Aadhaar authentication for private entities: Navigating the 2025 amendment
Introduction
On 31 January 2025, the Ministry of Electronics and Information Technology has notified the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025 (2025 Amendment). In furtherance of the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act), the 2025 Amendment to the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (Rules), provides for a process for private entities to be able to perform Aadhaar authentication for the purposes specified under the Rules.
Aadhaar authentication purposes and process
Under the Rules read with the 2025 Amendment, the Central Government may enable entities to authenticate Aadhaar numbers through Central Identities Data Repository (a centralised database used for Aadhaar authentication under the Aadhaar Act) on a voluntary basis, for the following purposes:
(i) usage of digital platforms to ensure good governance;
(ii) promoting ease of living of residents and enabling better access to services for them;
(iii) prevention of dissipation of social welfare benefits; and
(iv) enablement of innovation and the spread of knowledge.
Private entities seeking to conduct Aadhaar authentication will be required to submit a proposal to the relevant Ministry or Department of Government, demonstrating how the intended purpose of authentication aligns with the objectives above and in the interest of State. Upon receiving the proposal, the respective Ministry or Department will evaluate its merit and if deemed justified, forward the proposal along with their recommendations, to the Central Government for further consideration. The Central Government may then make a reference to the Unique Identification Authority of India (UIDAI), the authority established under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act), for its assessment.
If the UIDAI determines that the proposal complies with the prescribed purposes and legal provisions of the Aadhaar Act, it will inform the Central Government of its approval. Based on this confirmation, the Central Government may authorise the relevant Ministry or Department to notify and permit the requesting entity to perform Aadhaar authentication.
Conclusion
The 2025 Amendment marks an important development in India’s digital and regulatory ecosystem. By providing a formal process of examining and approving purposes of Aadhaar authentication by private entities, the 2025 Amendment furthers the aims of the Aadhaar Act to revolutionise service delivery, enhance government-private sector collaboration, and improve accessibility to essential services. By aligning business-friendly reforms with strict compliance safeguards, Aadhaar authentication can emerge as a powerful tool for economic growth, digital empowerment, and public service enhancement. Given that Aadhaar-based authentication infrastructure is already in place for critical sectors, its integration into private sector operations at a wider scale — particularly for KYC (Know Your Customer) purposes — could drastically reduce costs compared to existing identity verification methods.
However, the criteria for approving Aadhaar authentication use-cases remain ambiguous. The Government is yet to clarify how it will assess whether a proposed use case aligns with the purposes prescribed under the Rules, as the criteria appears to be rather subjective. The Supreme Court had, in its 2019 judgment on the Aadhaar Act, raised concerns about private entities accessing Aadhaar data, citing potential misuse and security risks. It remains to be seen how the 2025 Amendment will align with the compliance requirements set by the Supreme Court’s ruling as well as the evolving data protection landscape in India, particularly against risk of unauthorized use.
- Harsh Walia (Partner); Shobhit Chandra (Counsel); Sumantra Bose (Counsel); Shramana Dwibedi (Senior Associate) & Vanshika Lal (Associate)
For any queries please contact: editors@khaitanco.com
We have updated our Privacy Policy, which provides details of how we process your personal data and apply security measures. We will continue to communicate with you based on the information available with us. You may choose to unsubscribe from our communications at any time by clicking here.
For private circulation only
The contents of this email are for informational purposes only and for the reader’s personal non-commercial use. The views expressed are not the professional views of Khaitan & Co and do not constitute legal advice. The contents are intended, but not guaranteed, to be correct, complete, or up to date. Khaitan & Co disclaims all liability to any person for any loss or damage caused by errors or omissions, whether arising from negligence, accident or any other cause.
© 2024 Khaitan & Co. All rights reserved.
Mumbai
One World Centre
10th, 13th & 14th Floor, Tower 1C
841 Senapati Bapat Marg
Mumbai 400 013, India
Mumbai
One Forbes
3rd & 4th Floors, No. 1
Dr. V. B. Gandhi Marg
Fort, Mumbai 400 001
Delhi NCR (New Delhi)
Ashoka Estate
11th Floor, 1105 & 1106,
24 Barakhamba Road,
New Delhi 110 001, India
Kolkata
Emerald House
1B Old Post Office Street
Kolkata 700 001, India
Bengaluru
Embassy Quest
3rd Floor
45/1 Magrath Road
Bengaluru 560 025, India
Delhi NCR (Noida)
Max Towers,
7th & 8th Floors,
Sector 16B, Noida
Uttar Pradesh 201 301, India
Chennai
8th Floor,
Briley One No.30
Ethiraj Salai
Egmore
Chennai 600 008, India
Singapore
Singapore Land Tower
50 Raffles Place, #34-02A
Singapore 048623
Pune
Raheja Woods
03-108-111, 3 Floor
8, Central Avenue, Kalyani Nagar
Pune - 411 006, India
Gurugram (Satellite Office)
Suite No. 660
Level 6, Wing B,
Two Horizon Center
Golf Course Road, DLF 5
Sector 43, Gurugram
Haryana 122 002, India
Ahmedabad
1506 - 1508, B-Blockr
Navratna Corporate Parkr
Iscon Ambli Road, Ahmedabadr
Gujarat - 380058