Information Technology Act, 2000
Every Certifying Authority shall,— (a) make use of hardware, software and procedures that are secure from intrusion and misuse; (b) provide a reasonable level of reliability in its services which are reasonably suited to the performance of intended functions; (c) adhere to security procedures to ensure that the secrecy and privacy of the [electronic signatures] are assured; [(ca) be the repository of all electronic signature Certificates issued under this Act; (cb) publish information regarding its practices, electronic signature Certificates and current status of such certificates; and ] (d) observe such other standards as may be specified by regulations.