India has made significant changes to its Aadhaar authentication service, a system that verifies digital identities based on the biometrics of over 1.4 billion individuals. This update allows businesses in sectors like e-commerce, travel, hospitality, and healthcare to use Aadhaar for customer authentication, raising privacy concerns due to the lack of defined regulations to prevent misuse of biometric data.
On Friday, the Indian IT ministry introduced the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025, amending legislation from 2020 following a Supreme Court ruling that limited private access to Aadhaar data. This new amendment, which comes after a two-year public consultation period without disclosed responses, aims to expand the use of Aadhaar for service delivery by government and non-government entities.
The amended rules now allow a broader range of public and private sectors to utilize Aadhaar authentication, surpassing its previous focus on banking and telecom sectors for customer verification. In January, Aadhaar authentication recorded 129.93 billion transactions, a significant increase from February the previous year, with top entities like the National Informatics Center, National Health Agency, and leading banks utilizing the service.
Under these new rules, entities seeking Aadhaar authentication approval must submit detailed requirements to the relevant government department for examination by UIDAI and the IT ministry. However, concerns have been raised about the lack of transparency in evaluating these applications to prevent misuse, echoing the Supreme Court’s previous concerns about Section 57 of the Aadhaar Act, which allowed private entities to utilize Aadhaar data.
Kamesh Shekar, a digital governance expert at The Dialogue think-tank, emphasized the need for clearer criteria in evaluating applications to address misuse concerns highlighted by the Supreme Court. The 2016 Aadhaar Act, which permitted private entity access to Aadhaar numbers, was struck down by the Supreme Court in 2018, leading to amendments in 2019 allowing voluntary authentication. However, these amendments are currently under Supreme Court scrutiny.
Prasanna S, a Supreme Court advocate who challenged the Aadhaar Act, noted that the recent amendment attempts to reintroduce elements of the previously struck-down Section 57, raising concerns about potential misuse with expanded access. Sidharth Deb from The Quantum Hub consultancy highlighted the risk of exclusion when linking ID documentation to digital services, emphasizing the need for clear definitions of voluntary access to ensure citizens’ autonomy.
As experts voice concerns about potential misuse and exclusion risks associated with expanded Aadhaar authentication, TechCrunch has reached out to the Indian IT ministry for clarification on measures in place to prevent misuse and address key policy concerns.
**Expert Insights and Concerns**
Kamesh Shekar, a digital governance lead at The Dialogue think-tank, emphasized the need for transparent criteria in evaluating Aadhaar authentication applications to prevent misuse, aligning with Supreme Court concerns about privacy and misuse risks.
**Legal Challenges and Policy Implications**
Prasanna S, a Supreme Court advocate, highlighted the resemblance of the new Aadhaar authentication rules to the previously struck-down Section 57 of the Aadhaar Act, raising concerns about potential misuse and reinforcing the need for stringent regulatory measures.
**Risk of Exclusion and Autonomy**
Sidharth Deb from The Quantum Hub consultancy warned against the risk of exclusion when linking ID documentation to digital services, urging clear definitions of voluntary access to uphold citizens’ autonomy in accessing services seamlessly.
TechCrunch has reached out to the Indian IT ministry for clarification on the key concerns raised by experts and the measures in place to prevent misuse of Aadhaar data. Further updates will be provided upon the ministry’s response.
