NEW DELHI: UIDAI has issued a set of guidelines to Offline Verification Seeking Entities (OVSEs) with several usage hygiene protocols, stronger safety mechanisms at user level and ways to enhance residents' trust for use of Aadhaar voluntarily.
It asked entities to perform verification after explicit consent of a Aadhaar holder and maintain the log or record of the explicit consent received from residents for any future audit by Unique Identification Authority of India (UIDAI) or any other legal agency.
In a statement, the UIDAI said, "These entities need to be courteous to residents and assure them about the security and confidentiality of their Aadhaar while conducting offline verification."
It has asked OVSEs to verify Aadhaar via the QR Code present on all four forms of Aadhaar (Aadhaar letter, e-Aadhaar, m-Aadhaar and Aadhaar PVC card) instead of accepting Aadhaar in physical or electronic form as a proof of identity.
Organisations conducting an offline verification of an Aadhaar number holder for a lawful purpose are called OVSEs.
Offline verification related to the use of the 12-digit Aadhaar for carrying out identity verification and KYC processes locally, without connecting to the Central Identities Data Repository of UIDAI.
"UIDAI has issued a set of guidelines to Offline Verification Seeking Entities (OVSEs) highlighting several usage hygiene issues, better safety mechanisms at users level, and ways to further enhance residents trust while using Aadhaar voluntarily for lawful purposes," it said.
Verification entities, generally, should not collect, use or store Aadhaar number of the resident after having conducted offline verification of Aadhaar, according to UIDAI.
Post verification, if the entity finds it necessary for any reason to store a copy of Aadhaar, they must ensure that the Aadhaar number is redacted/masked and irretrievable.
Entities have been asked to ensure that no services are denied to any resident for refusing to or being unable to undergo offline verification of Aadhaar, provided the resident is able to identify himself/ herself through other viable alternatives.
"It has been underlined that OVSEs need to provide residents viable alternative means of identification in addition to Aadhaar, for rendering service," UIDAI said.
Any Aadhaar can be verified using the QR code available on all forms of Aadhaar (Aadhaar letter, e-Aadhaar, Aadhaar PVC card, and m-Aadhaar) using mAadhaar App, or Aadhaar QR code Scanner. Tampering of Aadhaar documents can be detected by offline verification, and tampering is a punishable offence and liable for penalties under Section 35 of the Aadhaar Act, UIDAI said.
In case, they notice any misuse of information, verification entities need to inform UIDAI and the resident within 72 hours.
"UIDAI has cautioned OVSEs not to perform offline verification on behalf of any other entity or person and ensure full cooperation to the Authority or law enforcement agencies in case of any investigation involving misuse of Aadhaar," the statement said.