HomeServicesRegistrations & LicencesDigital Signature Certificate (DSC) – including DGFT DSC

Registrations & Licences · Core Business Registrations

Digital Signature Certificate (DSC) – including DGFT DSC

A Digital Signature Certificate is the legal equivalent of your wet ink signature for every government filing in India — MCA company filings, GST portal submissions, Income Tax returns for companies and audit cases, DGFT export applications, and e-tender submissions.

Speak with a specialist →Chat on WhatsApp

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

A Digital Signature Certificate is the legal equivalent of your wet ink signature for every government filing in India — MCA company filings, GST portal submissions, Income Tax returns for companies and audit cases, DGFT export applications, and e-tender submissions. Without a valid Class 3 DSC, a company cannot file its annual returns, a director cannot be appointed, a contract cannot be submitted on the government procurement portal, and a CA cannot certify an audit. At PNPC Global, we obtain and renew DSCs for directors, partners, authorised signatories, and practising CAs as part of every incorporation and compliance engagement — because the DSC is not a standalone requirement, it is the signature infrastructure that makes every other compliance filing legally valid.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Digital Signature Certificate (DSC) – including DGFT DSC is

A Digital Signature Certificate (DSC) is an electronic document issued by a government-licensed Certifying Authority (CA) under the Information Technology Act 2000 and the IT (Certifying Authorities) Rules 2000. It contains the holder's identity information, their public key, and the digital signature of the issuing Certifying Authority — creating a cryptographically verifiable proof that a specific, authenticated individual signed a specific document at a specific time. DSCs in India are classified by use class. Class 3 is the current active class for all legal, regulatory, and government portal submissions — it involves the highest level of identity verification and is the only class accepted by MCA21, the GST portal, the Income Tax e-filing portal, DGFT, and the Government e-Marketplace (GeM). The DSC is physically stored on a USB crypto token (dongle) issued by the Certifying Authority — the private key never leaves the device. When you sign a filing, the token generates the signature locally using your PIN-protected private key.

When a Class 3 DSC is required

Company incorporation — SPICe+ filing on MCA21 requires DSC of all proposed directors; a Class 3 DSC is mandatory

All MCA annual filings — AOC-4 (financial statements), MGT-7 (annual return), ADT-1 (auditor appointment) — signed by director DSC

LLP incorporation and annual filings — FiLLiP, Form 3, Form 8, Form 11 — signed by designated partner DSC

GST filings where DSC authentication is required — used by companies (non-individuals) who opt for DSC-based portal authentication

Income Tax returns and audit reports — ITR-6 (companies), audit reports under Sections 44AB, 92E — signed by director and tax auditor DSC

DGFT applications — Advance Authorisation, EPCG, IEC amendments for company entities

e-Tender submissions on CPPP, GeM, and state government procurement portals — DSC-signed bids

Practising Chartered Accountants — required for certifying audit reports, financial statements, and compliance certificates submitted to government portals

All MCA director-level forms — DIR-3 KYC, DIN allotment, DIR-12 for director changes, SH-7 for capital changes

When a Class 3 DSC may not be necessary

Udyam MSME registration — uses Aadhaar OTP authentication only; a DSC is neither required nor accepted in the Udyam process

Individual Income Tax return filing (ITR-1, ITR-2, ITR-4 for individuals) where e-verification via Aadhaar OTP, net banking, or bank account is sufficient — DSC is one option but not mandatory

GST registration for individuals and proprietors using Aadhaar OTP authentication — DSC is an alternative, not a requirement

Proprietorship or individual filings where OTP-based e-verification is available and sufficient for the specific portal

Structure Comparison
FeatureClass 3 DSC (Individual)Class 3 DSC (Organisation)Document Signer (Bulk)eSign (Aadhaar-Based)
Who holds itNamed individualNamed individual acting on behalf of organisationOrganisation-level system accountAny Aadhaar-linked individual
Identity verificationAadhaar eKYC + video verificationAadhaar eKYC + video + organisation proofAs prescribed by CA for bulk systemsAadhaar OTP (real-time)
Physical tokenUSB crypto token issued by CAUSB crypto token issued by CAHSM/server-sideNo token — online signature
MCA filing acceptanceYesYesNo — not for individual director filingsNo — not accepted by MCA21
DGFT filingYesYesNot applicableNo
Validity1, 2, or 3 years1, 2, or 3 yearsPer CA agreementPer transaction only — no reuse
Cost range (approximate)₹1,200–₹2,500 depending on validity₹1,500–₹3,000 depending on validityHigher — volume pricingPer-use nominal fee via NSDL/CDSL
Use caseAll regulatory filings — MCA, GST, IT, DGFTSame as individual + organisation identityMass document signing workflowsOne-time agreements, bank KYC

All fees are approximate and vary by Certifying Authority (eMudhra, Capricorn, etc.) and validity period chosen. PNPC obtains DSCs through licensed CAs and passes the cost through without markup. eSign via Aadhaar is not a substitute for a Class 3 DSC on MCA, DGFT, or Income Tax portals.

How it works
#Stage & What PNPC DoesWhat First-Time Applicants Often MissTimeline
1Identity and Aadhaar readiness checkThe DSC Aadhaar eKYC process requires an Aadhaar linked to a mobile number that is active and accessible at the time of video verification. An Aadhaar linked to an old, inactive SIM — common among NRI applicants — will fail OTP delivery and halt the process. PNPC checks Aadhaar mobile linkage status before scheduling the video call.Day 1
2Certifying Authority selection and application initiationPNPC works with licensed Certifying Authorities — primarily eMudhra and Capricorn — who are authorised by the Controller of Certifying Authorities (CCA) under the IT Act. The applicant's name, Aadhaar number, PAN, and email are submitted to the CA's portal to initiate the application. The Certifying Authority's name is embedded in the DSC and visible on every signed document.Day 1
3Aadhaar eKYC and video verificationThe applicant completes a brief video verification with the Certifying Authority's representative — typically 5–10 minutes, done on a smartphone. The purpose: confirm that the physical person matches the Aadhaar identity and the application. The video is retained by the CA as per CCA guidelines. For NRI applicants or applicants outside India, this is done remotely by video call. PNPC schedules and coordinates this step.Day 1–2 — verification completed same or next day
4USB crypto token configuration and deliveryAfter verification, the Certifying Authority configures the DSC onto a crypto USB token (e-Pass token or similar). The token is physically delivered to the applicant — courier to the address on record. The token includes a PIN set by the applicant during first use. PNPC provides guidance on setting the PIN and testing the DSC on the relevant portal before the first filing.Day 3–5 — token delivered by courier
5Portal registration and first-use testingDifferent portals require DSC registration: on MCA21, the DSC is mapped to the DIN; on TRACES, mapped to the TAN; on the GST portal, to the GSTIN. PNPC assists with portal-specific DSC mapping after token delivery, and tests a dummy signature before the actual first filing to confirm the token and PIN are working correctly.Day 5–7 — prior to first filing
6Renewal tracking (before expiry)A DSC expires at the end of its validity period — 1, 2, or 3 years. An expired DSC cannot sign any filing. The renewal process mirrors the original application and takes 3–5 days. PNPC tracks DSC expiry dates for all clients on the compliance calendar and initiates renewal 30 days before expiry — not the day after an MCA filing is rejected due to expired DSC.Ongoing — renewal initiated 30 days before expiry

A new DSC takes 3–7 working days from initiation to delivered crypto token in most Indian cities. For time-sensitive filings, initiate at least two weeks before the deadline. Renewal should be initiated 30 days before expiry.

Document Checklist
For Individual Class 3 DSC (Directors, Partners, Professionals)

Aadhaar Card — linked to an active mobile number for OTP; the name on Aadhaar must match the PAN exactly

PAN Card — for identity cross-verification; name must match Aadhaar exactly

Passport-sized photograph — recent, white background

Personal email address — for DSC-related communications from the Certifying Authority

Mobile number linked to Aadhaar — for OTP during video verification

For NRI applicants: valid Indian passport (used for identity verification in place of Aadhaar for the non-resident video verification process) — specific Certifying Authority procedures apply

For Organisation Class 3 DSC (Authorised Signatory on Behalf of Company/LLP)

All documents listed above for the individual applicant (the authorised signatory)

Organisation PAN — to link the DSC to the entity for which the signatory is authorised

Certificate of Incorporation of the company/LLP

Board Resolution or Partner Authorisation authorising the specific individual to obtain the DSC on behalf of the organisation

Organisation's address proof — utility bill or bank statement in the entity's name

For Practising Chartered Accountants

ICAI Membership Certificate — the CA registration number is embedded in practitioner DSCs used for MCA and audit-related signings

Aadhaar and PAN as for individual DSC

CoP (Certificate of Practice) if the DSC is specifically for audit certifications under the Income Tax Act

Organisation authorisation if signing on behalf of a firm

Ongoing obligations
PhaseTriggerPNPC CA ActionRisk If Ignored
First issuanceCompany incorporation, LLP filing, first MCA/GST/IT submissionAadhaar readiness check, CA selection, application initiation, video verification coordination, token delivery, portal mapping.Filing cannot proceed. Incorporation delayed. Compliance deadline missed.
First portal mappingToken deliveredDSC mapped to DIN on MCA21, GSTIN on GST portal, TAN on TRACES as applicable. Test signature performed before first live filing.Portal rejects DSC at filing time — typically discovered at deadline pressure.
Expiry renewal30 days before expiryPNPC initiates renewal — same process as initial issuance. Token reconfigured or replaced.Expired DSC discovered at filing time. MCA/GST/DGFT form submission fails. Emergency renewal under time pressure.
Director/Partner changeNew director or partner appointedNew DSC obtained for incoming director/partner. New DSC mapped to their DIN/DPIN on relevant portals.Company/LLP forms requiring new director signature cannot be filed.
Token loss or damageCrypto token lost, broken, or PIN lockedReport to Certifying Authority. Revoke compromised DSC. Reissue process initiated with fresh application.Locked or compromised DSC creates filing suspension until reissued. PIN lock after too many attempts is common — PNPC advises on PIN management.
Revocation (security compromise)Suspected unauthorised use or token theftImmediate revocation request to issuing Certifying Authority. Replacement DSC initiated.An unrevoked compromised DSC could be used to sign documents or filings fraudulently — potential legal liability.
Practitioner retirement / resignationCA or director ceases to actDSC revoked. Company filing signatory updated via MCA. New authorised signatory DSC obtained.Outstanding filings signed by a no-longer-authorised individual may attract MCA query or rejection.
Frequently asked
What is a Class 3 DSC — and is there any other class I should know about?

Class 3 is the current active and mandatory class for all government portal submissions in India — MCA, GST, Income Tax, DGFT, and e-procurement. Earlier classes (Class 1 and Class 2) were used for lower-assurance purposes but have been discontinued for most regulatory filings. The Controller of Certifying Authorities (CCA) mandated Class 3 DSCs for all company and LLP MCA filings from 1 January 2021. If you have an older Class 2 DSC that has expired, it will need to be replaced with a Class 3 — not renewed in the old class.

Practitioner noteWe regularly encounter clients who present Class 2 DSCs obtained years ago and wonder why MCA is rejecting them. The MCA portal specifically validates the class, and Class 2 is no longer accepted. Renewal automatically gives you Class 3.
Does every director of a company need a separate DSC?

For company filings, every director who needs to sign a form must have their own individual DSC. MCA21 forms are signed by specific directors — not by a generic company DSC. Typically, for annual filing purposes (AOC-4, MGT-7, ITR-6), the signing director plus the statutory auditor must each have a valid, unexpired Class 3 DSC. During incorporation, all proposed directors must complete DSC video verification. One director cannot use another director's DSC.

Practitioner noteWe coordinate DSC video verification for all directors in parallel at incorporation — including those based outside India. Waiting for one director's DSC to arrive before starting another's wastes 3–5 days. We run the process simultaneously.
Can an NRI director get a DSC without coming to India?

Yes. The Aadhaar eKYC and video verification process is done remotely by video call with the Certifying Authority. For NRI directors who do not have an Aadhaar or whose Aadhaar is not linked to an accessible Indian mobile number, Certifying Authorities have an alternative process using Indian passport and notarised documents — the specific requirements vary by CA. The crypto token is then couriered to the applicant's address, including internationally. PNPC coordinates this process for all NRI directors.

Practitioner noteFor NRI directors, the most common delay is the Aadhaar mobile OTP failure — the Aadhaar is linked to an old Indian SIM that is inactive or out of reach abroad. Identify this before scheduling the video call; arranging a new Aadhaar mobile linkage takes time.
What happens if a DSC expires mid-filing or just before an MCA deadline?

An expired DSC is immediately non-functional — the MCA21 system will reject it with an error. If discovered at an MCA deadline, you are looking at a late filing penalty (₹100/day, no cap) while the renewal is processed. Renewal takes 3–5 working days from initiation to token delivery. PNPC tracks DSC expiry dates for all clients and initiates renewal 30 days before expiry — ensuring there is always a valid DSC available for every deadline.

Practitioner noteAn expired DSC discovered on the day AOC-4 is due is one of the most stressful — and entirely preventable — compliance emergencies we see. The fix is a simple calendar entry: 30 days before expiry, start renewal.
Can the same DSC be used for both MCA filings and GST portal submissions?

Yes. A single Class 3 DSC can be registered on multiple government portals — MCA21, GST portal, Income Tax e-filing, DGFT, and e-procurement portals — and used for signing on each. The DSC is not portal-specific. However, each portal has its own DSC registration process — the DSC must be mapped to your DIN on MCA21, your GSTIN on the GST portal, and so on. PNPC handles this cross-portal mapping after token delivery.

Practitioner noteUsing one DSC across all your filings is both more efficient and more manageable. Renewing one DSC covers all portals simultaneously. Multiple DSCs for the same person on different portals create unnecessary renewal complexity.
Is a DSC the same as an Aadhaar eSign or OTP verification?

No — these are distinct mechanisms. A DSC is a hardware-backed, privately held cryptographic certificate stored on a USB token. It creates a legally valid digital signature that binds your verified identity to a specific document. Aadhaar eSign is an online signing service that uses Aadhaar OTP for one-time transaction authentication. OTP-based portal verification confirms your identity for a session. Only the DSC creates a legally valid signature under the IT Act for company filings on MCA21 — Aadhaar OTP is not accepted by MCA21 for most director-signed forms.

Practitioner noteThe confusion between DSC and Aadhaar OTP arises because some portals (like Udyam) accept OTP only, while others (like MCA21 for company filings) require a DSC. These are not interchangeable tools. MCA21 requires the hardware-backed DSC.
What is the difference between a DSC for a director and a DSC for a CA?

A director's DSC is an individual Class 3 DSC that identifies the director by name and optionally by organisation. It is used to sign company forms, returns, and declarations on MCA21 and other portals. A practising CA's DSC is also a Class 3 DSC but may include the CA's ICAI membership number and 'practicing CA' designation — required for certifying audit reports and financial statements under Income Tax and MCA rules. The technical mechanism is the same; the embedded identity information and the regulatory contexts in which they are used differ.

Practitioner noteA CA who is also a director needs both — a practitioner DSC for signing audit certificates and a director DSC for signing MCA forms in the director capacity. These are separate DSCs in practice.
What does the USB crypto token do — and what happens if I lose it?

The USB crypto token (e-Pass or equivalent) stores your private key in a tamper-resistant hardware chip. When you sign a document, the token generates the signature locally — your private key never leaves the device, even when connected to a computer. It is PIN-protected against unauthorised use. If the token is lost or stolen, the DSC must be immediately revoked by contacting the issuing Certifying Authority. A new DSC application and token are required. Revocation is permanent — it cannot be undone — but it prevents the lost token from being misused to sign documents fraudulently.

Practitioner noteTreat the crypto token and its PIN with the same care as a bank OTP device. PIN lockout after too many failed attempts is common — it requires the CA to unlock or reissue. Write the PIN in a secure location; do not share it.
Which Certifying Authorities can issue a valid Class 3 DSC in India?

Only organisations licensed by the Controller of Certifying Authorities (CCA) under the IT Act can issue DSCs in India. The currently active licensed CAs include eMudhra, Capricorn CA, CDAC, NSDL e-Gov, and a few others. PNPC works primarily with eMudhra and Capricorn, both of which have established video verification infrastructure and nationwide courier delivery. The choice of CA does not affect the DSC's legal validity — all are equally accepted by all government portals.

Practitioner noteUnlicensed operators offering cheap DSCs are a scam risk. Any DSC not issued by a CCA-licensed Certifying Authority has no legal validity. The list of licensed CAs is published on the CCA website. We use only licensed, established CAs.
How much does a Class 3 DSC cost?

Approximate market rates: ₹1,200–₹1,500 for 1-year validity; ₹1,800–₹2,500 for 2-year validity; ₹2,200–₹3,000 for 3-year validity. Prices vary slightly by Certifying Authority. These are the direct CA charges, passed through to the client. Longer validity is more cost-efficient per year and involves fewer renewal processes. PNPC recommends 2-year or 3-year validity for directors and professionals with ongoing filing obligations.

Practitioner noteFor a director with ongoing annual MCA, GST, and Income Tax filing obligations, a 3-year DSC avoids two renewal cycles over six years — saving time and avoiding the risk of an expiry falling at a deadline.
My company is being incorporated and we have two directors — when should DSCs be arranged?

DSCs should be arranged before the SPICe+ incorporation form is filed — both directors must sign the SPICe+ form with their individual Class 3 DSCs. The DSC process should start at least 7–10 working days before the planned SPICe+ submission to allow for video verification and token delivery. PNPC initiates DSC applications for all directors on Day 1 of the incorporation engagement, in parallel with name clearance and MoA drafting — ensuring no delay in the SPICe+ filing.

Practitioner noteThe most common cause of incorporation delays we see in client engagements that were started elsewhere: one or more directors do not have a DSC at the point of SPICe+ filing. By then, the name approval has lapsed or the promoters have moved on to other tasks. Start the DSC in parallel with everything else.
Can I use the same DSC token for multiple years, or does the token also expire?

The USB crypto token itself has a lifespan longer than the DSC validity period — the physical device is typically functional for 5–10 years or more. When a DSC expires, the same token can often be reconfigured with a renewed DSC by the Certifying Authority. However, if the token is lost, damaged, or incompatible with a new CA's system, a new token is issued with the renewed certificate. PNPC clarifies this with the issuing CA at renewal time — retaining the same token where possible saves cost.

Practitioner noteWhether the token can be reused for a renewal depends on the CA and token model. eMudhra and Capricorn tokens are typically reusable for renewals within the same CA. If switching CAs for renewal, a new token is usually issued.
Why PNPC Global
FeatureDirect CA Application / PortalPNPC Global
Aadhaar readiness checkNot performed — discovered at video call failureChecked before scheduling video verification
NRI director coordinationClient figures out the alternative process independentlyPNPC coordinates NRI-specific video and documentation process
Multi-director parallel processingDirectors typically apply sequentiallyAll director DSCs initiated in parallel at incorporation — no serialisation delay
Cross-portal mappingClient's responsibility after token deliveryMCA21, GST, TRACES portal mapping handled after token delivery
Expiry trackingNo tracking — discovered at filing rejectionExpiry tracked on compliance calendar — renewal initiated 30 days before
Incorporation integrationDSC treated as a separate taskDSC initiated Day 1 of incorporation — parallel to name clearance and drafting
PIN management guidanceStandard CA instruction sheetCA guidance on secure PIN management and lockout recovery
When token is lostClient contacts CA directlyPNPC manages revocation and reissuance — one call covers it

What the PNPC package includes

  1. 01

    Aadhaar mobile linkage readiness check before video verification

  2. 02

    Certifying Authority application initiation — eMudhra or Capricorn as appropriate

  3. 03

    Video verification scheduling and coordination — including remote for NRI applicants

  4. 04

    Crypto token delivery tracking and confirmation

  5. 05

    MCA21 DIN-to-DSC mapping and portal registration

  6. 06

    GST and TRACES portal DSC mapping where applicable

  7. 07

    Test signature before first live filing

  8. 08

    Expiry tracking and renewal initiated 30 days before expiry

  9. 09

    Revocation and reissuance support in case of token loss or compromise

  10. 10

    Direct CA contact for DSC-related queries — PIN issues, portal errors, token problems

Speak directly with a PNPC Chartered Accountant — your DSC is the signature infrastructure behind every filing your business will make; getting it right means never having a deadline held up by a missing or expired token.

← Back to Registrations & Licences
Talk to a CA