India Stack
Indian digital public infrastructure branding
From Wikipedia, the free encyclopedia
India Stack is a marketing term coined by iSPIRT (Indian Software Product Industry Round Table) to brand a collection of government-operated digital infrastructure systems in India as a unified platform.[1] The term encompasses identity verification (Aadhaar), payments (UPI), document storage (DigiLocker), and data sharing layers--each governed by separate government bodies with distinct legal frameworks.
| Type | Marketing term / branding |
|---|---|
| Coined by | iSPIRT (c. 2012-2013) |
| Components | Aadhaar, UPI, DigiLocker, ABDM, ONDC |
| Governing bodies | UIDAI, NPCI, NHA, MeitY |
| Country |  India |
| Websites | indiastack indiastack |
The systems have achieved significant scale, with UPI processing over 10 billion monthly transactions and Aadhaar covering 1.4 billion residents. However, the platform has faced sustained criticism regarding welfare exclusion linked to biometric authentication failures, privacy and surveillance concerns, and the gap between "open" branding and closed, proprietary governance.[1][2]
Origin of the term
The term "India Stack" was coined by iSPIRT, a technology industry think tank co-founded by Sharad Sharma in 2013. iSPIRT positioned the branding to describe separate government systems as a unified, exportable model of "digital public infrastructure" (DPI).[3]
Critics characterise "India Stack" as a PR construct--branding separate closed systems as unified "open" infrastructure for international promotion. Each component (Aadhaar under UIDAI, UPI under NPCI, DigiLocker under MeitY, ABDM under NHA) is closed-source and separately governed; the unified branding suggests cohesion and openness while the underlying systems remain proprietary and siloed.[4]
Components
India Stack comprises several separately governed layers:[5]
- Identity Layer (Aadhaar): Biometric identification system covering 1.4 billion residents, governed by Unique Identification Authority of India (UIDAI)
- Payments Layer (UPI, BBPS, AePS): Digital payment infrastructure governed by National Payments Corporation of India (NPCI), a private Section 8 company
- Data Layer (DigiLocker, Account Aggregator): Document storage governed by MeitY; financial data sharing governed by Sahamati (industry alliance)
- Health Layer (ABDM): Health records infrastructure governed by National Health Authority (NHA)
- Commerce Layer (ONDC): E-commerce protocol governed by ONDC Ltd, a Section 8 company
- Aadhaar
- Unified Payments Interface (UPI)
- DigiLocker
- Ayushman Bharat Digital Mission (ABDM)
- Bharat Bill Payment System (BBPS)
- BharatQR
- Digi Yatra
- eSign
- Government e Marketplace (GeM)
- Open Network for Digital Commerce (ONDC)
- FASTag
- Account Aggregator (AA/DEPA)
- Aadhaar Enabled Payment System (AePS)
- Open Credit Enablement Network (OCEN)
- UMANG
History
| Year | Event |
|---|---|
| 2009 | Aadhaar pilot launched under UIDAI, led by Nandan Nilekani |
| 2013 | iSPIRT founded; "India Stack" terminology emerges |
| 2016 | UPI launched by NPCI; 2016 Indian banknote demonetisation accelerates digital adoption |
| 2017 | Supreme Court of India rules privacy a fundamental right (Puttaswamy judgment) |
| 2018 | Supreme Court upholds Aadhaar but strikes down Section 57 (private sector use) |
| 2019 | Government re-enables private sector Aadhaar use via ordinance |
| 2021 | Account Aggregator framework launches; CoWIN for COVID vaccination |
| 2023 | UIDAI expands facial authentication; 50 million+ monthly facial auth transactions |
| 2024 | 100% e-KYC mandate for ration cards; Odisha suspends 20+ lakh beneficiaries |
| 2025 | Madras High Court rules Aadhaar correction a fundamental right |
Governance structure
Despite "open" branding, India Stack components are governed by government bodies and private entities with restricted access:[6]
| Component | Governing Body | Legal Status | Access Model |
|---|---|---|---|
| Aadhaar | UIDAI | Statutory authority (exempt from RTI for certain categories) | Government licence required |
| UPI/BBPS | NPCI | Private Section 8 company | Membership approval required |
| Account Aggregator | Sahamati | Industry alliance | Membership required |
| ABDM | NHA | Government authority | Partnership required |
| ONDC | ONDC Ltd | Private Section 8 company | Licensing required |
Participation model
Unlike open protocols such as HTTP, email, or TCP/IP where anyone can implement independently, India Stack requires permission at every layer. There is no public RFC process, no citizen representation on technical committees, and no mechanism to challenge design decisions before deployment.[6]
Researchers note this differs fundamentally from both the IETF model of "rough consensus and running code" and FOSS contribution models where rejected proposals can still be implemented independently. In India Stack, if a proposal is rejected, there is no alternative--the gatekeeper's decision is final.[4]
Scale and adoption
India Stack components have achieved significant transaction volumes:
- UPI: Over 10 billion monthly transactions by 2023[7]
- Aadhaar: 1.4 billion enrolments
- DigiLocker: Over 150 million registered users
Proponents credit India Stack with expanding financial inclusion through Jan Dhan bank accounts, reducing subsidy leakage through Direct Benefit Transfer, and enabling digital service delivery.
Concerns and criticism
Welfare exclusion and documented denials
Aadhaar-based biometric authentication for welfare distribution has been linked to documented exclusions and deaths. Research by economists including Reetika Khera of IIT Delhi has found significant exclusion of genuine beneficiaries.[8]
Key findings include:
- Between 2013-2021, 4.39 crore (43.9 million) ration cards were deleted nationally
- A 2020 J-PAL study found 88% of cancelled ration cards in Jharkhand belonged to genuine beneficiaries, not fraudulent "ghost" entries[9]
- The Right to Food Campaign documented 57 starvation deaths in nine Indian states from 2015 onwards, with at least 19 directly linked to Aadhaar-related denial[10]
- Of 42 hunger-related deaths documented between 2017-2019, 25 were linked to Aadhaar issues[11]
Documented cases include Santoshi Kumari (11, Jharkhand, 2017), Arjun Hembram (11, Odisha, 2023), and others.[8]
Human Rights Watch documented 2.5 million families in Rajasthan denied ration supplies between September 2016 and June 2017 due to Aadhaar issues. The report also found children without Aadhaar excluded from government schools and hospitals demanding Aadhaar enrolment before issuing birth certificates.[2]
Biometric authentication failures
Studies have documented significant biometric authentication failure rates:[12]
- 6-12% fingerprint authentication failure rates among manual labourers, construction workers, and farmers
- Fingerprints degrade due to age, manual labour, and certain medical conditions
- Elderly people have degraded fingerprints; children's biometrics are unstable
- In 2023, UIDAI acknowledged 54+ hours of service downtime due to OTP delays and server issues
A 2018 analysis estimated that "two to five per cent of the Indian population would be excluded" due to biometric failures alone.[12]
Facial authentication expansion (2023-2025)
Despite documented fingerprint exclusion, states began adding facial authentication requirements. Rajasthan mandated facial authentication for pensioners via the RAJSSP app in February 2023. Data from January-April 2025 showed:[13]
- Facial authentication success rate: 69.11% (nearly 1 in 3 fail)
- Fingerprint authentication success rate: 76.27%
- OTP had 90%+ success rate but was deemed "unreliable" by authorities
- The system was tested on only 15-20 people before statewide rollout to 600,000+ pensioners in Jaipur district alone
Despite 30% failure rates, UIDAI reported 50 million+ facial authentication transactions monthly since 2023.[13]
Consent issues
Critics argue that consent is structurally compromised when Aadhaar authentication is mandatory for essential services. UIDAI claims authentication requires "explicit consent," but researchers note consent is meaningless when refusal means exclusion from:[8][14]
- Food rations under Public Distribution System
- Pension disbursement
- Bank account access (KYC requirements)
- LPG subsidies
- Government employment wages (MGNREGA)
- Healthcare access (ABDM)
- Vehicle toll payment (FASTag - mandatory by law)
Privacy and surveillance
The centralised nature of India Stack creates surveillance infrastructure concerns:[15]
- Centralised biometric database of 1.4 billion people
- Authentication logs enabling tracking of citizens' access to services
- Cross-linking of identity, financial, health, and location data
- Limited independent oversight and RTI exemptions
The Supreme Court of India ruled privacy a fundamental right in August 2017 (Justice K.S. Puttaswamy v. Union of India).[16]
In September 2018, the court upheld Aadhaar's constitutional validity but struck down Section 57 allowing private sector use. The government subsequently amended laws through ordinances to restore private sector access.[17]
Open source claims
While described as "open APIs," India Stack does not follow free and open-source software principles:[4]
- Source code is not publicly available
- No public contribution or proposal mechanism exists
- Alternative implementations are legally prohibited
- Governance is not participatory
- Cannot be forked or independently operated
The Financial Times noted these concerns in 2023, questioning claims of openness.[3]
Accountability gaps
Several structural accountability issues have been identified:[18]
- UIDAI is exempt from RTI for certain categories of information
- Only UIDAI can sue for Aadhaar-related issues; individuals cannot sue UIDAI under Section 47
- Aadhaar deactivations occur without prior notice
- A 2022 CAG report found UIDAI takes no responsibility for deficient biometric capture
- No public auditing of authentication success/failure rates across welfare programs
Digital divide
The COVID-19 vaccination rollout via CoWIN highlighted digital divide issues:[19]
- CoWIN required smartphone, internet access, and digital literacy
- 200-280 million Indians (33-45% of 18-44 age group) had no or poor internet access
- 25% of India's population had no smartphone
- No offline registration option initially
- Supreme Court (May 2021) noted "CoWIN not accessible to persons with disabilities"
Court cases
Key judgments
- Justice K.S. Puttaswamy v. Union of India (2017): Nine-judge bench unanimously ruled privacy a fundamental right
- Justice K.S. Puttaswamy v. Union of India (2018): Five-judge bench upheld Aadhaar's validity but struck down Section 57 (private sector use) and Section 33(2) (disclosure without judicial oversight)
- Koili Devi v. Union of India: Petition filed by Santoshi Kumari's mother challenging deletion of ration cards
- Orissa High Court (May 2023): Ruled welfare schemes cannot exclude on grounds of lacking Aadhaar or mobile phone
- P. Pushpam v. UIDAI (Madras HC, 2025): Ruled Aadhaar correction is a fundamental right
e-KYC mandate (2024)
In June 2024, the government directed 100% e-KYC compliance for all ration card holders. Odisha suspended rice distribution for 20+ lakh (2 million+) eligible individuals for e-KYC non-compliance. The Right to Food Campaign urged the government to halt e-KYC and remove exclusionary digital measures from PDS.[14]
International adoption
Several countries have expressed interest in adopting India Stack components. Sri Lanka, Morocco, the Philippines, Guinea, Ethiopia, and Togo have reportedly started using components.[20]
Critics note that countries adopting the model may also adopt its structural issues regarding exclusion, consent, and accountability.[1]