The world’s largest biometric identity system is being woven deeper into daily life—even as breach history, starvation deaths, and Supreme Court warnings go unheeded

Executive Summary

In early 2026, India’s government launched a new Aadhaar app, announced Google Wallet integration, and opened the world’s largest biometric database to private sector authentication—all while the country’s data protection law remains only partially implemented and won’t reach full compliance requirements until May 2027.

This expansion comes despite a documented history of massive data breaches (including 815 million records exposed in 2023), 30 million cancelled ration cards causing documented starvation deaths, and a 2018 Supreme Court judgment that explicitly struck down private sector Aadhaar use.

For privacy advocates and policy researchers watching the global evolution of digital identity, India’s Aadhaar represents the most consequential experiment in mandatory biometric infrastructure—a template being exported to dozens of developing nations through the MOSIP platform. What happens with Aadhaar doesn’t stay in India.

This analysis examines the 2025-2026 expansion, the security breach timeline, the human cost of exclusion, the government’s financial inclusion argument, technical vulnerabilities, global comparisons, the legal framework’s gaps, and what citizens can do to protect themselves.

Key findings:

  • 815 million Indian citizens’ personal data exposed in October 2023 dark web leak- 30 million ration cards cancelled due to Aadhaar-related issues; 19 documented starvation deaths linked to biometric authentication failures- 29,000 biometric cloning fraud incidents reported in 2024- New regulatory sandbox effectively resurrects private sector Aadhaar use that Supreme Court prohibited- Data Protection Board still not operational; full DPDP Act compliance deadline: May 2027

Navigating the Digital Tide: Protecting Privacy in India’s AI-Driven Landscape

The World’s Largest Biometric Database Just Got Bigger

On January 30, 2026, India’s Unique Identification Authority of India (UIDAI) quietly expanded the reach of Aadhaar, the 12-digit biometric identity number assigned to nearly every Indian citizen. The timing was not coincidental—it came just as conversations about digital identity, privacy, and state surveillance were intensifying globally.

The new Aadhaar app, already downloaded by millions, introduces “selective disclosure” capabilities, allowing users to share only their age verification rather than their complete date of birth. At face value, this represents a privacy improvement. But privacy advocates see something else: the normalization of Aadhaar as a “visible layer of daily life” rather than a backend government tool.

More significantly, India announced plans to integrate Aadhaar with Google Wallet, discussions with Apple, and confirmation that Samsung Wallet integration is already operational. Combined with a regulatory sandbox launched in January 2025 that allows select private companies—including HyperVerge, Hero FinCorp, and Leegality—to access Aadhaar authentication, the system is rapidly expanding beyond its original welfare-distribution mandate.

The expansion follows a familiar pattern: technology deployment first, governance framework second.

“The preference seems to be to continue expansion even if unclear in terms of further risks,” said Raman Jit Singh Chima, Asia Pacific Policy Director at Access Now, in response to the latest announcements.

For those tracking India’s digital trajectory, the question is no longer whether Aadhaar will become ubiquitous—it already is—but whether any meaningful privacy guardrails will be in place before it becomes irreversible. As we’ve seen with other global digital identity systems, the governance frameworks often lag behind technological deployment.

India’s Largest Private Pharmacy Chain Exposed Customer Health Data and Internal Systems Through Critical API Vulnerability

What Is Aadhaar and Why Should the World Pay Attention?

The Numbers

Aadhaar is not just big—it operates at a scale that defies easy comparison:

MetricValueTotal Aadhaar numbers issued1.4 billionAdult population coverage99.9% (as of May 2023)Monthly authentication transactions2.5 billionData centers2 (Manesar, Bengaluru)Servers7,000Biometrics collected per person10 fingerprints, 2 iris scans, facial photograph

To put 2.5 billion monthly authentications in perspective: that’s roughly 83 million identity verifications per day, or nearly 1,000 per second, around the clock. No other identity system on Earth operates at this volume.

What Aadhaar Is Linked To

Despite the Supreme Court’s 2018 ruling that Aadhaar cannot be mandatory for bank accounts or mobile SIM cards, it has become functionally mandatory for participation in modern Indian life:

Essential services requiring Aadhaar:

  • Public Distribution System (PDS) ration cards- MGNREGA wage payments- LPG gas subsidies- Pension disbursements- Scholarships and education grants

Increasingly linked to:

  • Bank accounts (through “voluntary” but effectively required linking)- Mobile SIM cards- PAN (tax) cards- Land records- Health records (via CoWIN during COVID-19)- Employment records (EPFO provident fund)- Voter registration (Electoral Photo ID Cards)

The government’s “JAM trinity”—Jan Dhan bank accounts, Aadhaar, and Mobile—forms the backbone of India’s digital public infrastructure. The vision is elegant: direct cash transfers to any citizen’s bank account, bypassing corrupt intermediaries. The execution has been more complicated.

How Aadhaar Authentication Works

At its core, Aadhaar is a deduplication system. Each enrollment involves:

  1. Demographic collection: Name, date of birth, address, gender, mobile number, email2. Biometric capture: All 10 fingerprints, both iris scans, facial photograph3. Deduplication check: Cross-matching against 1.4 billion existing records4. 12-digit number assignment: The unique Aadhaar number

Authentication can occur through:

  • Fingerprint: Most common for in-person transactions- Iris scan: Used when fingerprint fails- OTP: One-time password sent to registered mobile- Face authentication: Added in 2018

The Central Identities Data Repository (CIDR) houses all biometric and demographic data across two mirrored data centers. This centralized architecture—all eggs in one basket—is both Aadhaar’s strength (single source of truth) and its greatest vulnerability (single point of failure).

Biometric Tracker - Privacy & Security Analysis

The 2025-2026 Expansion: What’s Actually Changing

The New Aadhaar App

Launched in early 2026, the redesigned Aadhaar app includes several new features:

Selective disclosure: Users can now share only age verification (e.g., “over 18”) rather than their full date of birth. This addresses one privacy concern while simultaneously making Aadhaar more attractive for private sector use cases like age-gated services.

Offline verification (OVSE): The new Offline Verification Secure Element framework allows identity verification without real-time database queries. A cryptographically signed file can be shared and verified locally.

QR code sharing: Enables quick Aadhaar verification via smartphone camera, reducing friction for private businesses.

The app has seen explosive growth, with downloads jumping from 2 million in October 2025 to 9 million by December 2025—a 350% increase in three months.

Wallet Integration: Aadhaar in Your Pocket

The integration with digital wallets represents a significant shift in how Aadhaar is positioned:

WalletStatusSamsung WalletAlready integratedGoogle WalletAnnounced, in developmentApple WalletIn discussions

This moves Aadhaar from a backend government tool to a consumer-facing identity layer. Privacy advocates are concerned about the precedent: once identity verification becomes frictionless, it becomes ubiquitous. And once ubiquitous, it becomes inescapable.

The Private Sector Sandbox: Section 57 Through the Back Door

Here is where the expansion becomes constitutionally problematic.

In September 2018, the Supreme Court of India explicitly struck down Section 57 of the Aadhaar Act, which had allowed private companies to use Aadhaar for authentication. The Court’s 4-1 majority held that this provision “would result in uncontrolled access of personal data to unknown agencies” and was “susceptible to commercial exploitation.”

Yet in January 2025, the Ministry of Electronics and Information Technology (MEITY) launched a regulatory sandbox allowing select private companies—including HyperVerge, Hero FinCorp, and Leegality—to access Aadhaar authentication under a “controlled” framework.

Critics see this as constitutional sleight-of-hand.

“The Supreme Court held that the government cannot issue a rule to allow what the Court has prohibited,” noted former Supreme Court Justice B.N. Srikrishna, who chaired the committee that drafted India’s original data protection bill. “A sandbox is still a rule.”

Private sector entities in sandbox (January 2025):

  • HyperVerge (identity verification AI)- Hero FinCorp (financial services)- Leegality (e-signatures and contracts)- Others (undisclosed)

Police and Hotel Integration

The expansion isn’t limited to financial services. In early 2026, Ahmedabad City Crime Branch became the first law enforcement agency to integrate Aadhaar with PATHIK, a guest-monitoring platform for hotels. This means that when you check into a hotel in Ahmedabad, your Aadhaar verification creates a record accessible to police.

“Consent is often illusory in such power-asymmetric contexts,” warned Shruti Narayan and John Simte of the Rethink Aadhaar campaign. “What choice does a hotel guest have but to comply? What choice does a prospective tenant? An employee?”

The PATHIK integration exemplifies how Aadhaar enables not just identity verification but also location tracking—a capability the Supreme Court explicitly warned against when it struck down Section 2(d) of the Act as “conducive to surveillance state.”

Security Breach History: A Pattern of Exposure

Aadhaar’s proponents argue that the biometric core (the CIDR) has never been breached. This is technically accurate but deeply misleading—like a bank claiming its vault was never robbed while ignoring that customer account information was repeatedly stolen from branch offices.

The Complete Breach Timeline (2017-2024)

DateIncidentRecords AffectedHow It HappenedAug 2017 - Jan 2018Avast security report~1.1 billion records vulnerableUnsecured government portalsJan 2018Tribune investigationFull database accessCredentials sold via WhatsApp for Rs 500 ($7)Jan 2018Indane (LPG) system exposureAll linked recordsUnprotected public-facing system2019PM Kisan farmer databaseUnknownDark web listing2022Multiple government portal leaksVariousUnpatched vulnerabilitiesJun 2023CoWIN vaccine portalWidespreadTelegram bot providing records on demandOct 2023Dark web mass exposure815 million records****Resecurity research discoveryJul 2024AEPS biometric cloning fraud29,000 individual casesSilicone fingerprint clones2024State government portal exposureUnknownInadequate access controls

McDonald’s India Hit by Everest Ransomware: 861GB of Customer Data Exposed in Escalating Campaign

The 815 Million Record Breach: What We Know

In October 2023, cybersecurity firm Resecurity discovered personal data of 815 million Indians available for sale on dark web forums. The dataset included:

  • Full names- Aadhaar numbers- Passport information- Phone numbers- Addresses

The World Economic Forum’s Global Risk Report subsequently cited this as the largest data breach in history. While UIDAI maintained that biometric data in the CIDR was not compromised, the leak demonstrated that the surrounding ecosystem of linked databases—the very integration that makes Aadhaar useful—is riddled with vulnerabilities.

The data remains available for purchase. There is no mechanism to “change” a compromised Aadhaar number as you might change a compromised password.

The Rs 500 WhatsApp Scandal

In January 2018, The Tribune newspaper conducted an investigation that exposed the casual availability of Aadhaar data. For Rs 500 (approximately $7), reporters were able to purchase login credentials from unauthorized agents that provided:

  • Access to any Aadhaar number in the system- Ability to print Aadhaar cards- Demographic and biometric data

UIDAI’s response was to file a criminal complaint against The Tribune journalists rather than address the access control failures.

The 2022 CAG Report

India’s Comptroller and Auditor General (CAG) conducted an audit of UIDAI’s security practices in 2022. The findings were not encouraging:

  • UIDAI failed to meet certain compliance standards- Audit trail mechanisms were inadequate- Access control policies were inconsistently applied- Third-party integration security was not systematically verified

The report’s existence is publicly known; its full contents remain restricted.

Biometric Cloning: The Irreversible Compromise

Perhaps most alarming is the emerging trend of biometric cloning fraud. In July 2024, authorities reported approximately 29,000 incidents of Aadhaar Enabled Payment System (AEPS) fraud involving silicone fingerprint clones.

Unlike passwords, biometrics cannot be reset. As Justice D.Y. Chandrachud wrote in his 2018 dissent:

“Once a biometric system is compromised, it is compromised forever.”

When a criminal obtains your fingerprint, you cannot change it. When 29,000 fingerprints are cloned in a single year, 29,000 people face a lifetime of potential identity fraud with no recourse.

Privacy Concerns from Critics: “A Commercialized Era of Surveillance”

The concerns about Aadhaar extend far beyond data breaches. They touch on fundamental questions about state power, consent, and the right to live without being perpetually identified.

Electronic Frontier Foundation (2017)

The EFF characterized Aadhaar as “ushering in a commercialized era of surveillance” in India. Their analysis highlighted:

  • Commercial exploitation: Private companies using authentication data for customer profiling- Function creep: Original welfare-focused mandate expanding into all aspects of life- Power asymmetry: Citizens unable to opt out of a “voluntary” system- Surveillance potential: Transaction logs enabling movement and behavior tracking

“The concern is not just government surveillance,” EFF noted. “It’s that Aadhaar creates infrastructure for surveillance that can be exploited by commercial entities, criminal actors, and future governments whose intentions we cannot predict.”

Access Now: Expansion Before Protection

Raman Jit Singh Chima, Access Now’s Asia Pacific Policy Director, has been consistently critical of Aadhaar’s expansion timeline:

“The expansion is being pushed through before the Data Protection Board is even established. The preference seems to be to continue expansion even if unclear in terms of further risks.”

Access Now’s concerns center on:

  • Rollout of new capabilities before regulatory oversight exists- Lack of independent auditing of security practices- No mechanism for affected citizens to seek redress- Absence of meaningful consent in mandatory-in-practice systems

SFLC.in: Disenfranchisement Disguised as Empowerment

The Software Freedom Law Center of India (SFLC.in) has tracked Aadhaar’s implementation through a legal lens. Prasanth Sugathan, their Legal Director, notes the gap between Aadhaar’s empowerment narrative and ground-level reality:

“Aadhaar is framed as an ‘empowerment’ tool but fails to address database inaccuracies, security lapses, and poor redress mechanisms. Such issues can often result in disenfranchisement of people, especially those who were meant to be benefited.”

The cruel irony is that Aadhaar’s failures fall hardest on the populations it was designed to help: rural poor, elderly citizens, manual laborers, and marginalized communities.

The Rethink Aadhaar campaign, led by researchers Shruti Narayan and John Simte, focuses on the illusory nature of consent in Aadhaar systems:

“Consent is often illusory in power-asymmetric contexts. What choice does a hotel guest have but to comply? What choice does a prospective tenant? An employee? A student seeking admission? The framework assumes equal bargaining power that simply does not exist.”

Their warning about “Aadhaar creep”—the normalization of surveillance through gradual expansion—has proven prescient. Each new integration (hotels, wallets, employers) makes the next one seem less controversial.

Academic Research: “A Failure to Do No Harm”

A 2017 study published in Health Technology and indexed by the National Institutes of Health examined Aadhaar through a medical ethics lens. Their title captures the finding: “A Failure to ‘Do No Harm.’”

The study concluded that India lacks a comprehensive data protection framework comparable to the EU’s GDPR, creating systematic risk of harm to data subjects. The authors noted that Aadhaar’s designers prioritized efficiency over the precautionary principle—implementing first, studying consequences later. Similar concerns about biometric database construction without adequate privacy frameworks have emerged in other countries, including Australia’s National Driver License Facial Recognition Scheme.

Institute of Chinese Studies: Blurred Democratic Boundaries

Perhaps the most provocative academic comparison comes from research published in the International Journal of Communication. Scholars examining Aadhaar alongside China’s Social Credit System found “blurred boundaries between democracy and authoritarianism when it comes to social control.”

While Aadhaar operates within a democratic legal framework (however stressed) and Social Credit operates within an authoritarian one, both systems share:

  • Centralized identity infrastructure- Government access to granular behavioral data- Limited meaningful consent- Potential for function creep- Weak accountability mechanisms

The comparison is uncomfortable but illuminating. The technology is similar; only the governance differs.

The Human Cost: 30 Million Cards, 19 Deaths

Abstract discussions of privacy rights become viscerally concrete when people die because a fingerprint scanner didn’t recognize their weathered hands.

The Exclusion Crisis

In 2021, data submitted to the Supreme Court of India revealed that 3 crore (30 million) ration cards had been cancelled due to Aadhaar linking and biometric authentication failures. These cards represent families’ access to the Public Distribution System—subsidized rice, wheat, sugar, and other essentials that keep India’s poor alive.

The cancellations occurred because:

  • Names were struck as “ghosts” for non-linkage to Aadhaar- Biometric mismatches caused authentication failures- “Seeding” failures (linking ration card to Aadhaar) weren’t completed- Database errors corrupted records- Connectivity failures in rural areas prevented verification

Documented Starvation Deaths

The Right to Food Campaign, a coalition of civil society organizations, documented 57 starvation deaths across 9 Indian states between 2015 and 2019. Of these, 19 deaths were directly linked to Aadhaar-related exclusion from the public distribution system.

The pattern is consistent: a family is denied rations for weeks or months due to biometric authentication failure or Aadhaar non-linkage. They cannot navigate the bureaucratic process to resolve the issue. They run out of food. Someone dies.

Children’s Privacy Laws Tracker - 95+ US & International Laws

Case Study: Santoshi Kumari, Age 11

In September 2017, Santoshi Kumari, an 11-year-old Dalit girl, died of starvation in Simdega district, Jharkhand. Her family had been denied rations for six months because their ration card was not linked to Aadhaar.

According to witnesses and reporting by Scroll.in, Santoshi’s last words to her mother were: “Mujhe bhaat dila do” (Give me some rice).

The death sparked national outrage and became a symbol of Aadhaar’s human cost. The Jharkhand government initially denied any connection to Aadhaar. Later, they acknowledged that the family’s ration card had been “struck off” due to non-linkage.

Case Study: Ruplal Marandi, Age 60

In August 2017, Ruplal Marandi, a 60-year-old Adivasi man, died in Giridih district, Jharkhand, after his family was denied rations for two months. The reason: biometric authentication failure. His aged fingers, worn from decades of manual labor, could not be read by the fingerprint scanner.

Marandi’s death illustrated a cruel irony: the manual laborers most dependent on food subsidies are precisely those most likely to have fingerprints that biometric systems cannot read.

Who Dies: A Demographic Pattern

Analysis of the Right to Food Campaign’s documented deaths reveals a disturbing pattern:

  • 23 of 57 victims were Dalits (formerly “untouchables”)- Significant number were Adivasis (indigenous tribal people)- Elderly and manual laborers were disproportionately represented- Rural populations with connectivity issues were more affected

The people dying are not random. They are members of India’s most marginalized communities—precisely the populations Aadhaar was designed to serve.

Root Causes of Exclusion

The technical causes of Aadhaar-related exclusion are well-documented:

  1. Fingerprint quality degradation: Manual laborers, elderly citizens, and those with skin conditions often have fingerprints that biometric scanners cannot read accurately.2. Connectivity failures: Rural areas with poor internet connectivity cannot complete real-time Aadhaar verification, even when biometrics work correctly.3. Seeding failures: The process of linking existing ration cards to Aadhaar numbers is error-prone, with data entry mistakes corrupting records.4. Name mismatch: Minor spelling variations between documents (common in languages transliterated to English) cause automatic rejection.5. Ghost beneficiary removal: Legitimate beneficiaries are incorrectly flagged as “duplicates” or “ghosts” and removed from rolls.

Government Response: The Gap Between Policy and Practice

In response to starvation deaths, the central government issued directives prohibiting denial of services for non-Aadhaar or authentication failure. The policy is clear: no one should be denied rations because of Aadhaar.

In practice, ground-level implementation continues mandatory enforcement. Point-of-sale device operators—often barely literate villagers given minimal training—follow the machine. If the machine says “authentication failed,” they deny rations. They are not aware of exception procedures. Often, exception procedures do not functionally exist.

Justice Chandrachud’s 2018 dissent anticipated this gap:

“Denial of benefits arising out of any social security scheme… based on technological errors, with no fault of the individual, is a violation of dignity.”

The violation continues.

The Government’s Case: $32 Billion in Savings

It would be intellectually dishonest to discuss Aadhaar without acknowledging the government’s arguments and the genuine benefits the system has delivered.

Direct Benefit Transfer Savings

The government claims that Aadhaar-enabled Direct Benefit Transfer (DBT) has saved over Rs 2.7 trillion (approximately $32 billion) through:

  • Elimination of duplicate beneficiaries- Removal of “ghost” recipients- Reduced leakage through intermediary corruption- More efficient targeting of subsidies

The LPG subsidy program (PAHAL) alone reportedly showed a 24% reduction in subsidized LPG sales after Aadhaar linking, translating to approximately $2 billion in savings.

Financial Inclusion

Aadhaar enabled the opening of over 500 million Jan Dhan bank accounts, bringing millions of previously unbanked Indians into the formal financial system. For people who previously had no identity documentation whatsoever—and therefore could not open bank accounts, access credit, or participate in the formal economy—Aadhaar provided a pathway to economic citizenship.

The Asian Development Bank has called DBT a “game-changer for financial inclusion.”

The Efficiency Argument

At its core, the government’s case is utilitarian: aggregate efficiency gains justify individual costs. By eliminating intermediaries, reducing fraud, and enabling targeted delivery, Aadhaar allows welfare spending to reach more genuine beneficiaries.

This argument has appeal. Corruption in India’s welfare system was endemic. Food grains rotted in warehouses while intended recipients went hungry because local officials diverted supplies. Cash meant for the poor lined the pockets of middlemen.

Aadhaar promised to fix this. In many cases, it has.

The Tension: Aggregate vs. Individual

The fundamental tension is between aggregate efficiency and individual rights. A system that saves $32 billion while contributing to 19 documented starvation deaths presents a utilitarian calculus: is the trade-off acceptable?

Privacy advocates argue that framing the question this way misses the point. Rights are not subject to cost-benefit analysis. A single wrongful death is not an acceptable “error rate.” And the people bearing the costs (marginalized, rural, elderly) are not the same people capturing the benefits (urban, middle-class, tech-savvy).

Moreover, critics question the savings figures themselves. Some studies suggest that “ghost removal” included legitimate beneficiaries with data errors—people whose “savings” represented benefits wrongly denied rather than fraud prevented.

Technical Vulnerabilities: The Architecture of Risk

Aadhaar’s technical architecture creates systematic vulnerabilities that cannot be eliminated without fundamental redesign.

Centralized Single Point of Failure

The Central Identities Data Repository (CIDR) houses all 1.4 billion records across two data centers in Manesar (Haryana) and Bengaluru, running on approximately 7,000 servers. This centralized architecture means:

  • A single breach exposes everyone: Unlike federated systems, there is no compartmentalization- The target is known: Attackers have a clear, high-value destination- Scaling attacks are easier: Once in, lateral movement affects all records

The Third-Party Integration Problem

UIDAI can (and does) claim that the biometric core has never been breached. But Aadhaar’s value comes from integration—linking to banks, welfare programs, health records, and now private companies. Each integration creates a new attack surface.

The breaches documented above came primarily through:

  • Government portals with weak security (PM Kisan, CoWIN, NSAP)- Utility companies with unprotected systems (Indane)- State government implementations- Unauthorized agents with legitimate credentials

UIDAI has no control over these third-party systems. It cannot enforce security standards on state governments, utility companies, or private businesses. Yet all of them access Aadhaar data.

API Security Gaps

The various APIs enabling Aadhaar authentication have been repeatedly exploited:

  • eKYC API data used for commercial purposes beyond stated intent- Verification APIs accessed by unauthorized parties- Transaction logs captured by intermediaries

A 2018 study found that UIDAI blocked 5,000 officials from the portal after reports of unauthorized usage—indicating that even authorized access was being abused.

Biometric Irreversibility

As noted earlier, the most fundamental vulnerability is philosophical: biometrics cannot be changed.

When the 29,000 AEPS fraud incidents involved silicone fingerprints cloned from compromised biometric data, the victims had no recourse. They cannot change their fingerprints. They cannot issue new iris scans. Their identity is permanently compromised.

This creates an asymmetric timeline risk. A breach today affects victims for life. A sophisticated attacker might collect biometric data now and exploit it decades later.

Data Retention Ambiguity

The Supreme Court struck down Regulation 27, which allowed 5-year retention of authentication transaction logs, ruling that retention beyond 6 months was impermissible. The Court recognized that transaction logs—recording when and where authentication occurred—could enable movement tracking and behavioral surveillance.

Enforcement of this ruling remains unclear. There is no public audit confirming that UIDAI has actually purged historical transaction logs. The data may still exist.

Global Comparison: India Is Not Alone

Aadhaar exists within a global context of digital identity development. Comparing systems illuminates what is unique about India’s approach—and what lessons apply universally.

The Global Digital ID Landscape

SystemCountry/RegionScaleBiometricsPrivacy ModelAadhaarIndia1.4 billionFingerprints, iris, faceCentralized, weak protectionEU Digital Identity Wallet (EUDI)European Union450 million (planned)OptionalDecentralized, GDPR-protectedSocial Credit SystemChina1.4 billionFacial recognition, biometricsState surveillanceNational Cyberspace IDChina (2025)TBDLinked to existing IDCentralized, no transparencyREAL IDUnited States~260 millionPhoto onlyFederated (state-issued)SingPassSingapore5.7 millionFace verificationCentralized, high governance

EU EUDI Wallet: The Privacy-First Alternative

The European Union’s approach to digital identity, expected to roll out from 2026, represents a deliberate counter-model to Aadhaar:

Key differences:

  • Decentralized architecture: Users control their own credentials; no central biometric database- Selective disclosure by design: Share only necessary attributes (e.g., “over 18” without birthdate)- GDPR protection: Subject to world’s strongest data protection regulation- eIDAS 2.0 framework: Privacy-by-design mandated by law- No biometric requirement: Optional, not mandatory

The EU explicitly rejected centralized biometric databases after studying Aadhaar’s implementation. European regulators concluded that the efficiency gains did not justify the privacy and security risks.

China: The Surveillance Extreme

China’s Social Credit System and emerging National Cyberspace ID represent the opposite extreme—identity infrastructure explicitly designed for state surveillance without independent judicial review.

While Aadhaar operates within a democratic legal framework (however stressed), researchers have noted “blurred boundaries between democracy and authoritarianism when it comes to social control” between the systems. The technology is similar; the governance differs.

Shared characteristics:

  • Centralized identity infrastructure- Government access to granular behavioral data- Limited meaningful consent- Potential for function creep- Weak accountability mechanisms

The comparison is uncomfortable for Indian officials who emphasize Aadhaar’s democratic governance. But the technical capabilities are similar, and technical capabilities can outlast governance frameworks.

United States: The Federated Model

The U.S. REAL ID program takes a deliberately fragmented approach:

  • State-issued credentials with federal standards- No central biometric database beyond photographs- No mandatory linking to benefits or services- No universal identifier number

This approach has its own problems (inconsistency, interoperability issues), but it avoids the single-point-of-failure risk inherent in Aadhaar.

Singapore: High Governance, Small Scale

Singapore’s SingPass demonstrates that centralized digital identity can work with strong governance—but at a scale of 5.7 million rather than 1.4 billion, in a high-trust society with exceptional rule of law.

Whether Singapore’s model could scale to India’s complexity is doubtful.

MOSIP: Exporting the Model

Perhaps most concerning for global privacy is MOSIP—the Modular Open Source Identity Platform—based on Aadhaar’s architecture and being adopted by the Philippines, Morocco, Ethiopia, Guinea, and other developing nations.

India is positioning itself as a digital public infrastructure exporter. Countries adopting MOSIP technology often lack the governance frameworks, judicial independence, and civil society capacity that provide whatever guardrails exist on Aadhaar.

The risk: replicating Aadhaar’s vulnerabilities without replicating even its limited protections.

India’s legal framework for Aadhaar is simultaneously robust in principle and weak in practice.

Puttaswamy v. Union of India (2017): Right to Privacy

In August 2017, a nine-judge bench of the Supreme Court unanimously held that the Right to Privacy is a fundamental right under Article 21 of the Constitution. This landmark ruling established a three-fold test for any restriction on privacy:

  1. Legality: Must be backed by law2. Legitimate state aim: Must serve a legitimate government purpose3. Proportionality: Means must be proportionate to the ends

The Puttaswamy judgment provided the constitutional framework for evaluating Aadhaar—and found the system partially wanting.

The 2018 Aadhaar Judgment: What Was Upheld and Struck Down

In September 2018, a five-judge Constitution Bench delivered a 4-1 majority judgment on Aadhaar’s constitutional validity:

Upheld:

  • Constitutional validity of the Aadhaar Act overall- Section 7: Mandatory Aadhaar for government subsidies and benefits- Aadhaar-PAN linking for income tax purposes

Struck Down:

  • Section 57: Private sector use of Aadhaar authentication- Section 33(2): Disclosure in the interest of “national security” (overbroad)- Regulation 27: 5-year data retention (reduced to 6 months maximum)- Section 2(d): Metadata collection provisions (conducive to surveillance state)- Bank account and SIM card linking (no legislative backing)

The Court explicitly prohibited private companies from using Aadhaar authentication. The January 2025 sandbox reopening this access raises serious constitutional questions.

Justice Chandrachud’s Dissent: The Prophetic Warning

Justice D.Y. Chandrachud (now Chief Justice of India) was the lone dissenter, finding the entire Aadhaar framework unconstitutional. His dissent has proven prophetic:

On biometric irreversibility:

“Once a biometric system is compromised, it is compromised forever.”

On surveillance potential:

“The architecture of Aadhaar is capable of enabling a surveillance state.”

On money bill passage (bypassing the Rajya Sabha):

“The passage of the Aadhaar Act as a Money Bill represents a debasement of a constitutional institution.”

On exclusion:

“Denial of benefits arising out of any social security scheme… based on technological errors, with no fault of the individual, is a violation of dignity.”

Every concern Justice Chandrachud raised in 2018 has materialized.

Digital Personal Data Protection Act 2023: Too Little, Too Late?

The Digital Personal Data Protection Act (DPDP), passed in August 2023, represents India’s first comprehensive data protection legislation. Unlike jurisdictions with established biometric privacy regulations such as Illinois’ BIPA or Texas’ CUBI Act, India’s framework is still being implemented. However:

Implementation timeline:

  • Data Protection Board provisions: November 2025- Full compliance required: May 13, 2027

Concerning provisions:

  • Broad exemptions for “State” processing without consent (sovereignty, security, public order)- Does not distinguish between personal and sensitive personal data (unlike GDPR)- No right to data portability- Weaker consent requirements

Critical gap: The expansion of Aadhaar to private sector (January 2025) and new app capabilities (January 2026) is occurring during a governance vacuum—after the 2018 judgment struck down private use, but before the Data Protection Board is operational.

Justice B.N. Srikrishna’s Warning

Justice B.N. Srikrishna, who chaired the committee that drafted the original data protection bill, has repeatedly warned about the DPDP Act’s weaknesses:

“The current version could turn India into an Orwellian State.”

He specifically criticized the broad government exemptions and noted that the Act was substantially weakened from his committee’s original draft.

What Other Countries Are Learning from India

India’s Aadhaar experiment provides lessons—both positive and cautionary—for the global development of digital identity systems.

Lessons on What Works

Digital public infrastructure can deliver at scale: Whatever its flaws, Aadhaar demonstrates that a developing nation can build and operate sophisticated digital infrastructure serving a billion-plus population.

Direct benefit transfer reduces intermediary corruption: The DBT mechanism has genuinely reduced leakage in welfare systems, even if the savings figures are contested.

Biometric deduplication addresses identity fraud: For populations without reliable civil registration, biometrics provide a mechanism to establish unique identity.

Lessons on What Fails

Centralization creates unacceptable risk: The single-point-of-failure architecture has been repeatedly exploited. Decentralized or federated models may sacrifice some efficiency for substantially better security.

Technology before governance fails the vulnerable: Deploying identity systems before privacy protections are in place creates irreversible harm to those least able to protect themselves.

“Voluntary” becomes mandatory: Without strong legal protections, optional identity systems become de facto mandatory through network effects and institutional pressure.

Consent is contextual: In power-asymmetric situations (employer-employee, landlord-tenant, state-citizen), meaningful consent is impossible.

Biometric compromise is permanent: Unlike passwords, biometric identifiers cannot be changed. Systems relying on biometrics must assume permanent compromise risk.

The MOSIP Question

As MOSIP-based systems spread to the Philippines, Morocco, Ethiopia, and beyond, a critical question emerges: are adopting countries learning both the positive and negative lessons?

Early indications suggest that the technology is being adopted faster than the governance frameworks. Countries seeking India’s digital infrastructure efficiency may inherit India’s privacy vulnerabilities without India’s (limited) democratic accountability.

Your Rights: What Can Citizens Do?

For Indian citizens concerned about Aadhaar’s reach, options are limited but not nonexistent.

Know What’s Linked

UIDAI provides mechanisms to check which services are linked to your Aadhaar:

  • Aadhaar authentication history: Check at resident.uidai.gov.in- Linked bank accounts: Verify through NPCI BHIM app- Linked mobile numbers: Check through UIDAI portal

Lock Your Biometrics

UIDAI allows temporary locking of biometric authentication:

  • Lock via UIDAI website or mAadhaar app- Prevents fingerprint/iris authentication until unlocked- OTP authentication remains available

This provides protection if you suspect biometric compromise.

Use Virtual ID

Since 2018, UIDAI offers a Virtual ID (VID) system:

  • 16-digit temporary number maps to your Aadhaar- Can be regenerated at will- Limits exposure of actual Aadhaar number

In practice, many agencies still demand actual Aadhaar numbers, making VID less useful than intended.

Under the 2018 Supreme Court judgment:

  • Aadhaar cannot be mandatory for bank accounts (though it often is in practice)- Aadhaar cannot be mandatory for mobile SIM cards- Aadhaar cannot be required by private companies (despite the sandbox)- Schools cannot mandate Aadhaar for admission (per Court order)

Document any denial of services based solely on Aadhaar non-availability. Such denials may be legally actionable.

Support Civil Society

Organizations working on Aadhaar accountability include:

  • Internet Freedom Foundation (IFF)- Software Freedom Law Center (SFLC.in)- Rethink Aadhaar- Access Now

These organizations engage in legal advocacy, documentation, and public education.

Under DPDP Act (When Operational)

Once fully implemented (May 2027), the DPDP Act will provide:

  • Right to correction of inaccurate data- Right to erasure in certain circumstances- Right to grievance redressal through Data Protection Board- Right to withdraw consent

However, broad government exemptions may limit these rights in practice.

Conclusion: Is This the Future of National Identity?

India’s Aadhaar represents the world’s most ambitious experiment in mandatory biometric identity. Its scale—1.4 billion enrolled, 2.5 billion monthly authentications—is unprecedented. Its integration into daily life—from ration cards to Google Wallet—is accelerating. Its export through MOSIP to developing nations worldwide is expanding.

The question is not whether digital identity systems are coming. They are. The question is what form they take.

The Spectrum of Possibilities

At one extreme lies the EU model: decentralized, privacy-by-design, GDPR-protected, with user control over data disclosure. At the other extreme lies China: centralized, surveillance-oriented, with no independent oversight.

India occupies an uncomfortable middle ground. Aadhaar has the technical capabilities for surveillance without the consistent governance to prevent abuse. It operates within a democratic framework that has not consistently protected citizens from technological overreach. It delivers genuine benefits to hundreds of millions while failing, sometimes fatally, the most vulnerable.

The 2025-2026 Expansion: A Critical Juncture

The current expansion—new app, wallet integration, private sector sandbox—comes at a particularly concerning moment:

  • 815 million records already exposed and available on dark web- Data Protection Board not yet operational- DPDP Act full compliance not required until May 2027- Supreme Court prohibition on private use being circumvented via sandbox

The government is doubling down on integration before putting guardrails in place. This is the same pattern—technology first, governance second—that produced the breaches, the exclusion, and the deaths documented in this article.

What Happens Next

Several scenarios are possible:

Scenario 1: Muddle Through The most likely outcome: continued expansion with periodic scandals, modest governance improvements, persistent vulnerability. This satisfies neither privacy advocates nor efficiency maximalists but maintains political equilibrium.

Scenario 2: Governance Catch-Up Less likely but possible: the Data Protection Board becomes operational and effective, enforces meaningful restrictions on data access, and creates accountability mechanisms. Private sector sandbox is regulated rather than rubber-stamped.

Scenario 3: Catastrophic Breach A breach affecting not just demographic data but biometric cores—fingerprints, iris scans—affecting hundreds of millions of citizens irreversibly. This could trigger fundamental reconsideration of centralized architecture, or it could be normalized like previous breaches.

Scenario 4: Export of Vulnerability MOSIP-based systems in Philippines, Morocco, Ethiopia, and others experience breaches, exclusion crises, or surveillance abuse without the civil society capacity to push back. India’s Aadhaar template becomes global template for digital ID failure.

The Privacy Advocate’s View

For those who believe that privacy is a fundamental right—not a privilege to be traded for efficiency—Aadhaar represents a warning.

It demonstrates that in the competition between state capacity and individual privacy, technological capability tends to win. It shows that “voluntary” systems become mandatory through network effects. It proves that marginalized populations bear the costs of “efficient” systems. And it reveals that democratic governance alone is insufficient to protect rights when technology moves faster than institutions.

The question for other nations watching India is simple: do you want this future?

And for India’s 1.4 billion citizens, the question is more urgent: can the future be changed before the present becomes irreversible?

Key Takeaways

  1. Scale without precedent: Aadhaar is the world’s largest biometric database, processing 2.5 billion authentications monthly for 1.4 billion enrolled citizens.2. Expansion despite failures: The 2025-2026 expansion (new app, wallet integration, private sector sandbox) is proceeding despite 815 million records exposed in 2023 and documented starvation deaths.3. Human cost is real: 30 million ration cards cancelled; 19 documented deaths linked to Aadhaar authentication failures.4. Legal framework is stressed: Private sector sandbox appears to circumvent 2018 Supreme Court prohibition; DPDP Act not fully operational until May 2027.5. Biometrics are forever: Unlike passwords, compromised fingerprints and iris scans cannot be changed. 29,000 biometric cloning fraud incidents in 2024 represent permanent identity compromise.6. Global template in formation: MOSIP is exporting Aadhaar’s architecture to developing nations, potentially spreading vulnerabilities faster than governance frameworks.7. Citizens have limited options: Biometric lock, Virtual ID, and documentation of rights violations are available but insufficient against systemic issues.

Sources

  1. TechCrunch - “India makes Aadhaar more ubiquitous, but critics say privacy concerns remain” (February 2026)2. The Hindu - “How the personal data of 815 million Indians got breached” (November 2023)3. Resecurity - Dark web research findings (October 2023)4. Supreme Court Observer - Aadhaar judgment analysis5. Right to Food Campaign - Starvation death documentation (2015-2019)6. Electronic Frontier Foundation - “Aadhaar: Ushering in a Commercialized Era of Surveillance” (2017)7. Access Now - Policy analysis and statements8. SFLC.in - Legal documentation and advocacy9. Rethink Aadhaar - Exclusion testimonials and research10. PMC/NIH - “A Failure to ‘Do No Harm’” study11. Institute of Chinese Studies - Comparative analysis of Aadhaar and Social Credit System12. Scroll.in - Santoshi Kumari case documentation13. Indian Express - Ration card cancellation data14. Economic Times - Private sector Aadhaar access analysis15. UIDAI - Official statistics and dashboard16. Digital Personal Data Protection Act 2023 - Legal text