India Expands Aadhaar Authentication for Businesses - Privacy Concerns

India Broadens Aadhaar Authentication Access for Businesses

The Indian government has relaxed the regulations governing its Aadhaar authentication service. This digital identity verification system, connected to the biometric data of over 1.4 billion citizens, will now be available to a wider range of businesses.

Expanded Use Cases

Companies in sectors like e-commerce, travel, hospitality, and healthcare can now utilize the system to verify customer identities. This update, however, has sparked privacy debates, as clear guidelines to prevent misuse of biometric IDs are still under development.

New Regulations and Background

On Friday, the Indian IT ministry unveiled the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025. These rules modify the 2020 legislation, which was itself a result of a Supreme Court ruling that limited private entities’ access to Aadhaar data.

The amendment follows nearly two years of public consultation, though the responses received have not been publicly released.

Aims of the Update

The IT ministry stated that the update intends to “enhance the scope and utility of Aadhaar authentication.” It aims to improve service delivery and allow both governmental and non-governmental organizations to leverage the system for public interest services.

Changes to the Rules

A key change involves the removal of a sub-rule that previously restricted Aadhaar authentication to preventing “leaking of public funds.” This broadening of scope expands the reach of the unique ID-based verification system managed by the Unique Identification Authority of India (UIDAI).

Previously, the primary users of Aadhaar authentication were banking and telecom companies, utilizing it for customer onboarding and verification.

Increased Transaction Volume

Aadhaar authentication processed 129.93 billion transactions in January, a significant increase from 109.13 billion in February of the previous year, according to UIDAI data.

Entities like the National Informatics Center, National Health Agency, State Bank of India, Bank of Baroda, and Punjab National Bank were among the top users of Aadhaar-based verification this month.

Application and Approval Process

Entities seeking to implement Aadhaar authentication must now “apply with the details of intended requirements” to the relevant government ministry or department. These applications will be reviewed by UIDAI and the IT ministry (MeitY) for approval, based on UIDAI’s recommendations.

Concerns Regarding Transparency

Kamesh Shekar, a digital governance lead at The Dialogue, a New Delhi-based think-tank, emphasized the need for clearer criteria. He stated that the evaluation process by MeitY and UIDAI must be more transparent to mitigate potential misuse, a concern previously raised by the Supreme Court during deliberations on Section 57 of the Aadhaar Act.

Legal Context and Challenges

Section 57 of the Aadhaar Act 2016, which permitted private entities to use Aadhaar numbers for identity verification, was struck down by the Supreme Court in 2018.

The Indian government amended the Aadhaar Act in 2019 to enable voluntary authentication. However, this amendment is currently being challenged and is pending before the Supreme Court.

Re-legislation Concerns

Prasanna S, an advocate-on-record in the Supreme Court, argued that the amendment attempts to “re-legislate” the invalidated Section 57.

He noted that while a licensing regime existed under the 2020 rules, the expanded access now amplifies the associated concerns.

Risks of Exclusion and Autonomy

Sidharth Deb, associate director for public policy at The Quantum Hub, highlighted the potential for exclusion. He warned that linking ID documentation to digital services could create barriers for some citizens.

“We really need to start thinking about how we define voluntary so that citizens have as much autonomy as possible to be able to access digital services in as frictionless a manner as possible,” he said.

Seeking Clarification

TechCrunch has contacted the Indian IT ministry for comment on the concerns raised by policy experts and regarding the measures in place to prevent misuse of Aadhaar. An update will be provided upon receiving a response.