A New Way to Verify Aadhaar Offline: Introduction of Face Matching

– Anita Baid | finserv@vinodkothari.com

The identity verification process, specifically in case of digital transactions, has taken another step with the introduction of the Aadhaar Verifiable Credential (AVC) verification process. Introduced vide the Aadhaar (Authentication and Offline Verification) Amendment Regulations, 2025, this intends to ease the KYC verification process by regulated entities. 

For all these years, aadhaar verification relied primarily on authentication mechanisms such as OTP or biometric scanning or various forms of offline verification such as QR code verification or e-aadhaar verification or offline paper based verification. While authentication requires interaction with the UIDAI’s central servers; offline methods can be prone to manual handling and lack the security assurance that comes with a digitally verifiable central record.

Existing Offline Verification Mode

Regulated entities like banks and NBFCs, have a requirement of performing identity verification or KYC, make use of Aadhaar offline verification for the same. The common modes of offline verifications are as follows:

1. Collection of the Aadhaar letter copy or printed E-aadhaar or PVC card and subsequently read the QR code to validate the digital signature and match the information in QR code with the printed information. 
2. Reading QR code from the e-Aadhaar or m-Aadhaar application or PVC card or Digi locker app by using a mobile app or computer application. Subsequently the digital signature present in the QR code is validated, the information in QR code is matched with the Aadhaar data.
3. Borrower submits a downloaded Paperless Offline e-KYC file and the digital signature in the file is validated. 

Now the Amendment Regulations have inserted another mode that is, Aadhaar Verifiable Credential verification, which may be carried out with or without offline face verification. Further, the reference to XML file and m-Aadhaar has been removed. 

What is an Aadhaar Verifiable Credential (AVC)?

AVC is a digital document issued by the Unique Identification Authority of India (UIDAI) that encapsulates specific, minimal identity attributes of an Aadhaar holder (e.g., name, date of birth, photo, last four digits of the Aadhaar number). Given that the AVC is issued by the UIDAI, makes it tamper-proof and instantly verifiable for authenticity. 

The Amendment Regulations provides the following definition:

“Aadhaar Verifiable Credential” means a digitally signed document issued by the Authority to the Aadhaar number holder which may contain last 4 digits of Aadhaar number, demographic data, like, name, address, gender, date of birth, and photograph of Aadhaar number holder, and such other information as may be specified by the Authority, which may be shared by Aadhaar number holder in full or part with an OVSE in the manner specified by the Authority, for verifying the demographic information or photograph of the Aadhaar number holder;”

Unlike full Aadhaar authentication, which might reveal more information than necessary, the AVC allows for selective disclosure, containing last 4 digits of Aadhaar number, demographic data, like, name, address, gender, date of birth, and photograph of Aadhaar number holder, and such other information as may be specified by the UIDAI. 

The key features of the AVC are as follows:

1. Nature of document: It is a digitally signed document, with a tamper-proof and verified nature.
2. Issuer: The document is issued solely by the Authority, that is UIDAI.
3. Selective Disclosure: The AVC contains selective demographic data, including the last four digits of the Aadhaar number and a photograph.
4. Controlled Sharing: The AVC is shared by the Aadhaar number holder with an OVSE (Offline Verifying Seeking Entity), ensuring the holder maintains control over  its dissemination.
5. Purpose: The sole purpose of sharing the VC is for verifying the demographic information or photograph of the holder, strictly limiting its use for KYC procedures.

Who are Offline Verification Seeking Entity (OVSE)?

The Amendment Regulations, 2025, require Verifying Entities on being registered as OVSE to perform offline verification. Further, the regulated entities are required to make an application to UIDAI under Regulation 13A to perform Aadhaar Paperless Offline e-KYC or Aadhaar Verifiable Credential (AVC) verification via the Aadhaar Application.

The registration process requires the entity to apply to UIDAI on specified terms and conditions. UIDAI has the power to request further information, verify the details submitted, approve the application if satisfied, or reject it otherwise. If rejected, the grounds must be communicated within fifteen days. An aggrieved applicant has thirty days to apply for reconsideration. Crucially, a registered OVSE must perform offline verification only for lawful purposes, which includes carrying out KYC and Customer Due Diligence by a regulated entity.

The Amendment Regulations also clarify that Offline Verification may be carried out by the OVSE with or without offline face verification. Hence, there is an option that AVC verification can be clubbed with offline face verification.

Offline Face Verification Process

The Amendment Regulations formally define ‘Offline Face Verification’ as: 

‘”Offline Face Verification” means a mode of offline verification in which the live facial image of an Aadhaar number holder is captured and is verified against the photograph of the Aadhaar number holder stored within the Aadhaar application of the Aadhaar number holder for the correctness, or lack thereof;”

In this regard, “Aadhaar Application” means any official mobile application or web application developed and managed by UIDAI to provide an interface to Aadhaar number holders for services related to Aadhaar, including performing offline verification.

The process of Offline Face Verification establishes a secondary, crucial layer of verification that links the digital credential embedded in the AVC to the physical presence of the individual. The requirement is to ensure a live facial image of the aadhaar holder is captured, hence requiring a physical meeting and verifying it against the photograph from the aadhaar application. This is a significant step toward preventing the fraudulent use of a verified credential by someone other than the actual holder, ensuring greater integrity of the KYC process. We will have to wait and see in case the RBI comes up with necessary amendments in the KYC Directions to recognise the AVC and face verification done remotely as a face to face mode of KYC. 

Will there be an ease for Regulated Entities (RE)?

The existing process of KYC identification includes offline verification and authentication. For the implementation of the AVC and face verification facility, the RE is additionally required to be registered as an OVSP.  

Henceforth, there will be only 3 recognised ways of performing Aadhaar offline verification with or without offline face verification- 

• QR Code verification 
• Aadhaar Paperless Offline e-KYC  
• AVC verification 

It seems that the Amendment Regulations require registration as an OVSE for the purpose of carrying out offline verification in case of AVC or Aadhaar Paperless Offline e-KYC Verification through the Aadhaar Application. The other modes of carrying out the verification (QR code verification, e-Aadhaar verification/Offline Paperless e-KYC verification) do not require any such registration. However, these modes require the RE to validate the digital signature of the Authority embedded in these documents. RE will, therefore, now have to decide which of these options is operationally more convenient for them.

Further, it seems that offline verification along with offline face verification would be regarded as a complete face-to-face KYC for the purpose of the onboarding of customers by regulated entities. 

---

Read More:

1. Online Authentication of Aadhaar: Exclusive Club, Members Only!
2. Setu-ing the Standard: NPCI’s New Path to Aadhaar e-KYC
3. Resources on KYC