Aadhaar (Authentication and Offline Verification) Regulations, 2021 · III — Appointment Of Requesting Entities And
Regulation 18 Maintenance of logs by requesting entity
(1) A requesting entity shall maintain logs of the authentication transactions processed by it, containing the following transaction details, namely: -
(a) specified parameters of authentication request submitted excluding Aadhaar number, Virtual ID, ANCS Token or UID token;
(b) specified parameters received as authentication response including full Aadhaar number or masked Aadhaar, as the case may be;
(c) the record of disclosure of purpose for which the authentication was performed, to the Aadhaar number holder or parent or guardian, in case of a child, at the time of authentication; and
(d) record of consent of the Aadhaar number holder, or parent or guardian, in case of a child, for authentication, but shall not, in any event, retain the PID information.
(2) The logs of authentication transactions shall be maintained by the requesting entity for a period of 2
(two) years, during which period an Aadhaar number holder shall have the right to access such logs, in accordance with the procedure as may be specified.
(3) Upon expiry of the period specified in sub-regulation (2), the logs shall be archived for a period of five years or the number of years as required by the laws or regulations governing the entity, whichever is later, and upon expiry of the said period, the logs shall be deleted except those records required to be retained upon the order of a court not inferior to that of a Judge of a High Court or required to be retained for any pending disputes.
(4) The requesting entity shall not share the authentication logs with any person other than the concerned Aadhaar number holder upon his/her request or for grievance redressal and resolution of disputes or upon the order of a court not inferior to that of a Judge of a High Court. The authentication logs shall not be used for any purpose other than those stated in this sub-regulation.
(5) The requesting entity shall comply with all relevant laws, rules and regulations, including, but not limited to, the Information Technology Act, 2000 and the Evidence Act, 1872, for the storage of logs.
(6) The obligations relating to authentication logs as specified in these regulations shall continue to remain in force despite termination of appointment in accordance with these regulations.
Source: Wayback Machine snapshot of UIDAI's original publication.
(1) A requesting entity shall maintain logs of the authentication transactions processed by it, containing the following transaction details, namely:—
(a) specified parameters of authentication request submitted excluding Aadhaar number, Virtual ID, ANCS Token or UID token;
(b) specified parameters received as authentication response including full Aadhaar number or masked Aadhaar, as the case may be;
(c) the record of disclosure of purpose for which the authentication was performed, to the Aadhaar number holder or parent or guardian, in case of a child, at the time of authentication; and
(d) record of consent of the Aadhaar number holder, or parent or guardian, in case of a child, for authentication, but shall not, in any event, retain the PID information.
(2) The logs of authentication transactions shall be maintained by the requesting entity for a period of 2
(two) years, during which period an Aadhaar number holder shall have the right to access such logs, in accordance with the procedure as may be specified.
(3) Upon expiry of the period specified in sub-regulation (2), the logs shall be archived for a period of five years or the number of years as required by the laws or regulations governing the entity, whichever is later, and upon expiry of the said period, the logs shall be deleted except those records required to be retained upon the order of a court not inferior to that of a Judge of a High Court or required to be retained for any pending disputes.
(4) The requesting entity shall not share the authentication logs with any person other than the concerned Aadhaar number holder upon his/her request or for grievance redressal and resolution of disputes or upon the order of a court not inferior to that of a Judge of a High Court. The authentication logs shall not be used for any purpose other than those stated in this sub-regulation.
(5) The requesting entity shall comply with all relevant laws, rules and regulations, including, but not limited to, the Information Technology Act, 2000 and the Evidence Act, 1872, for the storage of logs.
(6) The obligations relating to authentication logs as specified in these regulations shall continue to remain in force despite termination of appointment in accordance with these regulations.