UIDAI urges verification entities to exercise Aadhaar usage hygiene

The Unique Identification Authority of India (UIDAI) has issued a set of guidelines to Offline Verification Seeking Entities (OVSEs) highlighting several usage hygiene issues, better safety mechanisms at users level, and ways to further enhance residents’ trust while using Aadhaar voluntarily for lawful purposes.

Entities have been advised to perform Aadhaar verification only with the explicit consent of the Aadhaar number holder. While conducting offline verification, these entities must be courteous to residents and assure them of the security and confidentiality of their Aadhaar.

Entities must keep a log/record of the explicit consent received from residents in case UIDAI or another legal agency audits them in the future.

UIDAI has also requested that OVSEs verify Aadhaar using the QR Code found on all four forms of Aadhaar (Aadhaar letter, e-Aadhaar, m-Aadhaar, and Aadhaar PVC card) rather than accepting Aadhaar in physical or electronic form as proof of identity.

Offline verification is the use of Aadhaar for local identity verification and KYC processes without connecting to UIDAI’s Central Identities Data Repository. OVSEs are organisations that conduct offline verification of an Aadhaar number holder for a legal purpose.

Entities have been urged to ensure that no services are denied to any resident because he or she refuses or is unable to undergo offline Aadhaar verification, provided the resident can identify himself or herself through other viable alternatives. It has been emphasised that OVSEs must provide residents with viable alternatives to Aadhaar in order to provide service.

UIDAI has informed OVSEs that after conducting offline Aadhaar verification, verification entities should not collect, use, or store the resident’s Aadhaar number. If the OVSE finds it necessary to store a copy of Aadhaar after verification for any reason, the OVSE must ensure that the Aadhaar number is redacted/masked and irretrievable.

The QR code available on all forms of Aadhaar (Aadhaar letter, e-Aadhaar, Aadhaar PVC card, and m-Aadhaar) can be used to verify any Aadhaar using the mAadhaar App or Aadhaar QR code Scanner. Offline verification can detect tampering with Aadhaar documents, and tampering is a punishable offence with penalties under Section 35 of the Aadhaar Act.

If they notice any misuse of information, they must notify UIDAI and the resident concerned within 72 hours. UIDAI has warned OVSEs not to perform offline verification on behalf of any other entity or person and to cooperate fully with the Authority or law enforcement agencies in the event of an investigation involving Aadhaar misuse.