The Indian Government on Wednesday highlighted the scale, security, and governance mechanisms of the Aadhaar ecosystem, describing it as the world’s largest biometric identity system with nearly 134 crore active users and over 17,000 crore authentication transactions completed so far, according to a statement by the Ministry of Electronics and Information Technology dated March 18, 2026.
Also Read: Aadhaar to Embrace AI, Blockchain and Quantum Tech in Vision 2032 Roadmap
Multi-Mode Authentication Powers Service Delivery
The Aadhaar authentication service enables authorised entities to verify an individual’s identity using Aadhaar number and associated data through multiple modes, including one-time passwords (OTP), biometric identifiers such as fingerprints, iris scans and facial recognition, as well as demographic details. The service facilitates secure delivery of services across sectors.
AI-Based Face Authentication Gains Traction
The government also underscored the growing adoption of Aadhaar Face Authentication, which leverages artificial intelligence (AI) and machine learning (ML) technologies to ensure accurate and contactless identity verification.
According to the official release, entities seeking to use Aadhaar authentication services are required to be onboarded as Authentication User Agencies (AUAs) or KYC User Agencies (KUAs) in accordance with provisions of the Aadhaar Act. These agencies are mandated to retain authentication logs for two years, after which the data is archived for five years before being deleted. Aadhaar holders can access these logs for grievance redressal and dispute resolution.
Also Read: Indian Government Allows Aadhaar Face Authentication for Private Entities
Strict Data Privacy and Retention Norms in Place
Emphasizing data protection, the government stated that Aadhaar-related demographic information remains encrypted both at rest and during transmission. The Aadhaar framework also enforces strict restrictions on data collection, storage, and usage to safeguard user privacy.
Three-Tier Audit System Ensures Compliance
A comprehensive three-tier audit system—comprising Self-Compliance Audit, Information Security Annual Audit, and Governance, Risk, Compliance and Privacy (GRCP) Audit—has been implemented to ensure adherence to security standards and mitigate risks within the ecosystem.
Standard operating procedures (SOPs) mandate informed consent of Aadhaar holders, restrict authentication to predefined purposes, and ensure minimal and secure data sharing. The guidelines also prohibit storage of biometric data by any entity, require use of certified devices, and enforce limited and encrypted data retention along with mandatory audit trails.
Also Read: UIDAI Releases Anonymised Aadhaar Data on Government Open Data Platform
Data Stored Exclusively Within India
The government further reiterated that Aadhaar data is stored and processed exclusively within India, with safeguards in place to prevent any breach of this requirement. "By design and architecture, the storage and processing of Aadhaar data takes place within India, and safeguards are in place to ensure that this is not breached," the official release said.
The details were shared in the Lok Sabha by Minister of State for Electronics and Information Technology Jitin Prasada on March 18, 2026.
