Aadhaar is the world's largest biometric identity system with approximately 134 crores live Aadhaar holders. It has completed more than 16,000 crore authentication transactions.

Unique Identification Authority of India (UIDAI), the organisation entrusted to issue Aadhaar, has comprehensive measures in place to protect the personal data of Aadhaar number holders.

• It has implemented multi-layered security infrastructure with defence-in-depth concept to protect its database and continuously reviews/audits the same to protect its systems.
• It uses advanced encryption technologies for protecting data during transmission and storage.
• UIDAI’s Information Security Management System is ISO 27001:2022-certified by STQC. UIDAI is also certified ISO/IEC 27701:2019 (Privacy Information Management System).
• Further, UIDAI is declared as a protected system and hence the National Critical Information Infrastructure Protection Centre (NCIIPC) continuously provide security advices to maintain its cybersecurity posture.

An independent audit agency is engaged for the creation of the Governance, Risk, and Compliance and Performance (GRCP) framework for the Aadhaar ecosystem and oversight for adherence to the same.

It continuously conducts cybersecurity audit of UIDAI application including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).

Till date, no breach of Aadhaar card holders’ data has occurred from the UIDAI database.

This information was submitted by Union Minister of State for Electronics and Information Technology Shri Jitin Prasada in Lok Sabha on 17.12.2025.

***

MSZ