Government Amends Norms to Restore Aadhaar Verification Process for Private Entities: A Legal Perspective

Posted On - 19 February, 2025 • By - Sukrit Kapoor

Introduction

Through a recent set of amendments by the Government of India, private entities are now allowed to use Aadhaar authentication under given conditions in the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules. The new rules clearly break away from the earlier position where, consequent to the landmark 2018 judgment of the Supreme Court of India, private firms were denied access to Aadhaar-based authentication.

Aadhaar, a 12-digit unique identity number issued by the Unique Identification Authority of India (UIDAI), continues to act as a linking tool to formulate identity verification for citizens. Arguments were put forward for private entities to provide Aadhaar authentication under Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. However, during Justice K.S. Puttaswamy (Retd.) v. Union of India[1], the Supreme Court struck down Section 57, as it was considered to be contravening privacy issues and leaving openings for misuse by private entities. Hence, authentication through Aadhaar was permitted only for governmental bodies and for entities that operate under a specific section of the law

A recently promulgated amendment to the Aadhaar Authentication for Good Governance Rules looks to reinstate Aadhaar authentication for private entities under a structured regulatory mechanism ensuring compliance with privacy laws and further safeguard individual rights.

Key Provisions of the Amendment

The Ministry of Electronics and Information Technology has formulated the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules 2025. Here are the particulars covered in the amendment:

Who Can Use Aadhaar Authentication?

    Private entities can make use of Aadhaar authentication when it aims for good governance, tackles fraud, fosters innovation, or improves service delivery. The firm has to demonstrate that Aadhaar authentication is crucial to its service model.

    • Approval Process:
    • The private entity must submit its proposal before the competent government ministry or department.
    • The ministry determines whether Aadhaar authentication is necessary and refers the case to MeitY.
    • UIDAI disposes of the application and recommends that MeitY approve it with respect to the fulfilment of the criteria.
    • After being cleared, the concerned ministry issues a notification that allows the concerned private entity to use Aadhaar authentication.
    • Authentication by Choice:
    • No individual shall be obliged to subject himself to Aadhaar authentication.
    • Alternatives for identity verification shall be provided for persons who choose not to verify their identity via Aadhaar.
    • Compliance with Data Protection Laws:
    • Private entities shall strictly adhere to the provisions mentioned in the Digital Personal Data Protection (DPDP) Act, 2023.
    • Some stringent regulatory must follow to safeguard against unauthorized access and misuse of the Aadhaar information.
    • UIDAI shall ensure compliance and effective execution and impose penalties for violations.
    1. Privacy and Data Protection – Major worry that accompanies the amendment is its capability of snooping into the privacy of individuals. The DPDP Act 2023 establishes stringent protection for data, both in its processing and collection, requiring private entities to:
    2. Obtain specific consent from users before authentication.
    3. Collect and process only minimum data
    4. Ensure strong cybersecurity measures are employed in protecting Aadhaar-linked information.

    The UIDAI, being the regulator, will be responsible for ensuring compliance and punishing any violator.

    • Impact on Market Competition – In the industries, including fintech, e-commerce, healthcare, and digital platforms, Aadhaar authentication will ease up the services being provided by private firms. Nevertheless, large corporations with the capability of compliance will derive the greatest benefit, practically choking out the smaller firms from the market. The government will have to ensure fair access, so that the scope of innovation does not narrow to a few large players only.
    • Legal Challenges and Pending Scrutiny by Courts– The amendment is expected to face legal scrutiny primarily on these grounds:
      • Concerns of Fundamental Rights: Some might contend that extending private enterprises access to Aadhaar contradicted the Supreme Court ruling in Puttaswamy, which restricted the Aadhaar only for State functions.
      • Definition of “Good Governance”: Broadly formulated, this could result in competing interpretations and thereby prompt legal disputes over its application.
      • Contradictions in Data protection laws: Questions are likely to arise around whether UIDAI or the Data Protection Board has greater authority under the DPDP Act 2023.

    Impact in Various Sectors

    • Financial Services & Fintech

    This shift will facilitate the work of banks, fintech startups, and transaction platforms in a speedy veracity of their customers.

    • E-commerce & Online Platforms

    E-commerce platforms may also help reduce identity frauds and facilitate transactions in certain cases, such as high-value purchases, in an experiment to test Aadhaar authentication.

    • Healthcare Services

    Aadhaar authentication could help both hospitals and telemedicine providers maintain secure digital health records and improve the quality-of-service delivery.

    • Employment and HR Verification

    It would lead to speedy background verification for job placements and victim employment records, thereby reducing occurrences of fraudulent employment claims.

    Compliance requirements for private entities

    The private segment employing Aadhaar authentication ought to accordingly meet specified conditions nibbling on their own and come legally under the compliance framework.

    • Secure the necessary approvals-A checklist through the step-by-step approval process involves UIDAI and MeitY.
    • Ensure data security.
    • Respect user choice, provide valid alternative ID verification methods.
    • Regular compliance audits.
    • Management of legal risk- The responsibility to oversee compliance and take care of attendant legal risks gets delegated to a data protection officer.

    Conclusion

    Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025 are bound to change the entire digital identity verification scenario in India. The possible reintegration of Aadhaar authentication for private players is intent upon enhancing digital services, minimizing fraud, and driving innovation. Nonetheless, the challenge still lies in finding a balance between technological growth and individual privacy. The success of this amendment will materialize if the government endeavours to supreme privacy protections, compliance, and emerging concerns. Through continuous oversight and legislative refinements, with respect for individual rights and data protection laws, India is in a bright position to realize a secure and inclusive digital ecosystem.

    [1] Justice K.S. Puttaswamy (Retd.) v. Union of India

    King Stubb & Kasiva,
    Advocates & Attorneys

    Click Here to Get in Touch

    New Delhi | Mumbai | Bangalore | Chennai | Hyderabad | Mangalore | Pune | Kochi
    Tel: +91 11 41032969 | Email: info@ksandk.com