On 9 December 2025, UIDAI amended the Aadhaar Authentication and Offline Verification Rules. The changes are significant and will reshape how offline and remote Aadhaar verification is done going forward. This article sets out the basics and explains the key changes introduced by the amendment.
Two Aadhaar Verification Routes
-
Offline Aadhaar verification: Aadhaar holders directly share their Aadhaar number and demographic details with the entity conducting offline Aadhaar verification (called an Offline Verification Seeking Entity – OVSE), without any real-time authentication with UIDAI. This can be done using:
-
Physical formats: Aadhaar letter, printed e-Aadhaar, Aadhaar PVC card etc., or
-
Electronic forms, including:
-
e-Aadhaar, i.e., the electronic copy of Aadhaar; or
-
Offline e-KYC, where users download an XML file from UIDAI and share it with the OVSE.
-
Online authentication: The entity conducting verification sends a real-time request to UIDAI servers using Aadhaar number and OTP / biometrics / demographic data of Aadhaar holder. UIDAI responds with a Yes/No result on authentication or a digitally signed e-KYC packet.
Remote offline Aadhaar verification
When Aadhaar offline verification data is collected online, without physical presence, verifying identity has been tricky. Before the amendments, only two methods were recognised:
-
Photo matching: the photograph embedded in the Aadhaar QR code (which is often unclear) is matched with a live image of the Aadhaar holder (captured by OVSE); or
-
OTP-based verification: Aadhaar holders provide their Aadhaar-linked mobile number. The OVSE sends an OTP to this number to make sure that the number is in possession of the Aadhaar holder. OVSE also verifies this number against the mobile number mentioned in the offline XML file or the Aadhaar QR code.
What Has Changed
The amendment introduces several new concepts:
-
Aadhaar App: The regulations now recognise an official UIDAI mobile/web Aadhaar application as the customer-facing interface for Aadhaar services.
-
Aadhaar Verifiable Credential (AVC): A new verification mechanism where users can now choose what Aadhaar data they want to share – from just the Aadhaar number to specific demographic details (name, address, DOB, gender, photograph). The intent is to give users greater control over what data they want to disclose to OVSEs.
-
Offline face verification: A new concept where the live facial image of the Aadhaar holder will be captured and verified against the Aadhaar photograph stored within the Aadhaar application of the Aadhaar holder.
-
It also introduces registration requirements for OVSEs and more reliable ways to conduct offline Aadhaar KYC:
-
Entities wishing to undertake Offline e-KYC or AVC-based verification (through the Aadhaar App) must register with UIDAI. Entities carrying out verification through a physical or electronic copy of Aadhaar or QR code need not register.
-
Offline Aadhaar verification can be done with or without face verification. QR codes, e-Aadhaar, offline e-KYC, and AVC can all be accessed through the Aadhaar App.
Offline Aadhaar verification will now be more structured, app-based and consent-driven. While the changes may increase compliance obligations for OVSEs, they will also provide more robust and reliable pathways for conducting Aadhaar offline verification.
Author Credits: Fintech Team - Aparajita, Astha, Sidharth
Image credits: AI-generated
For any queries, reach out to us at contact@ikigailaw.com
