Aadhaar Covers 134 Crore Residents, Emerges as World’s Largest Biometric ID System

Government highlights strong privacy safeguards, encryption standards and India-based data storage

New Delhi: Aadhaar has emerged as the world’s largest biometric identity system, with approximately 134 crore active Aadhaar holders and over 17,000 crore authentication transactions completed, the government has said.

The system, managed by the Unique Identification Authority of India (UIDAI), plays a central role in identity verification for a wide range of public and private services.

How Aadhaar authentication works

UIDAI provides Aadhaar authentication services to authorised entities, enabling verification of an individual’s identity using:

• One-time password (OTP)
• Biometric authentication such as fingerprint, iris or facial recognition
• Demographic details

Entities seeking to use Aadhaar authentication must be onboarded as authentication user agencies (AUA) or KYC user agencies (KUA) under provisions of the Aadhaar Act.

The system also includes AI and machine learning-based face authentication, allowing secure and accurate identity verification using facial biometrics.

Strong privacy and data protection framework

The government emphasised that the Aadhaar ecosystem is designed with privacy and security as core principles.

Demographic data is encrypted both at rest and in transit, ensuring protection against unauthorised access.

The Aadhaar Act imposes strict controls on the collection, storage, usage and sharing of data, with clearly defined permissible purposes.

Importantly, biometric data cannot be stored by any requesting entity, limiting the risk of misuse.

Data storage and processing within India

Officials highlighted that all Aadhaar data is stored and processed within India, with safeguards in place to prevent any external access or transfer.

This architecture is intended to ensure data sovereignty and compliance with national data protection norms.

Multi-layered audit and compliance system

UIDAI has implemented a three-tier audit framework for entities in the Aadhaar ecosystem:

• Self-compliance audit
• Information security annual audit
• Governance, risk, compliance and privacy (GRCP) audit

This layered approach is aimed at ensuring system integrity, identifying vulnerabilities and maintaining compliance with regulatory standards.

Access and retention of authentication logs

Authentication logs are maintained by AUAs and KUAs for two years, during which they can be accessed by Aadhaar holders or used for grievance redressal.

After this period, logs are archived for five years and then deleted, ensuring controlled data retention.

Key safeguards built into the system

The Aadhaar framework includes several built-in safeguards:

• Mandatory informed consent of the Aadhaar holder
• Authentication limited to predefined, authorised purposes
• Secure and minimal data sharing during authentication
• Use of certified devices for biometric authentication
• Storage of data in a secure Aadhaar data vault
• Mandatory audit trails for all transactions

Backbone of India’s digital governance

With its scale and integration across sectors, Aadhaar has become a critical component of India’s digital public infrastructure.

Officials said the system’s architecture balances ease of service delivery with strong privacy safeguards, ensuring secure identity verification at scale.

The information was provided in the Lok Sabha by minister of state for electronics and information technology Jitin Prasada on Thursday.