Section 38(2) in The Information Technology Act, 2000
(2)Subject to the provisions of sub-section (3) and without prejudice to the provisions of sub-section (1), a Certifying Authority may revoke a Digital Signature Certificate which has been issued by it at any time, if it is of opinion that-(a)a material fact represented in the Digital Signature Certificate is false or has been concealed;(b)a requirement for issuance of the Digital Signature Certificate was not satisfied;(c)the Certifying Authority's private key or security system was compromised in a manner materially affecting the Digital Signature Certificate's reliability;(d)the subscriber has been declared insolvent or dead or where a subscriber is a firm or a company, which has been dissolved, wound-up or otherwise ceased to exist.
