New Aadhaar Law In The Works To Align With Data Privacy Law

As India moves closer to implementing the Digital Personal Data Protection (DPDP) Act, 2023, a major revamp of the Aadhaar law is on the horizon.

The Unique Identification Authority of India (UIDAI) is preparing to replace the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, with a new law that aligns with emerging privacy standards.

“Need A New Law, Not Just An Amendment”

Bhuvnesh Kumar, the newly appointed UIDAI CEO, confirmed that the process for drafting a fresh Aadhaar legislation is now underway. In his first media interview since assuming office on January 3, Kumar emphasized the need for a law that reflects present-day privacy principles.

“Just an amendment won’t be sufficient—we need a new law to bring Aadhaar up to speed with the Digital Personal Data Protection Act,” Kumar said.

He noted that the current Aadhaar Act, enacted in 2016, predates the DPDP Act and imposes limitations that restrict its broader utility beyond welfare and subsidy delivery.

Expanding Aadhaar’s Scope

With over 1.41 billion registered users and 75,000 new applications received daily, Aadhaar is India’s most-used identification system. UIDAI now aims to extend Aadhaar’s use beyond government services to sectors like hospitality, finance, and e-commerce, while tightening safeguards against misuse.

“We are expanding the scope of Aadhaar’s use in businesses while minimizing risks of identity misuse,” Kumar stated.

UIDAI is also developing a new Aadhaar app that allows identity verification without internet access, enabling QR-based verification even in remote areas. This technology, he said, could support use cases like verifying parental consent for minors on digital platforms—an upcoming requirement under the DPDP Act.

Privacy, Security, and Public Consultation

To prevent misuse and enhance transparency, UIDAI plans to roll out a secure data-sharing mechanism that businesses can subscribe to. This will enable automated identity verification without human involvement, thereby reducing the risk of document leaks or misuse.

Kumar stressed that Aadhaar verification is already highly secure:

“The only time we share data is during e-KYC requests. Aadhaar is the only document that can be verified via a mobile phone, without internet or specialized devices.”

On data privacy, he confirmed that any challenges related to data retention can be escalated to the Data Protection Board, as per the new privacy law.

Policy experts, however, are calling for inclusive and transparent lawmaking.
Isha Suri, research lead at the Centre for Internet and Society, emphasized the need for a comprehensive public consultation process involving civil society and the private sector.

Tackling Digital Forgery

Raising concerns about the misuse of AI tools to create Aadhaar lookalikes, Kumar assured that such forgeries cannot bypass biometric verification.

“AI can create lookalike images, but without biometric data, generating an Aadhaar is impossible,” he said.

A Timely Overhaul

Union IT Minister Ashwini Vaishnaw had recently backed the need for a new Aadhaar law, calling for it to be “harmonized vis-à-vis the DPDP Act, keeping human interest at the centre.”

With UIDAI pushing for a law that strengthens security, enables consent-based use, and broadens Aadhaar’s scope, stakeholders believe the overhaul is both timely and necessary—provided it’s backed by robust checks, public input, and digital safeguards.

Read More: Supreme Court, Delhi High Court, States High Court, International