Aadhaar

Establishment of UIDAI (2009–2013)

The Unique Identification Authority of India (UIDAI) was established on 28 January 2009 through a notification of the Planning Commission (now NITI Aayog). On 23 June 2009, Nandan Nilekani, co-founder of Infosys, was appointed as its first chairperson with rank equivalent to a Cabinet minister.^[21]

In April 2010, the programme was formally branded as “Aadhaar” and its logo was unveiled.^[22] Nilekani stated that UIDAI would support legislation to safeguard data collected under the programme. In February 2012, UIDAI launched an online verification system enabling institutions to authenticate Aadhaar numbers electronically.^[23]

In November 2012, a Public Interest Litigation was filed in the Supreme Court of India by former Karnataka High Court judge K. S. Puttaswamy, challenging the constitutional validity of the Aadhaar scheme on grounds including privacy and lack of statutory backing.^[24] Around this time, Prime Minister Manmohan Singh launched an Aadhaar-linked Direct Benefit Transfer (DBT) scheme in 51 districts, aimed at transferring subsidies directly to beneficiaries’ bank accounts.

On 23 September 2013, the Supreme Court issued an interim order directing that no person should suffer for not possessing an Aadhaar number and clarified that the programme was voluntary at that stage.

Legislative enactment and judicial review (2016–2018)

On 3 March 2016, the Aadhaar Targeted Delivery of Financial and Other Subsidies, Benefits and Services Bill, 2016 was introduced in Parliament as a Money Bill by Finance Minister Arun Jaitley.^[25] The Bill was passed by the Lok Sabha on 11 March 2016.^[26] Opposition parties criticised its introduction as a Money Bill, arguing that it limited the role of the Rajya Sabha.^[27]

On 24 August 2017, in Justice K.S. Puttaswamy (Retd.) v. Union of India, the Supreme Court unanimously held that the right to privacy is a fundamental right under the Constitution of India.^[28]

In September 2018, the Supreme Court upheld the constitutional validity of the Aadhaar Act, 2016, while restricting its mandatory use. The Court held that Aadhaar could not be required for opening bank accounts, obtaining mobile connections, or school admissions.^[29]

Subsequent developments

In 2018, UIDAI introduced face authentication as an additional mode of biometric verification, supplementing fingerprint and iris authentication.^[30]

In 2019, Finance Minister Nirmala Sitharaman proposed permitting the use of Aadhaar in place of a Permanent Account Number (PAN) for specified high-value cash transactions.

Bhudhaar

Government of Andhra Pradesh started Aadhaar based innovative first of its kind project called Bhudhaar to assign an 11-digit unique number for every land parcel^[31] in the state as part of the "land hub in E-Pragati Programme". Andhra Pradesh Chief Minister N. Chandrababu Naidu launched^[32] the programme on 20 November 2018 to streamline the land records. Union Government of India also implementing Unique Land Parcel Identification Number (ULPIN) Project with the reference^[33] from this Bhudhaar Project.

Bhuseva Authority,^[34] an inter-departmental committee was formulated to implement and its progress monitored in real time basis by Andhra Pradesh Chief Minister and all citizens using Core Dashboard (developed and managed by the Real Time Governance Society).

Any type of land parcel categories i.e. agriculture lands, rural properties & urban properties (like houses, house sites, and vacant lands) are managed by all land-related departments in the states. These are Revenue, Panchayat Raj, Municipal Administration, Registration, Survey & Settlements, Forest, Endowments, Wakf. Under the Land Hub core platform, these departments integrate their land-related services and issue a new Bhudhaar number to each land holding or property upon ownership change.

In general Land records consists of two types^[35] of data: textual data (like village name, name of land owner, survey number, extent, ID proof like Aadhaar, Voter ID or other related documents), and spatial data (data depicting the sketch of the land, its measurements (in links/metres/feet), adjacent fields, location on ground).

The Bhudhaar issuing process contains 2 stages. Firstly, a temporary Bhudhaar is assigned based on valid textual data of an agriculture land holding, rural or urban property. It begins with 99, and the following numbers are generated on a random basis only. There is no meaning to the 9 digits, but they form a unique ID for that property. A special series number is allocated to government lands, for example, 99.312.725.202., where "99" indicates that it is a temporary Bhudhaar.

Second, a permanent Bhudhaar is assigned once the spatial data is captured and linked to the textual data. The spatial data contains the measurement of the land and its resultant sketch (FMB), the location of the land on the ground along with geo-coordinates. To capture the measurement of land holding or a sub-division, the Andhra Pradesh Government uses^[36] the Continuously Operating Reference Station (CORS) a state-of-the-art technology in surveying properties. Once the geo-coordinates captured are completed using CORS, the permanent Bhudhaar is assigned, and the first two numbers i.e., 99 in the temporary Bhudhaar are replaced with 28 (State Census Code).

Direct Benefit Transfer

The Aadhaar project has been linked to welfare schemes and unemployment benefit schemes such as the domestic LPG scheme and MGNREGA. In these Direct Benefit Transfer (DBT) schemes, the subsidy money is directly transferred to a bank account which is Aadhaar-linked.^[37][38] Previously, the direct-benefit transfer had been carried out via the National Electronic Funds Transfer (NEFT) system, which did not depend on Aadhaar.

On 29 July 2011, the Ministry of Petroleum and Natural Gas signed a memorandum of understanding with UIDAI. The Ministry had hoped the ID system would help eliminate the loss of the subsidised kerosene and LPG.^[39] In May 2012 the government announced that it would begin issuing Aadhaar-linked MGNREGS cards.^[38] On 26 November 2012 a pilot programme was launched in 51 districts.^[40]

Under the original policy for liquefied petroleum gas subsidies, the customers bought gas cylinders from retailers at subsidised prices, and the government compensated companies for their losses. Under the current Direct Benefit Transfer of LPG (DBTL), introduced in 2013, customers had to buy at full price, and the subsidy would be then directly credited to their Aadhaar-linked bank accounts. This scheme, however, did not take off, and in September 2013 a Supreme Court order put a halt on it.^[41] Subsequently, the GOI constituted a committee to review the "Direct Benefits Transfer for LPG Scheme"^[42] to study the shortcomings in the scheme and recommend changes. The DBTL scheme was modified later as PAHAL by the new government in November 2014. Under PAHAL, subsidies could be credited to a purchaser's bank account even if he or she did not have an Aadhaar number. Official data show that cooking gas consumption during the January–June period grew at a slower 7.82%, which is nearly four percentage points less than the 11.4% growth in the same period last year.^[43][44]

The PAHAL scheme has covered 118.9 million of the 145.4 million active LPG consumers until March, as stated by the Petroleum Minister in the Parliament. The DBT has thereby become a "game changer" for India, claimed the Chief Economic Adviser to the Finance Ministry, Government of India, Arvind Subramanian, for in case of LPG subsidy, DBT had resulted in a 24% reduction in the sale of subsidised LPG, as "ghost beneficiaries" had been excluded. The savings to the government were to the tune of ₹127 billion (US$2.08 billion) in 2014–2015.^[45] The success of the modified scheme helped fuel marketing companies save almost ₹80 billion (US$1.31 billion) from November 2014 to June 2015, said oil company officials.^[43] The DBT for the public distribution system (PDS) will be rolled out in September 2015.^[45]

The government's own data, however, suggest that the cost of implementing the DBT for LPG was over a million dollars, a figure quite at odds with the savings figures that the government cites.^[46]

Prime Minister Modi has asked for the integration of all land records with Aadhaar at the earliest, emphasising at his monthly PRAGATI (Pro-Active Governance and Timely Implementation) meeting on 23 March 2016 that this was extremely important to enable monitoring of the successful implementation of the Pradhan Mantri Fasal Bima Yojana or crop insurance scheme.^[47]

Aadhaar-enabled biometric attendance systems

In July 2014 Aadhaar-enabled biometric attendance systems were introduced in government offices. The system was introduced to check the late arrival and absenteeism of government employees. The public could see the daily in and out of employees on the website attendance.gov.in.^[48][49] In October 2014 the website was closed to the public but as of 24 March 2016 is again active and open to public access.^[50] The employees use the last four digits (last eight digits for government employee registering as of August 2016) of their Aadhaar number and their fingerprints, for authentication.^[51]

Uses by government agencies

In November 2014 it was reported that the Ministry for External Affairs was considering making Aadhaar a mandatory requirement for passport holders.^[52] In February 2015 it was reported that people with an Aadhaar number would get their passports issued within 10 days, as it sped up the verification process by making it easier to check if an applicant had any criminal records in the National Crime Records Bureau database.^[53] In May 2015, it was announced that the Ministry of External Affairs was testing the linking of passports to the Aadhaar database.^[54]

In October 2014 the Department of Electronics and Information Technology said that they were considering linking Aadhaar to SIM cards.^[55] In November 2014 the Department of Telecom asked all telecom operators to collect Aadhaar from all new applicants of SIM cards.^[56] On 4 March 2015 a pilot project was launched allowing Aadhaar-linked SIM cards to be sold in some cities. The purchaser could activate the SIM at the time of purchase by submitting his Aadhaar number and pressing his fingerprints on a machine.^[57] It is part of the Digital India plan. The Digital India project aims to provide all government services to citizens electronically and is expected to be completed by 2018.^[57][58]

In July 2014 the Employees' Provident Fund Organisation (EPFO) began linking provident fund accounts with Aadhaar numbers.^[59] In November 2014 the EPFO became a UIDAI registrar and began issuing Aadhaar number to provident fund subscribers.^[60] In December 2014 Labour Minister Bandaru Dattatreya clarified that an Aadhaar number was not necessary for any provident fund transaction.^[61]

In August 2014 Prime Minister Modi directed the Planning Commission of India to enrol all prisoners in India under the UIDAI.^[62]

In December 2014 it was proposed by the Minister for Women and Child Development, Maneka Gandhi, that Aadhaar should be made mandatory for men to create a profile on matrimonial websites, to prevent fake profiles.^[63] In July 2015 the Department of Electronics and Information Technology (DeitY) called a meeting of various matrimonial sites and other stakeholders to discuss the use of Aadhaar to prevent fake profiles and protect women from exploitation.^[64]

On 3 March 2015, the National Electoral Roll Purification and Authentication Programme (NERPAP) of the Election Commission was started. It aims to link the Elector's Photo Identity Card (EPIC) with the registered voter's Aadhaar number. It aims to create an error-free voter identification system in India, especially by removing duplications.^[65][66]

Uses by states

In the Hyderabad region of Telangana state, Aadhaar numbers were linked to ration cards to remove duplicate ration cards. The project was started in July 2012 and was carried out despite the 2013 Supreme Court order. More than 63,932 ration cards in the white category and 229,757 names were removed from its database in the drive between July 2012 and September 2014.^[67][68][69] In August 2012 the government of the state of Andhra Pradesh asked citizens to surrender illegal ration cards before it began to link them with Aadhaar numbers. By September 2014, 15 lakh (1.5 million) illegal ration cards had been surrendered.^[70][71] In April 2015 the state of Maharashtra began enrolling all school students in the state in the Aadhaar project to implement the Right to Education Act properly.^[72]

Electronic-Know Your Customer (e-KYC) using Aadhaar card is also being introduced to activate mobile connections instantly to check Aadhaar Card Status.^[73]

Feasibility concerns

In October 2010 R. Ramakumar, an economist at the Tata Institute of Social Sciences,^[77] wrote in an editorial for The Hindu that the project was being implemented without any cost-benefit or feasibility studies to ensure whether the project would meet its stipulated goals. He also pointed out that the government was obscuring the security aspects of Aadhaar and focusing on the social benefit schemes. He quoted a former chief of the Intelligence Bureau Ajit Doval, who had said that originally Aadhaar aimed to weed out illegal aliens.^[78]

In March 2011 Rajanish Dass of IIM Ahmedabad's Computer and Information Systems Group published a paper titled "Unique Identity Project in India: A divine dream or a miscalculated heroism". Dass claimed that even if enrolment was voluntary, it was being made mandatory by indirect means. He pointed out that essential schemes like the National Food Security Act, 2013, was being linked to the UIDAI. He also stated that the feasibility of a project of this size had not been studied and raised concerns about the quality of the biometric data being collected. He cited statements of another researcher, Usha Ramanathan, that the UIDAI would ultimately have to become profit-making to sustain itself.^[79][80]

The debate on the feasibility of sustaining a project of the size of the population of India is settled as over 1.22 billion Indians are enrolled in Aadhaar as of July 2018,^[5] representing about 90% of the total estimated population.^[81] The scheme complements other initiatives taken by the government, for example Digital India, to benefit people by giving easier access to public services.

On 9 November 2012 the National Institute of Public Finance and Policy (NIPFP) published a paper titled A cost-benefit analysis of Aadhaar. The paper claimed that by 2015–2016 the benefits of the project would surpass the costs, and by 2020–2021 the total benefit would be ₹251 billion (US$3.0 billion) against a total expenditure of ₹48.35 billion (US$570 million). The benefits would come from plugging leakages in various subsidy and social benefit schemes.^[82][83]

On 2 February 2013 Reetika Khera, a development economist at IIT Delhi, published a paper in the Economic and Political Weekly titled A 'Cost-Benefit' Analysis of UID, in response to the cost-benefit analysis published by NIPFP. She argued that the seemingly large benefits were based 'almost entirely on unrealistic assumptions' and outdated data. The paper pointed to how the relative cost-effectiveness of Aadhaar in comparison with alternative technologies – the basic premise of any cost-benefit analysis – was entirely ignored. Further, concerns regarding a possible conflict of interest were also raised.^[84] In March 2016 the International Institute for Sustainable Development released a report that the benefit from Aadhaar-linked LPG subsidy scheme for 2014–2015 was ₹140 million (US$1.7 million) and for 2015–2016 was ₹1.21 billion (US$14 million). These sums were much lower than the number stated by Finance Minister Jaitley in the Lok Sabha. He had said in March 2016 that the government had saved ₹150 billion (US$1.8 billion) from the scheme. The paper said that the government was also including the savings from the efforts of oil marketing companies (OMCs) prior to the introduction of Aadhaar. The method used by the OMCs to weed out duplicates and ghost customers was 15–20 times more effective than the Aadhaar-based method.^[85] The savings of ₹150 billion (US$1.8 billion) from the scheme was not claimed by the government to be from LPG subsidy alone, but by plugging leaks and checking corruption with the help of Aadhaar in all the schemes administered by the government of India.

Lack of legislation and privacy concerns

On 2 February 2015, the Supreme Court asked the new government to clarify its stance on the project. This was in response to a new PIL filed by Mathew Thomas, a former army officer. Thomas had claimed that the government was ignoring previous orders while pushing ahead with the project and that the project was unconstitutional as it allowed profiling of citizens. In a reply on 12 February the government said that it would continue the project.^[86][87] On 16 July 2015 the government requested the Supreme Court to revoke its order, saying that it intended to use Aadhaar for various services.^[88] On 21 July 2015 the Court noted that some states were insisting on Aadhaar for benefits despite its order.^[89]

On 11 August 2015, the Supreme Court directed the government to widely publicise in print and electronic media that Aadhaar was not mandatory for any welfare scheme. The Court also referred the petitions claiming Aadhaar was unconstitutional to a Constitutional Bench.^[90]

On 19 July 2017, a nine-judge bench of the Supreme Court began hearing the arguments on whether there is a fundamental right to privacy.^[91] On 24 August 2017 the nine-judge bench unanimously upheld the right to privacy as a fundamental right under the Constitution.^[92][93][94]

A five-judge constitutional bench of the Supreme Court has heard various cases relating to the validity of Aadhaar on various grounds including privacy, surveillance, and exclusion from welfare benefits.^[95] As of 27 February 2018, senior counsels Shyam Divan,^[96] Kapil Sibal,^[97] and Gopal Subramanium,^[98] argued over a span of 13 days in this matter.

In a majority opinion dated 26 September 2018, the Supreme Court upheld the use of Aadhaar.^[99]

Legality of sharing data with law enforcement

In 2013 in Goa the CBI was trying to solve the case of a rape of a schoolgirl. It approached a Goa local court saying that they had acquired some fingerprints from the scene that could be matched with the UIDAI database. The court asked the UIDAI to hand over all data of all persons in Goa to the CBI.^[100][101]

The UIDAI appealed in the Bombay High Court saying that accepting such a request would set a precedent for more such requests. The High Court rejected the argument and on 26 February 2014 in an interim order directed Central Forensic Science Laboratory (CFSL) to study the technological capability of the database to see if it could solve such a crime. The UIDAI then appealed in the Supreme Court. It argued that the chance of a false positive was 0.057% and with 600 million people in its database, it would result in hundreds of thousands of false results.^[101][102]

On 24 March 2014, the Supreme Court restrained the central government and the UIDAI from sharing data with any third party or agency, whether government or private, without the consent of the Aadhaar-holder in writing. Vide another interim order dated 16 March 2015, the Supreme Court of India has directed that the Union of India and States and all their functionaries should adhere to the order passed by this court on 23 September 2013. It observed that some government agencies were still treating Aadhaar as mandatory and asked all agencies to issue notifications clarifying that it was not.^[100]

On 26 September 2018, the Supreme Court ruled that Section 57 of the Aadhaar Act was unconstitutional, meaning that private entities cannot compel their customers to provide their Aadhaar number as a condition of service to verify their identity, specifically citing requiring it for bank accounts, school admissions, and mobile phone service as examples of unlawful use cases. However, it did uphold its requirement for income tax filing and welfare programmes.^{[103][104][105][106]}

Land allotment dispute

In September 2013 the Delhi Development Authority accepted a complaint from the activist group India Against Corruption and cancelled a land allotment to the UIDAI. The land was previously owned by BSNL, and MTNL had also laid claims on it. It had an estimated ₹9 billion (US$110 million) value but had been allotted to the UIDAI at a very cheap rate.^[107]

The issue of constructing the UIDAI HQs and UIDAI Regional Office building in Delhi was resolved with the Department of Telecom (DoT), following which the Ministry of Urban Development issued a notification on 21 May 2015 clearing the titles of the land in favour of the UIDAI, including projected land use.^[108]

Security concerns

In an August 2009 interview with the Tehelka, former chief of the Intelligence Bureau (IB), Ajit Doval, said that Aadhaar was originally intended to flush out illegal immigrants, but social security benefits were later added to avoid privacy concerns.^[109] In December 2011 the Parliamentary Standing Committee on Finance, led by Yashwant Sinha, rejected the National Identification Authority of India Bill, 2010, and suggested modifications. It expressed objections to the issuing of Aadhaar numbers to illegal immigrants. The Committee said that the project was being implemented in an unplanned manner and bypassing the Parliament.^[110]

In May 2013, deputy director general of the UIDAI, Ashok Dalwai, admitted that there had been some errors in the registration process. Some people had received Aadhaar cards with wrong photographs or fingerprints.^[111] According to Aloke Tikku of the Hindustan Times, some officials of the Intelligence Bureau (IB) had criticised the UIDAI project in September 2013, with the officials saying that the Aadhaar number cannot be considered a credible proof of residence. As under the liberal pilot phase, where a person claimed to live was accepted as the address and recorded.^[112]

In 2018, R. S. Sharma, former director general of the UIDAI shared his Aadhaar number on Twitter, challenging people to show "one concrete example where you can do any harm to me!" Within hours, Twitter users managed to dig out his personal details like his personal mobile number(s), Gmail and Yahoo addresses, physical address, date of birth, his frequent flyer number, and that he uses an iPhone.^[113] After this incident, UIDAI tweeted urging users not to share Aadhaar numbers publicly.^[114]

In September 2023, independent analyst Moody's raised concerns about the Aadhaar system, highlighting its tendency to result in service denials, especially affecting manual labourers in hot, humid climates due to questionable reliability of biometric technologies.^[115] The Government of India refuted Moody's claims emphasizing the absence of reported security or privacy breaches within the Aadhaar System. The centre's stance was reaffirmed in response to parliamentary enquiries, where it unequivocally stated that no breaches had been reported from the Aadhaar database.^[116]

Overlaps with National Population Register

The Aadhaar and the similar National Population Register (NPR) projects have been reported to be in conflict. In January 2012 it was reported that the UIDAI would share its data with NPR and the NPR would continue to collect its own data.^[117] In January 2013 then-Home Minister Sushilkumar Shinde said that Aadhaar was not an identity card but a number, while the NPR was necessary for national security purposes.^[118] The 2013 Supreme Court order did not affect the NPR project as it was not linked to any subsidy.^[119]

In July 2014 a meeting was held to discuss the possibility of merging the two projects, Aadhaar and NPR, or making them complementary. The meeting was attended by Home Minister Rajnath Singh, Law and Justice and Telecom Minister Ravi Shankar Prasad, and Minister of State for Planning Rao Inderjit Singh.^[120] Later in the same month, Rao Inderjit Singh told the Lok Sabha that no plan to merge the two projects has been made.^[121]

On 23 September 2019, the then Union Home Minister Amit Shah announced an idea where the NPR and Aadhaar would be on the 2021 census and would be used with the census data to build a new unique national document,^[122] however, UIDAI confirmed that for 2021 census, the Aadhaar use would be voluntary, also saying that "Collection of biometrics is not been provided under Citizenship Rules".^[123]

Fraud

In order to make Aadhaar accessible to often undocumented poorer citizens, obtaining an Aadhaar card does not require significant documentation, with multiple options available. In theory, the use of biometric facilities should reduce or eliminate duplication. So, in theory, while it may be possible to obtain the card under a false name, it is less likely that a person would be able to obtain another Aadhaar card under a different (or real) name.

The Aadhaar card itself is not a secure document (being printed on paper) and according to the agency should not be treated as an identity card^[124] though it is often treated as such. However, with currently no practical way to validate the card (e.g. by police at airport entry locations) it is of questionable utility as an identity card. "There are five main components in an Aadhaar app transaction – the customer, the vendor, the app, the back-end validation software, and the Aadhaar system itself." There are also two main external concerns – the security of the data at rest on the phone and the security of the data in transit. At all seven points, the customer's data is vulnerable to attack ... The app and validation software are insecure, the Aadhaar system itself is insecure, the network infrastructure is insecure, and the laws are inadequate," claims Bhairav Acharya, Program Fellow, New America.^[125]

The Aadhaar card is usually printed on glossy paper, and the government has stated black and white copies are valid. Some agencies charge extra to laminate the document. Other agencies have been reported charging ₹ 50 to 200 to produce a PVC version of the card, and it is marketed by them as a smart card, despite having no official validity and no chip.^[126]

Certain mobile apps claim to verify an Aadhaar card using a QR code scanner. However, the QR code is not a secure representation of an Aadhaar card either and can be copied and edited. The only way to validate an Aadhaar card is to perform an online validation, which will confirm that the card number is valid, and confirm the postal code and gender of the holder (but not their name or photo). In theory, this means that is possible to create a false Aadhaar card using the number of a genuine holder from the same postal code with the same gender, with the card subject to a number of cases of counterfeiting.^[127]

The digital document itself is self-signed by a non-internationally recognised certificate authority (n)Code Solutions, a division of Gujarat Narmada Valley Fertilizers Company Ltd (GNFC)^[128] and needs to be manually installed on the PC. This is despite Entrust assisting in the development of the solution.^[129]

Cloning of biometric data

Aadhaar data is linked to the fingerprints of cardholders. This has been used by fraudsters to withdraw money from bank accounts. Most people have linked their bank accounts to their Aadhaar identity due to the mandatory nature of the linkage as promoted by the government. The Aadhaar programme automatically enrolls the bank customer into a payment system wherein money can be withdrawn from their bank account using their Aadhaar card numbers and fingerprints. Fraudsters obtain customers' fingerprints through websites where land-owning documents are public or where fingerprints can be sold to fraudsters by people who can obtain copies of victims' fingerprints through objects in their homes. Essentially, one's fingerprints work as a password that cannot be changed, unlike credit card PINs and many other similar protective services.^[130]

Application issues

While the service is free for citizens, some agents have been charging fees.^[131] Despite the modern processes, there are cases where enrolments are lost in the system without explanation. mAadhaar is an official mobile application developed by the UIDAI to provide an interface for Aadhaar number holders to carry their demographic information including name, date of birth, gender, and address along with a photograph linked with their Aadhaar number in smartphones. In one case, every resident in a village in Haridwar was assigned a birthday of 1 January.^[132]

Threat of exclusion

Many private and public benefits are being linked to Aadhaar numbers and made contingent on it: food aid, cooking-gas subsidies, mobile connections, NREGA wages, government examinations, banking facilities, tax filings, etc. In fact, much of the massive enrolment resulted from the fear of being excluded from these benefits. There have been instances where people have been denied food aid because of issues with authentication arising from network issues or problems with identifying fingerprints (sometimes fingerprints become faded from age or manual labour).^[133]

Documentary proof may be difficult to obtain, with the system requiring documents such as bank accounts, insurance policies, and driving licences that themselves increasingly require an Aadhaar card or similar documentary evidence to originate.^[134] This may lead to a significant minority underclass of undocumented citizens who will find it harder to obtain necessary services.^[135] Introducers and Heads of family may also assist in documentation; however, for many agencies and legitimate applications, this facility may not be practical.^[136]

Non-resident Indians, overseas citizens of India, and other resident foreigners may also find it difficult to avail themselves of services they could previously freely obtain, such as local SIM cards,^[137] despite assurances to the contrary.^[138]

Since the Unique Identification Authority office first opened in Delhi, people have been allowed to designate their gender as "transgender" on their Aadhaar card, according to an August 2013 report.^[139]

Data leaks and security incidents

The Aadhaar database has experienced multiple data leaks and security breaches since its inception. These have ranged from the sale of unauthorised access by database administrators, the exposure of personal information on government websites, and unauthorised use and access of Aadhaar data by private institutions.

The detailed personal information being collected is of extremely high importance to an individual. However, once collected, it is not being treated with the required sensitivity for privacy^[140] concerns. Major financial transactions are linked with information collected in Aadhaar. Data leaks^[141] are a gold mine for criminals who now use sophisticated hackers. Government departments and various other agencies that collect this information such as banks cannot be trusted to maintain the secrecy of all this collected information.^[142] Another case occurred wherein Aadhaar data collected by Reliance Jio was leaked online, and the data may now be widely available to hackers.^[143][144] The UIDAI confirms more than 200 government websites were publicly displaying confidential Aadhaar data; though removed now, the data leaked cannot be scrubbed from hackers' databases.^[145] In July 2017 privacy issues with regard to the Aadhaar card were discussed in the Supreme Court.^{[146] [147]} A report from the Center for Internet and Society suggests that the records of about 135 million Indians may have been leaked.^[148] A loophole was identified that allows all records to be accessed by anyone^[149] though hackers can find other routes.

Virtual ID

On 1 March 2018, Virtual ID aka VID was introduced and was made as an option for agencies to use Virtual ID by 1 September 2018. A Virtual ID is a 16-digit number that is generated using the Aadhaar number. This Virtual ID can then be used instead of the Aadhaar number to carry out some Aadhaar-related work.^{[citation needed][184]}

Revolving door problem

The question of the revolving door phenomenon (where "individuals using experience, knowledge and clout gained while in public service in pursuit of profit for private companies") has been raised in the context of Aadhaar, as people who were involved in the creation, design, and popularisation of Aadhaar are now working in the private sector where they can use this knowledge for their own private enterprises which profit off this knowledge. Some examples of this are Khosla Labs as well as iSPIRT, a non-profit organisation which is dedicated to developing and supporting India Stack's APIs has had many employees who were involved with UIDAI in various capacities.^[185]

CAG Report on the functioning of the UIDAI

In April 2022, the Comptroller and Auditor General of India published an audit report on the functioning of the UIDAI. The report contains observations and recommendations based on a performance audit – which included assessments of both the Enrolment and Update Ecosystems as well as the Authentication Ecosystems for the period 2014–15 to 2018–19. The press release lists the Summary of Performance, Significant Audit Findings, and the recommendations.^[186][187]

Drive to link Aadhaar with Voter ID card

In 2022, the Election Commission started a drive to link the Aadhaar card with the voter ID card.^[188] The Union Government claimed that this linking will be voluntary, but the bill passed in the parliament contradicts the claim.^[189] The rules issued by the Union Government mention that the only "sufficient cause" for a person to not link their Aadhaar Card with the Voter ID Card is if the person does not have one. The election officials cited 'orders from above' to pressure voters into linking these documents.^[190]

The linkage of Aadhaar with Voter ID cards has several concerns. First, Aadhaar is not a proof of citizenship and such a linkage will not filter non-citizens. Another problem is the Unique Identification Authority of India in 2018 reported that Aadhaar-based biometric authentication had a 12% error rate and linkage of voter ID with Aadhaar in Andhra and Telangana in 2015 led to the disenfranchisement of around 30 lakhs (3 million) voters leading to Supreme Court cancelling the linkage process. Yet another problem is that such a linkage would assign Aadhaar's demographic information to an electoral database leading to misuse for profiling of voters, and India's lack of data protection laws makes it even worse.^[191]