The Unique Identification Authority of India has issued new regulations amending the Aadhaar (Authentication and Offline Verification) Regulations, 2021. These amendments, effective from the date of publication on January 31, 2024, bring significant changes to the authentication process. The Aadhaar (Authentication and Offline Verification) Amendment Regulations, 2024, introduce crucial changes to authentication processes, emphasizing the importance of agreements with the Authority. These amendments aim to enhance security and efficiency in Aadhaar-related transactions. Stakeholders and entities involved should stay informed to ensure compliance with the updated regulations.
UNIQUE IDENTIFICATION AUTHORITY OF INDIA
NOTIFICATION
New Delhi, the 31st January, 2024
F. No. HQ-13073/1/2020-AUTH.II(E).—In exercise of the powers conferred by sub-sections (1) and (2) of section 54 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016), the Unique Identification Authority of India hereby makes the following regulations to further amend the Aadhaar (Authentication and Offline Verification) Regulations, 2021, namely:—
1. Short title and commencement.—(1) These regulations may be called the Aadhaar (Authentication and Offline Verification) Amendment Regulations, 2024.
(2) They shall come into force on the date of their publication in the Official Gazette.
2. In the Aadhaar (Authentication and Offline Verification) Regulations, 2021 (hereinafter referred to as the principal regulations), in regulation 2, in sub-regulation (1),—
(a) for clause (j), the following clause shall be substituted, namely:—
‘(j) “e-KYC authentication facility” means a type of authentication facility—
(i) in which the biometric information and/or OTP and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is matched against the data available in the CIDR, and the Authority returns a digitally signed response containing e-KYC data along with other technical details related to the authentication transaction; and
(ii) includes any subsequent appropriate response returned by the Authority regarding the status as to whether any Aadhaar number previously submitted has been subsequently omitted or deactivated or re-activated in the event of any omission or deactivation of such Aadhaar number or re-activation of such a deactivated Aadhaar number:
Provided that the requesting entity has entered into a Memorandum of Understanding or agreement with the Authority for the performance of authentication with update of such status;’;
(b) for clause (p), the following clause shall be substituted, namely:—
‘(p) “Yes/No authentication facility” means a type of authentication facility—
(i) in which the identity information and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is then matched against the data available in the CIDR, and the Authority responds with a digitally signed response containing “Yes” or “No”, along with other technical details related to the authentication transaction, but no identity information; and
(ii) includes any subsequent appropriate response returned by the Authority regarding the status as to whether any Aadhaar number previously submitted has been subsequently omitted or deactivated or re-activated in the event of any omission or deactivation of such Aadhaar number or re-activation of such a deactivated Aadhaar number:
Provided that the requesting entity has entered into a Memorandum of Understanding or agreement with the Authority for the performance of authentication with update of such status.’.
3. In the principal regulations, in regulation 9,—
(a) for the short title, the following short title shall be substituted, namely:—
“Process for performance of authentication”; and
(b) for sub-regulation (3), the following sub-regulations shall be substituted, namely:—
“(3) Based on the mode of authentication request, after the input parameters have been matched against the information of the Aadhaar number available in the CIDR and CIDR has verified the correctness or lack thereof, the Authority shall return a digitally signed Yes or No response, or a digitally signed e-KYC response with encrypted e-KYC data, as the case may be, along with related technical details.
(3A) Where the requesting entity has entered into a Memorandum of Understanding or agreement with the Authority for the performance of authentication with update of status regarding whether an Aadhaar number previously submitted has been subsequently omitted or deactivated or re-activated, in the event of such Aadhaar number being omitted or deactivated or such a deactivated Aadhaar number being reactivated, the Authority shall send a subsequent digitally signed appropriate response, along with related technical details.”.
4. In the principal regulations, in regulation 10,—
(a) in sub-regulation (3), for the words “failure such as Suspended/Cancelled Aadhaar or Biometric/Aadhaar Locking”, the words ‘failure, such as “Aadhaar cancelled”, “Aadhaar deactivated”, “Aadhaar locked”, “Aadhaar omitted”, “Aadhaar suspended” and “Biometrics locked”’ shall be substituted;
(b) after sub-regulation (3), the following sub-regulation shall be inserted, namely:—
“(4) In sub-regulation (3), the expression—
(i) “Aadhaar cancelled” or “Aadhaar omitted”, in relation to an Aadhaar number, shall mean that such Aadhaar number has been omitted;
(ii) “Aadhaar deactivated” or “Aadhaar suspended”, in relation to an Aadhaar number, shall mean that such Aadhaar number has been deactivated;
(iii) “Aadhaar locked”, in relation to an Aadhaar number, shall mean that such Aadhaar number has been locked as referred to in regulation 11A; and
(iv) “Biometrics locked”, in relation to an Aadhaar number, shall mean that the biometric records related to such Aadhaar number have been locked as referred to in regulation 11.”.
SANJEEV YADAV, Director
[ADVT.-III/4/Exty./723/2023-24]
Note : The principal regulations were published in the Gazette of India, Extraordinary, Part III, Section 4, dated the 9th November, 2021, vide Notification F. No. K-11020/ 240/ 2021/ Auth/UIDAI (No. 2 of 2021), dated the 8th November 2021, and were subsequently amended vide Notifications—
(i) F. No. K-11020/240/2021/Auth/UIDAI (No. 01 of 2022), dated the 4th February, 2022;
(ii) F. No. HQ-13011/2/2021-AUTH-II (No. 01 of 2023), dated the 24th February, 2023 (published on the 27th February, 2023); and
(iii) F. No. HQ-13073/1/2020-AUTH.II(E), dated the 29th September, 2023 (published on the 3rd October, 2023).
