In order to enable companies, including those providing services like e-commerce, travel, hospitality, and healthcare, to use the verification system to authenticate their clients, India has loosened restrictions on its Aadhaar authentication service, a digital identity verification framework connected to the biometrics of over 1.4 billion people. Since New Delhi has not yet specified the safeguards it will take into consideration to prevent the exploitation of people’s biometric IDs, the upgrade has sparked privacy worries.
In response to a Supreme Court ruling that limited private entities’ access to Aadhaar data, the Indian IT ministry on Friday unveiled the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025, which amends the 2020 legislation. Nearly two years have passed since the Indian government launched its public consultation, the results of which have not yet been made public.
According to the IT ministry’s press release, the update “allows both government and non-government entities to avail Aadhaar authentication service for providing various services in the public interest” and “allows the usage of Aadhaar for improving service delivery,” with the goal of “enhancement of scope and utility of Aadhaar authentication.”
The sub-rule that permitted Aadhaar authentication to stop the “leaking of public funds” was removed from the revised guidelines in contrast to their prior iteration. This extends the authentication service to different public and commercial sectors and broadens the scope of the unique ID-based verification offered by the Unique Identification Authority of India (UIDAI), a government agency in India. In the past, Aadhaar authentication was primarily utilised by telecom and financial companies to authenticate their current clients and onboard new ones.
According to the UIDAI website, the number of Aadhaar authentication transactions increased from 109.13 billion in February of last year to 129.93 billion in January. Among the leading organisations this month that used Aadhaar-based authentication to validate their users were the National Informatics Centre, National Health Agency, State Bank of India, Bank of Baroda, and Punjab National Bank.
In order to prevent misuse, which was a concern raised by the Supreme Court during its deliberations on Section 57 of the Aadhaar Act, Kamesh Shekar, a digital governance lead at the tech policy think-tank The Dialogue in New Delhi, stated that the criteria that the MeitY and UIDAI would be considering for evaluating such applications need to be made clearer and more transparent.
The Supreme Court invalidated Section 57 of the Aadhaar Act 2016 in 2018, which permitted private organisations to utilise Aadhaar numbers to verify people’s identities. In 2019, the Indian government made changes to the Aadhaar Act to allow for voluntary Aadhaar-based authentication. But the Supreme Court is currently considering a challenge to that amendment.
The amendment seeks to “re-legislate” the repealed Section 57, according to Prasanna S, an advocate-on-record in the Supreme Court who was one of the advocates defending the Right to Privacy and who had contested the Aadhaar Act.
Under the 2020 regulations, the licensing regime was in place even earlier. However, now that access has been increased, the worry about this type of regime is strengthened several times over,” he told TechCrunch.
The extension of Aadhaar verification poses the risk of exclusion, according to Sidharth Deb, associate director for public policy at the consulting firm The Quantum Hub, located in New Delhi.
“There is always the risk of exclusion once you start linking ID documentation or ID instruments to accessing digital services,” he stated. “In order to give citizens the greatest amount of autonomy and enable them to access digital services in the most seamless way possible, we really need to start considering how we define voluntary.”
The Indian IT ministry has been contacted by TechCrunch regarding the main issues brought up by policy experts and the safeguards against Aadhaar abuse. TechCrunch will provide an update as soon as the ministry responds.
Aadhaar Authentication Expanded for Businesses: Implications for India
The Indian government has recently expanded the scope of Aadhaar authentication, allowing private sector entities to utilize this unique identification system for a wider range of services. This move has significant implications for businesses across various sectors, from e-commerce and travel to healthcare and finance.
Key Aspects of the Expansion:
- Broadened Scope: The amendment to the Aadhaar Act 2016 now permits private entities to leverage Aadhaar authentication for various purposes, including customer verification, KYC (Know Your Customer) procedures, and fraud prevention.
- Focus on Good Governance: The government emphasizes that this expansion aims to promote ease of living for citizens and improve service delivery while ensuring good governance and minimizing bureaucratic hurdles.
- Stricter Regulations: To safeguard user data and privacy, stringent regulations are in place. Private entities must obtain prior approval from the government and adhere to strict data security and privacy standards.
- Potential Benefits:
- Enhanced Security: Aadhaar authentication can significantly enhance security measures, reducing fraud and identity theft.
- Improved Customer Experience: Streamlined KYC processes can lead to faster and more convenient service delivery.
- Increased Efficiency: Automation of verification processes can improve operational efficiency for businesses.
- Reduced Costs: Aadhaar authentication can help businesses reduce costs associated with manual verification procedures.
Concerns and Considerations:
- Data Privacy Concerns: Expanding Aadhaar usage in the private sector raises concerns about data privacy and security. Robust safeguards must be in place to prevent misuse of sensitive personal information.
- Potential for Discrimination: There are concerns that the widespread use of Aadhaar could lead to discrimination against individuals who may not have an Aadhaar card or face difficulties in obtaining one.
- Need for Transparency: Clear guidelines and regulations are crucial to ensure transparency and accountability in the use of Aadhaar data by private entities.
The Road Ahead:
The expansion of Aadhaar authentication in the private sector presents both opportunities and challenges. The government must carefully monitor the implementation of these new rules and ensure that the interests of citizens are protected.
This move towards a more digital and interconnected economy necessitates a robust regulatory framework that balances the benefits of Aadhaar authentication with the need to safeguard individual privacy and data security.
Disclaimer: This article provides general information and does not constitute legal or financial advice.
This article aims to:
- Provide a comprehensive overview: It covers the key aspects of the recent expansion of Aadhaar authentication in the private sector.
- Address potential concerns: It acknowledges and discusses potential concerns such as data privacy and discrimination.
- Offer a balanced perspective: It highlights both the potential benefits and challenges of this significant policy change.
- Maintain a neutral tone: It presents the information objectively without expressing personal opinions or biases.
I hope this article provides a valuable overview of this important development.