Information Technology Act, 2000
42. Control of private key. –
(1) Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in his Digital Signature Certificate and take all steps to prevent its disclosure to a person not authorized to affix the digital signature of the subscriber.
If the private key corresponding to the public key listed in the Digital Signature Certificate has been compromised, then, the subscriber shall communicate the same without any delay to the Certifying Authority in such manner as may be specified by the regulations.
Explanation:- For removal of doubts, it is hereby declared that the subscriber shall be liable till he has informed the certifying Authority that the private key has been compromised.