Aadhaar (Authentication and Offline Verification) Regulations, 2021 · I — Preliminary
Regulation 2 Definitions
(1) In these regulations, unless the context otherwise requires,—
(a) “Act” means the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016;
(aa) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3 of Aadhaar Act, and includes any alternative virtual identity generated under sub-section (4) of that section;;
(ab) “Aadhaar Letter” means a document for conveying the Aadhaar number to a resident;
(ac) “Aadhaar Application” means any official mobile application or web application developed and managed by the Authority to provide an interface to Aadhaar number holders for services related to Aadhaar, including performing offline verification, and includes 'mAadhaar App', 'Aadhaar App', 'Aadhaar QR Scanner App', 'myAadhaar Portal', and such other applications as may be notified by the Authority from time to time;’
(b) “Aadhaar number holder” means an individual who has been issued an Aadhaar number under the Act;
(ba) “Aadhaar Number Capture Service Token or ANCS Token” means an encrypted number generated for an Aadhaar number by the Authority for completion of an authentication transaction. ANCS Token shall be valid for a short period of time as prescribed by the Authority;
(bb) “Aadhaar Paperless Offline e-KYC” means a digitally signed document generated by the Authority containing last 4 digits of Aadhaar number, demographic data like name, address, gender, and date of birth, and photograph of the Aadhaar number holder etc.;
(bc) “Aadhaar Secure QR Code” means a quick response code generated by the Authority which contains digitally signed data like last 4 digits of Aadhaar number, demographic data like name, address, gender, and date of birth, and photograph of the Aadhaar number holder etc.;
(bd) “Aadhaar PVC Card” means a Polyvinyl Chloride Card (PVC), issued by the Authority upon payment of prescribed charges, which has Aadhaar number, demographic information and photograph of an Aadhaar number holder printed on it along with Aadhaar Secure QR code and is equivalent to paper-based Aadhaar Letter;
(be) “Aadhaar Verifiable Credential” means a digitally signed document issued by the Authority to the Aadhaar number holder which may contain last 4 digits of Aadhaar number, demographic data, like, name, address, gender, date of birth, and photograph of Aadhaar number holder, and such other information as may be specified by the Authority, which may be shared by Aadhaar number holder in full or part with an OVSE in the manner specified by the Authority, for verifying the demographic information or photograph of the Aadhaar number holder;’
(c) “Authentication” means the process by which the Aadhaar number along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it;
(d) “Authentication facility” means the facility provided by the Authority for authenticating the Aadhaar number along with demographic information or biometric information of an Aadhaar number holder through the process of authentication, by providing a Yes/ No response or e-KYC data, as applicable;
(e) “Authentication record” means the record of the time of authentication and identity of the requesting entity and the response provided by the Authority thereto;
(f) “Authentication Service Agency” or “ASA” shall mean a licensed entity providing necessary infrastructure for ensuring secure network connectivity and related services for enabling a requesting entity to perform authentication using the authentication facility provided by the Authority;
(g) “Authentication User Agency” or “AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority;
(h) “Authority” means the Unique Identification Authority of India established under sub-section (1) of section 11 of the Act;
(i) “Central Identities Data Repository” or “CIDR” means a centralised database in one or more locations containing Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto;
(ia) “child” means a person who has not completed eighteen years of age;
(ib) “Digital signature” means digital signature as defined in clause (p) of sub-section (1) of Section 2 of the Information Technology Act, 2000 (21 of 2000);
(ic) “e-Aadhaar” means a password protected electronic copy of Aadhaar letter, which is digitally signed by the Authority and can be downloaded from the official website or mobile application of the Authority;] [(j) “e-KYC authentication facility” means a type of authentication facility—
(i) in which the biometric information and/or OTP and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is matched against the data available in the CIDR, and the Authority returns a digitally signed response containing e-KYC data along with other technical details related to the authentication transaction; and
(ii) includes any subsequent appropriate response returned by the Authority regarding the status as to whether any Aadhaar number previously submitted has been subsequently omitted or deactivated or re-activated in the event of any omission or deactivation of such Aadhaar number or re-activation of such a deactivated Aadhaar number:
Provided that the requesting entity has entered into a Memorandum of Understanding or agreement with the Authority for the performance of authentication with update of such status;]
(k) “e-KYC data” means full or limited demographic information and/or photograph of an Aadhaar number holder. The e-KYC data may contain full or masked Aadhaar number;
(l) “e-KYC User Agency” or “KUA” shall mean a requesting entity which, in addition to being an AUA, uses e-KYC authentication facility provided by the Authority; [(la) [***]
(m) “License Key” is the key generated by a requesting entity as per the process laid down by the Authority;
(ma) “Offline Verification” means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations;
(mb) “Offline Verification Seeking Entity” or “OVSE” means any entity desirous of undertaking offline verification of an Aadhaar number holder;
(mc) “Offline Aadhaar Data” means the data relating to offline Aadhaar verification, having characteristics as specified by the Authority from time to time including the requirement of masking Aadhaar numbers before storing;
(md) “Offline Face Verification” means a mode of offline verification in which the live facial image of an Aadhaar number holder is captured and is verified against the photograph of the Aadhaar number holder stored within the Aadhaar application of the Aadhaar number holder for the correctness, or lack thereof;
(n) “PID Block” means the Personal Identity Data element which includes necessary demographic and/or biometric and/or OTP collected from the Aadhaar number holder during authentication;
(na) “Registered Devices” means biometric devices that are registered with the Authority;
(o) “requesting entity” means an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for authentication;
(oa) “Sub-AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority through an existing AUA;
(ob) “Sub-KUA” means a requesting entity that uses e-KYC authentication facility provided by the Authority through an existing KUA;
(oc) “UID Token” means a 72-character alphanumeric string generated by the Authority mapped to the Aadhaar number and specific to a requesting entity;
(od) “Virtual Identifier” means an interchangeable 16-digit random number mapped with the Aadhaar number of the Aadhaar number holder; and [(p) “Yes/No authentication facility” means a type of authentication facility—
(i) in which the identity information and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is then matched against the data available in the CIDR, and the Authority The clause is omitted by notification No. HQ-30011/5/2025-AU-HO, dated 9.12.2025 (w.e.f. 9.12.2025). responds with a digitally signed response containing “Yes” or “No”, along with other technical details related to the authentication transaction, but no identity information; and
(ii) includes any subsequent appropriate response returned by the Authority regarding the status as to whether any Aadhaar number previously submitted has been subsequently omitted or deactivated or re-activated in the event of any omission or deactivation of such Aadhaar number or re-activation of such a deactivated Aadhaar number:
Provided that the requesting entity has entered into a Memorandum of Understanding or agreement with the Authority for the performance of authentication with update of such status.]
(2) Words and expressions used and not defined in these regulations shall have the meaning assigned thereto under the Act or under the rules or regulations made there under or under the Information Technology Act 2000.
Source: Wayback Machine snapshot of UIDAI's original publication.
-
(1) In these regulations, unless the context otherwise requires,—
(a) “Act” means the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016;
(aa) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3 of Aadhaar Act, and includes any alternative virtual identity generated under sub-section (4) of that section;
(b) “Aadhaar number holder” means an individual who has been issued an Aadhaar number under the Act;
(ba) “Aadhaar Number Capture Service Token or ANCS Token” means an encrypted number generated for an Aadhaar number by the Authority for completion of an authentication transaction. ANCS Token shall be valid for a short period of time as prescribed by the Authority;
(bb) “Aadhaar Paperless Offline e-KYC” means a digitally signed document generated by the Authority containing last 4 digits of Aadhaar number, demographic data like name, address, gender, and date of birth, and photograph of the Aadhaar number holder etc.;
(bc) “Aadhaar Secure QR Code” means a quick response code generated by the Authority which contains digitally signed data like last 4 digits of Aadhaar number, demographic data like name, address, gender, and date of birth, and photograph of the Aadhaar number holder etc.;
(c) “Authentication” means the process by which the Aadhaar number along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it;
(d) “Authentication facility” means the facility provided by the Authority for authenticating the Aadhaar number along with demographic information or biometric information of an Aadhaar number holder through the process of authentication, by providing a Yes/ No response or e-KYC data, as applicable;
(e) “Authentication record” means the record of the time of authentication and identity of the requesting entity and the response provided by the Authority thereto;
(f) “Authentication Service Agency” or “ASA” shall mean a licensed entity providing necessary infrastructure for ensuring secure network connectivity and related services for enabling a requesting entity to perform authentication using the authentication facility provided by the Authority;
(g) “Authentication User Agency” or “AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority;
(h) “Authority” means the Unique Identification Authority of India established under sub-section (1) of section 11 of the Act;
(i) “Central Identities Data Repository” or “CIDR” means a centralised database in one or more locations containing Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto;
(ia) “child” means a person who has not completed eighteen years of age;
(j) “e-KYC authentication facility” means a type of authentication facility in which the biometric information and/or OTP and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is matched against the data available in the CIDR, and the Authority returns a digitally signed response containing e-KYC data along with other technical details related to the authentication transaction;
(k) “e-KYC data” means full or limited demographic information and/or photograph of an Aadhaar number holder. The e-KYC data may contain full or masked Aadhaar number;
(l) “e-KYC User Agency” or “KUA” shall mean a requesting entity which, in addition to being an AUA, uses e-KYC authentication facility provided by the Authority;
(m) “License Key” is the key generated by a requesting entity as per the process laid down by the Authority;
(ma) "Offline Verification” means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations;
(mb) “Offline Verification Seeking Entity” or “OVSE” means any entity desirous of undertaking offline verification of an Aadhaar number holder;
(mc) “Offline Aadhaar Data” means the data relating to offline Aadhaar verification, having characteristics as specified by the Authority from time to time including the requirement of masking Aadhaar numbers before storing;
(n) “PID Block” means the Personal Identity Data element which includes necessary demographic and/or biometric and/or OTP collected from the Aadhaar number holder during authentication;
(na) “Registered Devices” means biometric devices that are registered with the Authority;
(o) “Requesting entity” means an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for authentication;
(oa) “Sub-AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority through an existing AUA;
(ob) “Sub-KUA” means a requesting entity that uses e-KYC authentication facility provided by the Authority through an existing KUA;
(oc) “UID Token” means a 72-character alphanumeric string generated by the Authority mapped to the Aadhaar number and specific to a requesting entity; [भाग III—खण्ड 4] भारत का रािपत्र : असाधारण 25
(od) “Virtual Identifier” means an interchangeable 16-digit random number mapped with the Aadhaar number of the Aadhaar number holder; and
(p) “Yes/No authentication facility” means a type of authentication facility in which the identity information and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is then matched against the data available in the CIDR, and the Authority responds with a digitally signed response containing “Yes” or “No”, along with other technical details related to the authentication transaction, but no identity information.
(2) Words and expressions used and not defined in these regulations shall have the meaning assigned thereto under the Act or under the rules or regulations made there under or under the Information Technology Act 2000.