Aadhaar (Authentication and Offline Verification) Regulations, 2021 · III — Appointment Of Requesting Entities And
Regulation 22 Data Security
(1) Requesting entities and Authentication Service Agencies/OVSEs shall have their servers used for Aadhaar authentication request formation and routing to CIDR/Offline Verification respectively, to be located within data centres or cloud storage centres located in India. (1A) Authentication requests shall not be accepted from entities located outside the territorial borders of India. For allowing authentication requests from outside India, the requesting entity shall take specific permission from the Authority.
(2) Authentication Service Agency shall establish dual redundant, secured leased lines or MPLS connectivity with the data centres of the Authority, in accordance with the procedure and security processes as may be specified by the Authority for this purpose.
(3) Requesting entities shall use appropriate license keys to access the authentication facility provided by the Authority only through an ASA over secure network, as may be specified by the Authority for this purpose.
(4)31 [Every requesting entity, Authentication Service Agency and Offline Verification Seeking Entity] shall adhere to all regulations, information security policies, processes, standards, specifications and guidelines issued by the Authority from time to time.
Source: Wayback Machine snapshot of UIDAI's original publication.
(1) Requesting entities and Authentication Service Agencies/OVSEs shall have their servers used for Aadhaar authentication request formation and routing to CIDR/Offline Verification respectively, to be located within data centres or cloud storage centres located in India. (1A) Authentication requests shall not be accepted from entities located outside the territorial borders of India. For allowing authentication requests from outside India, the requesting entity shall take specific permission from the Authority.
(2) Authentication Service Agency shall establish dual redundant, secured leased lines or MPLS connectivity with the data centres of the Authority, in accordance with the procedure and security processes as may be specified by the Authority for this purpose.
(3) Requesting entities shall use appropriate license keys to access the authentication facility provided by the Authority only through an ASA over secure network, as may be specified by the Authority for this purpose.
(4) Requesting Entities, Authentication Service Agencies and Offline Verification Seeking Entities shall adhere to all regulations, information security policies, processes, standards, specifications and guidelines issued by the Authority from time to time.