The 27th National Conference of Practicing Company Secretaries drew over 700 members of India’s compliance community to Hotel Conrad in Pune last week. Senior practitioners, institutional representatives, and regulatory observers gathered under the banner of the Institute of Company Secretaries of India for one of the profession’s most significant annual events. Among the speakers invited to address the congregation was Rupesh Kuche, a Company Secretary (CS), special situations investor, and founder of Digital Trust Infrastructure India Ltd. CS Rupesh Kuche, who has reportedly been featured by Forbes as a “Turnaround Artist”, brings significant experience in stressed asset resolution, having been associated with debt resolution mandates exceeding Rs 10,000 crore.His address was not a typical conference keynote. Rather than an introduction of self, he opened with a question directed to a room full of professionals who work with Digital Signature Certificates every day of their working lives.
He asked how many of them had a DSC. Nearly every hand went up. He asked how many knew exactly where it was at that moment. And then, how many knew exactly which person was holding it right now. Most hands came down. It was a crucial moment for the practitioners in that room, as it carried the weight of something long known but never quite named. “That is the problem,” Kuche told the audience. “One of the most powerful instruments of your professional identity is your DSC token, and most of us cannot say with certainty who has it or whether it is being used right now,” he added. That evening, he unveiled Digital Trust Infrastructure India (DTII) and its flagship product, Ascert.en, to a professional audience that understands the stakes better than most. DTII has also published a book called “Digital Signature & Subscriber: custody, liability, and compliance in India”.
Rupesh Kuche with the President of the Institute of Company Secretaries of India (ICSI), CS Pawan G. Chandak
A gap the law already knows aboutThe problem DTII is addressing is not new. Under the Information Technology Act, 2000, a Digital Signature Certificate subscriber is solely responsible for every action taken using their DSC1. The private key must remain under the subscriber’s exclusive control at all times. The law is unambiguous. In many organisations, the practical handling of DSCs can differ from the security model envisaged by the IT Act and CCA framework. While DSCs are intended to remain under the control of the subscriber and authorities explicitly advise against sharing tokens or PINs, compliance filings are often handled by administrative staff, accountants or consultants on behalf of certificate holders, creating a risk that the person named on the certificate is not always the individual performing the filing activity.As most offices may attest, this is simply how work gets done.But in the eyes of the law, this opens up the subscriber to scrutiny and action. The age-old operational method where possession and control were not mutually inclusive is no longer valid. With the regulations laid down as per the DPDP framework, there must now be a mandated consent mechanism that is free, specific, informed, unambiguous and unconditional, while handling any personal data in the digital ecosystem2. This is the gap that Digital Trust Infrastructure India (DTII) aims to close. What DTII is building DTII positions itself as a company building trust infrastructure for India’s digital signature ecosystem. But they are not building a cybersecurity product. It is not a replacement for existing DSC infrastructure. It is, in the company’s own framing, the accountability layer that was always assumed to have existed but never fully equipped professionals to maintain. At the conference, DTII unveiled the Ascert.en QDSD, Trust box and companion app built on what the company calls its trademark 4A framework: Authentication, Authorization, Audit, and Assurance. Authentication is designed to ensure that signing events are initiated only after biometric verification of the subscriber. Authorization places the decision in front of the subscriber before any document is signed. They see it, they approve it, deliberately and in real time.Audit creates a tamper-evident record intended to support evidentiary and compliance requirements . Assurance provides integrated DSC insurance, so that in the event of misuse, the subscriber has financial protection alongside evidentiary cover. The physical product, the Trust Box, was on display at the DTII booth across both days of the conference, drawing interest from practitioners who recognised the problem it is designed to solve. Critically, the system does not ask professionals to change how they work. Delegation still remains as is, and teams continue to handle filings. What changes is that the owner receives a notification, sees the document, and approves the action before the DSC is used. This happens with a certifiable approval and audit trail recorded for posterity, in under five minutes. The ICSI partnership and what it signalsIt is also worth noting that the significance of the conference setting was not incidental. DTII’s debut at the ICSI National Conference with the institute itself being a trust partner for the brand, is a marker that the company has been deliberate about what it is pursuing from the outset. The Institute of Company Secretaries of India is the statutory body that governs the CS profession. Its members are, in Kuche’s words, “the human trust layer of corporate India” i.e the professionals who sit at the intersection of authority, delegation, compliance, and responsibility every working day. That ICSI chose to partner with DTII for this conversation, and to provide a platform for it at one of the profession’s most significant annual gatherings, is an institutional signal the company does not understate. “We are not seeking to disrupt these institutions,” Kuche said in his keynote. “This Institute has spent decades building the professional trust the statute relies upon. One does not disrupt that. One strengthens the layer around it.” The language was careful. The intent was clear. DTII is positioning itself from the outset as a company that works with India’s regulatory and professional infrastructure, not around it. The bigger pictureIndia’s record in building digital public infrastructure is impressive. Aadhaar, UPI, GST, DigiLocker; each represents a structural transformation that the world has studied and, in some cases, sought to replicate. What DTII is arguing, and what the reception at Pune suggested the professional community is ready to hear, is that a layer is missing. Identity infrastructure tells you who someone is. Payments infrastructure moves value. Compliance infrastructure records transactions. DTII argues that existing digital infrastructure does not always preserve evidence of intent and authorization in a manner tailored to DSC-based workflows.DTII also argues that trust infrastructure can help close that gap. It preserves consent, context, and accountability so that a digital act can be defended long after the moment it happened. It is an ambitious claim. But Kuche came to make it in front of an audience that lives at the centre of the problem every day. References:Disclaimer: This article has been produced on behalf of DTII by Times Internet’s Spotlight team.
