Aadhaar gets a new offline ID tool, tougher checks for entities using it
AVC, which has now been added by the authority to its list of offline Aadhaar verification methods, can be used for identity verification.
The Unique Identification Authority of India (UIDAI) has issued new regulations to introduce an Aadhaar Verifiable Credential (AVC), a digitally signed document containing limited user demographic data for offline identity verification, as well as update regulations for entities that conduct offline Aadhaar verification (not in real time using UIDAI servers).
The amendments to the Aadhaar (Authentication and Offline Verification) Regulations, 2021, were notified on December 9, and uploaded on the UIDAI website on Friday.
AVC, which has now been added by the authority to its list of offline Aadhaar verification methods, can be used for identity verification without revealing the full Aadhaar number.
According to the regulations, AVC was “a digitally signed document issued by the Authority to the Aadhaar number holder which may contain the last 4 digits of Aadhaar number, demographic data, like name, address, gender, date of birth, and photograph of Aadhaar number holder… which may be shared by Aadhaar number holder in full or part with an OVSE… (Offline Verification Seeking Entity)for verifying the demographic information or photograph of the Aadhaar number holder.”
Also Read | A safeguard for Aadhaar data
But how does a user decide what information to include in an AVC when sharing it with a business or OVSE? A UIDAI official told HT that the new Aadhaar app, still in testing and yet to be officially launched, will let users pick exactly which details they want to share with an OVSE.
The amendment also provided for the introduction of ‘Offline Face Verification,’ which would allow an entity to verify someone’s identity by matching a live face image with the photograph stored in the Aadhaar application.
The amendments also introduce an official definition of ‘Aadhaar Application’ to cover UIDAI’s apps and portals. At the same time, older references that specifically mention ‘mAadhaar’ in other sections have been removed.
This comes as UIDAI is preparing to officially launch a new Aadhaar mobile application that will enable paperless electronic ID sharing, as part of the authority’s efforts to curb misuse of physical Aadhaar cards and strengthen the offline verification ecosystem.
UIDAI chief executive officer Bhuvnesh Kumar previously said the new app was intended to shift Aadhaar usage away from physical cards, which are frequently photocopied and, in many cases, improperly stored or misused by OVSE.
OVSE Registration
The amendments also lay out a process for registration of OVSEs with UIDAI. The new regulation 13A says that an entity “desirous of undertaking Aadhaar Paperless Offline e-KYC verification or Aadhaar Verifiable Credential verification… shall apply to the Authority for registration.”
“This does not make anything mandatory, but will enable interested entities to use Aadhaar verification in electronic mode instead of the physical copies,” Kumar had said.
While the law recognised OVSEs, there was no mechanism to register them so far, until now.
The regulation authorises UIDAI to seek additional information, verify submissions, approve or reject applications, and charge fees for registration and transactions. If an application is rejected, UIDAI must inform the applicant within 15 days and specify the reasons. Entities may also seek reconsideration within 30 days.
It also spells out the process for an OVSE to surrender its access to offline verification services.
The amendments empower UIDAI to take action against OVSEs that misuse offline verification or fail to follow procedures. It can impose penalties if an entity “fails to comply with any of the processes, procedures, standards, specifications or directions issued by the Authority,” uses offline verification for unlawful purposes, withholds required information, or does not cooperate with inspections or audits, the amendment said.
