Name, Date of Birth, Gender, Address of the resident, Photograph, all ten fingerprints and both iris scan is required. In case of minors (children < 5years age), the name of the Mother / Father /Guardian is also required. In addition the resident can give an option to link his existing bank account with aadhaar or else opt for a new aadhaar linked bank account.

The information in the database will be used only for authentication purposes. Authentication user agencies can use the e-KYC service to verify the identity of the residents seeking services from them. The Aadhaar ecosystem will power E-KYC (Electronic- Know Your Customer), which will utilise the E-KYC APIs, to allow citizens to avail different services without carrying any physical identification proof. The UIDAI has partnered with 26 banks, and has also tied-up with the NPCI (National Payments Corporation of India) and Visa for payments powered by E-KYC. It can be deployed for customer verification for mobile connections, bank accounts, insurance, LPG connections, state government services, train travel and any service where verification is required.

A procedure will be evolved and established through which residents will be able to view their complete information in the Aadhaar database and a procedure for correcting information will be laid down.

Aadhaar number is an enabler. Aadhaar number aims to provide a soft identity infrastructure which can be used to re-engineer public services so that these lead to equitable, efficient and better delivery of services. Specifically, the utility for the residents and the Governments are briefly explained below.

For Residents: Inability to prove identity is one of the biggest barriers preventing many residents from accessing benefits and subsidies. The purpose of the UIDAI is to issue a unique identification number (UID/Aadhaar) to all residents of India that is (a) robust enough to eliminate duplicate and fake identities, and (b) can be verified and authenticated in an easy cost effective way.

It is envisaged that the Aadhaar will become the single source of identity verification. Aadhaar, which identifies individuals uniquely on the basis of their demographic and biometric information, will give residents the means to clearly establish their identity to public and private agencies across the country. Once residents enrol, they can use the number multiple times-they would be spared the need to repeatedly provide supporting identity documents each time they wish to access services such as obtaining a bank account, mobile connection, LPG connections etc. Aadhaar will also give migrants mobility of identity. Aadhaar, once it is linked to a bank account, can make it possible for banking institutions to provide ubiquitous, low cost micro payments to the residents. Aadhaar’s secure authentication model can also enable delivery of services to residents directly via their mobile phones. This will ensure that residents may securely access government benefits and subsidies, track their bank accounts, send and receive money or make payments from the anytime-anywhere convenience of their mobile phones.

Aadhaar has been recognized as an officially valid document as PoI and PoA for opening bank accounts and obtaining mobile telephone and LPG connections. The Ministry of Road Transport and Highways has issued necessary instructions for recognition of Aadhaar as PoI and PoA for obtaining a driving license and registration of vehicles. The Department of Health and Family Welfare has also recognized Aadhaar as PoI and PoA for extending financial assistance to patients below poverty line who are suffering from major life threatening diseases for receiving medical treatment at any of the super specialty Hospitals/Institutions or other Government Hospitals under Rashtriya Arogya Nidhi. Ministry of Railways has also recognized Aadhaar as a valid PoI for rail travel. Election Commission of India has accepted Aadhaar as an alternative PoI and PoA at the time of polls in absence of Election Photo Identity Card (EPIC). Some of the State/UT Governments viz. Sikkim, Tripura, Andhra Pradesh, Jammu and Kashmir, Chandigarh, Nagaland, Haryana, Manipur and Rajasthan have also recognized Aadhaar as one of the PoI and PoA for their various resident centric schemes. Recently Ministry of External Affairs has notified Aadhaar as one of the valid documents for proof of residence in conjunction with any of the other notified documents.

For Registrars & Enrollers: The UIDAI will only enrol residents after de- duplicating records which will help Registrars to clean out duplicates from their

databases, enabling significant efficiencies and cost saving. For Registrars focussed on cost, the UIDAI’s verification processes will ensure lower Know Your Resident (KYR) cost, and a reliable identification number will enable them to broaden their reach into groups that till now have been difficult to authenticate. It is anticipated that the strong authentication that the UID number offers will improve services leading to better resident satisfaction.

For Governments: Eliminating duplicates and ghost beneficiaries under various schemes is expected to save the government exchequer a substantial amount. It will also provide governments with accurate data on beneficiaries, enable direct transfer of benefits.

The views of different stakeholders on the subject are encapsulated in the Report of the Standing Committee of Finance. The UIDAI has submitted its point-wise comments on the report to the Planning Commission for submission to the Cabinet.

The UIDAI cannot define the nature of benefits and services that should be or can be delivered. It is for the State Government’s/Ministries/Departments to decide whether delivery of the benefits and services should be linked to Aadhaar number and the extent to which the number should be used. The key role of the UIDAI is to give the UID number (called Aadhaar number). The role of the Aadhaar number is that of an enabler – a number that helps governments design better welfare programs enables residents to access benefits and services more easily wherever they live, and allows agencies to deliver benefits and services effectively and transparently. The number will thus be an identity infrastructure, and the foundation over which multiple services and applications can be built for the resident.

Enrolment of residents with proper verification: Existing identity databases in India are fraught with problems of fraud and duplicate/ghost beneficiaries. To prevent this from seeping into the UIDAI database, the Authority has partnered with various State Government departments and public sector Banks to enrol residents with proper verification of their demographic and biometric information. The primary responsibility for correct enrolment vests in these Registrars at the front-end. UIDAI has prescribed standardized processes for enrolments based on the standards recommended by the Demographic Data Standards and Verification Procedures Committee, and Biometrics Committees to ensure that the data collected is clean and without duplicates from the start of the program. Once the data is received at the CIDR, it is duly validated and randomly assigned for manual quality check. There is also a process of continuous Analytics to review data and in case any inconsistency is found, allotment of Aadhaar can be reviewed.

Process to ensure no duplicates: Registrars will send the applicant’s data to the CIDR for de-duplication. The Central Identification Data Repository (CIDR) will perform a search on key demographic fields and on the biometrics for each new enrolment, to ensure that no duplicates exist. The incentives in the UID system are aligned towards a self-cleaning mechanism. The existing patchwork of multiple databases in India gives individuals the incentive to provide different personal information to different agencies. Since de-duplication in the UID system ensures that residents have only one chance to be in the database, individuals are expected to provide accurate data. However it needs to be borne in mind that even the best technology cannot guarantee 100% accuracy. Some duplicates will emerge even with all the checks and balances. UIDAI therefore proposes to periodically review its database for such duplicates and cancel the duplicate aadhaars as and when they come to notice.

The UIDAI will be issuing UID numbers and not cards. The Aadhaar number will be communicated to the resident by means of a letter delivered by India Post or any other delivery agency engaged by UIDAI to the communication address provided at the time of enrolment. The letter has a smaller, cut away portion that has the Aadhaar number and demographic information of the resident that could be retained for reference. The UID can only establish unique identity if authentication is done against the central database. Further, cards can be forged, stolen, faked and identity process diluted. While the UID authority only guarantees online authentication.

The information that the UIDAI is seeking is already available with several agencies (public and private) in the country; the additional information being sought by the UIDAI are the finger prints and iris scans. However, the UIDAI recognizes that the right of privacy must be protected, and that people are sensitive to the idea of giving out their personal information, particularly the idea of information being stored in a central database to be used for authentication. UIDAI will protect the right to privacy of the person seeking the unique identity number. The information on the database will be used only to authenticate identity.

The draft bill includes clauses to protect identity information, discourage impersonation and unauthorized access to the UIDAI database (Chapter VI, Clauses 30 to 33).

Data protection features have been included in the architecture of the AADHAAR project.

Data Protection Features integral to UID (Aadhaar Project)

• Do not keep data more than the functional requirement
• Basic Demographic information
• No Profiling information
• No Transaction records
• Ensure Integrity during Data Transfer
• Encryption and Security
• Detailed Transfer Protocols
• Trained Personnel
• Data Security and Protection in CIDR
• No data flow outside – only yes or no
• All processes in place to ensure security of data (access protocols, etc) in CIDR
• UID holder can access and update information
• Penal consequences for unauthorized access and tampering of data
• Guidelines to Registrars
• On best Practices in Data handling
• Evolving necessary protocols to ensure data security

The following provisions have been made in the draft Bill: (Chapter VII, Clauses 34 to 46) Penalties have been provided, inter alia, for impersonation at time of enrolment, impersonation of aadhaar number holder by changing demographic information or biometric information, disclosing identity information, unauthorised access to the Central Identities Data Repository (CIDR), tampering with data in Central Identities Data Repository.

Data protection, however, is not limited to the AADHAAR project and needs to be addressed through a comprehensive legislation. The Committee of Secretaries, after detailed deliberations has constituted a Group of Officers under the chairpersonship of Secretary, D/o Personnel and Training consisting of representatives of D/o Revenue, M/o Science & Technology, D/o Legal Affairs, M/o Home Affairs, D/o Information Technology and the Cabinet Secretariat with a view to work out the framework of the legal provisions, including principles and elements on data protection, security and privacy.

When Enrolment Agencies / Registrars collect data from residents, they have to exercise a fiduciary duty of care towards this information. Therefore, it is their responsibility to ensure they keep the data collected from residents safe and secure (both biometric and demographic) and protected from unauthorized access. UIDAI has issued guidelines and best practices for data protection for all its ecosystem partners.

The UIDAI is presently established by the Planning Commission by an executive order. A Cabinet Committee on Unique Identification Authority has also been established. The Unique Identification Authority of India (UIDAI) was constituted as an attached office under the Planning Commission to develop and implement the necessary legal, technical and institutional infrastructure to issue unique identity to residents of India.

The National Identification Authority of India Bill, 2010 was introduced in the Rajya Sabha in December 2010 and thereafter referred to the Standing Committee on Finance. The report of the Committee has been received and is under consideration of the Government of India.

Constituting a statutory authority would provide a legislative framework for UIDAI to perform its functions. The legislation is considered necessary to strengthen the mandate of the authority to undertake its responsibilities effectively. The powers and functions of the Authority, the framework for issuing aadhaar numbers, major penalties and matters incidental thereto are proposed to be laid down through the Bill. With a legal/legislative framework in place, penalties for unauthorised access of data and breach of security can also be enforced more effectively in terms of the law.

The Registrars collecting the data can and will keep the data for their own use. Data can be also shared by UIDAI with Registrars wherever the consent of the resident is available. It can also be shared in cases where there are orders of the competent Court or any disclosure is necessitated by national security considerations. There too, a competent authority is proposed to be prescribed to make such requests. These are already provided in the Draft NIDAI Bill (Chapter VI, clause 33).

For children below 5 years, no biometrics will be captured. Their UID will be processed on the basis of demographic information and facial photograph linked with the UID of their parents/guardians. These children will need to provide their biometrics comprising ten fingers, iris and facial photograph, when they turn 5. All children will need to update their biometrics once again when they turn 15.

The instructions in the original Aadhaar letter carry a note to this effect, wherever relevant.

In the case of people without hands/ fingers, available biometrics (photo, iris, fingers) will be captured and exceptions will be documented. In the case of differently-abled and people with no fingerprints or rugged hands, the available biometrics will be captured. Exceptions will be documented. If all biometrics are missing, exception management module permits enrolment of such residents. Like children, they too will be de-duplicated based on their demographic information and photograph. However before any such enrolment is processed, the data is manually screened at the back-end by UIDAI to reconfirm the facts.

To speed up generation of Aadhaar numbers, UIDAI has scaled up the capacity of Biometric Automated Identity Systems (ABIS) for the biometric de- duplication to 1 million aadhaars per day. To minimize validation failures at the processing stage, the enrolment client features have been enriched and a number of validation checks have been built into the front end enrolment client. These include

1. local authentication of operators/supervisors
2. Age and relationship authentication
3. End of Day (EOD) review of demographic data by supervisor
4. periodic sync of the enrolment machines with CIDR has been made mandatory
5. upload of data packets within 20 days from the date of enrolment
6. periodic report and analytics of the data uploaded are shared with the Registrars and EAs.

As per the process, 60 to 90 days from the date of receipt of the enrolment packet in the Central Identities Data Depository (CIDR) has been prescribed for delivering Aadhaar number to the resident. However this presupposes that the data packet will clear all validation checks prescribed by UIDAI to ensure the authenticity of the packets and to ensure audit trail in each case. In case any validation check fails, the packet is kept on hold till the resolution process clears the packet or else it is rejected.

Residents’ data packets received in CIDR undergoes a number of validation/quality checks to ensure that the data received is correct & authentic; such as:

1- Structural Validation for data integrity:

1. Authenticity of Registrar(s) & EA code.
2. Village, Town, City Pin-code mapping.
3. Certification of operators & supervisors.
4. Registrar & Enrolment Agency (EA) mapping.
5. Availability of approved encryption key

2- Demographic De-duplication

3- Demographic data quality check

1. Photo-gender match
2. Age validation
3. Spelling/address validation
4. Transliteration check
5. Photo quality

4- Biometric de-duplication.

Any resident data packet, which fails any of the validation checks, is either rejected or goes into a ‘hold’ status till the authenticity of the data packet is confirmed from the Registrar/enrolment agency. This can lead to delays in generation of Aadhaar numbers. Sometimes, the delay in generation of Aadhaar is on account of delay in upload of resident data by the enrolment agency.

As per the status available, 34.71 crore people have been enrolled as on 28th Feb., 2013 and the enrolment packets have been received in CIDR for the same. After undergoing a number of validation/quality checks that the data received is correct and authentic, 28.78 crore Aadhaar numbers have been generated. State wise details are available at - http://planningcommission.gov.in/sectors/dbt/adhaar_2802.pdf

How many Aadhaar letters have been dispatched as on date

As per the Postal Training Centre (PTC) portal of Department of Post, 24.07 crore have been dispatched as on 28.2.2013. The details of state-wise dispatch of Aadhaar nos. are available at - http://planningcommission.gov.in/sectors/dbt/state_aadhar2802.pdf

Biometric matching systems or de-duplication systems are essentially based on pattern matching and can be designed to achieve an accuracy of more than 99%. Higher the quality of biometric capture, lesser the probability of a duplicate being generated. However UIDAI aims for inclusiveness so that failur to enroll is negligible. Therefore generation of duplicate aadhaar number cannot be ruled out totally.

With the rapid rollout of Aadhaar, covering more than 20 crore people and rapidly growing to cover 60 crore, with the National Population Register doing the other half, it was felt possible to move to a system of transferring cash benefits directly to the poor.

In order to rollout the implementation of a seamless electronic Aadhaar based cash transfer system for transfer of cash benefits to beneficiaries, the Prime Minister approved the setting up of a National Committee on Direct Cash Transfers chaired by himself and an Executive Committee on Direct Cash Transfers. The goal was to rapidly rollout cash transfers across the country for as many government schemes and benefits as possible within the next year.

Cash Transfers are programs that transfer cash directly, generally to poor households, with or without conditions. The purpose of a cash transfer could be:

• To provide a monetary benefit for a specific purpose or use - such as for education through a scholarship, for healthcare through a medical assistance program, etc.
• Direct income support – such as old age income support through a pension, unemployment assistance through an unemployment benefit, etc. This is predicated on the assumption that there is a need to redistribute income as a public policy objective. Often, the purpose is to enhance private consumption levels and achieve a minimum consumption floor.
• To provide a direct subsidy for specific products – such as for food, fuel, agricultural inputs, electricity, books, etc. They are generally of two types – unconditional and conditional.

Cash Transfer programs that do not impose any conditions for making the transfers are called Unconditional Cash Transfers. Conditional Cash Transfers transfer cash on the condition that those households make pre-specified investments in the human capital of their children. In general, this has involved attaching “conditions” to transfers.

This Programme envisages a switch from the present electronic transfer of benefits to bank accounts of the beneficiary to transfer of benefits directly to Aadhaar seeded bank accounts of the beneficiaries. The other objectives are:

• Accurate Targeting
• De-duplication
• Reduction of Fraud
• Process Re-engineering of Schemes for simpler flow of information and funds.
• Greater Accountability

the following committees have been formed for execution of Direct Benefit Transfer.

• The Government has constituted the National Committee on Direct Cash Transfers (http://planningcommission.nic.in/sectors/dbt/pmo_noti.pdf), chaired by the Prime Minister, to coordinate action on the implementation of the DBT Program. This Committee is to be assisted by the Executive Committee on Direct Cash Transfer (http://planningcommission.nic.in/sectors/dbt/pmo_noti.pdf), chaired by the Principal Secretary and convened by Secretary, Planning Commission.
• To ensure orderly and timely implementation, Mission Mode Committees (http://planningcommission.nic.in/sectors/dbt/pmo_1611.pdf), namely, Financial Inclusion Committee, Technology Committee and Implementation Committee on Electronic Transfer of Benefits were also constituted.
• Direct Benefit Transfer Division was created in the Planning Commission to provide secretarial service to PMO and act as the Nodal Agency in the implementation of DBT.

The DBT Division issued consolidated instructions to the concerned Ministries with approval of the Executive Committee. Office Memorandum#1 (http://planningcommission.nic.in/sectors/dbt/7_DBT_guide.pdf) on Guidelines on Standardized Formats for Collection of Basic Data to facilitate Direct Benefits Transfer (DBT) in Pilot Districts, was issued on 26.12.12. OM#2 (http://planningcommission.nic.in/sectors/dbt/6_DBT_uidai.pdf) on Procedure for seeding Aadhaar Numbers and OM#3 (http://planningcommission.nic.in/sectors/dbt/5_DBT_Banks.pdf) on Procedure for sending Payment Advice to Banks were issued on 8.01.13.

A decision was taken in the meeting of the National Committee on Direct Cash Transfers held by the Prime Ministers that Direct Benefit Transfers will be rolled out from 1st January, 2013 in 43 districts (http://planningcommission.nic.in/sectors/dbt/list_43.pdf) , 26 selected Central Sector and Centrally Sponsored Schemes (http://planningcommission.nic.in/sectors/dbt/3_schemes.pdf) in a phase wise manner beginning with 20 districts on 1.1.2013, 11 districts from 1.2.2013 and the remaining 12 districts from 1.3.2013.

Schemes were selected on the basis of higher incidence of beneficiaries with bank accounts and where Flow of Funds was found to be relatively simpler. Accordingly, most schemes are related to scholarships, benefits to women and child labour.

43 districts were identified on the basis of higher Aadhaar enrolment figures and presence of banks.

The Business Correspondents (BCs) are proposed to be introduced to reach the unbanked population, as the credit and operational risks in the branchless banking model does not enable banks to reach the unbanked population. This eliminates the need for a physical bank branch or ATM’s in remote areas.

UIDAI had been conducting pilot projects and other field studies to explore the efficacy and efficiency of Aadhaar authentication in the context of Financial Inclusion, Public Distribution System, LPG delivery and Pensions. Apart from that pilot projects in respect of Kerosene has been under taken in Kotkasim Tehsil of Alwar District, Rajasthan.

Aadhaar Payment Bridge is the new payment service offered by the National Payments Corporation of India (NPCI) using the Aadhaar number issued by the Unique Identification Authority of India (UIDAI), known as Aadhaar Payment Bridge System and is referred as “APBS”. APBS will be used for credit transactions for Government/ Government agency disbursements APBS has the following objectives.

• To sub-serve the goal of Government of India (GOI) and Reserve Bank of India (RBI) in furthering Financial Inclusion by way of processing government disbursement using Aadhaar number.
• To promote electronification of retail payments.