UIDAI chief on how Aadhaar is different from other IDs and why it's not proof of citizenship

The Supreme Court has asked the Election Commission to consider Aadhaar as a valid ID document to establish a voter’s identity in the ongoing Special Intensive Revision (SIR) activity ahead of the Bihar elections. Amid the controversy, UIDAI Chief Bhuvnesh Kumar clarified that Aadhaar is not proof of citizenship and explained that anyone can apply for Aadhaar, including children and even foreign nationals, provided they have lived in India for at least 182 days. In an interview to Moneycontrol's Shweta Punj, Kumar added that only a “minuscule percentage” of Aadhaar holders fall into such categories.

Here are the edited excerpts from the interview:

Shweta Punj: Until now we've been thinking that Aadhaar is a valid proof of ID. We can open a bank account, we can cast our vote. But now with the Election Commission saying that it cannot be considered a valid proof of ID, I want to understand from you what exactly is the purpose of Aadhaar.

Bhuvnesh Kumar: First of all, we have to understand why Aadhaar? We have many kinds of identities, and most of these are functional identities. Let's say you want to drive on the roads, so you need to have a driving license. You want to travel abroad, you need a passport. Now nobody says that I have an Aadhaar, so allow me to travel abroad. Nobody says that I have an Aadhaar, so I should be allowed to drive.

So Aadhaar is different from the other IDs in the sense that it is a foundational ID.

Shweta Punj: Okay.

Bhuvnesh Kumar: How is it different? Most of the other IDs are prepared on the basis of demographic details. They will take your name, your age, your photograph, and then create a driving license or a passport or any of those. But when you try to match, you may have similar names, and you cannot verify that this is the same person. There may not be uniqueness in that. With Aadhaar, this uniqueness can be ensured 100%.

Before you generate an Aadhaar, the demographic details and biometric details of an individual are taken.

Shweta Punj: Right.

Bhuvnesh Kumar: What are the biometric details? We have the fingerprints—10 fingers and 10 prints. Then you have the eyes, two iris scans, and the face. Which means you have 13 attributes, and it has been proved that fingerprints, iris and face are unique features. Even in twins, while faces may be similar, the fingerprints and iris are different.

So with these 13 attributes, you can ensure uniqueness for an individual all across the globe.

Shweta Punj: Right.

Bhuvnesh Kumar: When these attributes are captured, they are compared with the database, what in Aadhaar language is known as the CIDR, Central Identities Data Repository. We compare it with all the Aadhaars generated previously, which as of now is 142 crore.

Shweta Punj: 142 crore. Okay

Bhuvnesh Kumar: So 142 crore Aadhaars have been generated till now. Every time a new application comes, we capture these 13 attributes and compare with all the 142 crore Aadhaar holders. My systems must have the compute capacity for 142 crore multiplied by 13 multiplied by 13—that is the number of computations.

Once all these computations show no match, it means this identity is unique. Then Aadhaar can be generated.

Before Aadhaar is generated, we also check the name, date of birth, gender, and address pin code. So there is demographic deduplication and biometric deduplication. Only after this exercise is Aadhaar generated.

Shweta Punj: Okay. And what was the stated purpose of Aadhaar?

Bhuvnesh Kumar: Now we have created an identity that is unique for everybody. This cannot be duplicated. One person cannot get two Aadhaars, and one Aadhaar cannot be assigned to two people. Aadhaar number and the individual are one-to-one and unique.

That is the beauty of this foundational ID. Which means if anybody tries to impersonate someone else, he or she will be caught immediately. That is why it is said Aadhaar should be used only with authentication or offline verification. If somebody is just giving a number, it does not carry meaning.

Shweta Punj: So when we go to hotels and give our Aadhaar ID, it does not carry any meaning?

Bhuvnesh Kumar: He has taken a record and kept it, but he has not really authenticated.

Shweta Punj: So I could be using someone else’s Aadhaar?

Bhuvnesh Kumar: Exactly. People use Photoshop and create photo-on-photo manipulations. They are not genuine Aadhaars, not generated by our system. When people say there are fake Aadhaars or duplicates, most are look-alikes. They are not real Aadhaars.

Shweta Punj: And how much of a problem is that?

Bhuvnesh Kumar: Out of 142 crore, percentage-wise it is very minuscule. But off and on, we do get information about rackets creating such fake cards. Action is taken, district administration is informed, police stop such activities. When we find fake websites or portals, we get them blocked. That is why we keep advising—please use Aadhaar with authentication or offline verification.

Now, if I have an Aadhaar, how do I check if it is genuine? Every Aadhaar card—whether paper letter or PVC—has a QR code at the back. This QR code is a unique data packet digitally signed by UIDAI. It can be read with our Aadhaar QR scanner app.

When you scan, if it is genuine, the app will read the content without taking you to any website. It contains photo, name, gender, address, and date of birth. Even without Internet, whether in the jungle or on the sea, you can verify if Aadhaar is genuine.

Shweta Punj: Are businesses adopting this?

Bhuvnesh Kumar: Many government entities providing services and benefits come under Section 7 of the Aadhaar Act. They issue a notification saying for giving these benefits, authentication will be done. Today there are about 3,300 such schemes using Aadhaar authentication before giving the benefit.

Apart from these, there are use cases like impersonation in exams. Authorities conducting exams use fingerprint authentication. At borders, forces like BSF or SSB use the Aadhaar QR scanner to check if a person is genuine or fake.

Shweta Punj: So what about the Election Commission saying Aadhaar cannot be proof of vote?

Bhuvnesh Kumar: The Election Commission is a constitutional authority. It is their purview and I should not comment on their decision. But Aadhaar is a foundational identity, not a functional identity. There is no function linked to Aadhaar itself.

Functional IDs—driving license, passport, voter ID—have eligibility criteria. You must pass tests, verifications, or be of a certain age or a citizen. Aadhaar is different. For Aadhaar, the only condition is you have resided in India for 182 days or more in the preceding 12 months. It is not linked to citizenship.

The Act says Aadhaar is not proof of citizenship because even foreigners are eligible. People from Nepal, Bhutan, OCI card holders, all can get Aadhaar after 182 days. For NRIs, since they hold Indian passports, the 182-day condition is waived. So Aadhaar is available to all resident Indians, NRIs, foreigners, and even newborns. There is no age limit.

Shweta Punj: Aadhaar has been made mandatory in schools for children. Why?

Bhuvnesh Kumar: There is a misconception. Section 7 of the Aadhaar Act says when subsidy or benefit is given from the Consolidated Fund of India or State, Aadhaar can be asked. If someone does not have Aadhaar, benefits are still given but they are asked to apply. Based on the application, benefits are provided. Outside Section 7, it is voluntary. For admissions, it is not mandatory. For scholarships, yes, it can be.

Shweta Punj: What about duplication of Aadhaars?

Bhuvnesh Kumar: Fake Aadhaar does not get generated from our system. If someone shows a dog’s photo with an Aadhaar, that number itself is invalid. It is a fake created outside the system. Aadhaar numbers have validity checks; not all 12-digit numbers are Aadhaar.

So when people say there are duplicates, it is not from UIDAI. Fake cards cannot be used for authentication. Banks and government systems will reject them. They may be used only where authentication is not done, like showing at a hotel. That is why we advise verification with QR scan.

We have an Enforcement Division and regional offices. When fake Aadhaars are found, immediate action is taken. Police have nabbed people. Recently, 40–50 cases were launched. But considering 142 crore, the number is minuscule.

Shweta Punj: Aadhaar holds so much data. How do you ensure safety?

Bhuvnesh Kumar: It is not correct to say Aadhaar holds a lot of data. Aadhaar contains minimum information: fingerprints, iris, face, name, date of birth, gender, address, photo. Two optional fields: mobile and email. Just seven mandatory fields. We don’t collect anything more.

Our purpose is only to give a yes/no response to entities. In financial sector cases, we provide five fields in e-KYC: photo, name, address, gender, date of birth. That’s it.

The system is secure, not connected to the Internet. Our data centres are on-premises in India. We have our own UIDAI cloud. Information flows only through Aadhaar Service Agencies (ASAs). Only yes/no or e-KYC data goes out.

So far, only government entities have accessed Aadhaar authentication. Recently, rules allow private sector also, if services are in public interest. But no private use case has been approved yet.

Shweta Punj: What about Starlink?

Bhuvnesh Kumar: Telecom service providers are entitled under the Telecom Act to get Aadhaar authentication. We already had four; Starlink will be the fifth. They can use Aadhaar authentication for onboarding customers, just like other telecom companies.

Shweta Punj: Biometrics change over time. How do you handle that?

Bhuvnesh Kumar: Biometrics do not change. They only mature or fade. For children below five, fingerprints are not captured. Between 5 and 7 years, we ask for Mandatory Biometric Update 1 (MBU1). Between 15 and 17 years, we ask for MBU2 because finger size changes. But the prints remain the same.

Later in life, for those in hard labour, fingerprints may fade. For them, we advise using face authentication, which is easier and requires no external device. Many entities are moving to face authentication.

Shweta Punj: So what’s next for Aadhaar?

Bhuvnesh Kumar: We have achieved near-saturation. Among adults, coverage is 99.9%. In 5–18 years, more than 98%. In 0–5 years, about 45%. Still, because of population growth, we generate 2.25 crore new Aadhaars every year.

We also do 25 crore updates annually for changes like address, date of birth, name, gender, mobile number.

On authentication, we handle 9 crore authentications per day. Payments, attendance, services—all use Aadhaar authentication. Our system responds in 200 milliseconds.

This entire system has been built in India. The first Aadhaar was rolled out on 29th September 2010. Today, nearly all adults in India have Aadhaar.

Watch the full interview here: