India’s regulatory framework for Regulated Entities (REs) has entered a new phase with the Ministry of Electronics & Information Technology (MeitY) announcing that the National e-Governance Division (NeGD) will now operate as an Authentication User Agency (AUA) under UIDAI. NeGD currently manages the DigiLocker platform, a widely utilised tool by REs for conducting KYC of end consumers.
This structural shift is expected to have significant implications for the DigiLocker service and its users across the financial and digital services ecosystem. While on the surface it may appear as another procedural update, the downstream impact on compliance, cost structure, and service continuity is far-reaching.
What’s Changing, and Why It Matters
Until recently, REs could leverage DigiLocker’s Aadhaar-based authentication capabilities without directly engaging with UIDAI. That’s now set to change.
With NeGD assuming the role of an AUA, all entities currently leveraging Aadhaar authentication through the DigiLocker platform must onboard as Sub-AUAs under NeGD to continue accessing DigiLocker services.
Here’s why this matters:
1. Continuity of Service
Failure to transition from a DigiLocker Requestor to a Sub-AUA under NeGD will cause disruption of Aadhaar authentication services, impacting critical functions such as e-KYC processes and real-time identity verification workflows.
2. Compliance Risk
UIDAI mandates that all Aadhaar authentications be conducted exclusively through authorised AUAs and Sub-AUAs. As a Sub-AUA empanelled under NeGD, enterprises will be required to adhere to all UIDAI-prescribed audit compliance and data security protocols to maintain authorisation and ensure the secure handling of Aadhaar data.
3. Cost Recalibration
What was once a zero-cost service, DigiLocker will now operate under a clearly defined pricing model, which includes a bi-annual Sub-AUA license fee (payable to UIDAI) along with per-transaction charges for Aadhaar-based e-KYC services.
DigiLocker Shifts from Free to Paid Utility
One of the most material changes brought on by this announcement is the new cost structure.
The critical concern isn’t just the introduction of operational costs but the broader operational and compliance implications.
These mandates are poised to influence key areas such as budgeting, pricing strategies, data security protocols, transaction-processing frameworks, and digital transformation roadmaps, particularly for REs managing high volumes of Aadhaar authentications.
Timelines and Action Points for REs
Given the mandatory nature of this transition, we strongly recommend the following next steps:
1. Immediately Initiate the Sub-AUA Onboarding Process
Begin registration and compliance with NeGD as soon as possible; delays could lead to disconnection from Aadhaar authentication services, jeopardizing both customer experience and operational continuity.
2. Assess Financial Impact
Analyse DigiLocker transaction volumes and evaluate how these will influence costs across your digital channels. It may also be prudent to re-evaluate whether all current Aadhaar authentications are necessary or could be optimised.
3. Align your Tech Stack and Processes
Ensure your systems can interface with NeGD’s AUA infrastructure. This includes integrating authentication APIs, updating your compliance documentation, and training internal teams.
Summing Up
At ECS, we believe that this transition offers not only a regulatory mandate but also an opportunity for REs to:
- Strengthen their Aadhaar integration frameworks.
- Align early with UIDAI’s evolving regulatory ecosystem.
- Mitigate any risks that may arise from non-compliance and operational disruptions.
As India’s leading Aadhaar-based digital identity solutions provider, ECS brings deep domain knowledge, operational expertise, and regulatory foresight to help you navigate the ever-evolving Aadhaar landscape.
If your organisation currently relies on DigiLocker for Aadhaar-based authentication services, please feel free to get in touch with our colleague Amit Joshi at 9820875525 / 7208155528 or via email at amit@eastcs.com to learn how ECS can assist your organisation in transitioning confidently, compliantly, and cost-effectively.