Aadhaar-PAN linkage for Demat accounts is constitutionally valid

Tathagata Satapathy Vs HDFC Bank Ltd. (Orissa High Court)

Orissa High Court held that provision mandating Aadhaar-PAN linkage for Demat accounts stands on firm constitutional and legal footing. Thus, writ petition disposed of.

Facts- The Petitioner, through this Writ Petition challenges the actions of the Opposite Parties in depriving the Petitioner of access to his Invest Right app and Demat Account, linked to HDFC Bank Savings Account. It is alleged that the bank withheld the petitioner’s funds and profits and made his accounts dormant in July 2023, citing the lack of Aadhaar linkage, despite Aadhaar not being required when the accounts were opened.

Conclusion- Held that the impugned provision mandating Aadhaar-PAN linkage for Demat accounts stands on firm constitutional and legal footing. It satisfies the triple test, serving a legitimate state interest in curbing tax evasion and ensuring financial transparency. While concerns regarding data security and privacy are acknowledged, they do not outweigh the compelling need for regulatory oversight in the securities market. Adequate safeguards have been implemented to mitigate risks, and the measure remains a proportionate and reasonable restriction on privacy. Therefore, the provision does not warrant interference by this Court. The present Writ Petition is, accordingly, disposed of.

FULL TEXT OF THE JUDGMENT/ORDER OF ORISSA HIGH COURT

The Petitioner, through this Writ Petition challenges the actions of the Opposite Parties in depriving the Petitioner of access to his Invest Right app and Demat Account No. 50100193966720, linked to HDFC Bank Savings Account No. 50100193966720. It is alleged that the bank withheld the petitioner’s funds and profits and made his accounts dormant in July 2023, citing the lack of Aadhaar linkage, despite Aadhaar not being required when the accounts were opened.

I. FACTUAL MATRIX OF THE CASE:

2. The brief fact of the case is that:

i. On 20.04.2017, the petitioner opened Savings Bank Account No. 50100193966720 in his name at HDFC Bank, Cuttack-Puri Road Branch, Bhubaneswar. Since opening the aforementioned account, the petitioner has been operating it regularly.

ii. During the course of banking transactions with the Opp. party bank, the branch manager of the said bank persuaded the petitioner to utilize the amount deposited in the savings account to earn more profit by investing it in trading through HDFC Securities, a subsidiary of HDFC Bank Ltd.

iii. Acting on the advice of the HDFC Bank officials, the petitioner invested an amount of ₹25 lakhs from his HDFC Bank savings account into trading through HDFC Securities on 24.12.2019 in Demat Account No. 50100193966720 (73229001) linked to his Savings Bank Account No. 50100193966720. Trading transactions under this arrangement commenced on 06.01.2020.

iv. While the petitioner was trading through HDFC Securities, in July 2023, the HDFC Bank made the petitioner’s trading account/Demat account dormant on the grounds that it was not linked to Aadhaar. It is pertinent to note that the petitioner’s Savings Bank Account and Demat Account were not linked to Aadhaar at the time of opening, as the petitioner had not enrolled under Aadhaar.

v. Upon becoming aware of this development, the petitioner informed the bank authorities that he had not enrolled under Aadhaar and that Aadhaar is not mandatory for banking services or transactions, as per the decision of the Supreme Court. The petitioner requested the bank to resolve the issue accordingly.

vi. Despite this, HDFC Bank continued to send emails stating that the petitioner’s service requests had been registered and would be resolved at the earliest. However, to date, no positive steps have been taken by the bank to address the petitioner’s grievance.

vii. When the opposite party bank failed to resolve the issue, the petitioner, on 16.11.2023, requested the bank to close the Demat/Trading account and transfer all shares and funds to his nominee, his wife, Ms. Adyasha Satpathy’s Demat account.

viii. On 05.01.2024, the Head Office of the opposite party bank sent an email to the Branch Manager of HDFC Bank, stating that the suspension of the Demat/Trading account could not be removed without mapping the PAN with Aadhaar.

ix. The petitioner states and submits that the action of the opposite party bank in not allowing him to operate the Invest Right App Demat Account under his Savings Bank Account, on the grounds that the account is not linked to Aadhaar, is ex facie illegal, arbitrary, and contrary to the decision of the Supreme Court. Therefore, the petitioner asserts that this action is liable to be quashed, and he is entitled to operate the Invest Right App Demat and Trading Account through HDFC Securities/HDFC Bank.

II. SUBMISSIONS ON BEHALF OF THE PETITIONER:

3. Learned counsel for the Petitioner earnestly made the following submissions in support of his contentions.

i. The petitioner submits that he is a senior citizen and a four-term Member of Parliament. He has deliberately not enrolled under Aadhaar, as it has been his consistent stance in Parliament that biometric data should not be collected from citizens unwilling to enroll under Aadhaar. Therefore, since he has not enrolled under Aadhaar, furnishing an Aadhaar enrollment number to the bank to operate the “Invest Right App” Demat Account does not arise.

ii. The petitioner also points out that HDFC Bank allows him to operate his Savings Bank Account No. 50100193966720 for deposits and withdrawals. Thus, the action of HDFC Bank in keeping the Demat Account dormant/suspended on the plea of not being linked to Aadhaar is arbitrary, lacks legal sanction, and is therefore liable to be quashed.

iii. The petitioner further states and submits that the action of the opposite party bank in demanding the Aadhaar enrollment number to link the petitioner’s bank account is a clear violation of Articles 14, 19(1)(g), 21, and 300-A of the Constitution of India. Therefore, this action is liable to be quashed.

iv. The petitioner also submits that the action of the opposite parties in making the trading app Demat account dormant/suspended under the petitioner’s Savings Bank Account is contrary to the decision of the Supreme Court in K.S. Puttaswamy v. Union of India.¹ As such, the action is liable to be quashed.

(v) The petitioner prays that he be allowed to operate the trading app Demat Account No. 50100193966720 (73229001) under his HDFC Savings Bank Account No. 50100193966720, maintained at the Cuttack-Puri Road Branch.

III. SUBMISSIONS ON BEHALF OF THE OPPOSITE PARTIES :

4. In reply, learned counsel for the HDFC Bank (“Opp. Party 1 & 2”) earnestly made the following submissions in support of his contentions:

i. It is submitted that the Writ Petition against a private entity is not maintainable for a writ application can only be maintained and filed against an entity that satisfies the requirements of Article 12 of the Constitution of India.

ii. HDFC Bank Limited (hereinafter ’the Bank’) is a company registered under the Companies Act and also registered with the Reserve Bank of India. It has its registered office in Mumbai, Maharashtra, and is engaged in the legitimate business of providing banking services. Being a private sector bank, it does not satisfy the requirements of Article 12 of the Constitution of India and, therefore, does not fall within its scope. Thus, the present writ application is not maintainable.

iii. The Petitioner, having a savings account with Opposite Party No.2, expressed his interest in opening a Demat Account, which is required for holding shares in electronic form for the purpose of investing and trading in the stock market. Therefore, it is incorrect to state that the Bank persuaded the Petitioner to invest his money through HDFC Securities.

iv. While the Demat Account of the Petitioner was operational, the Central Board of Direct Taxes (CBDT), Ministry of Finance, and the Department of Revenue, Government of India, issued Circular No.7 of 2022 dated 30.03.2022. This circular referred to the provisions of the Income Tax Act regarding the linkage of Aadhaar with Permanent Account Numbers (PANs). Based on this circular, the Securities and Exchange Board of India (SEBI) issued a press release dated 08.03.2023, directing all existing investors to ensure the linkage of their PAN with Aadhaar by 31.03.2023 for continuity and smooth transactions in the securities market. The release also warned of the consequences of non-compliance with the CBDT circular.

v. Following the CBDT circular, the National Securities Depository Limited (NSDL), a depository registered with SEBI, issued a circular dated 21.03.2023. This circular reiterated the importance of linking Aadhaar with PAN and instructed all depository participants registered with NSDL to inform their clients about the compliance requirement. It further stated that non-compliance would result in the Demat Accounts being made inactive.

vi. In view of these regulatory guidelines, the Demat Account of the Petitioner was suspended by NSDL through its circular dated 30.06.2023, and not by the Respondent Bank. Due to this suspension by NSDL, the Petitioner’s request for the closure of his Demat Account and the transfer of shares to his wife’s Demat Account could not be acted upon. The Bank duly informed the Petitioner about this through an email dated 22.11.2023. Additionally, the NSDL circular dated 30.06.2023 prescribes the procedure for the removal of the suspension of Demat Accounts, which mandates linking PAN with Aadhaar. In the absence of such compliance, the Petitioner’s Demat Account would continue to remain suspended.

vii. It is submitted that the contention of the Petitioner that the Bank’s action in not allowing him to operate the Demat Account is illegal and arbitrary, being contrary to the judgment of the Supreme Court, is incorrect. The Bank, as a depository participant, is governed by SEBI regulations and cannot be faulted for acting in accordance with such regulations.

viii. In view of the authoritative pronouncement in the case of K.S. Puttaswamy (supra), SEBI, as the regulatory authority of the securities market, has issued directions requiring investors to ensure compliance with the linkage of Aadhaar with PAN for smooth and uninterrupted transactions in the securities market by 31.03.2023. PAN serves as a key identification number and is part of the KYC requirements for all transactions in the securities market. Accordingly, all SEBI-registered entities and market infrastructure institutions were required to ensure valid KYC for all participants.

ix. The Petitioner contends that the Bank’s action of allowing him to operate his savings account while keeping his Demat Account suspended is misconceived. The suspension was due to his failure to link Aadhaar with his PAN card. However, this argument is incorrect.

x. The Supreme Court, in Puttaswamy (supra), upheld the constitutional validity of Section 139-AA of the Income Tax Act, 1961. At the same time, it ruled that Rule 9 of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, was unconstitutional. The Court also struck down notifications that mandated the linkage of Aadhaar with bank accounts.

xi. The Petitioner incorrectly compares a Demat Account to a bank account. The Supreme Court ruled that linking Aadhaar with bank accounts does not meet the test of proportionality. Therefore, it was declared unconstitutional. As a result, the Petitioner is allowed to operate his savings account. However, this does not apply to his Demat Account. PAN is a key identification number. It is also an essential part of the KYC requirements for all transactions in the securities market.

xii. The Bank’s action of keeping the Demat Account under suspension is not illegal or arbitrary. It does not violate the Petitioner’s constitutional The Bank must follow SEBI regulations. Without compliance, it cannot allow the Petitioner to operate his Demat Account. If the Petitioner seeks a resolution, he has the option to approach SEBI with his grievances.

xiii. The Bank has made several attempts to request the Petitioner to link his PAN with Aadhaar. It has taken steps to address his concerns and values him as a customer. However, without compliance, the Bank is unable to assist him further. Interestingly, during the pendency of this Writ Petition, the Bank Authority has agreed to allow the Petitioner’s prayer rendering the Writ Petition to an academic exercise. Considering the gravity of the issue and its socio-economic importance, this Court attempts to discuss the issue in its perspective.

5. Learned counsel for SEBI (“Opp. Party No. 4”) earnestly made the following submissions in support of his contentions:

i. It is submitted that no cause of action has arisen for the petitioner to file
the present writ petition. Furthermore, there exists no valid ground for impleading Opp. Party No.4 as a necessary party in this matter. The petitioner’s demat account is currently in “ACTIVE” status, thereby negating any basis for grievance.

ii. Party No.4 had issued a Master Circular on Know Your Client (KYC) Requirements for the Securities Market (Circular No. SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, dated 12.10.2023), which consolidates all relevant circulars and directions issued by SEBI up to 30.09.2023 to ensure an effective Anti-Money Laundering framework. The said circular outlines the KYC process applicable to all SEBI-registered intermediaries, mandating them to obtain and verify Proof of Identity (PoI) and Proof of Address (PoA) from clients before establishing an account-based relationship.

iv. It is pertinent to note that the use of Aadhaar for KYC purposes is purely voluntary. However, since April 2007, PAN has been made mandatory (with limited exceptions) as the unique identification number for all securities market participants, irrespective of the transaction amount. Given its significance, PAN submitted by a client must be valid and linked to Aadhaar as per Rule 114AAA of the Income Tax Rules, 1962.

v. In accordance with Section 139-AA(2) of the Income Tax Act, 1961, and Rule 114AAA of the Income Tax Rules, 1962, SEBI’s regulatory measures align with directives issued by the CBDT. Based on stakeholder feedback and to facilitate ease of transactions, SEBI reviewed and simplified the risk management framework at KYC Registration Agencies (KRAs) through Circular No. SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41, dated 14.05.2024. Under this revised framework, the PAN-Aadhaar linkage validation is now required only for KYC portability within the securities market, thereby removing any hindrance to clients conducting transactions.

vi. As SEBI has never mandated Aadhaar as a compulsory document for KYC and since the petitioner’s Demat account is currently active and fully operational, there remains no impediment preventing the petitioner from transacting. Consequently, the writ petition has become infructuous and unsustainable.

6. Learned counsel for the Reserve Bank of India (“Opp. Party No. 5”), Senior Advocate Gautam Mukherjee, orally submitted that the RBI has no direct involvement in the petitioner’s grievance, as the issues raised pertain solely to the actions of HDFC Bank Ltd. and NSDL. He emphasized that RBI’s regulatory framework does not govern the operational decisions related to the petitioner’s Demat or Savings Account. Consequently, the petitioner has failed to establish a justifiable cause of action against RBI, making the writ petition unsustainable in its current form.

7. Learned counsel for the NSDL (“Opp. Party No. 6”) earnestly made the following submissions in support of his contentions:

i. NSDL contends that the petitioner’s grievances pertain solely to HDFC Bank Ltd. (“Opp. Party No.1”), as all actions regarding the Demat Account were undertaken by HDFC. Given that NSDL merely implemented regulatory directives without any independent role in freezing or unfreezing the account, the writ petition is unsustainable against it and warrants dismissal.

ii. The petitioner’s concerns have been rendered moot following the SEBI and NSDL circulars, which led to the unfreezing of the Demat Account on 03.06.2024. NSDL issued its Circular No. NSDL/POLICY/2023/0038 dated 21.03.2023 in accordance with the press release PR No.05/2023 issued by SEBI, on 08.03.2023 which, in turn, was aligned with the CBDT Circular No.7 of 2022, dated 30.03.2022, which provided clarification regarding the relaxation of provisions under Rule 114AAA of the Income Tax Rules, 1962.

iii. Pursuant to SEBI’s Circular and later produced FAQs, Opp. Party No.6, through its Circular No. NSDL/POLICY/2024/0071 dated 30.05.2024, issued a directive. Based on NSDL’s circular, the Depository Participant (DP), HDFC Bank, unfroze the Petitioner’s Demat account on 03.06.2024. It is humbly submitted that the Petitioner’s demat account is currently in “ACTIVE” status and is not subject to any freeze. This makes this petition purely an academic discourse.

IV. COURT’S REASONING AND ANALYSIS:

8. First and foremost, it is important to highlight that the grievance of the petitioner has already been resolved; leaving no subsisting dispute that requires adjudication. In light to this, any further deliberation on the issues raised would be purely academic, serving only to address questions that, with the passage of time, may not have been adequately answered. While courts generally refrain from engaging in academic exercises, in certain circumstances, an authoritative pronouncement may be warranted to settle legal uncertainties and provide clarity for future cases.

9. I have heard the representations of the counsels appearing for the respective parties at length.

10. The concept of “I” or the “self” has been a central theme in Indian philosophy since its inceptio In Indian culture, the term “Swa (स्व)” directly translates to “self,” signifying one’s individual identity, essence, or inner being. It embodies not just personal identity but also a profound spiritual dimension, emphasizing self-reliance, autonomy, and the realization of one’s true nature.

11. The Brihadaranyaka Upanishad narrates an interesting conversation between Emperor Janaka and the great sage Yajnavalkya.

The emperor asked, “Yajnavalkya, what is the light by which man is served?”

The sage replied, “The light of the sun, O Emperor, for it is by the sun that man sits, moves, works, and returns home.”

Janaka then inquired, “But when the sun has set, what then is the light by which man is served?”

Yajnavalkya answered, “The moon then becomes his light.”

The emperor continued, “And when both the sun and moon are absent, what then?”

The sage responded, “Fire becomes his light.”

Janaka pressed further, “When the sun and moon have set and the fire has gone out, what then is the light by which man is served?”

Yajnavalkya replied, “Sound then serves as light, for in darkness, one follows sound to navigate.”

Finally, Janaka asked, “But when the sun and moon have set, the fire is out, and there is no sound, what then is the light by which man is served?”

Driven to the ultimate truth, Yajnavalkya declared, “The Self, becomes his light, for it is by the light of the Self that man sits, moves, works, and returns home.”

[Verse 4.3.6]

Pleased with the answer, the emperor then posed the most profound question: “Of the many principles within man, which is the Self?”

The sage smiled and only at this moment did the sage begin his true teaching.

12. While the idea of the “self” exists in Western philosophy, often in relation to consciousness, reason, and personal identity, “Swa” in Indian traditions, particularly in Hinduism, Jainism, and Buddhism, extends beyond the individual to encompass a connection with the greater cosmic order.

13. In Upanishadic texts, “Swa” is regarded as the ultimate reality, an eternal and unchanging essence that is one with Brahma (……), the universal consciousness. Jainism, on the other hand, presents the self as an independent, eternal entity responsible for its own liberation through self-discipline and righteousness. These perspectives highlight that in Indian thought, the self is not merely an individual entity but an integral part of a larger metaphysical framework. This deep-rooted understanding of “Swa” shapes indian perspectives on duty, morality, and self-realization, reinforcing the idea that true fulfillment comes not just from outer perspectives but self- “Swa” does not mean selfish, not self-centered, not self-absorbed, not self-consumed, it is just the self.

14. In the west, from Descartes to modern jurisprudence, philosophical discourses underscore a fundamental tension between individual autonomy and societal regulation. As digital technology and surveillance expand, ongoing legal debates continue to balance the self’s right to privacy with public security and governance.

15. The philosophy of the self has evolved through centuries, shaping legal and jurisprudential thought on identity, autonomy, and privacy. From ancient Greece to contemporary legal debates, thinkers have grappled with questions of selfhood, individual rights, and the limits of state power.

16. The ancient Greeks laid the foundation for understanding the self, particularly through Plato and Aristotle. Plato, in his magnum opus, The Republic, viewed the self as a tripartite soul composed of reason, spirit, and desire, advocating for a just society where rationality governs impulses. Aristotle, in Nicomachean Ethics, emphasized the self as an agent of virtue, linking personal development to communal well-being. These early notions of selfhood influenced later debates on personal identity and legal responsibility.

17. In modern philosophy, RenØ Descartes’ famous dictum, cogito, ergo sum (“I think, therefore I am”), positioned self-awareness as the foundation of knowledge. This rationalist view influenced liberal political philosophy, particularly John Locke’s “Theory of Personal Identity,” which saw the self as continuous consciousness and a bearer of natural rights. Locke’s Second Treatise of Government argued for the individual’s right to life, liberty, and property, forming a basis for legal concepts of personal autonomy and privacy. His idea that “every man has a property in his own person” remains central to modern rights discourse. John Stuart Mill, in On Liberty, defended personal freedom against state interference, famously stating, “Over himself, over his own body and mind, the individual is sovereign.” His harm principle became foundational for privacy law, arguing that individuals should be free unless their actions harm others. In the 20th century, legal scholars and judges further refined the concept of self and privacy. Justice Louis Brandeis, in Olmstead v. United States², described privacy as “the right to be let alone,” advocating for protections against government intrusion. This idea shaped later rulings, such as Griswold v. Connecticut³, which recognized privacy in personal decision-making. More recently, legal theorist Alan Westin defined privacy as “the claim of individuals…to determine for themselves when, how, and to what extent information about them is communicated to others,”⁴ influencing contemporary data protection laws.

18. While the concept of “Privacy” does not truly reflect the essence of “Swa”, it is important that the former is understood in light of the latter. In modern governance, the recognition of privacy as a fundamental right ensures that individuals retain control over their personal data, bodily integrity, and lifestyle choices. Just as “Swa” denotes the true essence of an individual, privacy safeguards this essence in the legal domain, preventing state and private actors from infringing upon the dignity and autonomy of individuals. By linking privacy to “Swa”, one can see that privacy is not just a legal right but a deeply philosophical principle that upholds the core of human existence: the right to be oneself.

19. Privacy is no mere indulgence; it is the shadow in which free thought germinates, the barricade behind which the soul remains its own. Treating privacy as property is problematic for property is an illusion, a temporary indulgence granted and withdrawn at the whim of power.

No man may lay claim to the land beneath his feet or the roof over his head, for these are but fleeting possessions, borrowed for a time and reclaimed by the great machinery of the state. What a man builds, another shall inherit; what he owns, another shall confiscate. Yet, there exists one realm beyond the reach of force, law, or tyranny; the “self”: the mind, the will, the silent dominion of thought. These are the last and truest possessions of the individual. Strip a man of his privacy, and you do not merely expose his secrets; you erode his very selfhood.

20. The Indian judiciary has recognized this intrinsic connection between selfhood and privacy. In S. Puttaswamy (supra), the Supreme Court affirmed that the right to privacy is an integral part of the right to life and personal liberty under Article 21 of the Constitution. The judgment emphasized that privacy is essential for dignity, autonomy, and self-determination that align closely with the Indian philosophical tradition, which views the self as sacred and inviolable. Just as “Swa” signifies self-governance in a spiritual sense, “privacy” in a legal sense empowers individuals to make decisions about their bodies, beliefs, and personal affairs without external coercion.

21. The Apex Court held that right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 of the Constitution of India. Following passages from different opinions reflect the aforesaid proposition:

“Dr. D.Y. Chandrachud, J.:

42. Privacy is a concomitant of the right of the individual to exercise control over his or her personality. It finds an origin in the notion that there are certain rights which are natural to or inherent in a human being. Natural rights are inalienable because they are inseparable from the human personality. The human element in life is impossible to conceive without the existence of natural rights. In 1690, John Lockehad in his Second Treatise of Government observed that the lives, liberties and estates of individuals are as a matter of fundamental natural law, a private preserve. The idea of a private preserve was to create barriers from outside interference. In 1765, William Blackstone in his Commentaries on the Laws of England spoke of a ^‚natural liberty‛. There were, in his view, absolute rights which were vested in the individual by the immutable laws of nature. These absolute rights were divided into rights of personal security, personal liberty and property. The right of personal security involved a legal and uninterrupted enjoyment of life, limbs, body, health and reputation by an individual.

xx xx xx

46. Natural rights are not bestowed by the State. They inhere in human beings because they are human. They exist equally in the individual irrespective of class or strata, gender or orientation.

xx xx xx

318. Life and personal liberty are inalienable rights. These are rights which are inseparable from a dignified human existence. The dignity of the individual, equality between human beings and the quest for liberty are the foundational pillars of the Indian Constitution.

S.A. Bobde, J. :

415. Therefore, privacy is the necessary condition precedent to the enjoyment of any of the guarantees in Part III. As a result, when it is claimed by rights bearers before constitutional courts, a right to privacy may be situated not only in Article 21, but also simultaneously in any of the other guarantees in Part III. In the current state of things, Articles 19(1), 20(3), 25, 28 and 29 are all rights helped up and made meaningful by the exercise of privacy.”

22. Be that as it may, the self (“Swa”), for all its importance, does not exist in isolation. It finds its highest purpose not merely in self-preservation but in self-offering, in aligning with a duty greater than personal desire. This is where “Swadharma” emerges, not as a force that suppresses “Swa”, but as the path through which it finds its fullest expression. Just as fire does not lose its essence by giving warmth, “Swa” does not weaken by serving its higher calling; rather, it burns brighter, illuminating its true strength. The concept of “Swadharma” i.e. one’s personal duty, is not a negation of the self (Swa), but its highest fulfillment. It teaches that “Swa” is not an isolated entity, existing for its own sake, but a thread woven into the grand fabric of the universe. This does not mean blind adherence to imposed duty, rather an acknowledgment that true strength lies in acting in harmony with one’s place in the world. “Swadharma” is not a cage that limits “Swa”; it is the force that gives it meaning, anchoring the self in a larger purpose. When “Swa” aligns with duty, it does not diminish; it transcends, transforming the individual into something far greater than the sum of personal wants.

23. On similar lines, the Apex Court has held that right to privacy is not an unqualified one. Courts play a crucial role in balancing individualliberty with state interests, ensuring that restrictions on privacy are justified, proportionate, and in line with constitutional principles. The relevant excerpts are produce hereinbelow:

“324. This Court has not embarked upon an exhaustive enumeration or a catalogue of entitlements or interests comprised in the right to privacy. The Constitution must evolve with the felt necessities of time to meet the challenges thrown up in a democratic order governed by the Rule of Law. The meaning of the Constitution cannot be frozen on the perspectives present when it was adopted. Technological change has given rise to concerns which were not present seven decades ago and the rapid growth of technology may render obsolescent many notions of the present. Hence the interpretation of the Constitution must be resilient and flexible to allow future generations to adapt its content bearing in mind its basic or essential features.

325. Like other rights which form part of the fundamental freedoms protected by Part III, including the right to life and personal liberty under Article 21, privacy is not an absolute right. A law which encroaches upon privacy will have to withstand the touchstone of permissible restrictions on fundamental rights. In the context of Article 21 an invasion of privacy must be justified on the basis of a law which stipulates a procedure which is fair, just and reasonable. The law must also be valid with reference to the encroachment on life and personal liberty under Article 21. An invasion of life or personal liberty must meet the threefold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate State aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.‛

(Emphasis supplied)

24. The right to privacy, though fundamental, is not absolute. It is a principle deeply rooted in the traditions of ordered liberty, yet, like all rights, it must yield when the exigencies of governance demand reasonable constraint. The law does not recognize an unfettered dominion of the self against every interest of the state, for society itself is an intricate balance between personal autonomy and the common good. The courts, as the sentinels of constitutional equilibrium, bear the solemn duty of drawing this boundary, not arbitrarily, but with care, with reason, with an unwavering fidelity to justice. In every case where the veil of privacy is sought to be pierced, the hand of the state must be scrutinized with the greatest vigilance, ensuring that any encroachment is neither excessive nor capricious but justified by necessity, proportionate in scope, and bound by the very constitutional principles that give life to the right itself. It is in this delicate balance that liberty is preserved, and in this measured restraint that law finds its nobility.

25. Now, turning to the substantive issue at hand, the petitioner challenges
the mandatory linkage of Aadhaar with PAN for the operation of his DEMAT account. The respondents, in defense, have relied upon the legal principles established in S. Puttaswamy (supra) to justify the requirement. Accordingly, this Court shall undertake a detailed examination of the Supreme Court’s interpretation in Puttaswamy and assess the legal questions arising in the present matter to determine their applicability to the petitioner’s grievance.

26. In the digital era, privacy is increasingly understood as “informational privacy”, recognizing that personal data is an extension of the self. Information today is not merely a collection of facts but a reflection of an individual’s identity, autonomy, and choices. With advancements of technology, vast amounts of personal data, ranging from financial records and biometric details to online activities and communications, are constantly collected, stored, and analyzed. This makes it imperative for courts and policymakers to acknowledge that the self is now embedded in data more than ever before. A breach of informational privacy is not just a violation of confidentiality but an intrusion into an individual’s very sense of selfhood. The right to control one’s data, therefore, becomes synonymous with the right to personal autonomy and dignity. Courts, as the guardians of fundamental rights, must ensure that legal protections evolve in tandem with these realities, safeguarding individuals from unwarranted surveillance, data misuse, and erosion of personal freedom in an age where information is power. This has been adequately accepted and explicitly mentioned in Puttaswamy (supra).

27. The Supreme Court delved into the intricate and often paradoxical nature of informational privacy. The Court recognized that personal information is both the exclusive dominion of the individual and at the same time, a crucial element in the functioning of the state, particularly in matters of security, welfare, and governance. However, this duality requires a delicate balance: while the state may require access to data for legitimate purposes such as national security, law enforcement, and public welfare, such power, if left unchecked, can easily transform into an instrument of surveillance and control. The Court cautioned against the dangers of a data-driven state apparatus that, under the guise of efficiency, could erode individual freedoms, reduce citizens to mere data points, and pave the way for an Orwellian surveillance regime. It emphasized that any intrusion into informational privacy must be tested on the principles of necessity, proportionality, and legality; ensuring that personal data is neither indiscriminately collected nor arbitrarily used. The relevant excerpts are produced hereinbelow:

“326. Privacy has both positive and negative content. The negative content restrains the State from committing an intrusion upon the life and personal liberty of a citizen. Its positive content imposes an obligation on the State to take all necessary measures to protect the privacy of the individual.

……

(v) Informational Privacy is a facet of right to privacy: The old adage that ‘knowledge is power’ has stark implications for the position of individual where data is ubiquitous, an all-encompassing presence. Every transaction of an individual user leaves electronic tracks without her knowledge. Individually these information silos may seem inconsequential. In aggregation, information provides a picture of the beings. The challenges which big data poses to privacy emanate from both State and non-State entities. This proposition is described in the following manner:

Dr. D.Y. Chandrachud, J.:

300. Ours is an age of information. Information is knowledge. The old adage that ^‚knowledge is power‛ has stark implications for the position of the individual where data is ubiquitous, an all-encompassing presence.

Technology has made life fundamentally interconnected. The internet has become all-pervasive as individuals spend more and more time online each day of their lives. Individuals connect with others and use the internet as a means of communication. The internet is used to carry on business and to buy goods and services. Individuals browse the web in search of information, to send e-mails, use instant messaging services and to download movies. Online purchases have become an efficient substitute for the daily visit to the neighbouring store. Online banking has redefined relationships between bankers and customers. Online trading has created a new platform for the market in securities. Online music has refashioned the radio. Online books have opened up a new universe for the bibliophile. The old-fashioned travel agent has been rendered redundant by web portals which provide everything from restaurants to rest houses, airline tickets to art galleries, museum tickets to music shows. These are but a few of the reasons people access the internet each day of their lives.

Yet every transaction of an individual user and every site that she visits, leaves electronic tracks generally without her knowledge. These electronic tracks contain powerful means of information which provide knowledge of the sort of person that the user is and her interests. Individually, these information silos may seem inconsequential. In aggregation, they disclose the nature of the personality: food habits, language, health, hobbies, sexual preferences, friendships, ways of dress and political affiliation. In aggregation, information provides a picture of the being: of things which matter and those that do not, of things to be disclosed and those best hidden.

xx xx xx

304. Data mining processes together with knowledge discovery can be combined to create facts about individuals. Metadata and the internet of things have the ability to redefine human existence in ways which are yet fully to be perceived. This, as Christina Moniodis states in her illuminating article, results in the creation of new knowledge about individuals; something which even she or he did not possess. This poses serious issues for the Court. In an age of rapidly evolving technology it is impossible for a Judge to conceive of all the possible uses of information or its consequences.”

‚… The creation of new knowledge complicates data privacy law as it involves information the individual did not possess and could not disclose, knowingly or otherwise. In addition, as our State becomes an ^‚information State‛ through increasing reliance on information—such that information is described as the ^‚lifeblood that sustains political, social, and business decisions. It becomes impossible to conceptualize all of the possible uses of information and resulting harms. Such a situation poses a challenge for courts who are effectively asked to anticipate and remedy invisible, evolving harms.‛ [Christina P. Moniodis, ^‚Moving from Nixon to NASA: Privacy’s Second Strand — A Right to Informational Privacy‛, Yale Journal of Law and Technology (2012), Vol. 15 (1), at p. 154.] The contemporary age has been aptly regarded as ^‚an era of ubiquitous dataveillance, or the systematic monitoring of citizen’s communications or actions through the use of information technology‛ [Yvonne McDermott, ^‚Conceptualizing the Right to Data Protection in an Era of Big Data‛, Big Data and Society (2017), at p. 1.] . It is also an age of ^‚big data‛ or the collection of data sets. These data sets are capable of being searched; they have linkages with other data sets; and are marked by their exhaustive scope and the permanency of collection. [Id, at pp. 1 and 4.] The challenges which big data poses to privacy interests emanate from State and non-State entities. Users of wearable devices and social media networks may not conceive of themselves as having volunteered data but their activities of use and engagement result in the generation of vast amounts of data about individual lifestyles, choices and preferences. Yvonne McDermott speaks about the quantified self in eloquent terms:

‚… The rise in the so-called ‘quantified self’, or the self-tracking of biological, environmental, physical, or behavioural information through tracking devices, Internet-of-things devices, social network data and other means (?Swan.2013) may result in information being gathered not just about the individual user, but about people around them as well. Thus, a solely consent-based model does not entirely ensure the protection of one’s data, especially when data collected for one purpose can be repurposed for another.‛ [Id, at p. 4.] xx xx xx

328. Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the State but from non-State actors as well. We commend to the Union Government the need to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the State. The legitimate aims of the State would include for instance protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits. These are matters of policy to be considered by the Union Government while designing a carefully structured regime for the protection of the data. Since the Union Government has informed the Court that it has constituted a Committee chaired by Hon’ble Shri Justice B.N. Srikrishna, former Judge of this Court, for that purpose, the matter shall be dealt with appropriately by the Union Government having due regard to what has been set out in this judgment.

S.K. Kaul, J.:

585. The growth and development of technology has created new instruments for the possible invasion of privacy by the State, including through surveillance, profiling and data collection and processing. Surveillance is not new, but technology has permitted surveillance in ways that are unimaginable. Edward Snowden shocked the world with his disclosures about global surveillance. States are utilising technology in the most imaginative ways particularly in view of increasing global terrorist attacks and heightened public safety concerns. One such technique being adopted by the States is “profiling“. The European Union Regulation of 2016 [ Regulation No. (EU) 2016/679 of the European Parliament and of the Council of 27-4-2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive No. 95/46/EC (General Data Protection Regulation).] on data privacy defines “profiling” as any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements [ Regulation No. (EU) 2016/679 of the European Parliament and of the Council of 27-4-2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive No. 95/46/EC (General Data Protection Regulation).] . Such profiling can result in discrimination based on religion, ethnicity and caste. However, “profiling” can also be used to further public interest and for the benefit of national security.

586. The security environment, not only in our country, but throughout the world makes the safety of persons and the State a matter to be balanced against this right to privacy.

587. The capacity of non-State actors to invade the home and privacy has also been enhanced. Technological development has facilitated journalism that is more intrusive than ever before.

588. Further, in this digital age, individuals are constantly generating valuable data which can be used by non-State actors to track their moves, choices and preferences. Data is generated not just by active sharing of information, but also passively, with every click on the “world wide web“. We are stated to be creating an equal amount of information every other day, as humanity created from the beginning of recorded history to the year 2003 – enabled by the “world wide web“. [ Michael L. Rustad, SannaKulevska, “Reconceptualizing the right to be forgotten to enable transatlantic data flow“, (2015) 28 Harv JL & Tech 349.]

589. These digital footprints and extensive data can be analysed computationally to reveal patterns, trends, and associations, especially relating to human behaviour and interactions and hence, is valuable information. This is the age of “big data“. The advancement in technology has created not just new forms of data, but also new methods of analysing the data and has led to the discovery of new uses for data. The algorithms are more effective and the computational power has magnified exponentially. A large number of people would like to keep such search history private, but it rarely remains private, and is collected, sold and analysed for purposes such as targeted advertising. Of course, “big data” can also be used to further public interest. There may be cases where collection and processing of big data is legitimate and proportionate, despite being invasive of privacy otherwise.

591. Knowledge about a person gives a power over that person. The personal data collected is capable of effecting representations, influencing decision-making processes and shaping behaviour. It can be used as a tool to exercise control over us like the ^‚big brother‛ State exercised. This can have a stultifying effect on the expression of dissent and difference of opinion, which no democracy can afford.”

(Emphasis supplied)

28. The Petitioner’s Demat Account was suspended by NSDL, not the Respondent Bank, due to non-compliance with Aadhaar-PAN linkage regulations under Section 139AA of the Income Tax Act. As per CBDT Circular No. 7 of 2022 and SEBI’s directive, investors were required to link their PAN with Aadhaar by 31.03.2023 to ensure seamless transactions. NSDL reinforced this mandate through its circular dated 21.03.2023, warning that non-compliance would render Demat Accounts inactive. Consequently, NSDL suspended the Petitioner’s account via its 30.06.2023 circular, preventing the requested closure and transfer of shares. The Bank informed the Petitioner of this via email on 22.11.2023, clarifying that account reactivation required Aadhaar-PAN linkage per NSDL’s prescribed procedure. The Petitioner’s challenge primarily revolves around the Aadhaar-PAN linkage mandated under Section 139AA of the Income Tax Act and its impact on Demat account operations.

29. Let us first examine Section 139AA of the Income Tax Act. In light of the Statement of Objects and Reasons, the Supreme Court, in Binoy Viswam v. Union of India & Ors.⁵, reiterated the legislative intent behind Section 139AA, emphasizing its critical role in curbing the duplication of PAN cards and preventing tax evasion. The Court underscored that the provision was introduced to enhance the integrity of financial transactions and ensure compliance with tax laws by mandating the linkage of Aadhaar with PAN. The relevant excerpts are produced hereinbelow:

“92. On the one hand, enrollment under Aadhaar card is voluntary, however, for the purposes of Income Tax Act, Section 139AA makes it compulsory for the assessees to give Aadhaar number which means insofar as income tax assessees are concerned, they have to necessarily enroll themselves under the Aadhaar Act and obtain Aadhaar number which will be their identification number as that has become the requirement under the Income Tax Act. The contention that since enrollment under Aadhaar Act is voluntary, it cannot be compulsory under the Income Tax Act, cannot be countenanced. As already mentioned above, purpose for enrollment under the Aadhaar Act is to avail benefits of various welfare schemes etc. as stipulated in Section 7 of the Aadhaar Act. Purpose behind Income Tax Act, on the other hand, is entirely different which has already been discussed in detail above. For achieving the said purpose, viz., to curb black money, money laundering and tax evasion etc., if the Parliament chooses to make the provision mandatory under the Income Tax Act, the competence of the Parliament cannot be questioned on the ground that it is impermissible only because under Aadhaar Act, the provision is directory in nature. It is the prerogative of the Parliament to make a particular provision directory in one statute and mandatory/compulsory in other. That by itself cannot be a ground to question the competence of the legislature. After all, Aadhaar Act is not a mother Act. Two laws, i.e., Aadhaar Act, on the one hand, and law in the form of Section 139AA of the Income Tax Act, on the other hand, are two different stand alone provisions/laws and validity of one cannot be examined in the light of provisions of other Acts. In Municipal Corporation of Delhi v. Shiv Shanker, if the objects of two statutory provisions are different and language of each statute is restricted to its own objects or subject, then they are generally intended to run in parallel lines without meeting and there would be no real conflict though apparently it may appear to be so on the surface……
……

93. In view of the above, we are not impressed by the contention of the petitioners that the two enactments are contradictory with each other. A harmonious reading of the two enactments would clearly suggests that whereas enrollment of Aadhaaar is voluntary when it comes to taking benefits of various welfare schemes even if it is presumed that requirement of Section 7 of Aadhaar Act that it is necessary to provide Aadhaar number to avail the benefits of schemes and services, it is upto a person to avail those benefits or not. On the other hand, purpose behind enacting Section 139AA is to check a menace of black money as well as money laundering and also to widen the income tax net so as to cover those persons who are evading the payment of tax.

xxx xxx

105. Unearthing black money or checking money laundering is to be achieved to whatever extent possible. Various measures can be taken in this behalf. If one of the measures is introduction of Aadhaar into the tax regime, it cannot be denounced only because of the reason that the purpose would not be achieved fully. Such kind of menace, which is deep-rooted, needs to be tackled by taking multiple actions and those actions may be initiated at the same time. It is the combined effect of these actions which may yield results and each individual action considered in isolation may not be sufficient. Therefore, rationality of a particular measure cannot be challenged on the ground that it has no nexus with the objective to be achieved. Of course, there is a definite objective. For this purpose alone, individual measure cannot be ridiculed. We have already taken note of the recommendations of SIT on black money headed by Justice M.B. Shah. We have also reproduced the measures suggested by the Committee headed by Chairman, CBDT on ^‚Measures to Tackle Black Money in India and Abroad‛. They have, in no uncertain terms, suggested that one singular proof of identity of a person for entering into finance/business transactions, etc. may go a long way in curbing this foul practice. That apart, even if solitary purpose of de-duplication of PAN cards is taken into consideration that may be sufficient to meet the second test of Article 14. It has come on record that 11.35 lakh cases of duplicate PAN or fraudulent PAN cards have already been detected and out of this 10.52 lakh cases pertain to individual assessees. Seeding of Aadhaar with PAN has certain benefits which have already been enumerated. Furthermore, even when we address the issue of shell companies, fact remains that companies are after all floated by individuals and these individuals have to produce documents to show their identity. It was sought to be argued that persons found with duplicate/bogus PAN cards are hardly 0.4% and, therefore, there was no need to have such a provision. We cannot go by percentage figures. The absolute number of such cases is 10.52 lakhs, which figure, by no means, can be termed as miniscule, to harm the economy and create adverse effect on the nation. The respondents have argued that Aadhaar will ensure that there is no duplication of identity as biometrics will not allow that and, therefore, it may check the growth of shell companies as well.

xxx xxx

119. Whether such a scheme should remain voluntary or it can be made mandatory imposing compulsiveness on the people to be covered by Aadhaar is a different question which shall be addressed at the appropriate stage. At this juncture, it is only emphasized that malafides cannot be attributed to this scheme. In any case, we are concerned with the vires of Section 139AA of the Income Tax Act, 1961 which is a statutory provision. This Court is, thus, dealing with the aspect of judicial review of legislation. Insofar as this provision is concerned, the explanation of the respondents in the counter affidavit, which has already been reproduced above, is that the primary purpose of introducing this provision was to take care of the problem of multiple PAN cards obtained in fictitious names. Such multiple cards in fictitious names are obtained with the motive of indulging into money laundering, tax evasion, creation and channelising of black money. It is mentioned that in a de-duplication exercises, 11.35 lakhs cases of duplicate PANs/fraudulent PANs have been detected. Out of these, around 10.52 lakhs pertain to individual assessees. Parliament in its wisdom thought that one PAN to one person can be ensured by adopting Aadhaar for allottment of PAN to individuals. As of today, that is the only method available i.e. by seeding of existing PAN with Aadhaar. It is perceived as the best method, and the only robust method of de-duplication of PAN database. It is claimed by the respondents that the instance of duplicate Aadhaar is almost non-existent. It is also claimed that seeding of PAN with Aadhaar may contribute to widening of the tax case as well, by checking the tax evasions and bringing in to tax hold those persons who are liable to pay tax but deliberately avoid doing so. It would be apposite to quote the following discussion by the Comptroller and Auditor General in its report for the year 2011:

^‚Widening of Tax Base

The assessee base grew over the last five years from 297.9 lakh taxpayers in 2005-06 to 340.9 lakh taxpayers in 2009-10 at the rate of 14.4 per cent.

The Department has different mechanisms available to enhance the assessee base which include inspection and survey, information sharing with other tax departments and third party information available in annual information returns. Automation also facilitates greater cross linking. Most of these mechanisms are available at the level of assessing officers. The Department needs to holistically harness these mechanisms at macro level to analyse the gaps in the assessee base. Permanent Account Numbers (PANs) issued upto March 2009 and March 2010 were 807.9 lakh and 958 lakh respectively. The returns filled in 2008-09 and 2009-10 were 326.5 lakh and 340.9 lakh respectively. The gap between PANs and the number of returns filed was 617.1 lakh in 2009-10. The Board needs to identify the reasons for the gap and use this information for appropriately enhancing the assessee base. The gap may be due to issuance of duplicate PAN cards and death of some PAN card holders. The Department needs to put in place appropriate controls to weed out the duplicate PANs and also update the position in respect of deceased assessee. It is significant to note that the number of PAN card holders has increased by 117.7 per cent between 2005-06 to 2009-10 whereas the number of returns filed in the same period has increased by 14.4 per cent only. (emphasis supplied)

……

121. The respondents have also claimed that linking of Aadhaar with PAN is consistent with India’s international obligations and goals. In this behalf, it is pointed out that India has signed the Inter-Governmental Agreement (IGA) with the USA on July 9, 2015, for Improving International Tax Compliance and implementing the Foreign Account Tax Compliance Act (FATCA). India has also signed a multilateral agreement on June 3, 2015, to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters under the Common Reporting Scheme (CRS), formally referred to as the Standard for Automatic Exchange of Financial Account Information (AEoI). As part of India’s commitment under FATCA and CRS, financial sector entities capture the details about the customers using the PAN. In case the PAN or submitted details are found to be incorrect or fictitious, it will create major embarrassment for the country. Under Non-filers Monitoring System (NMS), Income Tax Department identifies non-filers with potential tax liabilities. Data analysis is carried out to identify non-filers about whom specific information was available in CIB data and TDS/TCS Returns. Email/SMS and letters are sent to the identified non-filers communicating the information summary and seeking to know the submission details of Income tax return. In a large number of cases (more than 10 lac PAN every year) it is seen that the PAN holder neither submits the response and in many cases the letters are return unserved. Field verification by fields formations have found that in a large number of cases, the PAN holder is untraceable. In many cases, the PAN holder mentions that the transaction does not relate to them. There is a need to strengthen PAN by linking it with Aadhaar/biometric information to prevent use of wrong PAN for high value transactions.

(Emphasis supplied)

30. In Puttaswamy (supra), the Supreme Court acknowledged the judgement of the division bench in Binoy Viswam (supra) and upheld the validity of Section 139AA of the Income Tax Act, 1961 by repelling the contention predicated on Articles 14 and 19 of the Constitution of India. The relevant paragraphs are as follows:

“418. In the present case, there is no dispute that first requirement stands satisfied as Section 139AA is a statutory provision and, therefore, there is a backing of law. Mr. Tushar Mehta, learned ASG had argued that not only other two requirements are also satisfied, rather these have been specifically dealt with by the Division Bench in Binoy Viswam inasmuch as these aspects were eluded to, consider, examined and the Court recorded its findings on these aspects. We find force in this submission of Mr. Mehta. Insofar as requirement of ‘legitimate State interest’ is concerned, he pointed out that though Nariman, J. provided for a lenient test, namely, ‘larger public interest’ as against ‘legitimate State interest’, the provision satisfies both the tests. We agree with his submission, as Section 139AA of the Income Tax Act, 1961 seeks to safeguard the following interest:

^‚To prevent income tax evasion by requiring, through an amendment to the Income Tax Act, that the Aadhaar number be linked with the PAN.‛

419. The mandatory requirement of quoting/producing PAN number is given in Rule 114 and the Form 49A. While mandating that ^‚every person‛, (the term ^‚person‛ as defined under Section 2(31) of the Act), shall apply for and get a PAN, the legislature also provided for the requirement so as to how such number will be given to every ^‚person‛ in Rule 114 of the Income Tax Rules, the relevant part of which is Rule 114(1). While complying with the mandatory requirement (which have been in existence since 1989) and that for all ^‚persons‛, many facts were required to be disclosed and such disclosure was/is in public interest including demographic details and biometrics i.e. left thumb impression/signature.

420. The Parliament, considering the ^‚legitimate State interest‛ as well as the ^‚larger public interest‛ has now introduced Section 139AA which is only an extension of Section 139A which requires linking of PAN number with Aadhaar number which is issued under the Act for the purpose of eliminating duplicate PANs from the system with the help of a robust technology solution. Therefore, those who have PAN number and have already provided the information required to get PAN number cannot claim to have any legitimate expectation of withholding any data required for Aadhaar under the ground of ^‚privacy‛.

421. The respondents have demonstrated with empirical data, in the common additional affidavit of respondent Nos. 1 and 3 the existence of the ^‚legitimate State interest‛ and ^‚larger public interest‛. Being a unique identifier, the problem of bogus or duplicate PANs can be dealt with in a more systematic and full-proof manner (though, in the context of Articles 14 and 19 of the Constitution, but at the same time, relevant from the perspective of legitimate State interest also).‛

31. It is essential to acknowledge that the securities market has historically been misused as a channel for money laundering and tax evasion. Unscrupulous individuals and entities have used layered transactions, shell companies, and offshore accounts to obscure the origins of illicit funds. One of the most common methods has been circular trading, where stocks are bought and sold repeatedly among related parties to artificially inflate prices and create a facade of legitimate gains. This practice allows black money to be converted into white through capital gains exemptions, often at the expense of market integrity and government revenue.

32. Additionally, the anonymity afforded by multiple (read: fake) PAN cards and unverified accounts has further facilitated tax evasion. Fraudulent market participants have used benami Demat accounts to conduct high-value transactions while avoiding taxation. The lack of robust verification mechanisms in the past enabled individuals to hold multiple PAN cards, which allowed them to siphon money through the stock market without detection. As a result, tax authorities often faced significant hurdles in tracing taxable income and enforcing financial transparency.

33. Recognizing these loopholes, the government introduced the mandatory linkage of PAN with Aadhaar under Section 139AA of the Income Tax Act. This measure aims to eliminate duplicate and fraudulent PANs, ensuring that every financial transaction is traceable to a verifiable individual. By linking Aadhaar, a unique biometric-based identity, with PAN, the authorities can effectively track income, detect discrepancies, and curb tax evasion within the securities market. This move enhances accountability, strengthens anti-money laundering efforts, and reinforces the credibility of India’s financial system. The linkage requirement, coupled with strict enforcement by regulatory bodies like SEBI and NSDL, ensures that Demat accounts remain a legitimate channel for investment rather than a tool for illicit financial activities.

34. The mandatory linking of Aadhaar with PAN and Demat accounts under Section 139AA of the Income Tax Act aligns with the constitutional principles laid down in Puttaswamy and its triple test: legality, necessity, and proportionality. Section 139AA satisfies this test as it is backed by a valid legislative mandate, serves a legitimate state interest, and imposes only a proportionate restriction on privacy.

35. Further, it meets the legality requirement as it is a statutory provision enacted through the Finance Act, 2017, and reinforced by CBDT, SEBI, and NSDL regulations. The necessity of this measure lies in its objective to curb tax evasion, eliminate fraudulent PANs, and enhance financial transparency, particularly given the historical misuse of Demat accounts for money laundering. As for proportionality, Aadhaar is already a widely accepted authentication tool, and linking it with PAN does not impose an excessive burden on individuals. While data security concerns exist, the state’s compelling interest in preventing financial fraud and tax evasion justifies this limited restriction on privacy, especially with safeguards like encryption and data protection protocols in place.

36. Therefore, even though the Aadhaar-PAN linkage does not guarantee absolute privacy, it does not amount to an unconstitutional infringement of fundamental rights. The measure is a reasonable restriction in furtherance of public interest, ensuring that financial transactions remain transparent and that the securities market is not misused for illicit purposes. As long as adequate security measures are in place to protect Aadhaar data, the linkage requirement remains a constitutionally valid and proportionate policy aimed at strengthening the financial ecosystem.

37. Be that as it may, the concern of the petitioner is also a genuine one. In recent years, India’s middle class has increasingly embraced the securities market, mutual funds, and various investment avenues as a means to grow their wealth. This shift has been actively encouraged by the Government and financial institutions, which have vigorously advertised investment opportunities, urging people to move beyond traditional savings methods. Campaigns promoting Systematic Investment Plans (SIPs), Equity-linked Savings Schemes (ELSS), and other financial instruments have led to a significant rise in retail participation in the stock market. Digital investment platforms and Government-backed schemes like the PM Jan Dhan Yojana and Sovereign Gold Bonds have further facilitated this transition, making investments more accessible to the common citizen.

38. However, as more people invest their hard-earned money in these financial markets and instruments, concerns about privacy and security have also surfaced. Investors are now questioning how their financial data is handled, who has access to their transaction details, and what measures are in place to protect them from potential breaches or misuse. With increased digital transactions and mandatory KYC (Know Your Customer) norms, people rightfully demand transparency and accountability regarding their financial privacy. It is no longer acceptable for regulators, banks, or the government to turn a deaf ear to these concerns. If investment is to be encouraged, the trust of the people must be earned by ensuring stringent data protection laws, secure investment channels, and a commitment to safeguarding investor rights in a rapidly evolving financial landscape.

39. While the Aadhaar framework was introduced as a robust and unique identification system to streamline financial transactions and curb fraud, concerns regarding its security persist. Reports of Aadhaar data leaks and unauthorized access have surfaced repeatedly, raising serious questions about the safety of sensitive personal information. Incidents where Aadhaar details, including biometric data, have been exposed due to inadequate cybersecurity measures have fueled public apprehension. Given that Aadhaar is now a mandatory requirement for linking with PAN and Demat accounts, the potential risk of financial fraud and identity theft has become a significant concern for investors and account holders.

40. The fear among individuals mandated to link their Aadhaar with PAN and Demat accounts is not unfounded. Any vulnerability in the Aadhaar database can lead to misuse of personal and financial information, with grave consequences such as unauthorized access to bank accounts, cloning of identities, and financial fraud. The very system designed to prevent tax evasion and money laundering may inadvertently expose people to new risks if adequate safeguards are not in place. As financial institutions and regulatory bodies increasingly rely on Aadhaar for verification, the risks associated with a compromised database could have far-reaching consequences for the economy and public trust in digital governance.

41. Thus, the need of the hour is to strengthen the security framework of Aadhaar by implementing state-of-the-art encryption, multi-layered authentication protocols, and stringent access controls. The government must prioritize cyber security measures, conduct regular audits, and ensure that data protection laws are rigorously enforced. Transparency in addressing data breaches, along with proactive steps to fortify the Aadhaar infrastructure, is essential to instill confidence in the system. Without these measures, the very objective of Aadhaar-PAN linkage i.e. to ensure financial transparency and curb fraud, may be undermined by the risk of data breaches and privacy violations.

V. CONCLUSION:

42. In view of the above and for the reasons stated above, the impugned provision mandating Aadhaar-PAN linkage for Demat accounts stands on firm constitutional and legal footing. It satisfies the triple test established in Puttaswamy (supra), serving a legitimate state interest in curbing tax evasion and ensuring financial transparency.

43. While concerns regarding data security and privacy are acknowledged, they do not outweigh the compelling need for regulatory oversight in the securities market. Adequate safeguards have been implemented to mitigate risks, and the measure remains a proportionate and reasonable restriction on privacy. Therefore, the provision does not warrant interference by this Court.

44. The present Writ Petition is, accordingly, disposed of.

Interim order, if any, passed earlier stands vacated.

Notes:

¹ [2018] 8 S.C.R. 1

² 277 U.S. 438 (1928)

³ 381 U.S. 479 (1965)

⁴ Alan Westin, Privacy and Freedom (New York: Atheneum 1967).

⁵ (2017) 7 SCC 59