India Expands Aadhaar Authentication for Businesses: Privacy Concerns and New Amendments

India has just made a major change to its Aadhaar authentication system, allowing businesses from various sectors to use this biometric-based verification service for their customers. But while the move has potential benefits, it also raises serious privacy concerns. Let’s dive into what’s changed, why it’s controversial, and what it means for you.

What’s New in the Aadhaar Authentication Amendment?

On February 3, 2025, the Ministry of Electronics and Information Technology (MeitY) introduced the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025. These updated rules are designed to make Aadhaar authentication available to a broader range of entities, including businesses in sectors like e-commerce, healthcare, travel, and hospitality.

The aim is to enhance the scope and utility of Aadhaar authentication and improve service delivery for both public and private sectors. This is a major shift from the previous restrictions, which limited Aadhaar authentication primarily to banking and telecommunications.

You can read more about the changes directly on the official PIB press release and details from MeitY.

Why the Expansion Matters

The Growth of Aadhaar Transactions

In case you weren’t aware, Aadhaar transactions have exploded in recent months. January 2025 alone saw 129.93 billion transactions, a huge jump from 109.13 billion just the previous year. This is a sign of how deeply integrated Aadhaar has become in India’s digital ecosystem, from banking to government services.

Banks like State Bank of India, Punjab National Bank, and Bank of Baroda are already using Aadhaar-based authentication for a variety of services, and the number of entities using the system is only set to grow. For more details on transaction numbers, check out the UIDAI dashboard.

What Does This Mean for Businesses?

The new rules mean businesses, including those in e-commerce, healthcare, and travel, can now leverage Aadhaar authentication for customer verification. This opens up many opportunities, especially for online services that require identity verification, like booking tickets or accessing health services.

But that also means more private companies will be handling sensitive biometric data, which brings us to the next big issue: privacy.

Privacy Concerns: Are We Opening the Door to Misuse?

Here’s where things get tricky. While the idea of streamlining services using Aadhaar makes sense, the more people (especially private companies) have access to biometric data, the higher the risks of misuse. This has led to significant concerns from privacy advocates.

Is Aadhaar Really Safe?

Aadhaar authentication relies on biometric data—like fingerprints, iris scans, and facial recognition—which makes it incredibly sensitive. If businesses start using Aadhaar for customer verification without clear safeguards, there could be risks of data breaches or misuse.

Plus, the amendment doesn’t provide clear guidelines on how businesses and government agencies will protect this sensitive information. The Indian government needs to outline stricter regulations to prevent unauthorized access and ensure data security.

To dive deeper into this, check out this The Hindu article.

The Issue of Exclusion

Another important concern is exclusion. Not everyone has Aadhaar, and some people may not want to use it for online services. When you link digital services to something as sensitive as a national ID system, you risk excluding people who either don’t have access to Aadhaar or feel uncomfortable sharing their biometric data.

Sidharth Deb, an expert in public policy, has pointed out that this raises questions about voluntary consent. If accessing services becomes too reliant on Aadhaar, those who prefer not to share their data could find themselves left behind.

What Do Experts Think About the New Rules?

Experts are not exactly thrilled about the expansion of Aadhaar’s scope. Kamesh Shekar, a digital governance expert, says the government needs to be more transparent about the criteria for approving companies that want to use Aadhaar authentication. There’s a lot of concern that without transparency, the system could be misused, as it has already been flagged by the Supreme Court.

The Legal Landscape: A Quick Overview

If you’re wondering whether this expansion is even legal, the answer is complicated. In 2018, the Supreme Court struck down Section 57 of the Aadhaar Act, which had allowed private entities to use Aadhaar for identifying individuals. While the government later amended the Aadhaar Act in 2019 to make authentication voluntary, some still feel the 2025 amendment is essentially trying to reintroduce what was previously struck down.

You can read more about the legal battle and ongoing updates in the Supreme Court case.

The Way Forward: What Needs to Happen?

At this point, India’s government must take clear steps to balance innovation with privacy protection. Expanding Aadhaar authentication services can help improve digital services, but without proper safeguards, it could lead to problems.

If businesses are going to use Aadhaar for customer verification, they must ensure the highest level of data protection. Also, the UIDAI and MeitY need to be much clearer about the rules governing who can access Aadhaar data and for what purposes.

Final Thoughts: Should You Be Concerned?

If you’re an Indian citizen, you might feel a little uneasy about all these changes. Aadhaar has brought convenience, but the rise in biometric data collection means we need to stay vigilant about how our personal information is used. Until the government rolls out stricter safeguards, it’s important to stay informed and understand your rights when it comes to your Aadhaar information.

• Image Credits: pib.gov.in