cover in depth here. We will focus on
two of the components that are currently doing greater than 800 million
transactions per month: Identity and
payments.
The various components of the
India Stack are at different levels of
maturity. Table 2 illustrates some of
the metrics for a selected subset of
the systems.
Identity
In 2009, the Government of India undertook a program to give each resident of India an identity card. It was
estimated that approximately 400
million people in India did not have
an individual identity document.h
The importance of identity for development is well understood. In India,
this program was called Aadhaar,
which translates to “foundation” in
many India languages.
h Massive biometric project gives millions
of Indians an ID. WIRED; www.wired.
com/2011/08/ff_indiaid/
Where India differed from other
similar programs of the time, the stat-
ed intent was to issue a secure, digital
identity and not simply an ID card.
The Aadhaar program scheme was
presented as designed to be minimally
intrusive, with the focus of the program on empowering every resident
in two important ways. The first was to
manage their identity; the second was
to use their identity to prove who they
are. The following sections, as well as
Figure 1, help to explain the design.
Managing identity. The scale of the
Aadhaar project and the diversity of
India meant every assumption about
a user’s context, ability, or access to
infrastructure would be challenged in
the field. The design of the Aadhaar
system preempted some of these
challenges through simple design
principles.
The first principle was to keep the
data collected minimal. The Aadhaar
system only collected four manda-
tory demographic variables: Name,
address, gender, and date of birth,
The choices around data collec-
tion, access controls, and system
architecture should enforce hard
limits to what is possible to minimize
risk by design. In case of Aadhaar,
biometric data cannot leave the Cen-
tral Identity Data Repository of the
Aadhaar in any circumstance. The
feature is simply not present in the
system, minimizing the likelihood of
leaks whether accidental or inten-
tional. These were part of Aadhaar’s
privacy by design principle.
The Aadhaar project was meant to
provide an inclusive identity. No one
should be left wanting an Aadhaar for
lack of documentation or ability to
register biometrics. Even if a resident
could not furnish an existing identity document or an address proof to
verify their details, a letter of introduction from their local representative would do. Similarly, there were
exception processes for those with
ailments or conditions that prevented
them from successfully enrolling
their biometrics. Inclusion in authentication was achieved through the
availability of multiple factors of authentication including fingerprints,
face, iris, and OTP.
The Aadhaar project imple-
mented an ecosystem approach
for solving problems of scale. For
example, using standardized soft-
ware, private enrollment operators
were enlisted to go out and enroll
citizens. They were paid by the
Aadhaar project on a per successful
enrollment basis. The enrollment
data was end-to-end encrypted and
deduplicated at the CIDR only. This
lead to a rapid onboarding of users,
reaching one billion enrollments in
5. 5 years after launch.i
Projects such as Aadhaar, and com-
ponents of the India Stack, are consid-
ered national assets that might outlive
the existing vendor base. Propriety
solutions offer short-term relief but
may have a larger total cost of owner-
ship. Using standardization and an
i Aadhaar Dashboard, UIDAI; https://uidai.gov.
in/aadhaar_dashboard/
Table 1. India Stack’s APIs.
Layer Provider APIs / Functionality Uses
Presenceless UIDAI Authentication Service Delivery
Authentication
Direct Benefits Transfer
Paperless UIDAI KYC Bank Account Opening, SIM issuance
CAs eSign / Digital
Signature
Contracts, Agreements
Meity / Digilocker Document Consented Document Sharing
Cashless NPCI / UPI Payments Retail payments, including P2P, P2M,
AEPS, Aadhaar Pay Payments Cash deposit/Withdrawal, Transfers,
Merchant payments using biometric auth
IMPS Payments Remittances, Mobile payments
Consent NBFC-AA Financial Data Personal Finance Management,
Loan processing
Table 2. India Stack’s impact factors.
Layer Provider APIs / Functionality Volume / Impact
Presenceless UIDAI Authentication 1. 2 Billion Enrolled
30. 6 B Authentications to date,
745M in May 2019
Paperless UIDAI KYC 7. 2 B eKYC to date
41.5M in May 2019
Meity / Digilocker Document 3. 5 B digital documents
Cashless NPCI / UPI Payments 733M Transaction in May 2019
AEPS, Aadhaar Pay Payments 185M Transactions in Mar 2019
Source: Websites of various providers.