Aadhaar-issuing body UIDAI has issued a set of guidelines to Offline Verification Seeking Entities (OVSEs) with several usage hygiene protocols, stronger safety mechanisms at user level and ways to enhance residents’ trust while using Aadhaar voluntarily.
Notably, entities have been told to perform verification of Aadhaar after explicit consent of a Aadhaar holder. Also, entities must maintain the log or record of the explicit consent received from residents for any future audit by Unique Identification Authority of India (UIDAI) or any other legal agency.
”These entities need to be courteous to residents and assure them about the security and confidentiality of their Aadhaar while conducting offline verification,” UIDAI said in a statement.
The authority has also asked OVSEs to verify Aadhaar via the QR Code present on all four forms of Aadhaar (Aadhaar letter, e-Aadhaar, m-Aadhaar and Aadhaar PVC card) instead of accepting Aadhaar in physical or electronic form as a proof of identity.
ED raids fintech involved in illegal online betting; freezes over Rs 3 crore bank deposits
Online registration process simplifies mandatory HSRP requirement for new vehicle buyers in India
HC asks Centre to file status report on pleas seeking ban on ‘illegal’ sale of drugs online
Organisations conducting an offline verification of an Aadhaar number holder for a lawful purpose are called OVSEs.
Offline verification involves the use of the 12-digit Aadhaar for carrying out identity verification and KYC processes locally, without connecting to the Central Identities Data Repository of UIDAI.
”UIDAI has issued a set of guidelines to Offline Verification Seeking Entities (OVSEs) highlighting several usage hygiene issues, better safety mechanisms at users level, and ways to further enhance residents’ trust while using Aadhaar voluntarily for lawful purposes,” it said.
Verification entities, generally, should not collect, use or store Aadhaar number of the resident after having conducted offline verification of Aadhaar, according to UIDAI.
Post verification, if the entity finds it necessary for any reason to store a copy of Aadhaar, they must ensure that the Aadhaar number is redacted/masked and irretrievable.
Entities have been urged to ensure that no services are denied to any resident for refusing to or being unable to undergo offline verification of Aadhaar, provided the resident is able to identify himself/ herself through other viable alternatives.
”It has been underlined that OVSEs need to provide residents viable alternative means of identification in addition to Aadhaar, for rendering service,” UIDAI said.
Any Aadhaar can be verified using the QR code available on all forms of Aadhaar (Aadhaar letter, e-Aadhaar, Aadhaar PVC card, and m-Aadhaar) using mAadhaar App, or Aadhaar QR code Scanner. Tampering of Aadhaar documents can be detected by offline verification, and tampering is a punishable offence and liable for penalties under Section 35 of the Aadhaar Act, UIDAI said.
In case, they notice any misuse of information, verification entities need to inform UIDAI and the resident within 72 hours.
”UIDAI has cautioned OVSEs not to perform offline verification on behalf of any other entity or person and ensure full cooperation to the Authority or law enforcement agencies in case of any investigation involving misuse of Aadhaar,” the statement said.