New Delhi: In a significant move aimed at enhancing the security and privacy of India’s Aadhaar ecosystem, the Unique Identification Authority of India (UIDAI) has introduced the Aadhaar Verifiable Credential (AVC), a new tool for offline identity verification. The step, formalised through amendments to the Aadhaar (Authentication and Offline Verification) Regulations, 2021, also establishes stricter oversight mechanisms for entities conducting offline verification of Aadhaar data, often referred to as Offline Verification Seeking Entities (OVSEs). The notifications were issued on December 9, 2025, and made publicly available on the UIDAI website.

The AVC is a digitally signed document designed to allow the verification of an individual’s identity without revealing the complete Aadhaar number. This development is part of UIDAI’s broader objective to reduce the reliance on physical Aadhaar cards, which have been widely used and, in many cases, misused due to photocopying and improper storage. By enabling secure digital sharing of selected personal information, the AVC is intended to modernize the Aadhaar ecosystem and strengthen privacy protections.

What is Aadhaar Verifiable Credential (AVC)?

Under the amended regulations, an AVC is issued by UIDAI to the Aadhaar number holder and can contain limited demographic information, including:

• The last four digits of the Aadhaar number
• The individual’s name, address, gender, and date of birth
• The person’s photograph

The holder of an Aadhaar number can share the AVC in full or in part with an OVSE for verifying the demographic information or photograph of the individual. This selective sharing mechanism is designed to give Aadhaar users greater control over their personal data and to prevent unnecessary disclosure of sensitive information.

To facilitate this process, UIDAI is also preparing to launch a new Aadhaar mobile application, currently in the testing phase. According to UIDAI officials, this app will allow users to choose which pieces of information to share when engaging with an OVSE. This selective sharing mechanism is expected to play a critical role in the authority’s push toward a paperless, digital-first ecosystem for Aadhaar verification.

Introduction of Offline Face Verification

Alongside the AVC, the amendments introduce Offline Face Verification, a process that allows OVSEs to verify an individual’s identity by matching a live face image with the photograph stored in the Aadhaar application. This approach enhances the offline verification process, allowing entities to confirm identity without connecting to UIDAI servers in real time. The offline verification mechanism is a significant step in reducing exposure of sensitive Aadhaar data while enabling secure authentication in sectors where real-time verification may not be feasible.

Redefining Aadhaar Application

The amended regulations also formalize the definition of “Aadhaar Application” to include all apps and portals developed and managed by UIDAI. This change reflects a shift from previous references that specifically mentioned only mAadhaar, the earlier mobile application for Aadhaar services. By generalizing the definition, UIDAI aims to provide a unified regulatory framework for all Aadhaar apps and portals, thereby ensuring consistency in data protection and user experience.

Registration and Oversight of OVSEs

One of the key provisions of the amendments is the introduction of a formal registration process for Offline Verification Seeking Entities (OVSEs). The newly added Regulation 13A mandates that any entity wishing to conduct Aadhaar Paperless Offline e-KYC verification or Aadhaar Verifiable Credential verification must apply for registration with UIDAI.

This registration mechanism, which did not exist under previous regulations, allows UIDAI to closely monitor and regulate the use of offline Aadhaar verification tools. While registration is not mandatory for all entities, it provides a framework for organisations to legally and securely utilize offline verification services, thereby ensuring compliance with data protection and privacy standards.

UIDAI is empowered to request additional information, verify submissions, approve or reject applications, and impose registration and transaction fees. In cases where an application is rejected, UIDAI must notify the applicant within 15 days, specifying the reasons for rejection. The applicant can seek reconsideration within 30 days of receiving the rejection notice. Additionally, the regulations outline procedures for an OVSE to voluntarily surrender access to offline verification services.

Stricter Measures Against Misuse

The amendments grant UIDAI enhanced powers to act against OVSEs that misuse offline verification or fail to follow prescribed procedures. The authority can impose penalties if an entity:

• Fails to comply with processes, procedures, standards, or specifications issued by UIDAI
• Uses offline verification for unlawful purposes
• Withholds required information from the authority
• Does not cooperate with inspections or audits

This regulatory framework is intended to ensure that offline Aadhaar verification is conducted securely and responsibly, preventing misuse of sensitive personal data while maintaining the integrity of the Aadhaar system.

Rationale Behind the Reforms

UIDAI has emphasized that the AVC and associated measures are part of a broader effort to modernize Aadhaar usage, moving away from physical cards and paper-based verification processes. The authority has noted that physical Aadhaar cards are prone to misuse through photocopying and improper storage, which can expose citizens’ personal data to fraud and identity theft.

The introduction of AVCs and Offline Face Verification provides a digital alternative, allowing identity authentication while maintaining privacy, security, and convenience. By enabling users to share only selected information, UIDAI strengthens individuals’ control over their personal data, aligning with global standards for digital identity management.

Impact on Users and Entities

For Aadhaar holders, the new regulations offer:

• Greater privacy: Users can selectively disclose demographic information
• Enhanced security: Digitally signed credentials are less vulnerable to forgery than physical cards
• Convenience: Offline verification reduces the need to rely on real-time server connectivity

For entities seeking to perform offline verification, the amendments provide:

• A clear registration framework
• Defined obligations and procedures for verification
• Guidance on penalties and compliance measures

By introducing these changes, UIDAI aims to create a robust, accountable, and secure ecosystem for offline Aadhaar verification that benefits both users and organisations.

Future Outlook

The introduction of AVC and the strengthening of OVSE oversight are expected to be a foundation for further digital innovations in the Aadhaar ecosystem. The upcoming Aadhaar mobile application, once officially launched, will serve as the primary tool for paperless verification, supporting initiatives in banking, telecom, government services, and other sectors that require secure identity authentication.

By combining user control, technological safeguards, and regulatory oversight, UIDAI is taking significant steps to enhance the trust and reliability of Aadhaar as a cornerstone of India’s digital identity infrastructure. These measures are likely to set the standard for digital identity management in India and internationally, providing a blueprint for secure, offline verification solutions that protect citizens’ data while facilitating ease of access to services.

---

In summary, the UIDAI’s introduction of the Aadhaar Verifiable Credential, Offline Face Verification, and the formal registration mechanism for OVSEs marks a major milestone in the evolution of India’s identity ecosystem. These reforms aim to safeguard privacy, reduce misuse of physical Aadhaar cards, and provide a secure, paperless solution for identity verification, while ensuring accountability and compliance for all entities using Aadhaar for offline authentication.