UIDAI Notifies First Amendment to Aadhaar Regulations, 2025: What It Means for Individuals and Institutions

Introduction

On 2 July 2025, the Unique Identification Authority of India (UIDAI) issued a significant notification amending the Aadhaar (Enrolment and Update) Regulations, 2016. Notified under the authority of Section 54(1) and (2) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Aadhaar (Enrolment and Update) First Amendment Regulations, 2025 introduces critical changes aimed at enhancing identity integrity, rationalising documentation, and streamlining Aadhaar-related procedures.

This article analyses the scope and legal impact of the amendments, particularly the changes to Regulation 27 and Schedule II, which are of considerable relevance to regulated entities across sectors including banking, fintech, insurance, education, HR, and immigration law.

Legal Background

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”) was enacted to provide legal backing to Aadhaar and facilitate targeted delivery of subsidies, benefits, and services through unique identity authentication. The UIDAI, established under Section 11 of the Aadhaar Act, is empowered to issue regulations under Section 54 to carry out the provisions of the Act.

The Aadhaar (Enrolment and Update) Regulations, 2016 govern the process of enrolment, updates, and related document verification. Over the years, amendments have been made to address evolving legal, technological, and operational challenges. The latest 2025 amendment marks a significant regulatory intervention in this framework.

Key Amendments

1. Regulation 27 – Elimination of Multiple Aadhaar Numbers

The amendment substitutes sub-regulation (1) of Regulation 27, providing that:

“Where the Authority is satisfied that more than one Aadhaar number has been issued to the same person, the Aadhaar number assigned the earliest and containing the biometric information of the Aadhaar number holder shall be retained and all other Aadhaar number(s) shall be omitted.

Provided that if none of the assigned Aadhaar numbers contain biometric information of the Aadhaar number holder, the Aadhaar number assigned the earliest shall be retained and all other Aadhaar number(s) shall be omitted.”

Legal Implications:

• This codifies UIDAI’s authority to cancel duplicate Aadhaar numbers to ensure the uniqueness principle enshrined in the Aadhaar system.
• Entities conducting Aadhaar-based e-KYC or authentication must verify that the Aadhaar number in use is valid and active to avoid regulatory non-compliance or data mismatch issues.
• The retention of the earliest number, particularly one with biometric information, is consistent with the Aadhaar system’s identity integrity objectives under Section 3 and 8 of the Aadhaar Act.

2. Revised Schedule II – Comprehensive Document Framework

The notification substitutes the earlier Schedule II with an exhaustive list of acceptable documents for enrolment and updates. The matrix is categorised across the following parameters:

• Proof of Identity (PoI)
• Proof of Address (PoA)
• Proof of Date of Birth (DoB)
• Proof of Relationship (PoR)

Special provisions have been included for:

• Minors (especially under age 5),
• Foreign nationals, including Nepal and Bhutan citizens, OCI card holders, and long-term visa holders,
• Children in shelter homes or under legal guardianship,
• Transgender persons (recognised under the Transgender Persons (Protection of Rights) Act, 2019).

Noteworthy Requirements:

• For minors below 5 years, Head of Family (HoF)-based enrolment is mandatory, barring children in institutions.
• PoI documents must mandatorily contain both the name and photograph of the individual.
• Similarly, PoA must contain both name and address, and PoR must include names of both the individual and the HoF.
• Date of Birth updates for individuals born on or after 1 October 2023 must be supported by a birth certificate issued under the Registration of Births and Deaths Act, 1969.
• Documents must be valid and current (not expired), unless expressly stated otherwise.
• For foreign nationals, the Aadhaar will remain valid only until the expiry of the visa, except for certain exemptions applicable to citizens of Nepal and Bhutan.

Implications for Stakeholders:

• Financial Institutions and NBFCs: Must revalidate KYC onboarding practices to ensure compliance with the revised PoI, PoA, and DoB document requirements.
• Educational Institutions: Require adherence to new documentation for Aadhaar-linked services for minors.
• Employers and HR Departments: Should review Aadhaar collection protocols for new employees, especially in light of the changes affecting NRIs and foreign nationals.
• NGOs and Legal Guardians: Must understand the stricter rules surrounding enrolment of children under guardianship or institutional care.
• Transgender Individuals: Can now submit identity documents issued under the 2019 Act as valid proof for enrolment or update, enhancing inclusivity and compliance with constitutional guarantees under Articles 14 and 21.

Compliance and Risk Considerations

Entities relying on Aadhaar for authentication or identity verification must:

• Conduct periodic audits of documentation policies.
• Avoid using or storing deactivated Aadhaar numbers to prevent regulatory breaches under the Aadhaar Act and the Information Technology Act, 2000.
• Update their onboarding and KYC systems to align with the redefined document matrices.
• Train personnel on identification procedures for special categories such as foreign nationals and transgender persons.

Failure to adapt may expose institutions to operational disruptions, invalid authentications, or adverse regulatory scrutiny.

Conclusion

The July 2025 amendment to the Aadhaar (Enrolment and Update) Regulations is a crucial step towards reinforcing the reliability and legality of Aadhaar-based identification. It removes ambiguity around multiple Aadhaar numbers and standardises documentation for enrolment and updates. Regulated entities and Aadhaar-dependent stakeholders should urgently align their compliance frameworks with these changes to mitigate risk and ensure lawful usage of Aadhaar credentials.