Aadhaar (Authentication and Offline Verification) Regulations, 2021 · V — Miscellaneous
Regulation 31 Power to issue policies, process documents, etc
The Authority may issue policies, orders, processes, standards, specifications and other documents not inconsistent with these regulations, which are required to be specified under these regulations or for which provision is necessary for the purpose of giving effect to these regulations. [32. Doing of act or thing related to delegated power or function.—(1) Any act or thing that is to be or may be done by the Authority under these regulations may also be done by any Member or officer of the Authority or any other person to whom the Authority has delegated the related power or function by general or special order in writing, under section 51 of the Act.
(2) The Authority may determine whether or not an act or thing done by a Member, officer or other person under sub-regulation (1) is related to a power or function delegated as referred to in the said sub-regulation.] [***] [ [SCHEDULE A 45 10 ELIGIBILITY CRITERIA OF AUTHENTICATION SERVICE AGENCIES [See regulation 12(2A)] 1. Entities seeking appointment as ASA are categorised as follows: S. No. Organisation category Category 1 A Ministry or Department of the Central Government ora State Government, or an undertaking owned or controlled by the Central Government or a State Government Category 2 An authority constituted under any Central or State Act Category 3 Any other entity of national importance in the opinion of the Authority Category 4 A company registered in India under the Companies Act, 2013 (18 of 2013) Category 5 An AUA or a KUA 2. The technical and financial criteria for entities for appointment as ASA are as under: Category Financial requirement Technical requirement Category 1, 2 — — and 3 Category 4 Annual turnover of at A Telecom Service Provider {Unified least ₹100 croreas per the Licensee having Access Services audited financial statements authorisation or Unified Access Services for last three financial years Licensee, granted licence under section 4 of the Indian Telegraph Act, 1885 (13 of 1885)},having a minimum of 100 Multiprotocol Label Switching (MPLS) Points of Presence (PoP) in India OR A Network Service Provider or System Integrator having pan-India network connectivity for data transmission,having at least 100 MPLS PoPs in India Category 5 — An AUA or KUA that meetssuch authentication transaction criteria as the Authority may determine from time to time.].
Source: Wayback Machine snapshot of UIDAI's original publication.
The Authority may issue policies, orders, processes, standards, specifications and other documents not inconsistent with these regulations, which are required to be specified under these regulations or for which provision is necessary for the purpose of giving effect to these regulations. Schedule A Eligibility criteria for appointment as requesting entities See Regulation 12
(1) 1. Entities seeking to use authentication facility provided by the Authority as requesting entities are classified under following categories for appointment as Authentication User Agency (AUA) and/or e-KYC User Agency (KUA), as the case may be: S.No. Organisation Category Category 1 Government Organisation 1.1 A Central/ State Government Ministry/Department and their attached or sub-ordinate offices. 1.2 An undertaking owned and managed by Central / State Government (PSU) 1.3 An Authority constituted under the Central / State Act/Special Purpose Organisation constituted by Central/State govt. Category 2 Regulated Service Providers 2.1 Regulated / Licensed by RBI – Banks and Payment & Settlement System 2.1.1 Public Sector Banks (PSB) 2.1.2 Private Banks, Foreign Banks Licensed by RBI to operate in India, Payment Banks, Small Finance Banks 2.1.3 Regional Rural Banks 2.1.4 Co-operative Banks 1. State Co-operative Banks 2. District Co-operative Banks 3. Scheduled Urban Cop-operatives Banks 4. Non Scheduled Urban Co-operative Banks 2.1.5 Payment& Settlement System Network 1. Financial market infrastructure 2. Retails payments Organisation 3. Cards payment network 4. ATM networks 5. Pre-paid payment instruments S.No. Organisation Category 6. White label ATM operators 7. Instant Money Transfer 2.1.6 Non-Banking Financial Company 2.2 Regulated by IRDA/PFRDA - Financial Institutions 2.3 Regulated by TRAI – Telecom 2.4 Regulated by CCA – Certifying Authority, Digital Locker providers, e-Sign providers 2.5 Regulated by SEBI – KYC Registration Agency (KRA),Depository Participant (DP), Asset Management Company (AMC), Trading Exchanges, Registrar and Transfer Agents 2.6 Regulated by National Housing Bank Category 3 Other Entities 3.1 3.1.1 Company registered in India under the Companies Act 1956 / The companies Act 2013 (Company under group of companies has to apply individually) 3.1.2 Partnership registered under the India Partnership Act 1932 or under the Limited Liability Partnership Act, 2008 3.1.3 Proprietorship firm 3.1.4 Not-for-profit Organisations (under section 25 under The Companies Act 1956) 3.1.5 Academic Institutions / Research and Development Organisations 3.1.6 Societies registered under Indian Societies Registration Act, 1860 or The Indian Trust Act, 1882 or The Companies Act, 2013 (Sec 8) / The Co-operative Societies Act 1912 3.1.7 Any entity other than above mentioned categories 2. Technical and Financial criteria for entities for appointment as requesting entity are as under:- Authentication User Agency (AUA) Additional requirements for Category Technical Requirements Financial Requirements eKYC User Agency (KUA) Category 1 1. Backend infrastructure, No financial requirement No additional requirement for such as servers, databases KUA etc. of the entity, required Category 2 specifically for the No financial requirement No additional requirement for purpose of Aadhaar KUA authentication, should be located within the territory of India. 2. Entity should have IT Infrastructure owned or outsourced capable of carrying out minimum 1 Lakh Authentication transactions per month. 3. Organisation should have a prescribed Data Privacy policy to protect beneficiary privacy. 4. Organisation should have adopted data security requirements as per the IT Act 2000 or other [भाग III—खण्ड 4] भारत का रािपत्र : असाधारण 39 applicable Data Protection laws. Category 3 1. Backend infrastructure, 1. Paid up capital of such as servers, databases minimum ₹ 1
(one) etc. of the entity, required Crore. specifically for the OR purpose of Aadhaar authentication, should be located within the territory Entity should meet Annual turnover of of India. Authentication Transaction minimum ₹5 (Five) Crore Criteria as laid down by the 2. Entity should have IT during the last Financial Infrastructure owned or Authority from time to time. year. outsourced capable of carrying out minimum 1 Lakh Authentication transaction per month. 3. Organisation should have a prescribed Data Privacy policy to protect beneficiary privacy. 4. Organisation should have adopted Data security requirements as per the IT Act 2000 or other applicable Data Protection laws. 5. Entity should be in business for minimum of 1 year from date of commencement of Business. Schedule B Eligibility criteria of Authentication Service Agencies See Regulation 12(2) 1. Entities seeking to provide secure access to CIDR to requesting entities for enabling authentication services are classified under following categories for appointment as Authentication Service Agency: S. No Organisation Category Category 1 A Central/ State Government Ministry / Department or an undertaking owned and managed by Central / State Government Category 2 An Authority constituted under the Central / State Act Category 3 Any other entity of national importance as determined by the Authority Category 4 A company registered in India under the Indian Companies Act 1956 Category 5 AUA / KUA 2. Technical and Financial criteria for entities for appointment as Authentication Service Agency are as under:- Category Financial Requirement Technical Requirement Category 1, 2 No financial requirements No technical requirements and 3 Category 4 An annual turnover of at least A Telecom Service Provider (TSP) including All Unified ₹100 crores in last three Licensees (having Access Service Authorization) / Unified financial years Licensees (AS) / Unified Access Services Licensees / Cellular Mobile Telephone Service Licensees operating pan-India fiber optics network and should have a minimum of 100 MPLS Points of Presence (PoP) across all states OR Should be a Network Service Provider (NSP) or System Integrator having pan-India network connectivity for data transmission and should have 100 MPLS PoPs in India, Category 5 No Financial requirements Any AUA or KUA meeting authentication transaction criteria as laid down by the Authority from time to time Dr. SAURABH GARG, Chief Executive Officer [ADVT.-III/4/Exty./408/2021-22] Note: In supersession of the Principal regulations i.e. the Aadhaar (Authentication) Regulations, 2016, which were (No. 3 of 2016) dated 14th September 2016. Uploaded by Dte. of Printing at Government of India Press, Ring Road, Mayapuri, New Delhi-110064 and Published by the Controller of Publications, Delhi-110054. SURENDER Digitally signed by SURENDER MAHADASAM MAHADASAM Date: 2021.11.09 18:03:54 +05'30'