The Indian government has announced the expansion of its Aadhaar authentication service, a digital ID system designed to provide a trusted verification system between users and providers.
The framework is thought to contain the biometrics of more than 1.4 billion people, with restrictions now eased on which entities can use it.
On Friday (Jan 31), the Indian IT ministry confirmed the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025. As part of the fresh changes to the law introduced five years ago, businesses in sectors including travel, healthcare, hospitality, and e-commerce will now be able to use Aadhaar to conduct essential checks on customers.
While the development will be welcomed by many companies, the expansion has prompted criticism due to privacy concerns around the misuse of citizens’ biometric data.
In a statement from the IT Ministry, it was conveyed how the update is designed to “enhance scope and utility of Aadhaar authentication” by “allowing the usage of Aadhaar for improving service delivery” and “enables both government and non-government entities to avail Aadhaar authentication service for providing various services in the public interest.”
One key change from the previous version of Aadhaar is the omission of a sub-rule that allowed the authentication process to prevent the “leaking of public funds”.
This is said to widen the scope of the bespoke ID-based verification platform provided by the Unique Identification Authority of India (UIDAI) government body.
Up to this point, the service was typically used by banking, telecom, and utility operators to onboard new customers and to verify existing users.
Calls for more transparency
UIDAI website data shows that Aadhaar authentication was used in 129.93 billion transactions as of January 2025, up from 109.13 billion last February.
The new rules mean entities looking to introduce Aadhaar authentication will be required to “apply with the details of intended requirements the concerned ministry or department of the Central or the State government” which “will be examined by UIDAI and MeitY [the IT ministry]” which will approve these applications based on UIDAI’s recommendation, said the government.
However, Kamesh Shekar, a digital governance lead at New Delhi-based tech policy think-tank The Dialogue, questioned this pathway.
“What criteria the MeitY and UIDAI would be taking into consideration for evaluating such applications have to be made clearer and more transparent to weed out misuse, which is a concern flagged by the Supreme Court while deliberating on Section 57 of the Aadhaar Act,” he said.
Section 57 of the Aadhaar Act 2016 was struck down by the Supreme Court in 2018 after it previously allowed private entities to use Aadhaar to establish individuals’ identities.
The Aadhaar Act was then amended in 2019 to enable voluntary authentication but that amendment has been challenged and is currently pending in the Supreme Court.
Image credit: Via Midjourney