Act or MCA (required to demonstrate the CA is in practice, not just a member)
Aadhaar, PAN, photograph, email, mobile — as for any individual DSC applicant
Firm registration proof if signing on behalf of a CA firm — CA firm registration certificate from ICAI and authorisation from the firm's managing partner
All individual applicant documents (Aadhaar, PAN, photograph, email, mobile)
Importer-Exporter Code (IEC) certificate of the entity — the DGFT portal DSC must be registered under the IEC
GSTIN of the entity — required for DGFT portal profile, which must be consistent with the DSC applicant's identity
Authorisation letter from the IEC holder entity naming the specific individual as authorised signatory for DGFT portal submissions
Certificate of Incorporation / LLP Agreement / partnership deed as applicable to the entity type
Individual Class 3 DSC standard documents (Aadhaar, PAN, photograph, email, mobile)
GeM / e-Procurement portal seller or vendor registration details — the DSC must be mapped to the entity's GeM seller profile or e-tender registration
Organisation authorisation if the DSC is for a named employee authorised to submit bids on behalf of the company
Same documents as for original issuance — Aadhaar, PAN, photograph, email, mobile; re-verification is required; the old DSC does not carry over identity verification
Existing USB crypto token (if the same physical token will be reconfigured) — some CAs can load the renewed certificate onto the existing token if it is functional and compatible; otherwise a new token is issued
If applicant's name or other identity details have changed since original issuance — additional documents evidencing the change (gazette notification for name change, marriage certificate, etc.) to ensure consistency with Aadhaar
| Phase | Trigger Event | PNPC CA Action | Risk If Ignored |
|---|---|---|---|
| First issuance — incorporation context | Company or LLP incorporation initiated; all proposed directors/partners need DSCs for SPICe+ or FiLLiP filing | Aadhaar readiness check for all directors/partners simultaneously; CA applications initiated in parallel; video verifications scheduled and coordinated including NRI directors; tokens dispatched and delivery tracked; MCA21 DIN mapping performed for each director after token receipt; test signatures confirmed before SPICe+ submission. | SPICe+ or FiLLiP cannot be signed and submitted — incorporation blocked until all required director DSCs are in place. Delay cascades to name clearance expiry and missed targeted timelines. |
| First issuance — compliance context | Director, partner, or authorised signatory needs a DSC for annual filings (AOC-4, MGT-7, ITR-6, GST, DGFT) for the first time | Same process as above. Additionally: identify all portals the applicant will file on; perform cross-portal mapping (MCA21 + GST + DGFT + TRACES) after token delivery; confirm test signature on each relevant portal. | Annual filing deadline missed — MCA penalty at ₹100/day per form, no ceiling. GST/IT filing delay attracts interest and late fees. DGFT application cannot be submitted. |
| First portal mapping | USB crypto token delivered to applicant | Driver installation guided. MCA21 DIN-to-DSC mapping performed. GST portal DSC registration completed if applicable. DGFT portal DSC registration completed if applicable. TRACES DSC mapping where relevant. Test signature on primary portal before first filing. | Portal rejects DSC at time of first live filing. Error message 'DSC not registered' discovered at deadline pressure. Emergency mapping attempted under time constraint. |
| Validity expiry — proactive renewal | 30 days before DSC expiry date (tracked by PNPC) | Renewal initiation — same process as original issuance: eKYC, video verification, token reconfiguration or replacement. Post-renewal, all portals where the old DSC was registered must be updated with the new certificate — MCA21, GST, DGFT, TRACES. PNPC manages this entire renewal and re-mapping process. | Expired DSC cannot sign any filing. If discovered at filing deadline: emergency renewal under time pressure, minimum 3–5 working days lost, penalty accumulating from missed deadline. Avoidable with 30-day advance renewal. |
| Director or designated partner change | New director/designated partner appointed to company or LLP | New DSC obtained for incoming director/partner (full issuance process). New DSC mapped to their DIN/DPIN on MCA21. DIR-12 or Form 4 (LLP) filed with MCA to effect the appointment — both the outgoing and incoming director DSCs used in the filing. | Company/LLP forms requiring the new director's signature cannot be filed. Event-based MCA form deadlines (DIR-12 within 30 days of appointment) may be missed, attracting per-day penalties. |
| Token loss, damage, or PIN lock | Crypto token physically lost, broken, or PIN locked after repeated failed attempts | Report immediately to Certifying Authority. Revoke the compromised or locked DSC. Fresh application initiated — full re-issuance process with eKYC and video verification. New token issued. Post-issuance portal re-mapping on all relevant portals. | Filing suspension from the date of loss/lock until new token delivered and portals re-mapped (typically 5–10 working days). If deadline falls during this period, penalties accrue. PIN lockout (typically after 3–5 incorrect attempts depending on the CA) is the most common non-expiry DSC disruption we see. |
| Security compromise or suspected misuse | Token stolen, unauthorised access suspected, or malicious signing discovered | Immediate revocation request to issuing Certifying Authority — revocation takes effect immediately and permanently. If any filings were signed under the compromised DSC without authorisation, PNPC assists with MCA / portal-level dispute filing. Replacement DSC initiated immediately. | An unrevoked compromised DSC can be used to sign documents — MCA forms, tax returns, DGFT applications — in the holder's name without their consent. Fraudulent filings under an unrevoked compromised DSC create legal liability that is very difficult to resolve retroactively. |
| Authorised signatory change within entity | The individual whose DSC was used for entity filings resigns, retires, or changes role | Revoke the outgoing signatory's organisational access from company portal accounts. Obtain DSC for new authorised signatory. Update MCA, GST, DGFT, and other portals with new signatory's DSC. File necessary MCA event forms (DIR-12 for director changes; for non-director signatories, update respective portal profiles). | Outstanding filings or applications in-flight may be attributed to a former signatory. If the outgoing signatory's DSC is retained in portal systems, there is a governance risk of filings being signed by an individual who no longer has authority. |
| CA practitioner's DSC — audit season usage and renewal | Annual audit season: company audit reports, ITR-6, Form 3CD must be signed by the auditor's DSC before statutory deadlines | PNPC's own practitioner DSCs are maintained on an internal renewal calendar with a 45-day advance renewal policy (longer lead time than the standard 30 days, reflecting the audit season congestion risk). CA's ICAI membership renewal is also tracked — a lapsed ICAI membership can invalidate an audit certificate even if the DSC is valid. | A practising CA's expired DSC during audit season (August–October for companies; January–March for individuals) creates a bottleneck affecting multiple client filings simultaneously. This is a systemic risk, not an individual client risk. |
The DSC lifecycle is not a one-time event — it is an ongoing compliance infrastructure. Token loss, PIN lock, and expiry are predictable failure modes. PNPC's DSC management approach treats expiry tracking and portal mapping as a continuous service, not a one-off task at initial issuance.
What is a Class 3 DSC — and why did Class 1 and Class 2 stop working?
Class 3 is the current active and mandatory class for all government portal submissions in India. The IT (Certifying Authorities) Rules define three classes by identity assurance level. Class 1 involved email-only verification with minimal identity assurance. Class 2 involved Aadhaar-based or similar database verification but without in-person or video verification. Class 3 involves the highest level of identity assurance — currently implemented through Aadhaar eKYC plus a live video verification with the Certifying Authority's representative. The Controller of Certifying Authorities mandated Class 3 for all MCA company and LLP filings from 1 January 2021. Class 2 DSCs that were issued before this date and have not expired in terms of their validity period are nonetheless now rejected by MCA21, which validates the DSC class at the time of filing.
Does every director of a company need their own separate DSC?
Yes. For company filings on MCA21, every director who is required to sign a particular form must have their own individual Class 3 DSC. MCA21 forms are signed by specific named directors — not by a generic company-level credential. For incorporation, every proposed director must have a valid DSC before the SPICe+ form is filed. For annual filings such as AOC-4 and MGT-7, at minimum the director signing the forms (typically the Managing Director or a designated director) and the statutory auditor must each have a valid, unexpired Class 3 DSC. One director cannot use another director's DSC — the signature would identify the wrong person and the portal's DIN-to-DSC mapping would reject it.
Can an NRI director get a Class 3 DSC without visiting India?
Yes. The Certifying Authorities' video verification process is conducted remotely — by video call — and does not require physical presence in India. For NRI directors who have an Aadhaar linked to an Indian mobile number they can access abroad, the standard eKYC + video process applies. For NRI directors whose Aadhaar is linked to an inactive Indian SIM (a very common situation), the OTP delivery will fail and the standard process is not usable. In this case, Certifying Authorities have an alternative process typically using the Indian passport as the primary identity document, with notarised copies and additional steps — the exact requirements vary by CA. The crypto token is then shipped by international courier to the applicant's address. Timeline for NRI applicants is typically 10–20 working days from initiation to token delivery internationally.
What happens if a DSC expires just before an MCA annual filing deadline?
An expired DSC is immediately non-functional — MCA21 validates the DSC's validity period at the time of signing, and will reject a form signed with an expired certificate with an error message indicating certificate expiry. The filing is incomplete and the deadline is not met. If this happens on or after the due date for AOC-4 or MGT-7, penalties at ₹100 per day per form begin accruing from the due date, with no statutory ceiling. The renewal process takes 3–7 working days from initiation (eKYC + video + token delivery + portal mapping). The only protection is proactive renewal before expiry — PNPC initiates renewal 30 days before expiry for all clients.
Can one Class 3 DSC be registered and used across all government portals — MCA, GST, Income Tax, DGFT, GeM?
Yes — a single Class 3 DSC on a single USB token can be registered and used across all portals simultaneously. The DSC is not portal-specific at the certificate level. However, each portal has its own registration and mapping process: MCA21 requires DIN-to-DSC mapping; the GST portal requires DSC registration under the GSTIN; TRACES maps the DSC to the TAN; the DGFT portal requires DSC registration under the IEC. All of these are one-time setup steps (repeated at each renewal). PNPC performs cross-portal mapping for every DSC as part of the standard service, not as an add-on.
Is a DSC the same as Aadhaar OTP authentication or an eSign service?
No — these are legally and technically distinct mechanisms. A Class 3 DSC is a hardware-backed cryptographic certificate stored on a USB token. It creates a persistent digital signature: the same certificate can sign thousands of documents over its 1–3 year validity period, each signature cryptographically tied to the specific document content and verifiable by anyone with the public key. Aadhaar eSign is an online service that uses Aadhaar OTP for one-time transaction authentication — it produces a legally valid signature for general contracts and agreements, but is not accepted by MCA21 for company forms, is not accepted by the DGFT portal, and is not used for company Income Tax returns. Aadhaar OTP portal verification (used for individual ITRs, Udyam, proprietorship GST registration) is a session authentication mechanism — not a digital signature at all. These are different tools for different purposes, and only the Class 3 hardware DSC satisfies the regulatory mandates for company-level government filings.
What is the difference between a DSC for a director and a DSC for a practising CA?
Both are Class 3 DSCs and use the same cryptographic infrastructure. The difference is in the identity information embedded in the certificate and the regulatory context in which they are used. A director's individual DSC identifies the person by name (and optionally organisation), and is used to sign MCA forms, ITR-6, GST filings, and DGFT applications in the director's capacity. A practising CA's DSC is an individual DSC that typically includes the CA's ICAI membership number in the certificate fields — enabling portals (particularly MCA21 and the Income Tax portal) to verify that the signatory is a registered practising CA before accepting an audit certificate or financial statement certification. A CA who is simultaneously a director of a company may hold two separate DSCs: one practitioner DSC for audit-related signings, and one director DSC for company compliance filings — using each in its appropriate context.
What does the USB crypto token actually do — and what happens if I lose it?
The USB crypto token is a hardware security device that stores your private key in a tamper-resistant chip. When you sign a document or filing, the computer sends the document hash to the token, the token computes the signature using your PIN-protected private key inside the chip, and returns the signature to the computer. The private key itself never leaves the chip. This architecture means: even if someone intercepts data between the token and the computer, they cannot extract the private key; even if someone gains access to your computer, they cannot sign anything without the physical token and the PIN. If the token is lost or stolen, the DSC must be immediately revoked by contacting the issuing Certifying Authority. Revocation takes effect immediately and prevents any future use of that certificate. A new DSC application is required — the revoked certificate cannot be restored. PNPC manages revocation and reissuance as a single coordinated process.
Which Certifying Authorities are licensed to issue Class 3 DSCs in India?
Only organisations licensed by the Controller of Certifying Authorities (CCA), which operates under the Ministry of Electronics and Information Technology, can issue legally valid DSCs in India. The currently active licensed CAs include eMudhra, Capricorn CA, CDAC (Centre for Development of Advanced Computing), NSDL e-Gov, and a small number of others. The current list is published on the CCA website (cca.gov.in). All licensed CAs issue equally valid DSCs — the legal standing of a DSC does not depend on which licensed CA issued it. PNPC works primarily with eMudhra and Capricorn for established video verification infrastructure and nationwide courier delivery. Offerings from unlicensed operators (sometimes seen on classified ad sites) have no legal validity.
How much does a Class 3 DSC cost — and what validity period should I choose?
Approximate market rates from licensed Certifying Authorities as of recent periods: 1-year validity — ₹1,200 to ₹1,500; 2-year validity — ₹1,800 to ₹2,500; 3-year validity — ₹2,200 to ₹3,000. These ranges vary by CA and may change. For a director or professional with ongoing annual filing obligations across MCA, GST, and Income Tax, a 3-year validity DSC is more cost-efficient per year and reduces the number of renewal cycles, which each require video verification and token reconfiguration — an operational disruption as well as a cost. PNPC recommends 2-year or 3-year validity for most clients. The cost is passed through to clients without markup.
My company is being incorporated. When exactly should DSCs be arranged for the directors?
DSCs must be in place before the SPICe+ form is filed on MCA21 — all proposed directors must sign SPICe+ with their individual Class 3 DSCs. The DSC process should be initiated at the very start of the incorporation engagement — on Day 1, in parallel with name clearance checks and MoA/AoA drafting. A typical DSC takes 5–8 working days from initiation to delivered and portal-mapped token. If DSC applications are delayed until after the name clearance is obtained, the resulting gap can push the SPICe+ filing out by a week or more — during which the approved name may become available to others. PNPC initiates DSC applications for all directors on Day 1, always.
Can the same physical USB token be reused when I renew my DSC?
Often yes. The physical USB crypto token typically has a longer useful lifespan than a single DSC validity period — usually 5–10 years for the hardware. When a DSC expires and is renewed, the Certifying Authority can in many cases load the renewed certificate onto the same token, replacing the expired certificate. This depends on: whether the same CA is used for renewal (cross-CA token reuse is not always supported), whether the token model is compatible with the CA's current certificate format, and whether the token's own firmware supports reconfiguration. PNPC confirms with the CA at renewal time whether existing token reuse is feasible. If not, a new token is issued — which is included in the renewal cost from the CA.
How does a DGFT-specific DSC work — is it different from a regular Class 3 DSC?
A DSC used for DGFT portal submissions is not a different type of certificate — it is the same Class 3 DSC. The difference is in the portal-level registration. The DGFT (Directorate General of Foreign Trade) portal has its own authentication system in which the DSC must be registered against the entity's IEC (Importer-Exporter Code). This registration is done within the DGFT portal after the DSC token is received — it is a one-time setup per IEC profile. Once registered, the DSC is used to sign and submit DGFT applications such as Advance Authorisation applications, EPCG licence applications, IEC amendments, and SION revision submissions. The IEC-holder entity's GSTIN must also be updated in the DGFT portal profile, and the profile must show the authorised signatory whose DSC is being registered.
Does a company's DSC need to be updated when there is a director change?
Yes, in two respects. First, the outgoing director's DSC, while it remains technically valid until its expiry date, should no longer be used for company filings — it would represent a filing signed by someone who is no longer authorised. Second, the incoming director needs their own valid Class 3 DSC to sign future company forms. The DIR-12 form that effects the appointment and resignation of directors on MCA21 itself requires DSC signatures — from the incoming or outgoing director as applicable. After the change, the new director's DSC must be mapped to their DIN on MCA21 and portal access updated. PNPC manages the entire director change process including DSC coordination.
Is a DSC required for GST returns — or is Aadhaar OTP sufficient for company GST filings?
For GST filings by companies (not individuals or proprietors), the GST portal accepts both DSC authentication and EVC (Electronic Verification Code) authentication. EVC for companies is generated via the GST portal itself or via net banking — it does not require a hardware DSC. However, companies that prefer DSC-based authentication (for higher security assurance, or because their compliance workflow uses DSC-based signing) can register their director's Class 3 DSC on the GST portal and use it for all filings including GSTR-1, GSTR-3B, and GSTR-9. For companies that have already obtained a DSC for MCA filings, using the same DSC on the GST portal adds no marginal cost.
Can a DSC be used to sign PDF agreements and contracts, not just government portal forms?
Yes. A Class 3 DSC can be used to digitally sign any PDF document using PDF signing software (Adobe Acrobat, eMudhra's emSigner, or similar). The signature is visible in the PDF, cryptographically verifiable, and legally valid under the Information Technology Act 2000 for contracts and agreements. This is particularly useful for signing vendor agreements, employment contracts, shareholders' agreements, and other business documents electronically — avoiding the need to print, sign, and courier physical documents. The signed PDF carries a timestamp and the signer's verified identity, providing non-repudiation (the signer cannot later deny having signed).
What is an emSigner, and do I need to install it to use my DSC?
eMudhra's emSigner (and similar tools from other Certifying Authorities, such as Capricorn's signing tool) is a desktop application that acts as a bridge between the USB crypto token and the web browser. Most government portals — MCA21, the GST portal, the Income Tax portal — use a Java applet or a web-based signing interface that needs to communicate with the token. Modern browsers have blocked or removed Java support, so Certifying Authorities provide standalone signing applications that handle the browser-to-token communication. Installation of the CA's signing application is typically required on the computer where the DSC is being used. PNPC provides guidance on the correct version to install for each portal combination, and troubleshoots browser-token communication errors that frequently arise after browser or Windows updates.
Is there a difference between the DSC process for a company director and a designated partner of an LLP?
The DSC itself — a Class 3 individual DSC — is identical in terms of certificate class and issuance process. The portal-mapping difference is: for company directors, the DSC is mapped to a DIN (Director Identification Number) on MCA21; for LLP designated partners, the DSC is mapped to a DPIN (Designated Partner Identification Number), which is the LLP equivalent of a DIN and is obtained through the same MCA process. Both DIN and DPIN map to the same MCA21 credential system. The LLP annual forms — Form 8 (statement of accounts), Form 11 (annual return) — must be signed by the designated partners' DSCs. An LLP must have at least two designated partners, both of whom need valid DSCs for all annual filings.
What is DIR-3 KYC, and does it affect the DSC?
DIR-3 KYC is an annual MCA compliance requirement for every individual holding a Director Identification Number (DIN). It must be filed by 30 September each year for the previous financial year. The form requires the DIN holder to verify their identity and contact details with MCA — typically via OTP on their registered mobile and email. If DIR-3 KYC is not filed by the deadline, the DIN is marked 'deactivated' by MCA. A deactivated DIN means the director cannot sign any MCA form using their DSC — even a valid, unexpired Class 3 DSC cannot rescue a deactivated DIN. PNPC tracks DIR-3 KYC for all client-directors on the compliance calendar and files it before the September deadline.
Can a DSC be used by a foreign director — a non-Indian national — for MCA filings?
Yes. Foreign nationals (non-Indian citizens) can obtain a Class 3 DSC in India for use in MCA filings as company directors. The identity verification process for foreign nationals typically uses the foreign passport as the primary identity document (since they will not have an Aadhaar). The Certifying Authority conducts video verification using the passport for identity confirmation. The applicant must have a DIN, which requires submitting an apostilled or notarised copy of their passport and address proof to MCA as part of the DIN application. The DSC is then issued using the same passport identity. PNPC coordinates the DIN and DSC processes simultaneously for foreign national directors, accounting for the additional document notarisation and apostille requirements.
What happens to my DSC if the company I'm a director of gets struck off or dissolved?
The DSC is a personal credential tied to the individual, not to the company. If a company is struck off or dissolved, the director's DSC remains fully valid until its expiry date and can continue to be used for any other company or LLP where the person is a director, for their individual Income Tax filings, or for any other purpose for which the DSC was registered. The DIN of a director of a struck-off company is not automatically deactivated — DIN deactivation for this reason typically occurs only in cases of Section 164(2) disqualification following a company's failure to file returns for three consecutive years. PNPC advises clients on the distinction between company dissolution and personal DIN/DSC status.
How does DSC renewal work — does the same token work after renewal?
Renewal follows the same process as initial issuance: a fresh application to the Certifying Authority, Aadhaar eKYC, and video verification. A renewed DSC has a new certificate serial number — even if the name and other details are identical — because it is a new certificate, not an extension of the old one. Whether the same physical token is reused depends on the CA and the token model: many CAs can overwrite the old certificate on the same token with the renewed one if the token is submitted or connected for remote reconfiguration. If the token is retained with the renewed certificate, the PIN setup process repeats. After renewal and token delivery (or token reconfiguration), all portals where the DSC was registered must be updated with the new certificate — MCA21 DIN mapping, GST portal, DGFT portal, TRACES — because these systems identify the DSC by its serial number, which has changed.
Does PNPC obtain DSCs for clients in the UAE, and how does the DSC apply to Indian filings from the UAE?
Yes. PNPC's Dubai office assists Indian companies with directors based in the UAE, and UAE-incorporated entities that also have Indian subsidiary directors requiring DSCs for Indian MCA filings. The DSC issuance process is the same — Indian Certifying Authority (eMudhra or Capricorn), Aadhaar eKYC or passport-based verification by video call, and international courier delivery to the UAE address. Indian MCA and Income Tax portal filings by a director physically in the UAE use the same Class 3 Indian DSC — there is no UAE equivalent for Indian regulatory portals. PNPC coordinates the international video verification scheduling and courier logistics as part of cross-border engagements.
What is the penalty for not having a DSC when an MCA filing deadline is missed?
The penalty is not for not having a DSC per se — it is for the missed filing itself. Under the Companies Act 2013, late filing of AOC-4 (financial statements) or MGT-7 (annual return) attracts additional fees of ₹100 per day per form from the day after the due date, with no statutory maximum cap. A filing delayed by 30 days due to an expired DSC would attract ₹3,000 in additional MCA fees per form — for two forms (AOC-4 + MGT-7), that is ₹6,000 for 30 days of delay. Directors can also be personally prosecuted for filing defaults under Section 137 and Section 92 of the Companies Act. The Ministry of Corporate Affairs also has a 'Active Company Tagging Identities and Verification' (ACTIVE) scheme under which companies with persistent filing defaults are marked inactive, restricting certain transactions.
Can I use my DSC on multiple computers — or is it locked to one machine?
A Class 3 DSC on a USB token is not locked to any specific computer. The token can be plugged into any computer that has the appropriate USB driver and signing software installed. The PIN protection ensures that only the authorised user can sign documents even if the token is plugged into someone else's machine. For directors who work on multiple computers (office desktop, home laptop, travel laptop), the DSC can be used on each — provided the driver software is installed on each machine. Cloud-based signing software from some CAs also allows token-based signing via a browser without a full desktop application installation, though compatibility varies by portal.
Is the DSC required for the TRACES portal (TDS reconciliation)?
TRACES (TDS Reconciliation Analysis and Correction Enabling System) allows DSC-based authentication for certain functions — particularly for correction statements, lower deduction certificate requests under Section 197, and authorised representive access. For standard TDS return filing via TAN, the deductor's TAN credentials and DSC or net banking-based authentication are accepted. DSC registration on TRACES maps the DSC to the TAN holder's TRACES profile. Companies that already have a Class 3 DSC for MCA and Income Tax purposes can register the same DSC on TRACES for consistent authentication across all tax portals.
What is the process for revoking a DSC that is no longer needed or has been compromised?
Revocation is requested directly from the issuing Certifying Authority — by submitting a revocation request form along with identity verification. Upon revocation, the CA updates the Certificate Revocation List (CRL) and the OCSP (Online Certificate Status Protocol) database, which all government portals check in real-time when a DSC is used for signing. A revoked DSC is immediately and permanently invalidated — it cannot be used for any signing and its status is publicly verifiable. Revocation is permanent; it cannot be undone. Reasons for revocation include: suspected compromise, token loss or theft, cessation of authority (former director or former employee), or voluntary revocation when a replacement is obtained.
Does a DSC need to be re-registered on MCA21 V3 if it was already registered on the old MCA21 (V2) portal?
MCA transitioned from MCA21 Version 2 to Version 3 in a phased rollout. For most users, DSC registrations and DIN mappings were migrated to the V3 system. However, where migration did not carry over the DSC mapping correctly — which some users experienced — re-registration of the DSC on V3 is required. The re-registration process is similar to the original mapping: the user logs into MCA21 V3 with their DIN credentials and registers the DSC token through the portal's DSC management section. PNPC verifies that existing client DSC mappings are active and functional on MCA21 V3 and assists with re-registration where needed.
Can a DSC be used to sign both Hindi and English documents for regulatory filings?
The DSC operates at the file level — it signs the document file (PDF, XML, or the specific format required by the portal) regardless of the language of the content. A DSC can sign a document in any language. For government portal forms, the form itself is in English with specified fields, and the DSC signs the completed form file. There is no language-specific constraint on the DSC.
Does obtaining a DSC require me to be physically present at any office or government counter?
No. The entire Class 3 DSC process is conducted online and remotely. The identity verification is done via video call; the documents are submitted electronically; the token is delivered by courier. There is no requirement to visit the Certifying Authority's office, a government counter, or any physical location. This is by design — the digital infrastructure is intended to support fully remote and online processes. The only physical element is the USB crypto token that is delivered by courier.
How long does a DSC take from application to the point where I can sign my first MCA form?
End-to-end timeline for a Class 3 DSC in India, assuming all documents are in order and the applicant is available for video verification: Video verification — Day 1 or Day 2 from application. Token dispatch by CA — Day 2 or Day 3 from successful verification. Token delivery within same city or nearby — Day 4–6. Token delivery to a distant city or internationally — Day 7–15. MCA21 portal mapping after token receipt — Day 7 or Day 8 at the latest with PNPC handling. Test signature on MCA21 — Day 8. Total: 7–10 working days for domestic applicants; 15–20 working days for international. For urgent cases, PNPC requests expedited processing from the CA where available — but delivery logistics remain the limiting factor.
What is the DGFT portal-specific DSC process for a partnership firm or proprietorship?
For a partnership firm, the DSC for DGFT submissions is typically obtained in the name of the managing or authorised partner with the firm's IEC. The DSC registration on the DGFT portal links the partner's individual Class 3 DSC to the firm's IEC profile. For a proprietorship, the proprietor's own Class 3 DSC is used, linked to their IEC. The individual DSC + IEC combination is the same approach regardless of entity type. The DGFT portal requires the IEC holder to designate an authorised signatory in the IEC profile, and that signatory's DSC must be registered against the IEC. PNPC handles the DGFT portal configuration for firms and proprietors as part of every IEC and DGFT application engagement.
What is the process for obtaining a DSC for an authorised signatory who is an employee — not a director?
A company may designate a non-director employee as an authorised signatory for specific portal filings — for instance, a CFO for GST portal submissions or a company secretary for certain MCA forms. In this case, an individual Class 3 DSC is obtained for that employee, with an organisation-type certificate that includes the company name. The supporting documentation includes a Board Resolution naming the employee as the authorised signatory for the specific purpose, and the employee's individual identity documents (Aadhaar, PAN). The DSC is then mapped to the specific portal under the company's credentials with the employee as the designated signatory. If the employee later leaves the company, their DSC should be revoked from portal access and a new signatory DSC obtained.
How does PNPC handle DSC-related emergencies — expired token discovered on a filing deadline?
When a client contacts PNPC with an expired or non-functional DSC on a filing deadline, the immediate steps are: (1) Identify the root cause — expiry, PIN lock, token damage, or portal mapping issue. Not all 'DSC errors' at filing time are actually expiry — some are browser/driver/mapping issues that can be resolved in minutes. (2) If actual expiry or irreversible hardware issue: initiate emergency renewal with the CA, requesting expedited processing. (3) Assess whether the filing can be signed by another director whose DSC is valid — as a stopgap to meet the deadline while the primary signatory's DSC is being renewed. (4) If deadline cannot be met: calculate the late fee exposure and advise the client. (5) File as soon as the new DSC is available and portal-mapped.
Does PNPC track DSC expiry dates as part of ongoing compliance management?
Yes — this is a core element of PNPC's compliance management service. For every client for whom PNPC has obtained or manages a DSC, the expiry date is entered into the compliance calendar. PNPC initiates the renewal process 30 days before expiry and coordinates with the client to schedule video verification at a convenient time within that window. The 30-day advance window is specifically chosen to ensure that even if there is a scheduling delay for the video call, or a courier delay to an unusual address, the renewal is complete and the new token is portal-mapped well before the old certificate expires. Clients who manage their own DSCs independently can request that PNPC track these expiries as part of an annual compliance retainer.
Is there any difference in the DSC requirement for Section 8 (not-for-profit) companies versus regular private limited companies?
No material difference. Section 8 companies (licensed under Section 8 of the Companies Act 2013 for charitable, social, or not-for-profit purposes) are companies registered with MCA and are subject to the same MCA filing requirements as other companies, including the DSC requirement for director signatures on all MCA forms. The directors of a Section 8 company need individual Class 3 DSCs for SPICe+ (with the Section 8 licence application filed alongside), and for all subsequent annual filings (AOC-4, MGT-7) and event-based forms. The only contextual difference: Section 8 companies are frequently managed by trustees or social sector professionals rather than commercial businesspersons, who may be less familiar with the DSC process — PNPC provides additional guidance in these cases.
Can PNPC obtain a DSC on my behalf, or does the process require my personal involvement?
PNPC cannot obtain a DSC on your behalf in the sense of substituting for your personal identity — the Certifying Authority's video verification process is specifically designed to confirm that the named individual, personally, is applying. No one else can undergo verification in your place. What PNPC handles on your behalf: the entire application initiation, document preparation and submission, CA coordination, video call scheduling, token delivery tracking, driver installation guidance, portal mapping, and first-use testing. Your personal involvement is limited to: being present and available for the 5–10 minute video verification call, and setting your own PIN on token receipt. Everything else is managed by PNPC.
| Feature / Risk Point | Direct CA Application / Online Portal | PNPC Global — Practising CA Firm |
|---|---|---|
| Aadhaar mobile OTP readiness check | Not performed — discovered as failure during video verification call | Checked before any application is initiated; NRI SIM issues identified and resolved in advance |
| DSC type and portal-scope determination | Client selects type without CA guidance — mismatches common (wrong class, missing ICAI number for CAs, missing org name for DGFT) | Advisory call before application determines correct DSC type, embedded identity fields, and all portals requiring mapping |
| Multi-director parallel processing | Directors typically apply independently, often sequentially | All director DSCs initiated simultaneously on Day 1 of incorporation — no serialisation delay |
| NRI director coordination | Client navigates the alternative verification process independently — typically delayed or incorrect | PNPC coordinates the NRI-specific passport verification process with the CA; international video call scheduled at suitable hours |
| Cross-portal mapping after token delivery | Client's responsibility — mapping is not part of CA issuance service; portals have separate processes | MCA21 DIN mapping, GST portal registration, DGFT IEC mapping, TRACES TAN mapping — all completed by PNPC before first filing |
| Token driver and signing application setup | Client installs from CA website; troubleshoots independently | PNPC guides driver installation, resolves browser-plugin issues, and verifies full signing chain before first live filing |
| DSC expiry tracking | No systematic tracking — expiry discovered at filing rejection | Expiry entered into compliance calendar at issuance; renewal initiated 30 days in advance without client needing to track |
| Post-renewal portal re-mapping | Commonly missed — new certificate serial number not updated on portals; filing rejected with 'DSC not registered' | Post-renewal MCA21 and all portal re-mappings performed as standard part of renewal engagement |
| Token loss or PIN lock response | Client contacts CA directly, navigates revocation and reissuance independently | PNPC manages immediate revocation request to CA, tracks reissuance, coordinates replacement token delivery and portal re-mapping |
| Integration with MCA, GST, DGFT, IT compliance | DSC treated as an isolated registration task | DSC is integral to every compliance engagement — any filing that requires a DSC signature is tracked and the DSC is confirmed valid before submission |
| Emergency DSC failure at filing deadline | Client troubleshoots independently under pressure | PNPC diagnoses root cause, activates expedited renewal, assesses co-director signing options, and manages the CA interaction to minimise delay |
| Guidance on PIN management and security | Standard CA instruction booklet | Briefing on secure PIN storage, lockout recovery, and the consequences of token compromise — tailored to the client's filing frequency and risk profile |
What the PNPC package includes
- 01
Pre-application advisory: DSC type selection, portal scope, and Aadhaar readiness check
- 02
Certifying Authority application initiation — eMudhra or Capricorn as appropriate to client needs
- 03
All document preparation review — PAN/Aadhaar name match, organisation proof, Board Resolution drafting
- 04
Video verification scheduling and coordination — including NRI and international applicants by video call
- 05
Crypto token delivery tracking and first-use PIN setup guidance
- 06
MCA21 DIN-to-DSC mapping and portal registration
- 07
GST portal, DGFT (IEC-linked), and TRACES (TAN-linked) DSC registration where applicable
- 08
Driver installation and signing application setup — verified before first live filing
- 09
Test signature on primary portal before first regulatory deadline
- 10
Expiry tracking on compliance calendar — renewal initiated 30 days before expiry
- 11
Post-renewal portal re-mapping — all portals updated with new certificate serial number
- 12
Revocation and reissuance support for lost, damaged, or compromised tokens
- 13
Emergency response for DSC failures at filing deadlines — root cause diagnosis and CA escalation
Speak directly with a PNPC Chartered Accountant — your DSC is the signature infrastructure behind every filing your business will make in India; getting it right from Day 1, and keeping it renewed and portal-mapped without gaps, means your compliance deadlines are never held up by a missing, expired, or mis-configured token.