HomeServicesRegistrations & LicencesDigital Signature Certificate (DSC) – including DGFT DSC

Registrations & Licences · Core Business Registrations

Digital Signature Certificate (DSC) – including DGFT DSC

A Digital Signature Certificate is the legal equivalent of your wet-ink signature for every government filing in India — MCA company filings, GST portal submissions, Income Tax returns for companies and audit cases, DGFT export applications, and e-tender submissions.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

A Digital Signature Certificate is the legal equivalent of your wet-ink signature for every government filing in India — MCA company filings, GST portal submissions, Income Tax returns for companies and audit cases, DGFT export applications, and e-tender submissions. Without a valid Class 3 DSC, a company cannot file its annual returns, a director cannot be appointed, a contract cannot be submitted on the government procurement portal, and a CA cannot certify an audit. At PNPC Global, we obtain and renew DSCs for directors, partners, authorised signatories, and practising CAs as part of every incorporation and compliance engagement — because the DSC is not a standalone requirement, it is the signature infrastructure that makes every other compliance filing legally valid. We have managed this process for clients across Chennai, Bangalore, Hyderabad, and the UAE since the first generation of digital signature infrastructure was introduced in India — so when a video verification fails, a token is locked, or a portal rejects a DSC at deadline, we have seen it and resolved it before.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Digital Signature Certificate (DSC) – including DGFT DSC is

A Digital Signature Certificate (DSC) is an electronic document issued by a government-licensed Certifying Authority (CA) under the Information Technology Act 2000 and the IT (Certifying Authorities) Rules 2000. It contains the holder's identity information, their public key, and the digital signature of the issuing Certifying Authority — creating a cryptographically verifiable proof that a specific, authenticated individual signed a specific document at a specific time. The legal basis for DSC-based signatures in India is Sections 3–15 of the IT Act 2000 and the IT (Certifying Authorities) Rules 2000, which define the framework of licensed Certifying Authorities operating under the Controller of Certifying Authorities (CCA), an office established by the Ministry of Electronics and Information Technology (MeitY). A DSC-signed document carries the same legal weight as a wet-ink signature under Indian law and is specifically mandated by the MCA, CBDT, CBIC, and DGFT for company and entity-level submissions on their respective portals.

DSCs in India are classified by use class. Class 3 is the current active class for all legal, regulatory, and government portal submissions — it involves the highest level of identity verification and is the only class accepted by MCA21 (SPICe+, AOC-4, MGT-7, and all other company and LLP forms), the GST portal for entity-level DSC authentication, the Income Tax e-filing portal for company ITRs and audit reports, DGFT for import-export authorisations, and the Government e-Marketplace (GeM) and central public procurement portal (CPPP) for e-tender submissions. Earlier classes — Class 1 and Class 2 — were phased out for regulatory filings. From 1 January 2021, the MCA mandated that all company and LLP forms filed on MCA21 must use Class 3 DSCs. A Class 2 DSC issued before this transition is no longer accepted even if it has not expired in terms of its validity period.

The DSC is physically stored on a USB crypto token (dongle) issued and configured by the Certifying Authority. The private key — the mathematically unique key that generates your signature — is stored in a tamper-resistant hardware chip inside the token. It never leaves the device, even when the token is plugged into a computer. When you sign a filing, the token generates the digital signature locally using your PIN-protected private key, producing a signature that can be verified by the recipient (or the government portal) using your corresponding public key embedded in the DSC. This architecture makes it technically impossible for a digital signature to be forged — even a person who has physical access to your token cannot use it without your PIN.

For DGFT specifically, the DSC requirement has additional dimensions: exporters and importers applying for Advance Authorisation, EPCG licences, IEC amendments, and other export entitlement schemes on the DGFT portal must use a Class 3 DSC registered to their IEC (Importer-Exporter Code). The DGFT portal requires the DSC to be linked to the entity's GSTIN and IEC in the portal's own authentication system, adding a portal-specific registration step beyond the DSC issuance itself. A firm that assists clients through DGFT applications must coordinate both the DSC and the DGFT portal mapping — which PNPC handles end-to-end as part of every DGFT engagement.

When a Class 3 DSC is required

Company incorporation — SPICe+ filing on MCA21 requires a valid Class 3 DSC from all proposed directors; without it, the form cannot be submitted

All MCA annual filings — AOC-4 (financial statements), MGT-7 (annual return), ADT-1 (auditor appointment) — signed by the director's DSC; filing deadline penalties (₹100/day, no cap) accrue from the due date

LLP incorporation and annual filings — FiLLiP, Form 3, Form 8, Form 11 — signed by the designated partner's DSC; both designated partners must have valid DSCs

GST filings where DSC authentication is chosen — companies (non-individuals) may opt for DSC-based portal authentication rather than EVC; DSC is accepted for all GST filings

Income Tax returns and audit reports — ITR-6 (companies), tax audit reports and transfer pricing audit reports (audit-threshold and international/specified-transaction provisions under the Income Tax Act), Form 3CA-3CD — signed by director and tax auditor DSCs respectively

DGFT applications — Advance Authorisation, EPCG licence, IEC amendments, Annual SION revision submissions for company entities — registered DSC required on the DGFT portal

e-Tender submissions on CPPP, GeM, and state government procurement portals — bids digitally signed with Class 3 DSC

Practising Chartered Accountants — required for certifying audit reports, financial statements, and compliance certificates submitted to MCA and Income Tax portals; CA's DSC includes their ICAI membership number

All MCA director-level event forms — DIR-3 KYC, DIR-3 KYC-Web, DIN allotment, DIR-12 for director appointment and resignation, SH-7 for authorised capital changes, MGT-14 for resolution filings

NCLT and SEBI filings where digital signature is prescribed — merger schemes, capital market applications, and listed company event disclosures where the form specifically requires DSC authentication

When a Class 3 DSC may not be necessary

Udyam MSME registration — uses Aadhaar OTP authentication only; a DSC is neither required nor accepted in the Udyam portal's registration flow

Individual Income Tax return filing (ITR-1, ITR-2, ITR-4 for individuals) where e-verification via Aadhaar OTP, net banking, or bank account is sufficient — DSC is one permitted option but not mandatory

GST registration for individuals and sole proprietors using Aadhaar OTP authentication — DSC is an alternative for those who prefer it, not a requirement in these cases

Proprietorship or individual filings on portals that have fully implemented Aadhaar OTP-based e-verification as the primary method, and where DSC is not specifically mandated by the portal

Startups incorporated as a Pvt Ltd that have already satisfied all DSC requirements for directors — additional DSCs are not needed unless new directors are being added or a new portal (DGFT, GeM) is being used for the first time

One-time agreements and bank KYC using eSign services — Aadhaar-based eSign (operated by NSDL e-Gov and CDSL) is appropriate for transactional document signing where regulatory mandates do not require a hardware-backed DSC

Structure Comparison

DSC types and authentication alternatives compared

FeatureClass 3 DSC — IndividualClass 3 DSC — OrganisationDocument Signer (Bulk/Server)Aadhaar eSign (Online)Aadhaar OTP / EVC
Who holds itNamed individual — stored on personal USB crypto tokenNamed individual acting on behalf of a named organisation — organisation name embedded in certificateOrganisation-level system account — typically an HSM or server-side hardwareAny Aadhaar-linked individual — no hardware deviceAny Aadhaar-linked or bank-linked individual — no hardware
Identity verification levelAadhaar eKYC + live video verification with Certifying Authority representativeAadhaar eKYC + video verification + organisation authorisation documents and entity proofAs prescribed by the Certifying Authority for bulk signing systemsAadhaar OTP only — real-time at time of signingAadhaar OTP, bank account, net banking, or DEMAT account
Physical token requiredYes — USB crypto token issued by Certifying Authority; private key non-exportableYes — USB crypto token; private key non-exportableNo — server-side HSM for bulk signing workflowsNo — purely online per-transactionNo — purely online session-based
Reusable across multiple filingsYes — reused for every filing until expiryYes — reused for every filing until expiryYes — for bulk system integrationsNo — each transaction requires a new OTP; not a persistent certificateNo — session-level only
MCA21 company / LLP filingYes — required for all SPICe+, AOC-4, MGT-7, and other company formsYes — same acceptance as individual, with organisation contextNo — not accepted for individual director-signed company formsNo — not accepted by MCA21 for company filingsLimited — only for certain non-DSC forms; not for main annual filings
DGFT portal filingsYes — must be registered to IEC on the DGFT portalYes — organisation DSC with IEC linkageNot applicable for standard DGFT submissionsNoNo
Income Tax — company ITR and audit reportYes — director DSC for ITR-6; CA DSC for audit reportYesNot applicableNoNo — for company returns, DSC is the mandated method
GST portalYes — accepted for all GST filings by entities opting for DSC authYesNot applicableNoYes — Aadhaar OTP or EVC accepted for individuals and proprietors; companies may choose DSC or EVC
Validity period1, 2, or 3 years from issuance1, 2, or 3 years from issuancePer CA agreement for bulk systemsPer transaction only — no reuse across separate transactionsSession-only — no validity concept
Approximate cost₹1,200–₹3,000 depending on validity period and Certifying Authority₹1,500–₹3,500 depending on validity and CAHigher — volume/enterprise pricing; negotiated with CASmall per-transaction fee via NSDL e-Gov / CDSL eSign serviceNo cost to user — OTP delivery via telecom
Legal standing for regulatory filingsFully legally valid under IT Act 2000 for all mandated portalsFully legally validLegally valid for system-to-system bulk signing; not for individual attestationLegally valid for general purpose but not mandated portalsAccepted where specifically permitted by the portal; not a digital signature under IT Act Sec 3
Revocation / loss managementRevocable by Certifying Authority on request — immediate effect; replacement requires fresh issuanceRevocable on requestRevocable via CA system administrationNo revocation needed — per-transactionNo revocation needed — session-based

All cost ranges are approximate market rates as of the content update and vary by Certifying Authority (eMudhra, Capricorn, CDAC, NSDL e-Gov) and validity period. PNPC obtains DSCs through licensed CAs and passes cost through without markup. eSign and OTP are not substitutes for a hardware-backed Class 3 DSC on MCA21, DGFT, or company-level Income Tax portal submissions.

How it works
#Stage & What PNPC DoesWhat First-Time Applicants Often MissTimeline
1Pre-application advisory: portal mapping and DSC type determinationNot all DSCs are the same even within Class 3. A director's DSC, a practising CA's DSC, an authorised signatory DSC for a company, and an export house signatory DSC for DGFT all have different identity information embedded and may require different documentation. Before applying, PNPC identifies which portals the applicant will use, whether an individual or organisation-type DSC is needed, and whether ICAI membership number or IEC needs to be embedded — avoiding a mismatch that makes the DSC unusable on the intended portal.Day 1 — no filing started until this is confirmed
2Aadhaar and mobile number readiness verificationThe Class 3 DSC eKYC process requires an Aadhaar number linked to an active mobile number that is accessible at the time of video verification. A SIM that is inactive, ported, or in a different country will cause OTP delivery failure during the video call — halting the process. PNPC asks every applicant to verify Aadhaar-mobile linkage before scheduling the video call. For NRI applicants, this is the single most common point of failure if not addressed in advance.Day 1 — checked before Certifying Authority application is initiated
3Certifying Authority selection and application initiationOnly organisations licensed by the Controller of Certifying Authorities (CCA) under the IT Act can issue valid DSCs in India. PNPC works with licensed CAs — primarily eMudhra and Capricorn — who are authorised by the CCA and have established video verification infrastructure. The applicant's name, Aadhaar number, PAN, and email are submitted to the CA's portal to initiate the application. The Certifying Authority's name is embedded in the DSC and visible on every signed document — choosing an established, licensed CA matters for portal acceptance.Day 1 — application submitted same day as advisory
4Document preparation and submission to Certifying AuthorityThe CA application requires a scanned PAN card, Aadhaar card details, a recent passport photograph, and an active personal email address. For organisation DSCs, additional documents — Board Resolution, Certificate of Incorporation, organisation PAN — must match exactly what is in the applicant's Aadhaar and MCA records. Any name discrepancy between PAN and Aadhaar (even a missing middle initial or different spelling) causes CA rejection. PNPC reviews all documents for name consistency before submission.Day 1 — submitted along with application
5Aadhaar eKYC and video verificationThe applicant completes a video verification with the Certifying Authority's representative — typically 5–10 minutes, conducted on a smartphone. The purpose: confirm that the physical person matches the Aadhaar identity. The applicant must be in a well-lit environment and produce the original Aadhaar card on camera. The video is retained by the CA as per CCA guidelines. For NRI applicants or applicants outside India, this is done by video call at a scheduled time. PNPC schedules and briefs applicants before the call.Day 1–2 — completed same day or next day in most cases
6USB crypto token configuration and quality checkAfter video verification is approved, the Certifying Authority configures the DSC onto a USB crypto token (e-Pass, iKey, or equivalent brand depending on the CA). The token contains the private key in a tamper-resistant hardware chip. PNPC confirms token dispatch with the CA and provides applicants with the token's first-use PIN-setting instructions in advance — so that when the token arrives, the applicant can set their PIN immediately without waiting for a separate call.Day 2–3 — configuration completed within 24 hours of successful verification
7Physical crypto token deliveryThe configured token is sent by registered courier to the applicant's address. Within India, delivery is typically 2–4 working days from dispatch. For international delivery to NRI applicants, timelines vary by destination country — typically 7–14 working days via international courier. PNPC provides the tracking number and monitors delivery status. The token is sealed on delivery — opening and PIN setup is the applicant's first action upon receipt.Day 3–6 from successful video verification for domestic; Day 7–17 for international
8PIN setup and first-use testThe crypto token arrives with a default factory PIN or a temporary PIN depending on the CA. The applicant sets their personal PIN on first use using the CA's token management software installed on a Windows or Mac computer. PNPC guides the applicant through driver installation (the token requires a USB driver from the CA's website) and confirms the token is recognised by the device before proceeding to portal mapping. A failed driver installation at this stage is a common problem that delays portal mapping.Day 6–7 — completed after token delivery, guided by PNPC
9MCA21 portal DSC mapping — DIN linkageOn MCA21 (V3), the DSC must be registered and mapped to the applicant's DIN (Director Identification Number) before it can be used to sign any company form. This requires the applicant to log into MCA21 using their DIN credentials, navigate to the DSC registration section, and complete the mapping with the token plugged in. PNPC coordinates this mapping step — it is not automatic on token delivery. A DSC that is not mapped to a DIN on MCA21 will be rejected by every form it is used on.Day 7–8 — immediate priority after token delivery
10DGFT portal DSC registration (where applicable)For clients using the DSC for DGFT applications (Advance Authorisation, EPCG, IEC amendment), the DSC must be separately registered on the DGFT portal under the entity's IEC profile. This is a distinct process from MCA21 mapping — the DGFT portal has its own DSC authentication system. PNPC handles DGFT portal DSC registration as part of DGFT engagement onboarding, and tests the DSC on the portal before the first DGFT application is submitted.Day 7–10 — alongside or after MCA21 mapping, as applicable
11GST and TRACES portal DSC registration (where applicable)The GST portal allows DSC as an authentication method for all entity-level filings. The DSC must be registered under the entity's GSTIN profile on the GST portal if DSC authentication is to be used. Similarly, TRACES (TDS Reconciliation Analysis and Correction Enabling System) allows DSC registration for TAN-linked DSC authentication for TDS correction statements and other TRACES functions. PNPC registers the DSC on each portal the client will use — not just MCA21.Day 7–10 — after MCA21 mapping, as part of complete portal setup
12First live filing and confirmationBefore the client's first actual regulatory deadline filing using the new DSC, PNPC performs a test signature on a draft form to confirm the token, PIN, driver, browser plugin, and portal mapping are all functioning correctly. Discovering a misconfiguration at deadline pressure — when a DSC error prevents submission of an MCA form due by midnight — is a preventable scenario. The test signature provides assurance that the entire chain works before any real filing is attempted.Day 8–10 — before any live deadline filing
13Expiry tracking and proactive renewal managementA DSC expires at the end of its validity period — 1, 2, or 3 years from issuance. An expired DSC immediately and completely loses its ability to sign any filing — there is no grace period. The renewal process mirrors the original application: eKYC, video verification, token reconfiguration or replacement, and portal re-mapping. PNPC tracks DSC expiry dates for all clients on the compliance calendar and initiates renewal 30 days before expiry — not on the day after a filing is rejected because the DSC expired overnight.Ongoing — renewal initiated 30 days before expiry as a matter of standard procedure
14Post-renewal portal re-mappingA renewed DSC — even when loaded onto the same physical token — typically requires re-mapping on MCA21, the GST portal, DGFT, and any other portal where the old DSC was registered, because the certificate serial number changes with each renewal. This is a step many clients miss: they renew the DSC, receive the token, and then encounter an 'invalid DSC' error on MCA21 because the old certificate mapping is no longer valid. PNPC performs post-renewal portal mapping as part of every renewal engagement.Within 1–2 days of token receipt after renewal — before the next filing

A new Class 3 DSC takes 5–10 working days from initiation to delivered and portal-mapped token in most Indian cities. For time-sensitive filings, initiate at least two weeks before the deadline. Renewal should be initiated 30 days before expiry to ensure no filing is held up by an expired DSC.

Document Checklist
For Individual Class 3 DSC (Directors, Partners, Authorised Signatories)

Aadhaar Card — must be linked to an active, accessible mobile number for OTP delivery during video verification; name on Aadhaar must match PAN exactly — even a single character discrepancy causes CA rejection

PAN Card — for identity cross-verification with Aadhaar data; name must match Aadhaar exactly; self-attested copy required

Recent passport-sized photograph — white background, taken within the last 3 months; the photo is also used in the video verification process

Active personal email address — used by the Certifying Authority for DSC-related communications, OTP delivery for the portal application, and post-issuance notifications

Active mobile number linked to Aadhaar — must receive OTP at the time of video verification; confirm the SIM is active and in the applicant's possession on the day of the video call

For NRI applicants without accessible Aadhaar OTP: valid Indian passport — the Certifying Authority's NRI process uses passport-based identity verification with additional documentation; specific requirements vary by CA; PNPC coordinates the full NRI process

For Organisation-Type Class 3 DSC (Signatory Acting for a Company / LLP)

All individual applicant documents above for the authorised signatory (Aadhaar, PAN, photograph, email, mobile)

Certificate of Incorporation of the company or LLP — to establish the entity's legal existence

Organisation PAN — to link the DSC to the entity on whose behalf the signatory is authorised to act

Board Resolution (for companies) or Partner Resolution / Authorisation Letter (for LLPs) explicitly authorising the named individual to obtain a DSC on behalf of the organisation — this document is retained by the Certifying Authority

Organisation's registered address proof — utility bill or bank statement in the entity's name, dated within 3 months of DSC application

If the authorised signatory's DIN is different from the Aadhaar name (due to old DIN or name change) — additional identity bridging documents as specified by the CA

For Practising Chartered Accountants

ICAI Membership Certificate — the membership number (M-number) is typically embedded in the DSC used for MCA and Income Tax audit certifications; required by the CA at application stage

Certificate of Practice (CoP) — if the DSC is specifically being obtained for audit report certifications under the Income Tax Act or MCA (required to demonstrate the CA is in practice, not just a member)

Aadhaar, PAN, photograph, email, mobile — as for any individual DSC applicant

Firm registration proof if signing on behalf of a CA firm — CA firm registration certificate from ICAI and authorisation from the firm's managing partner

For DGFT-Specific DSC (Export-Import Authorisation Applications)

All individual applicant documents (Aadhaar, PAN, photograph, email, mobile)

Importer-Exporter Code (IEC) certificate of the entity — the DGFT portal DSC must be registered under the IEC

GSTIN of the entity — required for DGFT portal profile, which must be consistent with the DSC applicant's identity

Authorisation letter from the IEC holder entity naming the specific individual as authorised signatory for DGFT portal submissions

Certificate of Incorporation / LLP Agreement / partnership deed as applicable to the entity type

For e-Tender / GeM Portal DSC

Individual Class 3 DSC standard documents (Aadhaar, PAN, photograph, email, mobile)

GeM / e-Procurement portal seller or vendor registration details — the DSC must be mapped to the entity's GeM seller profile or e-tender registration

Organisation authorisation if the DSC is for a named employee authorised to submit bids on behalf of the company

For Renewal of an Existing DSC

Same documents as for original issuance — Aadhaar, PAN, photograph, email, mobile; re-verification is required; the old DSC does not carry over identity verification

Existing USB crypto token (if the same physical token will be reconfigured) — some CAs can load the renewed certificate onto the existing token if it is functional and compatible; otherwise a new token is issued

If applicant's name or other identity details have changed since original issuance — additional documents evidencing the change (gazette notification for name change, marriage certificate, etc.) to ensure consistency with Aadhaar

Ongoing obligations
PhaseTrigger EventPNPC CA ActionRisk If Ignored
First issuance — incorporation contextCompany or LLP incorporation initiated; all proposed directors/partners need DSCs for SPICe+ or FiLLiP filingAadhaar readiness check for all directors/partners simultaneously; CA applications initiated in parallel; video verifications scheduled and coordinated including NRI directors; tokens dispatched and delivery tracked; MCA21 DIN mapping performed for each director after token receipt; test signatures confirmed before SPICe+ submission.SPICe+ or FiLLiP cannot be signed and submitted — incorporation blocked until all required director DSCs are in place. Delay cascades to name clearance expiry and missed targeted timelines.
First issuance — compliance contextDirector, partner, or authorised signatory needs a DSC for annual filings (AOC-4, MGT-7, ITR-6, GST, DGFT) for the first timeSame process as above. Additionally: identify all portals the applicant will file on; perform cross-portal mapping (MCA21 + GST + DGFT + TRACES) after token delivery; confirm test signature on each relevant portal.Annual filing deadline missed — MCA penalty at ₹100/day per form, no ceiling. GST/IT filing delay attracts interest and late fees. DGFT application cannot be submitted.
First portal mappingUSB crypto token delivered to applicantDriver installation guided. MCA21 DIN-to-DSC mapping performed. GST portal DSC registration completed if applicable. DGFT portal DSC registration completed if applicable. TRACES DSC mapping where relevant. Test signature on primary portal before first filing.Portal rejects DSC at time of first live filing. Error message 'DSC not registered' discovered at deadline pressure. Emergency mapping attempted under time constraint.
Validity expiry — proactive renewal30 days before DSC expiry date (tracked by PNPC)Renewal initiation — same process as original issuance: eKYC, video verification, token reconfiguration or replacement. Post-renewal, all portals where the old DSC was registered must be updated with the new certificate — MCA21, GST, DGFT, TRACES. PNPC manages this entire renewal and re-mapping process.Expired DSC cannot sign any filing. If discovered at filing deadline: emergency renewal under time pressure, minimum 3–5 working days lost, penalty accumulating from missed deadline. Avoidable with 30-day advance renewal.
Director or designated partner changeNew director/designated partner appointed to company or LLPNew DSC obtained for incoming director/partner (full issuance process). New DSC mapped to their DIN/DPIN on MCA21. DIR-12 or Form 4 (LLP) filed with MCA to effect the appointment — both the outgoing and incoming director DSCs used in the filing.Company/LLP forms requiring the new director's signature cannot be filed. Event-based MCA form deadlines (DIR-12 within 30 days of appointment) may be missed, attracting per-day penalties.
Token loss, damage, or PIN lockCrypto token physically lost, broken, or PIN locked after repeated failed attemptsReport immediately to Certifying Authority. Revoke the compromised or locked DSC. Fresh application initiated — full re-issuance process with eKYC and video verification. New token issued. Post-issuance portal re-mapping on all relevant portals.Filing suspension from the date of loss/lock until new token delivered and portals re-mapped (typically 5–10 working days). If deadline falls during this period, penalties accrue. PIN lockout (typically after 3–5 incorrect attempts depending on the CA) is the most common non-expiry DSC disruption we see.
Security compromise or suspected misuseToken stolen, unauthorised access suspected, or malicious signing discoveredImmediate revocation request to issuing Certifying Authority — revocation takes effect immediately and permanently. If any filings were signed under the compromised DSC without authorisation, PNPC assists with MCA / portal-level dispute filing. Replacement DSC initiated immediately.An unrevoked compromised DSC can be used to sign documents — MCA forms, tax returns, DGFT applications — in the holder's name without their consent. Fraudulent filings under an unrevoked compromised DSC create legal liability that is very difficult to resolve retroactively.
Authorised signatory change within entityThe individual whose DSC was used for entity filings resigns, retires, or changes roleRevoke the outgoing signatory's organisational access from company portal accounts. Obtain DSC for new authorised signatory. Update MCA, GST, DGFT, and other portals with new signatory's DSC. File necessary MCA event forms (DIR-12 for director changes; for non-director signatories, update respective portal profiles).Outstanding filings or applications in-flight may be attributed to a former signatory. If the outgoing signatory's DSC is retained in portal systems, there is a governance risk of filings being signed by an individual who no longer has authority.
CA practitioner's DSC — audit season usage and renewalAnnual audit season: company audit reports, ITR-6, Form 3CD must be signed by the auditor's DSC before statutory deadlinesPNPC's own practitioner DSCs are maintained on an internal renewal calendar with a 45-day advance renewal policy (longer lead time than the standard 30 days, reflecting the audit season congestion risk). CA's ICAI membership renewal is also tracked — a lapsed ICAI membership can invalidate an audit certificate even if the DSC is valid.A practising CA's expired DSC during audit season (August–October for companies; January–March for individuals) creates a bottleneck affecting multiple client filings simultaneously. This is a systemic risk, not an individual client risk.

The DSC lifecycle is not a one-time event — it is an ongoing compliance infrastructure. Token loss, PIN lock, and expiry are predictable failure modes. PNPC's DSC management approach treats expiry tracking and portal mapping as a continuous service, not a one-off task at initial issuance.

Frequently asked
What is a Class 3 DSC — and why did Class 1 and Class 2 stop working?

Class 3 is the current active and mandatory class for all government portal submissions in India. The IT (Certifying Authorities) Rules define three classes by identity assurance level. Class 1 involved email-only verification with minimal identity assurance. Class 2 involved Aadhaar-based or similar database verification but without in-person or video verification. Class 3 involves the highest level of identity assurance — currently implemented through Aadhaar eKYC plus a live video verification with the Certifying Authority's representative. The Controller of Certifying Authorities mandated Class 3 for all MCA company and LLP filings from 1 January 2021. Class 2 DSCs that were issued before this date and have not expired in terms of their validity period are nonetheless now rejected by MCA21, which validates the DSC class at the time of filing.

Practitioner noteWe regularly encounter clients who present old Class 2 DSCs and wonder why MCA is rejecting them — sometimes these tokens have two years of nominal validity remaining but the class makes them unusable. The answer is always the same: the portal validates the class field in the certificate, and Class 2 is not accepted. The fix is to obtain a fresh Class 3 DSC — not renew the old one.
Does every director of a company need their own separate DSC?

Yes. For company filings on MCA21, every director who is required to sign a particular form must have their own individual Class 3 DSC. MCA21 forms are signed by specific named directors — not by a generic company-level credential. For incorporation, every proposed director must have a valid DSC before the SPICe+ form is filed. For annual filings such as AOC-4 and MGT-7, at minimum the director signing the forms (typically the Managing Director or a designated director) and the statutory auditor must each have a valid, unexpired Class 3 DSC. One director cannot use another director's DSC — the signature would identify the wrong person and the portal's DIN-to-DSC mapping would reject it.

Practitioner noteFor companies with 3–5 directors, we coordinate DSC applications for all directors in parallel from Day 1 of the incorporation engagement. Waiting for one director's token to arrive before starting the next one wastes 3–5 days per director. Running them simultaneously is standard PNPC practice.
Can an NRI director get a Class 3 DSC without visiting India?

Yes. The Certifying Authorities' video verification process is conducted remotely — by video call — and does not require physical presence in India. For NRI directors who have an Aadhaar linked to an Indian mobile number they can access abroad, the standard eKYC + video process applies. For NRI directors whose Aadhaar is linked to an inactive Indian SIM (a very common situation), the OTP delivery will fail and the standard process is not usable. In this case, Certifying Authorities have an alternative process typically using the Indian passport as the primary identity document, with notarised copies and additional steps — the exact requirements vary by CA. The crypto token is then shipped by international courier to the applicant's address. Timeline for NRI applicants is typically 10–20 working days from initiation to token delivery internationally.

Practitioner noteThe Aadhaar-to-inactive-SIM problem for NRI directors is the most frequent DSC delay we see in cross-border incorporations. The right time to identify this is before the incorporation engagement begins — not when the SPICe+ filing date has arrived and one director's video verification is failing. We ask about this explicitly at engagement kickoff.
What happens if a DSC expires just before an MCA annual filing deadline?

An expired DSC is immediately non-functional — MCA21 validates the DSC's validity period at the time of signing, and will reject a form signed with an expired certificate with an error message indicating certificate expiry. The filing is incomplete and the deadline is not met. If this happens on or after the due date for AOC-4 or MGT-7, penalties at ₹100 per day per form begin accruing from the due date, with no statutory ceiling. The renewal process takes 3–7 working days from initiation (eKYC + video + token delivery + portal mapping). The only protection is proactive renewal before expiry — PNPC initiates renewal 30 days before expiry for all clients.

Practitioner noteExpired DSC discovered at filing deadline is one of the most stressful and entirely preventable compliance emergencies we manage. The cost is the renewal fee plus the penalty that accrues during the 5–7 day renewal process. A 30-day advance renewal window costs nothing extra and eliminates this risk entirely.
Can one Class 3 DSC be registered and used across all government portals — MCA, GST, Income Tax, DGFT, GeM?

Yes — a single Class 3 DSC on a single USB token can be registered and used across all portals simultaneously. The DSC is not portal-specific at the certificate level. However, each portal has its own registration and mapping process: MCA21 requires DIN-to-DSC mapping; the GST portal requires DSC registration under the GSTIN; TRACES maps the DSC to the TAN; the DGFT portal requires DSC registration under the IEC. All of these are one-time setup steps (repeated at each renewal). PNPC performs cross-portal mapping for every DSC as part of the standard service, not as an add-on.

Practitioner noteHaving one DSC across all portals is administratively much cleaner than multiple DSCs for different portals. It means one expiry date to track, one renewal to manage, and one token to secure. The multi-portal setup (mapping) effort is a one-time step, not an ongoing cost.
Is a DSC the same as Aadhaar OTP authentication or an eSign service?

No — these are legally and technically distinct mechanisms. A Class 3 DSC is a hardware-backed cryptographic certificate stored on a USB token. It creates a persistent digital signature: the same certificate can sign thousands of documents over its 1–3 year validity period, each signature cryptographically tied to the specific document content and verifiable by anyone with the public key. Aadhaar eSign is an online service that uses Aadhaar OTP for one-time transaction authentication — it produces a legally valid signature for general contracts and agreements, but is not accepted by MCA21 for company forms, is not accepted by the DGFT portal, and is not used for company Income Tax returns. Aadhaar OTP portal verification (used for individual ITRs, Udyam, proprietorship GST registration) is a session authentication mechanism — not a digital signature at all. These are different tools for different purposes, and only the Class 3 hardware DSC satisfies the regulatory mandates for company-level government filings.

Practitioner noteThe confusion arises because multiple government portals use Aadhaar OTP in their login or verification flows. Aadhaar OTP on a portal is not the same as the Aadhaar OTP used during DSC video verification (which is part of the ID-proofing process, not the signing act itself). The DSC is issued once, stored on a token, and used for signing — it is a fundamentally different infrastructure.
What is the difference between a DSC for a director and a DSC for a practising CA?

Both are Class 3 DSCs and use the same cryptographic infrastructure. The difference is in the identity information embedded in the certificate and the regulatory context in which they are used. A director's individual DSC identifies the person by name (and optionally organisation), and is used to sign MCA forms, ITR-6, GST filings, and DGFT applications in the director's capacity. A practising CA's DSC is an individual DSC that typically includes the CA's ICAI membership number in the certificate fields — enabling portals (particularly MCA21 and the Income Tax portal) to verify that the signatory is a registered practising CA before accepting an audit certificate or financial statement certification. A CA who is simultaneously a director of a company may hold two separate DSCs: one practitioner DSC for audit-related signings, and one director DSC for company compliance filings — using each in its appropriate context.

Practitioner noteFor a CA-director (a CA who sits on a company's Board), we typically obtain both DSCs upfront and map them to their respective portal contexts. Using the practitioner DSC for an MCA director signature or vice versa can cause portal validation errors because the certificate-level identity fields differ.
What does the USB crypto token actually do — and what happens if I lose it?

The USB crypto token is a hardware security device that stores your private key in a tamper-resistant chip. When you sign a document or filing, the computer sends the document hash to the token, the token computes the signature using your PIN-protected private key inside the chip, and returns the signature to the computer. The private key itself never leaves the chip. This architecture means: even if someone intercepts data between the token and the computer, they cannot extract the private key; even if someone gains access to your computer, they cannot sign anything without the physical token and the PIN. If the token is lost or stolen, the DSC must be immediately revoked by contacting the issuing Certifying Authority. Revocation takes effect immediately and prevents any future use of that certificate. A new DSC application is required — the revoked certificate cannot be restored. PNPC manages revocation and reissuance as a single coordinated process.

Practitioner notePIN lockout — typically triggered after 3–5 consecutive incorrect PIN attempts depending on the CA — is a separate issue from loss. A locked token is recoverable by the CA (who can reset or unlock it in some cases) or by full reissuance. We advise all clients to write the PIN in a secure location (a password manager, a physically secured document) and never share it. The token plus PIN combination is equivalent to a cheque book plus bank signature — treat it accordingly.
Which Certifying Authorities are licensed to issue Class 3 DSCs in India?

Only organisations licensed by the Controller of Certifying Authorities (CCA), which operates under the Ministry of Electronics and Information Technology, can issue legally valid DSCs in India. The currently active licensed CAs include eMudhra, Capricorn CA, CDAC (Centre for Development of Advanced Computing), NSDL e-Gov, and a small number of others. The current list is published on the CCA website (cca.gov.in). All licensed CAs issue equally valid DSCs — the legal standing of a DSC does not depend on which licensed CA issued it. PNPC works primarily with eMudhra and Capricorn for established video verification infrastructure and nationwide courier delivery. Offerings from unlicensed operators (sometimes seen on classified ad sites) have no legal validity.

Practitioner noteWe use only licensed, established CAs. Unlicensed 'DSC services' that offer unusually cheap prices and no video verification are either fraudulent or issuing certificates with no legal standing. Any DSC not issued by a CCA-licensed Certifying Authority will be rejected by MCA21 and all other government portals.
How much does a Class 3 DSC cost — and what validity period should I choose?

Approximate market rates from licensed Certifying Authorities as of recent periods: 1-year validity — ₹1,200 to ₹1,500; 2-year validity — ₹1,800 to ₹2,500; 3-year validity — ₹2,200 to ₹3,000. These ranges vary by CA and may change. For a director or professional with ongoing annual filing obligations across MCA, GST, and Income Tax, a 3-year validity DSC is more cost-efficient per year and reduces the number of renewal cycles, which each require video verification and token reconfiguration — an operational disruption as well as a cost. PNPC recommends 2-year or 3-year validity for most clients. The cost is passed through to clients without markup.

Practitioner noteA 1-year DSC must be renewed every year — which means every year there is a window of renewal process time during which the applicant may not have a valid DSC. Three-year validity eliminates two of those windows over a six-year period. For directors with multiple MCA filing obligations, the value of avoiding an emergency renewal at a compliance deadline far exceeds the cost difference between 1-year and 3-year validity.
My company is being incorporated. When exactly should DSCs be arranged for the directors?

DSCs must be in place before the SPICe+ form is filed on MCA21 — all proposed directors must sign SPICe+ with their individual Class 3 DSCs. The DSC process should be initiated at the very start of the incorporation engagement — on Day 1, in parallel with name clearance checks and MoA/AoA drafting. A typical DSC takes 5–8 working days from initiation to delivered and portal-mapped token. If DSC applications are delayed until after the name clearance is obtained, the resulting gap can push the SPICe+ filing out by a week or more — during which the approved name may become available to others. PNPC initiates DSC applications for all directors on Day 1, always.

Practitioner noteThe most common source of preventable incorporation delay is DSC not in place when SPICe+ is ready to be filed. A name approval obtained from MCA is not guaranteed to remain available indefinitely — a 2–3 week delay caused by late DSC initiation can result in a rejected SPICe+ filing due to name conflict. Day 1 DSC initiation is non-negotiable in our process.
Can the same physical USB token be reused when I renew my DSC?

Often yes. The physical USB crypto token typically has a longer useful lifespan than a single DSC validity period — usually 5–10 years for the hardware. When a DSC expires and is renewed, the Certifying Authority can in many cases load the renewed certificate onto the same token, replacing the expired certificate. This depends on: whether the same CA is used for renewal (cross-CA token reuse is not always supported), whether the token model is compatible with the CA's current certificate format, and whether the token's own firmware supports reconfiguration. PNPC confirms with the CA at renewal time whether existing token reuse is feasible. If not, a new token is issued — which is included in the renewal cost from the CA.

Practitioner noteToken reuse at renewal is convenient but not always possible. We flag this to clients before the renewal so there is no surprise if a new token is needed. A client planning to travel internationally around the renewal time needs to know upfront whether to expect new hardware — different delivery address or timing considerations apply.
How does a DGFT-specific DSC work — is it different from a regular Class 3 DSC?

A DSC used for DGFT portal submissions is not a different type of certificate — it is the same Class 3 DSC. The difference is in the portal-level registration. The DGFT (Directorate General of Foreign Trade) portal has its own authentication system in which the DSC must be registered against the entity's IEC (Importer-Exporter Code). This registration is done within the DGFT portal after the DSC token is received — it is a one-time setup per IEC profile. Once registered, the DSC is used to sign and submit DGFT applications such as Advance Authorisation applications, EPCG licence applications, IEC amendments, and SION revision submissions. The IEC-holder entity's GSTIN must also be updated in the DGFT portal profile, and the profile must show the authorised signatory whose DSC is being registered.

Practitioner noteDGFT portal DSC setup is an area where many clients have difficulties — the portal interface is not as intuitive as MCA21, and the connection between the IEC profile, the GSTIN, and the DSC registration is not well-documented. We handle the DGFT portal DSC setup as an integral part of every DGFT engagement, not as an afterthought once the client encounters a submission error.
Does a company's DSC need to be updated when there is a director change?

Yes, in two respects. First, the outgoing director's DSC, while it remains technically valid until its expiry date, should no longer be used for company filings — it would represent a filing signed by someone who is no longer authorised. Second, the incoming director needs their own valid Class 3 DSC to sign future company forms. The DIR-12 form that effects the appointment and resignation of directors on MCA21 itself requires DSC signatures — from the incoming or outgoing director as applicable. After the change, the new director's DSC must be mapped to their DIN on MCA21 and portal access updated. PNPC manages the entire director change process including DSC coordination.

Practitioner noteDirector changes with short notice — a resignation effective immediately, for example — can create a situation where the incoming director needs a DSC urgently, and the DIR-12 deadline (30 days from appointment) is close. We advise clients to think about DSC lead times whenever a director change is being planned.
Is a DSC required for GST returns — or is Aadhaar OTP sufficient for company GST filings?

For GST filings by companies (not individuals or proprietors), the GST portal accepts both DSC authentication and EVC (Electronic Verification Code) authentication. EVC for companies is generated via the GST portal itself or via net banking — it does not require a hardware DSC. However, companies that prefer DSC-based authentication (for higher security assurance, or because their compliance workflow uses DSC-based signing) can register their director's Class 3 DSC on the GST portal and use it for all filings including GSTR-1, GSTR-3B, and GSTR-9. For companies that have already obtained a DSC for MCA filings, using the same DSC on the GST portal adds no marginal cost.

Practitioner noteMost of our clients with active MCA DSCs use the same DSC on the GST portal for consistency. A few prefer EVC for GST — a valid choice. The important point is that company-level GST filings have clear options and the DSC is one of them, not a requirement as it is for MCA company forms.
Can a DSC be used to sign PDF agreements and contracts, not just government portal forms?

Yes. A Class 3 DSC can be used to digitally sign any PDF document using PDF signing software (Adobe Acrobat, eMudhra's emSigner, or similar). The signature is visible in the PDF, cryptographically verifiable, and legally valid under the Information Technology Act 2000 for contracts and agreements. This is particularly useful for signing vendor agreements, employment contracts, shareholders' agreements, and other business documents electronically — avoiding the need to print, sign, and courier physical documents. The signed PDF carries a timestamp and the signer's verified identity, providing non-repudiation (the signer cannot later deny having signed).

Practitioner noteDirectors and professionals who already have a Class 3 DSC for regulatory filings can leverage the same token for PDF signing of all their business agreements — at no additional cost. This is an underutilised capability. We brief clients on this during the DSC onboarding process.
What is an emSigner, and do I need to install it to use my DSC?

eMudhra's emSigner (and similar tools from other Certifying Authorities, such as Capricorn's signing tool) is a desktop application that acts as a bridge between the USB crypto token and the web browser. Most government portals — MCA21, the GST portal, the Income Tax portal — use a Java applet or a web-based signing interface that needs to communicate with the token. Modern browsers have blocked or removed Java support, so Certifying Authorities provide standalone signing applications that handle the browser-to-token communication. Installation of the CA's signing application is typically required on the computer where the DSC is being used. PNPC provides guidance on the correct version to install for each portal combination, and troubleshoots browser-token communication errors that frequently arise after browser or Windows updates.

Practitioner noteBrowser and operating system updates are a leading cause of sudden 'my DSC stopped working' calls. A browser update may disable the plugin; a Windows update may affect USB driver compatibility. We advise clients to test their DSC on a portal before every major compliance deadline, not just after installation. A 2-minute test sign is worth far more than a 2-hour troubleshoot at 11pm on a filing deadline.
Is there a difference between the DSC process for a company director and a designated partner of an LLP?

The DSC itself — a Class 3 individual DSC — is identical in terms of certificate class and issuance process. The portal-mapping difference is: for company directors, the DSC is mapped to a DIN (Director Identification Number) on MCA21; for LLP designated partners, the DSC is mapped to a DPIN (Designated Partner Identification Number), which is the LLP equivalent of a DIN and is obtained through the same MCA process. Both DIN and DPIN map to the same MCA21 credential system. The LLP annual forms — Form 8 (statement of accounts), Form 11 (annual return) — must be signed by the designated partners' DSCs. An LLP must have at least two designated partners, both of whom need valid DSCs for all annual filings.

Practitioner noteLLP designated partners sometimes ask whether they need a DIN or a DPIN. For LLPs, the designation is DPIN — but in practice, if the designated partner already holds a DIN from a company directorship, that DIN is used in the LLP as well; a separate DPIN is not required. We verify this at LLP onboarding.
What is DIR-3 KYC, and does it affect the DSC?

DIR-3 KYC is an annual MCA compliance requirement for every individual holding a Director Identification Number (DIN). It must be filed by 30 September each year for the previous financial year. The form requires the DIN holder to verify their identity and contact details with MCA — typically via OTP on their registered mobile and email. If DIR-3 KYC is not filed by the deadline, the DIN is marked 'deactivated' by MCA. A deactivated DIN means the director cannot sign any MCA form using their DSC — even a valid, unexpired Class 3 DSC cannot rescue a deactivated DIN. PNPC tracks DIR-3 KYC for all client-directors on the compliance calendar and files it before the September deadline.

Practitioner noteThe DSC and the DIN are two different things. A valid DSC mapped to a deactivated DIN will be rejected by MCA21. We see this combination — valid DSC, deactivated DIN — every year after September 30 in cases where DIR-3 KYC was missed. The resolution requires DIN reactivation via DIR-3 KYC filing with a penalty, before the DSC can be used again.
Can a DSC be used by a foreign director — a non-Indian national — for MCA filings?

Yes. Foreign nationals (non-Indian citizens) can obtain a Class 3 DSC in India for use in MCA filings as company directors. The identity verification process for foreign nationals typically uses the foreign passport as the primary identity document (since they will not have an Aadhaar). The Certifying Authority conducts video verification using the passport for identity confirmation. The applicant must have a DIN, which requires submitting an apostilled or notarised copy of their passport and address proof to MCA as part of the DIN application. The DSC is then issued using the same passport identity. PNPC coordinates the DIN and DSC processes simultaneously for foreign national directors, accounting for the additional document notarisation and apostille requirements.

Practitioner noteFor a company with a foreign co-founder who will be a director, the DIN + DSC process for the foreign national must start at the very beginning of the incorporation engagement. Apostille of foreign documents adds 1–2 weeks to the timeline in most jurisdictions. Missing this planning step is a common cause of incorporation delays in cross-border ventures.
What happens to my DSC if the company I'm a director of gets struck off or dissolved?

The DSC is a personal credential tied to the individual, not to the company. If a company is struck off or dissolved, the director's DSC remains fully valid until its expiry date and can continue to be used for any other company or LLP where the person is a director, for their individual Income Tax filings, or for any other purpose for which the DSC was registered. The DIN of a director of a struck-off company is not automatically deactivated — DIN deactivation for this reason typically occurs only in cases of Section 164(2) disqualification following a company's failure to file returns for three consecutive years. PNPC advises clients on the distinction between company dissolution and personal DIN/DSC status.

Practitioner noteDirectors of struck-off companies often assume their DIN and DSC are invalidated along with the company. This is not the case — the DIN and DSC are personal and continue independently. What must be checked: whether the struck-off company's non-filing triggered a Section 164(2) disqualification, which would bar the director from being appointed to any other company. That is a DIN status issue, separate from the DSC.
How does DSC renewal work — does the same token work after renewal?

Renewal follows the same process as initial issuance: a fresh application to the Certifying Authority, Aadhaar eKYC, and video verification. A renewed DSC has a new certificate serial number — even if the name and other details are identical — because it is a new certificate, not an extension of the old one. Whether the same physical token is reused depends on the CA and the token model: many CAs can overwrite the old certificate on the same token with the renewed one if the token is submitted or connected for remote reconfiguration. If the token is retained with the renewed certificate, the PIN setup process repeats. After renewal and token delivery (or token reconfiguration), all portals where the DSC was registered must be updated with the new certificate — MCA21 DIN mapping, GST portal, DGFT portal, TRACES — because these systems identify the DSC by its serial number, which has changed.

Practitioner noteThe post-renewal portal re-mapping step is the most commonly missed element of the renewal process. A client who independently renews a DSC through the CA without PNPC's involvement often discovers the next day that MCA21 is rejecting the 'new' DSC with a 'DSC not registered' error — because the portal still has the old serial number mapped. Post-renewal re-mapping is as important as the renewal itself.
Does PNPC obtain DSCs for clients in the UAE, and how does the DSC apply to Indian filings from the UAE?

Yes. PNPC's Dubai office assists Indian companies with directors based in the UAE, and UAE-incorporated entities that also have Indian subsidiary directors requiring DSCs for Indian MCA filings. The DSC issuance process is the same — Indian Certifying Authority (eMudhra or Capricorn), Aadhaar eKYC or passport-based verification by video call, and international courier delivery to the UAE address. Indian MCA and Income Tax portal filings by a director physically in the UAE use the same Class 3 Indian DSC — there is no UAE equivalent for Indian regulatory portals. PNPC coordinates the international video verification scheduling and courier logistics as part of cross-border engagements.

Practitioner noteFor a dual India-UAE engagement (Indian subsidiary + UAE parent or vice versa), the Indian entity's directors — regardless of where they are physically located — need Indian Class 3 DSCs for all Indian regulatory filings. We handle the UAE-to-India international coordination as standard practice across our Dubai-Chennai engagement model.
What is the penalty for not having a DSC when an MCA filing deadline is missed?

The penalty is not for not having a DSC per se — it is for the missed filing itself. Under the Companies Act 2013, late filing of AOC-4 (financial statements) or MGT-7 (annual return) attracts additional fees of ₹100 per day per form from the day after the due date, with no statutory maximum cap. A filing delayed by 30 days due to an expired DSC would attract ₹3,000 in additional MCA fees per form — for two forms (AOC-4 + MGT-7), that is ₹6,000 for 30 days of delay. Directors can also be personally prosecuted for filing defaults under Section 137 and Section 92 of the Companies Act. The Ministry of Corporate Affairs also has a 'Active Company Tagging Identities and Verification' (ACTIVE) scheme under which companies with persistent filing defaults are marked inactive, restricting certain transactions.

Practitioner noteIn practice, most MCA late filing situations we see involving DSC issues are resolved within 5–10 days of the missed deadline — resulting in ₹500–₹1,000 of additional MCA fees per form. That is a modest absolute cost, but it is entirely preventable. More concerning is the compounding effect: a company that misses one filing because of a DSC issue is often also behind on other compliance — the DSC issue is a symptom of a broader tracking gap.
Can I use my DSC on multiple computers — or is it locked to one machine?

A Class 3 DSC on a USB token is not locked to any specific computer. The token can be plugged into any computer that has the appropriate USB driver and signing software installed. The PIN protection ensures that only the authorised user can sign documents even if the token is plugged into someone else's machine. For directors who work on multiple computers (office desktop, home laptop, travel laptop), the DSC can be used on each — provided the driver software is installed on each machine. Cloud-based signing software from some CAs also allows token-based signing via a browser without a full desktop application installation, though compatibility varies by portal.

Practitioner noteThe main practical consideration for multi-machine usage is that each machine needs the driver installed and the signing application configured. We provide setup instructions for each computer separately when needed. Clients who travel frequently should verify their DSC works on their laptop (not just their office desktop) well before any deadline that requires mobile signing.
Is the DSC required for the TRACES portal (TDS reconciliation)?

TRACES (TDS Reconciliation Analysis and Correction Enabling System) allows DSC-based authentication for certain functions — particularly for correction statements, lower deduction certificate requests under Section 197, and authorised representive access. For standard TDS return filing via TAN, the deductor's TAN credentials and DSC or net banking-based authentication are accepted. DSC registration on TRACES maps the DSC to the TAN holder's TRACES profile. Companies that already have a Class 3 DSC for MCA and Income Tax purposes can register the same DSC on TRACES for consistent authentication across all tax portals.

Practitioner noteTRACES DSC registration is sometimes overlooked because TDS return filing is often done via intermediary software (Clear TDS, Saral TDS, etc.) that has its own credential management. When a company needs to access TRACES directly — for correction statements or section 197 applications — and the DSC is not registered, there is a setup delay. We include TRACES DSC registration in the standard portal setup checklist.
What is the process for revoking a DSC that is no longer needed or has been compromised?

Revocation is requested directly from the issuing Certifying Authority — by submitting a revocation request form along with identity verification. Upon revocation, the CA updates the Certificate Revocation List (CRL) and the OCSP (Online Certificate Status Protocol) database, which all government portals check in real-time when a DSC is used for signing. A revoked DSC is immediately and permanently invalidated — it cannot be used for any signing and its status is publicly verifiable. Revocation is permanent; it cannot be undone. Reasons for revocation include: suspected compromise, token loss or theft, cessation of authority (former director or former employee), or voluntary revocation when a replacement is obtained.

Practitioner notePrompt revocation of a lost or compromised token is critical. Every day between loss and revocation is a day during which someone with the physical token could potentially sign documents if they also know the PIN. We advise clients to treat a lost DSC token with the same urgency as a lost bank card — immediate revocation, same day if possible.
Does a DSC need to be re-registered on MCA21 V3 if it was already registered on the old MCA21 (V2) portal?

MCA transitioned from MCA21 Version 2 to Version 3 in a phased rollout. For most users, DSC registrations and DIN mappings were migrated to the V3 system. However, where migration did not carry over the DSC mapping correctly — which some users experienced — re-registration of the DSC on V3 is required. The re-registration process is similar to the original mapping: the user logs into MCA21 V3 with their DIN credentials and registers the DSC token through the portal's DSC management section. PNPC verifies that existing client DSC mappings are active and functional on MCA21 V3 and assists with re-registration where needed.

Practitioner noteMCA21 V3 migration issues were a real operational disruption for some clients and their CAs in 2022–2023. Most were resolved through re-registration, but clients who had not filed any forms in the intervening period sometimes discovered the mapping issue only when they needed to file urgently. We do a periodic portal access check for dormant clients to catch this early.
Can a DSC be used to sign both Hindi and English documents for regulatory filings?

The DSC operates at the file level — it signs the document file (PDF, XML, or the specific format required by the portal) regardless of the language of the content. A DSC can sign a document in any language. For government portal forms, the form itself is in English with specified fields, and the DSC signs the completed form file. There is no language-specific constraint on the DSC.

Practitioner noteThis question sometimes comes up in the context of state-level professional tax filings or state government portal submissions that may have regional language interfaces. The DSC signing mechanism is language-agnostic — the portal language does not affect DSC functionality.
Does obtaining a DSC require me to be physically present at any office or government counter?

No. The entire Class 3 DSC process is conducted online and remotely. The identity verification is done via video call; the documents are submitted electronically; the token is delivered by courier. There is no requirement to visit the Certifying Authority's office, a government counter, or any physical location. This is by design — the digital infrastructure is intended to support fully remote and online processes. The only physical element is the USB crypto token that is delivered by courier.

Practitioner noteThe fully remote nature of the process means there is no excuse to delay a DSC on logistical grounds. A director in New Delhi, Dubai, or New York can complete the process without travel. The only scheduling dependency is the video call with the CA — typically available on short notice during business hours.
How long does a DSC take from application to the point where I can sign my first MCA form?

End-to-end timeline for a Class 3 DSC in India, assuming all documents are in order and the applicant is available for video verification: Video verification — Day 1 or Day 2 from application. Token dispatch by CA — Day 2 or Day 3 from successful verification. Token delivery within same city or nearby — Day 4–6. Token delivery to a distant city or internationally — Day 7–15. MCA21 portal mapping after token receipt — Day 7 or Day 8 at the latest with PNPC handling. Test signature on MCA21 — Day 8. Total: 7–10 working days for domestic applicants; 15–20 working days for international. For urgent cases, PNPC requests expedited processing from the CA where available — but delivery logistics remain the limiting factor.

Practitioner noteThe biggest variable is not the CA's processing time — it is the applicant's availability for video verification and the courier timeline to the delivery address. In metropolitan areas (Chennai, Bangalore, Mumbai, Delhi), the whole process often completes in 5–7 working days when the applicant is responsive. In tier-2 cities or international addresses, plan for 12–15 working days.
What is the DGFT portal-specific DSC process for a partnership firm or proprietorship?

For a partnership firm, the DSC for DGFT submissions is typically obtained in the name of the managing or authorised partner with the firm's IEC. The DSC registration on the DGFT portal links the partner's individual Class 3 DSC to the firm's IEC profile. For a proprietorship, the proprietor's own Class 3 DSC is used, linked to their IEC. The individual DSC + IEC combination is the same approach regardless of entity type. The DGFT portal requires the IEC holder to designate an authorised signatory in the IEC profile, and that signatory's DSC must be registered against the IEC. PNPC handles the DGFT portal configuration for firms and proprietors as part of every IEC and DGFT application engagement.

Practitioner noteProprietors and partnership firms often assume they need a separate DGFT-specific DSC. They do not — a standard individual Class 3 DSC is all that is needed. The DGFT portal setup is the distinguishing step, not the DSC type.
What is the process for obtaining a DSC for an authorised signatory who is an employee — not a director?

A company may designate a non-director employee as an authorised signatory for specific portal filings — for instance, a CFO for GST portal submissions or a company secretary for certain MCA forms. In this case, an individual Class 3 DSC is obtained for that employee, with an organisation-type certificate that includes the company name. The supporting documentation includes a Board Resolution naming the employee as the authorised signatory for the specific purpose, and the employee's individual identity documents (Aadhaar, PAN). The DSC is then mapped to the specific portal under the company's credentials with the employee as the designated signatory. If the employee later leaves the company, their DSC should be revoked from portal access and a new signatory DSC obtained.

Practitioner noteNon-director authorised signatory DSCs are common for large companies where the CFO or company secretary handles regulatory filings rather than the managing director. The practical management consideration: when that employee leaves, the DSC must be promptly removed from all portal mappings and a replacement arranged. Employee DSC lifecycle is often less tracked than director DSC lifecycle in mid-size companies.
How does PNPC handle DSC-related emergencies — expired token discovered on a filing deadline?

When a client contacts PNPC with an expired or non-functional DSC on a filing deadline, the immediate steps are: (1) Identify the root cause — expiry, PIN lock, token damage, or portal mapping issue. Not all 'DSC errors' at filing time are actually expiry — some are browser/driver/mapping issues that can be resolved in minutes. (2) If actual expiry or irreversible hardware issue: initiate emergency renewal with the CA, requesting expedited processing. (3) Assess whether the filing can be signed by another director whose DSC is valid — as a stopgap to meet the deadline while the primary signatory's DSC is being renewed. (4) If deadline cannot be met: calculate the late fee exposure and advise the client. (5) File as soon as the new DSC is available and portal-mapped.

Practitioner noteStep 3 — using a co-director's valid DSC as a stopgap — is a legitimate solution for MCA annual forms where multiple directors are eligible to sign. This buys time for the primary DSC renewal without incurring penalty. This option exists only when the company has more than one director. Single-director companies (OPC) have no alternative — which is why proactive expiry management is doubly important for single-director structures.
Does PNPC track DSC expiry dates as part of ongoing compliance management?

Yes — this is a core element of PNPC's compliance management service. For every client for whom PNPC has obtained or manages a DSC, the expiry date is entered into the compliance calendar. PNPC initiates the renewal process 30 days before expiry and coordinates with the client to schedule video verification at a convenient time within that window. The 30-day advance window is specifically chosen to ensure that even if there is a scheduling delay for the video call, or a courier delay to an unusual address, the renewal is complete and the new token is portal-mapped well before the old certificate expires. Clients who manage their own DSCs independently can request that PNPC track these expiries as part of an annual compliance retainer.

Practitioner noteThe compliance calendar entry for DSC expiry is created at the time of DSC issuance — not retrospectively. This means the tracking begins on Day 1, not triggered by a reminder 30 days before expiry. For a client with 4–5 directors each with a DSC on different expiry schedules, centralised tracking by PNPC ensures no expiry window is missed regardless of which director's DSC is due.
Is there any difference in the DSC requirement for Section 8 (not-for-profit) companies versus regular private limited companies?

No material difference. Section 8 companies (licensed under Section 8 of the Companies Act 2013 for charitable, social, or not-for-profit purposes) are companies registered with MCA and are subject to the same MCA filing requirements as other companies, including the DSC requirement for director signatures on all MCA forms. The directors of a Section 8 company need individual Class 3 DSCs for SPICe+ (with the Section 8 licence application filed alongside), and for all subsequent annual filings (AOC-4, MGT-7) and event-based forms. The only contextual difference: Section 8 companies are frequently managed by trustees or social sector professionals rather than commercial businesspersons, who may be less familiar with the DSC process — PNPC provides additional guidance in these cases.

Practitioner noteSection 8 company incorporations where the directors are senior social sector figures (retired IAS officers, academics, NGO leaders) require additional patience in the DSC process — these applicants are often less comfortable with the video verification technology and may need more step-by-step guidance. We build this into the timeline for Section 8 engagements.
Can PNPC obtain a DSC on my behalf, or does the process require my personal involvement?

PNPC cannot obtain a DSC on your behalf in the sense of substituting for your personal identity — the Certifying Authority's video verification process is specifically designed to confirm that the named individual, personally, is applying. No one else can undergo verification in your place. What PNPC handles on your behalf: the entire application initiation, document preparation and submission, CA coordination, video call scheduling, token delivery tracking, driver installation guidance, portal mapping, and first-use testing. Your personal involvement is limited to: being present and available for the 5–10 minute video verification call, and setting your own PIN on token receipt. Everything else is managed by PNPC.

Practitioner noteSome clients assume that because they are engaging PNPC as their CA, PNPC will handle the DSC entirely without any involvement from them. This is the one step that is non-delegable: the video verification must involve the actual applicant. We ensure clients understand this upfront and schedule the video call at a convenient time — it is a minimal commitment that typically takes under 15 minutes of the client's time.
Why PNPC Global
Feature / Risk PointDirect CA Application / Online PortalPNPC Global — Practising CA Firm
Aadhaar mobile OTP readiness checkNot performed — discovered as failure during video verification callChecked before any application is initiated; NRI SIM issues identified and resolved in advance
DSC type and portal-scope determinationClient selects type without CA guidance — mismatches common (wrong class, missing ICAI number for CAs, missing org name for DGFT)Advisory call before application determines correct DSC type, embedded identity fields, and all portals requiring mapping
Multi-director parallel processingDirectors typically apply independently, often sequentiallyAll director DSCs initiated simultaneously on Day 1 of incorporation — no serialisation delay
NRI director coordinationClient navigates the alternative verification process independently — typically delayed or incorrectPNPC coordinates the NRI-specific passport verification process with the CA; international video call scheduled at suitable hours
Cross-portal mapping after token deliveryClient's responsibility — mapping is not part of CA issuance service; portals have separate processesMCA21 DIN mapping, GST portal registration, DGFT IEC mapping, TRACES TAN mapping — all completed by PNPC before first filing
Token driver and signing application setupClient installs from CA website; troubleshoots independentlyPNPC guides driver installation, resolves browser-plugin issues, and verifies full signing chain before first live filing
DSC expiry trackingNo systematic tracking — expiry discovered at filing rejectionExpiry entered into compliance calendar at issuance; renewal initiated 30 days in advance without client needing to track
Post-renewal portal re-mappingCommonly missed — new certificate serial number not updated on portals; filing rejected with 'DSC not registered'Post-renewal MCA21 and all portal re-mappings performed as standard part of renewal engagement
Token loss or PIN lock responseClient contacts CA directly, navigates revocation and reissuance independentlyPNPC manages immediate revocation request to CA, tracks reissuance, coordinates replacement token delivery and portal re-mapping
Integration with MCA, GST, DGFT, IT complianceDSC treated as an isolated registration taskDSC is integral to every compliance engagement — any filing that requires a DSC signature is tracked and the DSC is confirmed valid before submission
Emergency DSC failure at filing deadlineClient troubleshoots independently under pressurePNPC diagnoses root cause, activates expedited renewal, assesses co-director signing options, and manages the CA interaction to minimise delay
Guidance on PIN management and securityStandard CA instruction bookletBriefing on secure PIN storage, lockout recovery, and the consequences of token compromise — tailored to the client's filing frequency and risk profile

What the PNPC package includes

  1. 01

    Pre-application advisory: DSC type selection, portal scope, and Aadhaar readiness check

  2. 02

    Certifying Authority application initiation — eMudhra or Capricorn as appropriate to client needs

  3. 03

    All document preparation review — PAN/Aadhaar name match, organisation proof, Board Resolution drafting

  4. 04

    Video verification scheduling and coordination — including NRI and international applicants by video call

  5. 05

    Crypto token delivery tracking and first-use PIN setup guidance

  6. 06

    MCA21 DIN-to-DSC mapping and portal registration

  7. 07

    GST portal, DGFT (IEC-linked), and TRACES (TAN-linked) DSC registration where applicable

  8. 08

    Driver installation and signing application setup — verified before first live filing

  9. 09

    Test signature on primary portal before first regulatory deadline

  10. 10

    Expiry tracking on compliance calendar — renewal initiated 30 days before expiry

  11. 11

    Post-renewal portal re-mapping — all portals updated with new certificate serial number

  12. 12

    Revocation and reissuance support for lost, damaged, or compromised tokens

  13. 13

    Emergency response for DSC failures at filing deadlines — root cause diagnosis and CA escalation

Speak directly with a PNPC Chartered Accountant — your DSC is the signature infrastructure behind every filing your business will make in India; getting it right from Day 1, and keeping it renewed and portal-mapped without gaps, means your compliance deadlines are never held up by a missing, expired, or mis-configured token.

← Back to Registrations & Licences
Talk to a CA