The Unique Identification Authority of India (UIDAI) has notified amendments to its Aadhaar regulations to introduce a new digital identity option called Aadhaar Verifiable Credential (AVC), aimed at strengthening offline identity verification while limiting data exposure.
The amendments to the Aadhaar (Authentication and Offline Verification) Regulations, 2021, were notified on December 9 and uploaded on the UIDAI website on Friday. The changes also update the framework governing entities that conduct Aadhaar verification without real-time access to UIDAI servers.
AVC has now been formally added to the list of approved offline Aadhaar verification methods and allows identity verification without revealing the full Aadhaar number.
What is Aadhaar Verifiable Credential (AVC)?
Under the new rules, AVC is defined as “a digitally signed document issued by the Authority to the Aadhaar number holder which may contain the last 4 digits of Aadhaar number, demographic data, like name, address, gender, date of birth, and photograph of Aadhaar number holder… which may be shared by Aadhaar number holder in full or part with an OVSE… (Offline Verification Seeking Entity)for verifying the demographic information or photograph of the Aadhaar number holder.”
The key feature of AVC is user control over shared data. A UIDAI official told HT that the upcoming Aadhaar mobile application — currently in testing and yet to be officially launched — will allow users to choose exactly which details they wish to share with an OVSE during verification.
The amendments also introduce ‘Offline Face Verification’, enabling entities to verify identity by matching a live facial image with the Aadhaar photograph stored in the Aadhaar application.
In addition, the regulations now include an official definition of ‘Aadhaar Application’ to cover UIDAI’s apps and portals, while removing older references that explicitly mentioned ‘mAadhaar’.
These changes come as UIDAI prepares to roll out a new Aadhaar mobile application aimed at enabling paperless electronic ID sharing and reducing reliance on physical Aadhaar cards.
UIDAI chief executive officer Bhuvnesh Kumar has earlier said the new app was meant to shift Aadhaar usage away from physical copies, which are often photocopied and improperly stored or misused by verification-seeking entities.
OVSE registration and compliance framework
The amendments also introduce a formal registration mechanism for Offline Verification Seeking Entities (OVSEs). A newly inserted regulation, 13A, states that an entity “desirous of undertaking Aadhaar Paperless Offline e-KYC verification or Aadhaar Verifiable Credential verification… shall apply to the Authority for registration.”
“This does not make anything mandatory, but will enable interested entities to use Aadhaar verification in electronic mode instead of the physical copies,” Kumar had said.
While OVSEs were recognised under existing law, there was previously no system to formally register them with UIDAI. The new framework empowers UIDAI to seek additional information, verify applications, approve or reject registrations, and levy fees for registration and transactions.
If an application is rejected, UIDAI must notify the entity within 15 days, citing reasons. Applicants may seek reconsideration within 30 days. The regulations also outline the process for OVSEs to surrender their access to offline verification services.
The amendments further authorise UIDAI to act against OVSEs that misuse offline Aadhaar verification or fail to comply with prescribed procedures. Penalties may be imposed if an entity “fails to comply with any of the processes, procedures, standards, specifications or directions issued by the Authority,” uses verification for unlawful purposes, withholds required information, or does not cooperate with audits or inspections.