Centre for Internet & Society

We have put together a plain English version of the The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016

 

Chapter I. PRELIMINARY

 

Section 1

  1. This Act is called Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

  2. It will be applicable in whole of India (except the state of Jammu and Kashmir).

  3. It will become applicable on a date to be notified by the Central Government.

 

Section 2

  1. “Aadhaar number” is the identification number issued to an individual under the Act;

  2. “Aadhaar number holder” is the person who has been given an Aadhaar number;

  3. “authentication” is the process of verifying the Aadhaar number, demographic information and biometric information of any person by the Central Identities Data Repository (CIDR);

  4. “authentication record” is the record of the authentication which will contain the identity of the requesting entity and the response of the CIDR;

  5. “Authority”  or “UIDAI” refers to the Unique Identification Authority of India established under this Act;

  6. “benefit” means any relief or payment which may be notified by the Central Government;

  7. “biometric information” means photograph, fingerprint, Iris scan, or any other biological attributes specified by regulations;

  8. “Central Identities Data Repository” or “CIDR” means a centralised database containing all Aadhaar numbers, demographic information and biometric information and other related information;

  9. “Chairperson” means the Chairperson of the UIDAI;

  10. “core biometric information” means fingerprint, Iris scan, or any biological attributes specified by regulations;

  11. “demographic information” includes information relating to the name, date of birth, address and other relevant information as specified by regulations. This information will not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history;

  12. “enrolling agency” means an agency appointed by the UIDAI or a Registrar for collecting demographic and biometric information of individuals for issuing Aadhaar numbers;

  13. “enrolment” means the process of collecting demographic and biometric information from individuals for the purpose of issuing Aadhaar numbers;

  14. “identity information” in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information;

  15. “Member” includes the Chairperson and Member of the Authority appointed under section 12;

  16. “notification” means a notification published in the Official Gazette and the expression “notified” with its cognate meanings and grammatical variations will be construed accordingly;

  17. “prescribed” means prescribed by rules made by the Central Government under this Act;

  18. “records of entitlement” means the records of benefits, subsidies or services provided to any individual under any government programme;

  19. “Registrar” means any person authorized by the UIDAI to enroll individuals under the Act;

  20. “regulations” means the regulations made by the UIDAI under this Act;

  21. “requesting entity” means an agency that submits the Aadhaar number and other information of an individual to the CIDR for authentication;

  22. “resident” means a person who has resided in India for atleast 182 days in the last twelve months before the date of application for enrolment;

  23. “service” means any facility or assistance provided by the Central Government in any form;

  24. “subsidy” means any form of aid, support, grant, etc. in cash or kind as notified by the Central Government.

 

Chapter II. ENROLMENT

 

Section 3

  1. Every resident is entitled to get an Aadhaar number.

  2. At the time of enrollment, the enrolling agency will inform the individual of the following details—

    1. how their information will be used;

    2. what type of entities the information will be shared with; and

    3. that they have a right to see their information and also tell them how they can see their information.

  3. After collecting and verifying the information given by the individuals, the UIDAI will issue an Aadhaar number to each individual.

 

Section 4

  1. Once an Aadhaar number has been issued to a person, it will not be re-assigned to any other person.

  2. An Aadhaar number will be a random number and will not contain any attributes or identity of the Aadhaar number holder.

  3. if adopted by a service provider, an Aadhaar number may be accepted as proof of identity of the person.

 

Section 5

The UIDAI will take special measures to issue Aadhaar number to women, children, senior citizens, persons with disability, unskilled and unorganised workers, nomadic tribes or to such other persons who do not have any permanent residence and similar categories of individuals.

 

Section 6

The UIDAI may require Aadhaar number holders to update their Aadhaar information, so that it remains accurate.

 

Chapter III. AUTHENTICATION

 

Section 7

As a condition for receiving subsidy for which the expenditure is incurred from the Consolidated Fund of India, the Government may require that a person should be authenticated or give proof of the Aadhaar number to establish his/her identity. In the case a person does not have an Aadhaar number, he/she should make an application for enrolment. If an Aadhaar number is not assigned, the person will be offered viable and alternate means of identification for receiving the subsidy, benefit or service.

 

Section 8

  1. The UIDAI will authenticate the Aadhaar information of people as per the conditions prescribed by the government and may also charge a fees for doing so.

  2. Any requesting entity will— (a) take consent from the individual before collecting his/her Adhaar information; (b) use the information only for authentication with the CIDR;

  3. The entity requesting authentication will also inform the individual of the following— (a) what type of information will be shared for authentication; (b) what will the information be used for; and (c) whether there is any alternative to submitting the Aadhaar information to the requesting entity.

  4. The UIDAI will respond to the authentication request with yes, no, or other appropriate response and share identity information about the Aadhaar number holder but not share any biometric information.

 

Section 9

The Aadhaar number or its authentication will not be a proof of citizenship or domicile.

 

Section 10

The UIDAI may engage any number of entities to establish and maintain the CIDR and to perform any other functions specified by the regulations.


Chapter IV. UNIQUE IDENTIFICATION AUTHORITY OF INDIA


Section 11

  1. The UIDAI will be established by the Central Government to be responsible for the processes of enrolment and authentication of Aadhaar numbers.

  2. The UIDAI will be a body corporate with the power to buy and sell property, to enter into contracts and to sue or be sued.

  3. The head office of the UIDAI will be in New Delhi.

  4. The UIDAI may establish its offices at other places in India.

Section 12

The UIDAI will have a Chairperson, two part-time Members and a chief executive officer, who to be appointed by the Central Government.

Section 13

The Chairperson and Members will be competent people with at least 10 years experience and knowledge in technology, governance, law, development, economics, finance, management, public affairs or administration.

Section 14

  1. The Chairperson and the Members will be appointed for 3 years and can be re-appointed after their term. But no Member or Chairperson will be more than 65 years of age.

  2. The Chairperson and Members will take an oath of office and of secrecy.

  3. The Chairperson or Member may— (a) resign from office, by giving an advance written notice of at least 30 days; or (b) be removed from his office because she/he gets disqualified on any of the grounds mentioned in section 15.

  4. The salaries and allowances of the Members and Chairperson will be prescribed under the government.

Section 15

  1. The Central Government may remove a Chairperson or Member, who—
    (a) has gone bankrupt;
    (b) is physically or mentally unable to do his/her job;
    (c) has been convicted of an offence involving moral turpitude;
    (d) has a financial conflict of interest in performing his/her functions; or
    (e) has abused his/her position so that the government needs to remove him/her in public interest.

  2. The Chairperson or a Member will be given a chance to present his/her side of the story before being removed, unless he/she is being removed on the grounds of bankruptcy or criminal conviction.

Section 16

An Ex-Chairperson or Ex-Member will have to take the approval of the Central Government,—

  1. to accept any job in any entity (other than a government organization) which was associated with any work done for the UIDAI while that person was a Chairperson or Member, for a period of three years after ceasing to hold office;

  2. to act or advise any entity on any particular transaction for which that person had provided advice to the UIDAI while he/she was the Chairperson or a Member;

  3. to give advice to any person using information which was obtained as the Chairperson or a Member which is not available to the public in general; or

  4. to accept any offer of employment or appointment  as a director of any company with which he/she had direct and significant official dealings during his/her term of office, for a period of three years.

Section 17

The Chairperson will preside over the meetings of the UIDAI and have the powers and perform the functions of the UIDAI.

Section 18

  1. The chief executive officer (CEO) of the UIDAI will not be below the rank of Additional Secretary to the Government of India.

  2. The chief executive officer will be responsible for— (a) the day-to-day administration of the UIDAI; (b) implementing the programmes and decisions of the UIDAI; (c) making proposals for the UIDAI; (d) preparation of the accounts and budget of the UIDAI; and (e) performing any other functions prescribed in the regulations.

  3. The CEO will annually submit the following things to the UIDAI for its approval — (a) a general report covering all the activities of the Authority in the previous year; (b) programmes of work; (c) the annual accounts for the previous year; and (d) the budget for the coming year.

  4. The CEO will have administrative control over the officers and other employees of the Authority.


Section 19

  1. The time and place of the meetings of the UIDAI and the rules and procedures of those meetings will be prescribed by regulations.

  2. The meetings will be presided by the Chairperson, and if they are absent, then the senior most Member of the UIDAI.

  3. All decisions at the meetings of the UIDAI will be taken by a majority vote. In case of a tie, the person presiding the meeting will have the casting vote.

  4. All decisions of the UIDAI will be signed by the Chairperson or any other Member or the Member-Secretary authorised by the UIDAI in this behalf.

  5. If any Member, who is a director of a company and because of this has any financial interest in matters coming up for consideration at a meeting, that member should disclose the financial interest and not take any further part in the discussions and decision on that matter.

Section 20

No actions or proceeding of the UIDAI will become invalid merely because of—

  1. any vacancy in, or any defect in the constitution of, the UIDAI;

  2. any defect in the appointment of a person as Chairperson or Member of the Authority; or

  3. any irregularity in the procedure of the Authority not affecting the merits of the case.

 

Section 21

  1. The UIDAI, with the approval of the Government, can decide on the number and types of officers and employees that it would require.

  2. The salaries and allowances of the employees, officer and chief executive officer will be prescribed under the government.

Section 22.

Once the UIDAI is establishment—

  1. all the assets and liabilities of the existing Unique Identification Authority of India, established by the Government of India through notification dated the 28th January, 2009, will stand transferred to the new UIDAI.

  2. all data and information collected during enrolment, all details of authentication performed, by the existing Unique Identification Authority of India will be deemed to have been done by the UIDAI. All debts, liabilities incurred and all contracts entered into by the Unique Identification Authority of India will be deemed to have been entered into by the UIDAI;

  3. all money due to the existing Unique Identification Authority of India will be deemed to be due to the UIDAI; and

  4. all suits and other legal proceedings instituted by or against such Unique Identification Authority of India may be continued by or against the UIDAI.

Section 23

The UIDAI will develop the policy, procedure and systems for issuing Aadhaar numbers to individuals and perform their authentication. The powers and functions of the UIDAI include—

  1. specifying the demographic information and biometric information required for enrolment and the processes for collection and verification of that information;

  2. collecting demographic information and biometric information from people seeking Aadhaar numbers;

  3. appointing of one or more entities to operate the CIDR;

  4. generating and assigning Aadhaar numbers to individuals;

  5. performing authentication of Aadhaar numbers;

  6. maintaining and updating the information of individuals in the CIDR;

  7. omitting and deactivating an Aadhaar number;

  8. specifying the manner of use of Aadhaar numbers for the purposes of providing or availing of various subsidies and other purposes for which Aadhaar numbers may be used;

  9. specifying the terms and conditions for appointment of Registrars, enrolling agencies and service providers and revocation of their appointments;

  10. establishing, operating and maintaining of the CIDR;

  11. sharing the information of Aadhaar number holders;

  12. calling for information and records, conducting inspections, inquiries and audit of the operations of the CIDR, Registrars, enrolling agencies and other agencies appointed under this Act;

  13. specifying processes relating to data management, security protocols and other technology safeguards under this Act;

  14. specifying the conditions/procedures for issuance of new Aadhaar number to existing Aadhaar number holder;

  15. levying and collecting the fees or authorising the Registrars, enrolling agencies or other service providers to collect fees for the services provided by them under this Act;

  16. appointing committees necessary to assist the Authority in discharge of its functions;

  17. promoting research and development for advancement in biometrics and related areas;

  18. making and specifying policies and practices for Registrars, enrolling agencies and other service providers;

  19. setting up facilitation centres and grievance redressal mechanisms;

  20. other powers and functions as prescribed.

The Authority may,— (a) enter into agreements with various state governments and Union Territories for collecting, storing, securing or processing of information or delivery of Aadhaar numbers to individuals or performing authentication; (b) appoint Registrars, engage and authorize agencies to collect, store, secure, process information or do authentication or perform other functions under this Act. The Authority may engage consultants, advisors and other persons required for efficient discharge of its functions.

Chapter V. GRANTS, ACCOUNTS AND AUDIT AND ANNUAL REPORT

 

Section 24

The Central Government may grant money to the UIDAI as it may decide, upon due appropriation by Parliament.

 

Section 25

Fees/revenue collected by the UIDAI will be credited to the Consolidated Fund of India

 

Section 26

  1. The UIDAI will prepare an annual statement of accounts in the format prescribed by Central Government

  2. The Comptroller and Auditor-General will audit the account of the UIDAI annually at intervals decided by him, at the UIDAI’s expense.

  3. The Comptroller and Auditor-General or his appointees will have the same powers of audit they usually have to audit Government accounts.

  4. The UIDAI will forward the statement of accounts certified by the Comptroller and Auditor-General and the audit report, to the Central Government who will lay it before both houses of Parliament.

 

Section 27

  1. The UIDAI will provide returns, statements and particulars as sought, to the Central Government, as and when required.

  2. The UIDAI will prepare an annual report containing the description of work for previous years, annual accounts of previous year, and the programmes of work for coming year.

  3. The copy of the annual report will be laid before both houses of Parliament by the Central Government.

 

Chapter VI. PROTECTION OF INFORMATION

 

Section 28

  1. The UIDAI will ensure the security and confidentiality of identity information and authentication records.

  2. The UIDAI will take measures to ensure that all information with the UIDAI, including CIDR records is secured and protected against access, use or disclosure and against destruction, loss or damage.

  3. The UIDAI will adopt and implement appropriate technical and organisational security measures, and ensure the same are imposed through agreements/arrangements with its agents, consultants, advisors or other persons.

  4. Unless otherwise provided, the UIDAI or its agents will not reveal any information in the CIDR to anyone.

  5. An Aadhaar number holders may request UIDAI to provide access his information (excluding the core biometric information) as per the regulations specified.

 

Section 29

  1. The core biometric information collected will not be a) shared with anyone for any reason, and b) used for any purpose other generation of Aadhaar numbers and authentication.

  2. Identity information, other than core biometric information, may be shared only as per this Act and regulations specified under it.

  3. Identity information available with a requesting entity will not be used for any purpose other than what is specified to the individual, nor will it be shared further without the individual’s consent.

  4. Aadhaar numbers or core biometric information will not be made public except as specified by regulations.

 

Section 30

All biometric information collected and stored in electronic form will be deemed to be “electronic record” and “sensitive personal data or information” under Information Technology Act, 2000 and its provisions and rules will apply to it in addition to this Act.

 

Section 31

  1. If the demographic or biometric information about any Aadhaar number holder changes, is lost or is found to be incorrect, they may request the UIDAI to make changes to their record in the CIDR, as necessary.

  2. The identity information in the CIDR will not be altered, except as provided in this Act.

 

Section 32

  1. The UIDAI will maintain the authentication records in the manner and for as long as specified by regulations.

  2. Every Aadhaar number holder may obtain his authentication record as specified by regulations.

  3. The UIDAI will not collect, keep or maintain any information about the purpose of authentication.

 

Section 33

  1. The UIDAI may reveal identity information, authentication records or any information in the CIDR following a court order by a District Judge or higher. Any such order may only be made after UIDAI is allowed to appear in a hearing.

  2. The confidentiality provisions in Sections 28 and 29 will not apply with respect to disclosure made in the interest of national security following directions by a Joint Secretary to the Government of India, or an officer of a higher rank, authorised for this purpose.

  3. An Oversight Committee comprising Cabinet Secretary, and Secretaries of two departments — Department of Legal Affairs and DeitY— will review every direction under 33 B above.

  4. Any directions under 33 B above are valid for 3 months, after which they may be extended following a review by the Oversight Committee.

 

Chapter VII. OFFENCES AND PENALTIES

 

Section 34

Impersonating or attempting to impersonate another person by providing false demographic or biometric information will punishable by imprisonment of up to three years, and/or fine of up to ten thousand rupees.

 

Section 35

Changing or attempting to change any demographic or biometric information of an Aadhaar number holder by impersonating another person (or attempting to do so), with the intent of i) causing harm or mischief to an Aadhaar number holder, or ii) appropriating the identity of an Aadhaar number holder, is punishable with imprisonment up to three years and fine up to ten thousand rupees.

 

Section 36

Collection of identity information by one not authorised by this Act, by way of pretending otherwise, is punishable with imprisonment up to three years or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

 

Section 37

Intentional disclosure or dissemination of identity information, to any person not authorised under this Act, or in violation of any agreement entered into under this Act, will be punishable with imprisonment up to three years or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

 

Section 38

The following intentional acts, when not authorised by the UIDAI, will be punishable with imprisonment up to three years and a fine not less than ten lakh rupees:

  1. accessing or securing access to the CIDR;

  2. downloading, copying or extracting any data from the CIDR;

  3. introducing or causing any virus or other contaminant into the CIDR;

  4. damaging or causing damage to the data in the CIDR;

  5. disrupting or causing disruption to access to CIDR;

  6. causing denial of access to an authorised to the CIDR;

  7. revealing information in breach of (D) in Section 28, or Section 29;

  8. destruction, deletion or alteration of any files in the CIDR;

  9. stealing, destruction, concealment or alteration of any source code used by the UIDAI.

 

Section 39

Tampering of data in the CIDR or removable storage medium, with the intention to modify or discover information relating to Aadhaar number holder will be punishable with imprisonment up to three years and a fine up to ten thousand rupees.

 

Section 40

Use of identity information in violation of Section 8 (3) by a requesting entity will be punishable with imprisonment up to three years and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).


Section 41

Violation of Section 8 (3) or Section 3 (2) by a requesting entity or enrolling agency will be punishable with imprisonment up to one year and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

 

Section 42

Any offence against this Act or regulations made under it, for which no specific penalty is provided, will be punishable with be punishable with imprisonment up to one year and/or a fine up to twenty five thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

 

Section 43

  1. In case of an offence under Act committed by a Company, all person in charge of and responsible for the conduct of the company will also be held to be guilty and liable for punishment unless they can prove lack of knowledge of the offense or that they had exercised all due diligence to prevent it.

  2. In case an offence is committed by a Company with the consent, connivance or neglect of a director, manager, secretary or other officer of a company, they will also be held guilty of the offence.

 

Section 44

This Act will also apply to offences committed outside of India by any person, irrespective of their nationality, if the offence involves any data in the CIDR.

 

Section 45

Offences under this Act will not be investigated by police officers below the rank of Inspector of Police.

 

Section 46

Penalties imposed under this Act will not prevent imposition of any other penalties or punishment under any other law in force.

 

Section 47

  1. Courts will take cognizance of offences under this Act only upon complaint being made by the UIDAI or any officer authorised by it.

  2. No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial Magistrate will try any offence under this Act.

 

Chapter VIII. MISCELLANEOUS

 

Section 48

  1. Central Government has the power to supersede the UIDAI, through a notification, not for longer than six months, in the following circumstances: i) In case of circumstances beyond the control of the UIDAI, ii) The UIDAI has defaulted in complying with directions of the Central Government, affecting financial position of the UIDAI, iii) Public emergency

  2. Upon publication of notification, Chairperson and Members of the UIDAI must vacate the office

  3. Powers, functions and duties will be performed by person(s) authorised by the President.

  4. Properties controlled and owned by UIDAI will vest in the Central Government.

  5. Central Government will reconstitute the UIDAI upon expiration of supersession, with fresh appointment of Chairperson and Members.

 

Section 49

Chairperson, members, employees etc. are deemed to be public servants within the meaning of section 21 of the Indian Penal Code.

 

Section 50

  1. Central Government has the power to issue directions to the UIDAI on questions of policy (to be decided by the Government), except technical and administrative matters and the UIDAI will be bound by it.

  2. The UIDAI will be given an opportunity to express views before direction is given.

 

Section 51

The UIDAI may delegate its powers and functions to a Member or officer of the UIDAI.

 

Section 52

No suit, prosecution or other legal proceedings will lie against the Central Government, UIDAI, Chairperson, any Member, officer, or other employees of the UIDAI for an act done in good faith.

 

Section 53

The Central Government has the power to makes Rules for matters prescribed under this provision.

 

Section 54

UIDAI has the power to make regulations for matters prescribed under this provision.

 

Section 55

Rules and regulations under this Act will be laid before each House of Parliament for a total period of thirty days, both Houses must agree in making modification, and then the Rules will come into effect.

 

Section 56

Provisions of this Act are in addition to, and not in derogation of any other law currently in effect.

 

Section 57

This Act will not prevent use of Aadhaar number for other purposes under law by the State or other bodies.

 

Section 58

The Central Government may pass an order to remove a difficulty in giving effect to the provisions of this Act, not beyond three years from the commencement of this Act.

 

Section 59

Action take by Central Government under the Resolution of the Government of India for setting up the UIDAI or by the Department of Electronics and Information Technology under the notification including the UIDAI under the Ministry of Communications and Information Technology will be deemed to have been validly done or taken.

 

STATEMENT OF OBJECTS AND REASONS
  1. Correct identification of targeted beneficiaries for delivery of subsidies, services, frants, benefits, etc has become a challenge for the Government

  2. This has proved to be a major hindrance for successful implementation of these programmes.

  3. In the absence of a credible system to authenticate identity of beneficiaries, it is difficult to ensure that the subsidies, benefits and services reach to intended beneficiaries.

  4. The UIDAI was established to lay down policies and implement the Unique Identification Scheme of the Government, by which residents of India were to be provided unique identity number.

  5. Upon successful authentication, this number would serve as proof of identity for identification of beneficiaries for transfer of benefits, subsidies, services and other purposes.

  6. With increased use of the Aadhaar number, steps to ensure security of such information need to be taken and offences pertaining to certain unlawful actions, created.

  7. It has been felt that the processes of enrolment, authentication, security, confidentiality and use of Aadhaar related information must be made statutory.

  8. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 seeks to provide for issuance of Aadhaar numbers to individuals on providing his demographic and biometric information to the UIDAI, requiring Aadhaar numbers for identifying an individual for delivery of benefits, subsidies, and services, authentication of the Aadhaar number, establishment of the UIDAI, maintenance and updating the information of individuals in the CIDR, state measures pertaining to security, privacy and confidentiality of information in possession or control of the UIDAI including information stored in the Central Identities Data Repository and identify offences and penalties for contravention of relevant statutory provisions.

 

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.