Definition
Aadhaar is India's national digital identity system: a unique 12-digit number assigned to every resident and backed by their biometric data.
Run by the UIDAI (Unique Identification Authority of India) since 2009, it covers more than 1.3 billion people — over 96% of the population, making it the largest digital identity system in the world. It is the backbone of India's financial inclusion, at the heart of the India Stack ecosystem, and the reference point (for better and for worse) of modern digital identity projects, including eIDAS 2 and the EUDI Wallet.
How it works
Enrolment
- In-person attendance at an enrolment centre.
- Capture of demographic (name, date of birth, address) and biometric data: 10 fingerprints, 2 irises, photo.
- Uniqueness check through biometric deduplication against the central database.
- Issuance of the 12-digit number and a paper or PVC card.
Authentication (Aadhaar Auth)
Authentication only returns a Yes/No: the service receives neither the biometrics nor the demographic data, except in an explicit eKYC.
eKYC
With consent, the service retrieves the demographic data (name, date of birth, address, photo) as signed XML. This is what makes it possible to open a bank account in minutes, with no paper documents at all.
India Stack
Aadhaar is the first building block of a stack of digital public services:
- Aadhaar — identity.
- eKYC — simplified identity verification.
- eSign — legally valid electronic signature via Aadhaar.
- DigiLocker — the digital vault for certificates.
- UPI — instant interbank payments.
- Account Aggregator — India's equivalent of Open Banking.
This stack enabled the financial inclusion of 500 million Indians between 2014 and 2020, through the Jan Dhan Yojana programme.
Mass adoption
- More than 1.3 billion enrolments.
- More than 2 billion authentications per day, a world record.
- Uses: account opening, SIM cards, social benefits (DBT, Direct Benefit Transfer), gas subscriptions, school enrolment, Covid vaccination.
Privacy: the major controversy
- Centralisation: a single database (CIDR) concentrates the risks — cyberattack, state surveillance.
- Mandatory creep: opt-in at first, it became de facto mandatory for most services.
- Puttaswamy ruling (2017): the Supreme Court enshrined a right to privacy and restricted the private sector's use of Aadhaar, while maintaining it for public services.
- Leaks: numerous minor breaches, never (officially) on the central database.
- Design limitation: no selective disclosure, no local wallet — the opposite model to the EUDI Wallet.
Aadhaar vs eIDAS 2 / EUDI Wallet
| Aspect | Aadhaar | EUDI Wallet |
|---|---|---|
| Architecture | Centralised (CIDR DB) | Decentralised (local wallet) |
| Issuer | A single state (UIDAI) | Member states (one per country) |
| Stored data | Centralised in CIDR | Local on the smartphone |
| Authentication | Bio + number against CIDR | Asymmetric crypto signed locally |
| Selective disclosure | No (Yes/No or full eKYC) | Yes (SD-JWT) |
| Privacy | Critical (single surveillance point) | By design (zero-knowledge possible) |
| Cost for the service | Low (UIDAI API) | Low (open standards) |
| Adoption | 1.3 Bn enrolled | Still to build (2026+) |
Lessons for Europe
The EU is studying Aadhaar for its inclusive onboarding (mass enrolment) and its banking eKYC, useful models for PSD3 and the AMLR. But it rejects the centralisation in favour of a local wallet, and puts forward privacy by design as a counter-model.
Link with UPI and financial inclusion
The mass inclusion rests on a simple chain: any resident without an ID document can enrol, then open a bank account in minutes via eKYC, use it through UPI (instant, free payments), and receive their benefits directly (DBT) — which eliminates cash and the corruption of intermediaries. A model partly adopted in Brazil (CPF + Pix) and in Nigeria (BVN).
What Aadhaar is not
- Not a legal ID card: it is an identifier, accompanied by an unsecured paper card.
- Not a proof of nationality: enrolment is based on residence, not citizenship (hence the NRC/CAA controversies).
- Not a wallet: no local storage, no embedded signature.
- Not a payment system: UPI is separate and can simply use Aadhaar as an identifier.
- Not exportable: strictly national.
In the PSD2 / global Open Banking ecosystem
Aadhaar has no direct equivalent in Europe but serves as a reference model for financial inclusion (a goal of PSD3), eKYC (which inspires the AMLR) and the Indian Account Aggregator (a mini-equivalent of FIDA).
Concrete examples
- Jan Dhan Yojana (2014-2020): 500M bank accounts opened via Aadhaar eKYC, a record inclusion programme.
- Direct Benefit Transfer: more than $300bn paid out without intermediaries between 2014 and 2024, for an estimated $30bn in avoided fraud.
- UPI + Aadhaar: opening an account and activating UPI in under 30 minutes, with no cash or physical document.
- Aadhaar Pay: biometric payment for rural areas without smartphones, on a simple fingerprint.
- Pix comparison: Brazil relies on the CPF (tax number) rather than biometrics — less intrusive, same inclusion spirit.
- EUDI Wallet inspiration: Aadhaar proved that a mass digital identity is possible; the EU takes the principle but chooses the decentralised approach to protect privacy.
- African failures: Kenya (Huduma) and Nigeria (NIMC) tried to copy the model with limited success, for lack of universal enrolment and an equivalent ecosystem.