More than a decade after its launch, Aadhaar is undergoing a quiet but consequential transformation.
What began as a physical identity document is now being reimagined as a secure, consent-driven digital credential—designed for a mobile-first, platform-integrated economy. As India deepens its digital public infrastructure, questions of privacy, interoperability and cyber resilience have moved to the centre of the identity debate.
In this conversation with ETGovernment’s Arpit Gupta, Bhuvnesh Kumar, Chief Executive Officer of the Unique Identification Authority of India (UIDAI), explains how Aadhaar is evolving beyond the plastic card, the push towards electronic and QR-based identity sharing, and why consent and user control are becoming foundational to India’s digital-first governance model.
Edited Excerpts:
Aadhaar has been around for over a decade. How is its usage evolving today?
Broadly, Aadhaar is now being used in three distinct ways — Show, Share, and Verify. The first is “Show”. This is the most common use case — for instance, at airports or security checkpoints. Earlier, people had to carry a physical Aadhaar card. Today, Aadhaar can be carried securely on the mobile phone and shown electronically. There is no need to carry a physical document anymore.
The second is “Share”, which is actually more critical from a privacy perspective. Take the example of checking into a hotel. Instead of handing over your Aadhaar card for photocopying — where you lose control over how your data is stored or used — you can now share your Aadhaar digitally by scanning a dynamic QR code, much like UPI.
Only the required information is transmitted securely to the requesting entity, and nothing more. It eliminates the risks associated with physical photocopies. The third is “Verify”, where Aadhaar is used for authentication — for example, attendance marking in a government office using face authentication. Here, you are verifying that you are indeed who you claim to be.
Why is UIDAI pushing for electronic Aadhaar instead of physical cards?
Physical Aadhaar documents are vulnerable to tampering and misuse — photos can be changed, addresses altered, names edited using basic tools. In contrast, a digital Aadhaar is a verified credential, digitally signed by UIDAI. It is authentic, tamper-proof, and instantly verifiable. Our objective is not to ban physical Aadhaar — many citizens still rely on it — but to nudge digitally capable users toward safer electronic usage.
How does the new Aadhaar app improve privacy for citizens?
One of the most powerful features is Custom Share. Today, when someone submits a physical Aadhaar copy, they end up sharing everything — full Aadhaar number, date of birth, address, photograph. There is no way to redact information. With Custom Share, citizens can choose exactly what to share — for instance, only name and address, or just a photo and mobile number. Aadhaar numbers can be fully hidden or partially masked. This is privacy by design.
What other services are available through the app?
The app allows users to do several useful tasks such as download Aadhaar, lock or unlock biometrics, update address, manage multiple profiles (for family members), and share Aadhaar or contact details digitally. One particularly important feature is mobile number update.
Mobile number update has traditionally required a visit to Aadhaar centres. What has changed?
Mobile number change is a high-risk operation — if someone takes over your mobile number, they can potentially access bank accounts and digital services via OTPs. That’s why updates required physical presence and biometric verification. Now, with face authentication built into the app, we can securely enable mobile number updates remotely. This reduces what earlier took a physical visit and days of waiting to about one hour, without compromising security.
How secure is this system, especially given rising cyber threats?
Security and consent are fundamental. The app is built on UIDAI’s hardened digital infrastructure, compliant with national cybersecurity standards. Every data-sharing transaction is governed by a consent artefact. The Aadhaar holder is the data principal. Unless explicit consent is given, no data is shared. Even after consenting, the user controls what data is shared and with whom.
Can Aadhaar credentials be used seamlessly across other apps and platforms?
The app supports intent-based integration. Other applications can request Aadhaar credentials via intent calling, with the user’s consent. Similarly, users can push Aadhaar credentials into secure digital wallets like Google Wallet, Samsung Wallet, or Apple Wallet. We are enabling QR-based sharing, pull mechanisms, and push mechanisms, making Aadhaar interoperable while remaining secure.
How widely has the new Aadhaar app been adopted so far?
We are approaching one crore downloads. That said, in a country of India’s size, this is just the beginning. We expect adoption to grow significantly as awareness increases and digital trust deepens.
How do you see states like Uttar Pradesh leveraging digital identity and AI?
States like Uttar Pradesh have enormous potential because of scale. Take healthcare as an example. Today, for something like cataract screening, a patient must physically visit a doctor — and availability is limited. With AI-based screening tools, trained frontline workers can do preliminary diagnosis in villages, and only serious cases are referred.
The same model can apply to tuberculosis, hypertension, diabetes, and other diseases. AI enables early detection, prediction, and prioritisation, which is crucial for a populous state like UP.
What is UIDAI’s broader vision going forward?
Our goal is simple: make identity secure, consent-driven, and effortless. Citizens should be able to prove who they are without carrying paper, without oversharing personal data, and without fear of misuse. Aadhaar is evolving from an ID document into a trusted digital credential, aligned with India’s broader digital public infrastructure.
