[31st
January 2024] In exercise of the powers
conferred by sub-sections (1) and (2) of section 54 of the Aadhaar (Targeted
Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18
of 2016), the Unique Identification Authority of India hereby makes the following
regulations to further amend the Aadhaar (Authentication and Offline
Verification) Regulations, 2021, namely:- (1)
These regulations may be called the Aadhaar
(Authentication and Offline Verification) Amendment Regulations, 2024. (2)
They shall come into force on the date of
their publication in the Official Gazette. In the Aadhaar
(Authentication and Offline Verification) Regulations, 2021 (hereinafter
referred to as the principal regulations), in regulation 2, in sub-regulation
(1),- (a)
for clause (j), the following clause shall be
substituted, namely:- (j) "e-KYC authentication facility"
means a type of authentication facility- (i)
in which the biometric information and/or OTP
and Aadhaar number securely submitted with the consent of the Aadhaar number
holder through a requesting entity, is matched against the data available in
the CIDR, and the Authority returns a digitally signed response containing
e-KYC data along with other technical details related to the authentication
transaction; and (ii)
includes any subsequent appropriate response
returned by the Authority regarding the status as to whether any Aadhaar number
previously submitted has been subsequently omitted or deactivated or re-activated
in the event of any omission or deactivation of such Aadhaar number or
re-activation of such a deactivated Aadhaar number: Provided that the requesting
entity has entered into a Memorandum of Understanding or agreement with the
Authority for the performance of authentication with update of such status;; (b)
for clause (p), the following clause shall be
substituted, namely:- (p) "Yes/No authentication facility"
means a type of authentication facility- (i)
in which the identity information and Aadhaar
number securely submitted with the consent of the Aadhaar number holder through
a requesting entity, is then matched against the data available in the CIDR,
and the Authority responds with a digitally signed response containing
"Yes" or "No", along with other technical details related
to the authentication transaction, but no identity information; and (ii)
includes any subsequent appropriate response
returned by the Authority regarding the status as to whether any Aadhaar number
previously submitted has been subsequently omitted or deactivated or
re-activated in the event of any omission or deactivation of such Aadhaar
number or re-activation of such a deactivated Aadhaar number: Provided that the requesting
entity has entered into a Memorandum of Understanding or agreement with the
Authority for the performance of authentication with update of such status.. In the principal
regulations, in regulation 9,- (a)
for the short title, the following short
title shall be substituted, namely:- "Process for
performance of authentication"; and (b)
for sub-regulation (3), the following
sub-regulations shall be substituted, namely:- "(3)
Based on the mode of authentication
request, after the input parameters have been matched against the information
of the Aadhaar number available in the CIDR and CIDR has verified the
correctness or lack thereof, the Authority shall return a digitally signed Yes
or No response, or a digitally signed e-KYC response with encrypted e-KYC data,
as the case may be, along with related technical details. (3A)
Where the requesting entity has entered
into a Memorandum of Understanding or agreement with the Authority for the
performance of authentication with update of status regarding whether an
Aadhaar number previously submitted has been subsequently omitted or
deactivated or re-activated, in the event of such Aadhaar number being omitted
or deactivated or such a deactivated Aadhaar number being reactivated, the
Authority shall send a subsequent digitally signed appropriate response, along
with related technical details.". In the principal
regulations, in regulation 10,- (a)
in sub-regulation (3), for the words
"failure such as Suspended/Cancelled Aadhaar or Biometric/Aadhaar
Locking", the words failure, such as "Aadhaar cancelled",
"Aadhaar deactivated", "Aadhaar locked", "Aadhaar
omitted", "Aadhaar suspended" and "Biometrics locked"
shall be substituted; (b)
after sub-regulation (3), the following
sub-regulation shall be inserted, namely:- "(4)
In sub-regulation (3), the expression- (i)
"Aadhaar cancelled" or
"Aadhaar omitted", in relation to an Aadhaar number, shall mean that
such Aadhaar number has been omitted; (ii)
"Aadhaar deactivated" or
"Aadhaar suspended", in relation to an Aadhaar number, shall mean
that such Aadhaar number has been deactivated; (iii)
"Aadhaar locked", in relation to an
Aadhaar number, shall mean that such Aadhaar number has been locked as referred
to in regulation 11A; and (iv)
"Biometrics locked", in relation to
an Aadhaar number, shall mean that the biometric records related to such Aadhaar
number have been locked as referred to in regulation 11.".Aadhaar
(Authentication And Offline Verification) Amendment Regulations, 2024