wordpress blog stats
Connect with us

Hi, what are you looking for?

UIDAI finally gets powers to penalise Aadhaar Act violators for hacking, unauthorised use

After a five-year wait, the UIDAI gets more teeth to mete out punishment which includes levying hefty fines.

Aadhaar, PAN Card

How should UIDAI penalise violators of the Aadhaar Act? What should be the designation of the adjudicating officer, and how should they go about handling complaints? The central government answers these questions in the Aadhaar Act (Adjudication of Penalties) Rules 2021 released on October 29.

The Aadhaar Act 2016 gave the UIDAI powers to penalise entities for both civil and criminal violations. The central government has finally outlined a mechanism for UIDAI to enforce the penalties, and hence implement the privacy safeguards outlined in the Act.

What do the new Aadhaar Act Rules say?

The Aadhaar Act (Adjudication of Penalties) Rules 2021 outline the procedure for UIDAI to deal with violators:

Who should be the adjudicating officer? Under the Aadhaar Act, UIDAI must appoint an adjudicating officer to deal with violations of the act. The officer must:

  • not be below the rank of Joint Secretary to the Government of India
  • possess ten years or more of experience in the government body
  • possess more than three years of experience law, management, IT or commerce

How to send a complaint: The UIDAI can send a complaint to the adjudicating officer in case of a violation, which must contain the following:

  • the nature of the contravention
  • relevant provision of the Aadhaar Act or rules issued by UIDAI
  • the maximum penalty which can be imposed on the person or entity
  • the timing, place of contravention along with supporting documents

How will the adjudicating officer deal with the complaint? Once a complaint is received from UIDAI, the adjudicating officer will take the following steps:

  1. issue a notice to the alleged violators, requiring them to show cause as to why the penalty should not be imposed on them. (Respondents must be given a minimum of 30 days to respond)
  2. on receipt of reply, issue a notice of hearing to the alleged violators and UIDAI
    (If the violators plead guilty, no hearing will be required and the penalty can be levied)
  3. after giving reasonable opportunity to be heard, the officer can pass an order based on their discretion

What offences can UIDAI penalise under the Aadhaar Act?

Under Aadhaar Act 2016, the adjudicating officer can impose civil and criminal penalties on individuals and companies for reasons such as:

  • Impersonation:  is an offence – imprisonment for 3 years and a fine of Rs. 10,000.
    • Providing false demographic or biometric information
    • Attempting to change the demographic and biometric information of an Aadhaar number holder
    • Pretending to be an agency authorised to collect identity information
  • Unauthorised use: Intentionally transmitting information collected during enrolment and authentication to an unauthorised person is an offence – imprisonment for 3 years and a fine of Rs. 10,000 for a person, and Rs. 1 lakh for a company.
  • Hacking: Unauthorised access to the central identities data repository (CIDR) and hacking is an offence – imprisonment for 10 years and a fine of Rs. 1 crore.
  • Data tampering: Tampering with the central identities data repository is an offence – imprisonment for 10 years and a fine of Rs. 10,000.
  • Non-compliance: Failure to comply with the provision of the Aadhaar Act or to furnish any information required by the Authority is punishable, and the UIDAI can charge a fine of Rs. 1 crore.

Some instances of Aadhaar data being leaked

While the mechanism for penalisation has only been outlined now, the Aadhaar database has existed for five years. In that time, multiple instances of Aadhaar data being leaked have been reported:

  • May 2, 2017: CIS India reported that details of around 130-135 million Aadhaar Numbers, and around 100 million bank numbers have been leaked online by just four government schemes alone.
  • July 9, 2017: An independent website called MagicAPK (since removed) leaked the data of 120 million Jio customers. Querying the website by phone number returned details such as name, email, circle, SIM activation date and Aadhaar number.
  • July 20, 2017: The government admitted that around 210 government websites had been leaking sensitive information including Aadhaar.
  • January 5, 2018: A Tribune investigation revealed that a journalist from the paper was able to purchase unrestricted access to the Aadhaar database for as little as Rs 500.
  • April 2, 2018: Anonymous hackers Lulzsec India claimed to have spotted a vulnerability in a server related to PAN applications, leaking 22,000 Aadhaar and PAN card details.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Advertisement. Scroll to continue reading.
Written By

Reporter at MediaNama. Email: nishant@medianama.com

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.


Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.


Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.


The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.


For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ