Aadhaar (Authentication and Offline Verification) Regulations, 2021 · III — Appointment Of Requesting Entities And
Regulation 14A Obligations of Offline Verification Seeking Entities
(1) An OVSE shall have the following obligations: -
(a) ensure compliance of Aadhaar Act and Regulations framed thereunder as well as relevant policies, manuals, procedures, specifications, standards, and directions issued by the Authority;
(b) shall not collect, use or store Aadhaar number or biometric information of any individual for any purpose or share offline Aadhaar data with any other entity except in accordance with the Act and Regulations framed thereunder;
(c) in case of any investigation involving Aadhaar data related fraud(s) or dispute(s), it shall extend full cooperation to the Authority, or any agency appointed or authorised by it or any other authorised investigation agency, including, but not limited to, providing access to their premises, records, personnel and any other relevant resources or information as well to assist the Authority in disseminating information to the general public about any Aadhaar data related fraud to enable Aadhaar number holders to evaluate whether they were victims of the fraud and take remedial action;
(d) shall inform the Authority, without undue delay and in no case beyond 72 hours after having knowledge of misuse of any information or systems related to the Aadhaar framework or any compromise of Aadhaar related information. If the OVSE is a victim of fraud or identifies a fraud pattern through its fraud analytics system related to Offline Verification, it shall share all necessary details of the fraud with the Authority as well as to affected Aadhaar number holders without undue delay;
(e) shall be responsible for the Offline Verification operations and results, even if it sub- contracts parts of its operations to third parties. Further, the OVSE is responsible for ensuring that the Offline Verification related operations of such third-party entities comply with the Authority standards and specifications;
(f) extend full co-operation to the Authority for any mass awareness programmes that the Authority may undertake to sensitize Aadhaar number holders about the nature of data being used in offline verification, the scope of misuse as well as steps to protect against such misuse or fraud.
Source: Wayback Machine snapshot of UIDAI's original publication.
(1) An OVSE shall have the following obligations:—
(a) ensure compliance of Aadhaar Act and Regulations framed thereunder as well as relevant policies, manuals, procedures, specifications, standards, and directions issued by the Authority;
(b) shall not collect, use or store Aadhaar number or biometric information of any individual for any purpose or share offline Aadhaar data with any other entity except in accordance with the Act and Regulations framed thereunder;
(c) in case of any investigation involving Aadhaar data related fraud(s) or dispute(s), it shall extend full cooperation to the Authority, or any agency appointed or authorised by it or any other authorised investigation agency, including, but not limited to, providing access to their premises, records, personnel and any other relevant resources or information as well to assist the Authority in disseminating information to the general public about any Aadhaar data related fraud to enable Aadhaar number holders to evaluate whether they were victims of the fraud and take remedial action;
(d) shall inform the Authority, without undue delay and in no case beyond 72 hours after having knowledge of misuse of any information or systems related to the Aadhaar framework or any compromise of Aadhaar related information. If the OVSE is a victim of fraud or identifies a fraud pattern through its fraud analytics system related to Offline Verification, it shall share all necessary details of the fraud with the Authority as well as to affected Aadhaar number holders without undue delay;
(e) shall be responsible for the Offline Verification operations and results, even if it sub-contracts parts of its operations to third parties. Further, the OVSE is responsible for ensuring that the Offline Verification related operations of such third-party entities comply with the Authority standards and specifications;
(f) extend full co-operation to the Authority for any mass awareness programmes that the Authority may undertake to sensitize Aadhaar number holders about the nature of data being used in offline verification, the scope of misuse as well as steps to protect against such misuse or fraud.