PKI Framework

Steps for becoming a CA

  • Obtaining a license to operate as a Certifying Authority under the IT Act 2000.

For operating as a licensed Certifying Authority under the IT Act, 2000 an application has to be made to the Controller of Certifying Authorities as stipulated under Section 21 of the IT Act. The application form for grant of license prescribed under Rule 10 of the IT Act has to be submitted to the Controller of Certifying Authorities. Before submitting the application however, the applicant is expected to have the entire infrastructure - technical, physical, procedural and manpower - in place. On receipt of the application and after examination of the same along with the supporting documents, CCA will depute an empanelled auditor based on whose audit report a decision will be taken on whether a license can be granted to the applicant to operate as a Certifying Authority under the IT Act 2000.


In case non-compliances to the requirements of the IT Act, its Rules & Regulations are observed during the audit, the applicant will be required to take corrective action and be subject to audit once again for further examination for grant of licence.


Supporting Documents

In addition to the documents listed in Rule 10, the following documents, among others, are required to be furnished, along with the application form.

  • Company Profile/Experience of Individuals
  • For an individual, proof of capital of Rs. 5 crores or more in his business or profession
  • For a company/firm,
    • proof of paid-up capital not less than Rs. 5 crores
    • proof of net worth not less than Rs. 50 crores
  • Proof of Equity (Proof that equity share capital held in aggregate by NRIs, FIIs or foreign companies does not exceed 49% of its capital)
  • An undertaking to submit Performance Bond or Banker's Guarantee valid for six years from a scheduled bank for an amount not less than Rs. 50 Lakhs in accordance with Rule 10(ii)(h) of the IT Act.
  • Crossed cheque or bank draft for Rs. 25,000/- (for fresh application) or Rs.5,000/- (for renewal) in favour of the Pay & Accounts Officer, MeitY, New Delhi. Both fees are non-refundable.
  • The above fee may also be transferred through NEFT/RTGS to the following account:

    Receipt Account Number: 604820110000002
    IFSC Code: BKID0006048
    Bank Address: Bank of India, CGO Complex Branch, 6, Electronic Niketan, New Delhi-110003.

  • Certified true copies of the company's incorporation, articles of association etc.
  • Original business profile report with certification from Registrar of Companies.
  • Audited accounts for the past 3 years (if applicable).
  • The CA's Certification Practice Statement (CPS) as laid down in Annexure I to these Guidelines.
  • Technical specifications of the CA system and CA security policies, standards and infrastructure available/proposed and locations of facilities.
  • Information Technology and Security Policy proposed to be followed by the CA in its operations under Rule 19.
  • Statement addressing the manner in which the CA shall comply with the requirements stipulated in the IT Act, Rules and Regulations.
  • Organisational chart and details of all trusted personnel.
  • Date by which the applicant will be ready for audit to start. The application shall be deemed to have been received on this date for processing purposes.
  • Date by which commencement of CA operations is proposed. Operations can only commence after due compliance with Rule 20.
  • An undertaking by the applicant that they will make payment to the Auditor appointed by the CCA at the rate to be prescribed by the CCA.

The Controller reserves the right to call for any other information that may be required to process the application.