Aadhaar (Authentication and Offline Verification) Regulations

Aadhaar (Authentication and Offline Verification) Regulations

AADHAAR (AUTHENTICATION AND OFFLINE VERIFICATION) REGULATIONS, 2021

No. K-11020/240/2021/Auth/UIDAI (No. 2 of 2021).—In exercise of the powers conferred by sub-section (1), and sub-clauses (a), (ba), (ca), (cb), (f), (fa), (fb) and (w) of sub-section (2) of Section 54 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016 as amended vide the Aadhaar and Other Laws (Amendment) Act, 2019 (No.14 of 2019) and in supersession of the Aadhaar (Authentication) Regulations, 2016 except as respects things done or omitted to be done before such supersession, the Unique Identification Authority of India, hereby makes the following regulations, namely:—

CHAPTER I
PRELIMINARY

  1. Short title and commencement.—
    (1) These regulations may be called the Aadhaar (Authentication and Offline Verification) Regulations, 2021.
    (2) These regulations shall come into force on the date of their publication in the Official Gazette.
  2. Definitions.–

    (1) In these regulations, unless the context otherwise requires,—

    (a) “Act” means the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016;

    (aa) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3 of Aadhaar Act, and includes any alternative virtual identity generated under sub-section (4) of that section;

    (b) “Aadhaar number holder” means an individual who has been issued an Aadhaar number under the Act;

    (ba) “Aadhaar Number Capture Service Token or ANCS Token” means an encrypted number generated for an Aadhaar number by the Authority for completion of an authentication transaction. ANCS Token shall be valid for a short period of time as prescribed by the Authority;

    (bb) “Aadhaar Paperless Offline e-KYC” means a digitally signed document generated by the Authority containing last 4 digits of Aadhaar number, demographic data like name, address, gender, and date of birth, and photograph of the Aadhaar number holder etc.;

    (bc) “Aadhaar Secure QR Code” means a quick response code generated by the Authority which contains digitally signed data like last 4 digits of Aadhaar number, demographic data like name, address, gender, and date of birth, and photograph of the Aadhaar number holder etc.;

    (c) “Authentication” means the process by which the Aadhaar number along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it;

    (d) “Authentication facility” means the facility provided by the Authority for authenticating the Aadhaar number along with demographic information or biometric information of an Aadhaar number holder through the process of authentication, by providing a Yes/ No response or e-KYC data, as applicable;

    (e) “Authentication record” means the record of the time of authentication and identity of the requesting entity and the response provided by the Authority thereto;

    (f) “Authentication Service Agency” or “ASA” shall mean a licensed entity providing necessary infrastructure for ensuring secure network connectivity and related services for enabling a requesting entity to perform authentication using the authentication facility provided by the Authority;

    (g) “Authentication User Agency” or “AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority;

    (h) “Authority” means the Unique Identification Authority of India established under sub-section (1) of section 11 of the Act;

    (i) “Central Identities Data Repository” or “CIDR” means a centralised database in one or more locations containing Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto;

    (ia) “child” means a person who has not completed eighteen years of age;

    (j) “e-KYC authentication facility” means a type of authentication facility in which the biometric information and/or OTP and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is matched against the data available in the CIDR, and the Authority returns a digitally signed response containing e-KYC data along with other technical details related to the authentication transaction;

    (k) “e-KYC data” means full or limited demographic information and/or photograph of an Aadhaar number holder. The e-KYC data may contain full or masked Aadhaar number;

    (l) “e-KYC User Agency” or “KUA” shall mean a requesting entity which, in addition to being an AUA, uses e-KYC authentication facility provided by the Authority;

    (m) “License Key” is the key generated by a requesting entity as per the process laid down by the Authority;

    (ma) “Offline Verification” means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations;

    (mb) “Offline Verification Seeking Entity” or “OVSE” means any entity desirous of undertaking offline verification of an Aadhaar number holder;

    (mc) “Offline Aadhaar Data” means the data relating to offline Aadhaar verification, having characteristics as specified by the Authority from time to time including the requirement of masking Aadhaar numbers before storing;

    (n) “PID Block” means the Personal Identity Data element which includes necessary demographic and/or biometric and/or OTP collected from the Aadhaar number holder during authentication;

    (na) “Registered Devices” means biometric devices that are registered with the Authority;

    (o) “Requesting entity” means an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for authentication;

    (oa) “Sub-AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority through an existing AUA;

    (ob) “Sub-KUA” means a requesting entity that uses e-KYC authentication facility provided by the Authority through an existing KUA;

    (oc) “UID Token” means a 72-character alphanumeric string generated by the Authority mapped to the Aadhaar number and specific to a requesting entity;

    (od) “Virtual Identifier” means an interchangeable 16-digit random number mapped with the Aadhaar number of the Aadhaar number holder; and

    (p) “Yes/No authentication facility” means a type of authentication facility in which the identity information and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is then matched against the data available in the CIDR, and the Authority responds with a digitally signed response containing “Yes” or “No”, along with other technical details related to the authentication transaction, but no identity information.

    (2) Words and expressions used and not defined in these regulations shall have the meaning assigned thereto under the Act or under the rules or regulations made there under or under the Information Technology Act 2000.

Read More from Page No. 25

Other Updates on Aadhaar

CA Cult