The Aadhaar-issuing authority UIDAI has issued a set of guidelines to Offline Verification Seeking Entities (OVSEs) that include several usage hygiene protocols, stronger safety mechanisms at the user level, and methods to increase residents' trust when they use Aadhaar voluntarily.

Notably, entities have been instructed to perform Aadhaar verification only with the explicit consent of an Aadhaar holder. In addition, entities must keep a log or record of the explicit consent received from residents in case of a future audit by the Unique Identification Authority of India (UIDAI) or another legal agency.

While conducting offline verification, entities must reassure users about the security and confidentiality of their Aadhaar. Entities must keep a log or record of the explicit consent received from residents in case UIDAI or another legal agency audits them in the future.

The authority has also directed OVSEs to use the QR Code found on all four forms of Aadhaar (Aadhaar letter, e-Aadhaar, m-Aadhaar, and Aadhaar PVC card) to verify Aadhaar rather than physical or electronic Aadhaar as proof of identity.

Entities have been urged to ensure that no resident is denied services because he or she refuses or is unable to undergo offline Aadhaar verification, provided the resident can identify himself or herself using other viable alternatives.

It has been emphasised that in order to provide service, OVSEs must provide residents with viable alternatives to Aadhaar.

Verification entities should not collect, use, or store the resident's Aadhaar number after conducting offline Aadhaar verification.

If the OVSE decides to keep a copy of Aadhaar after verification for any reason, the Aadhaar number must be redacted/masked and irretrievable.

Entities have been urged to ensure that no resident is denied services because he or she refuses or is unable to undergo offline Aadhaar verification, provided the resident can identify himself or herself using other viable alternatives.

"It has been stressed that OVSEs must provide viable alternative means of identification, in addition to Aadhaar, in order to render service," UIDAI said.

The QR code found on all forms of Aadhaar (Aadhaar letter, e-Aadhaar, PVC card, and m-Aadhaar) can be used to verify any Aadhaar with the mAadhaar App or Aadhaar QR code Scanner. According to UIDAI, offline verification can detect tampering with Aadhaar documents, and tampering is a punishable offence with penalties under Section 35 of the Aadhaar Act.

If they discover any misuse of information, they must notify UIDAI and the affected resident within 72 hours.

In the event of an Aadhaar misuse investigation, UIDAI has warned OVSEs not to perform offline verification on behalf of any other entity or person and to fully cooperate with the Authority or law enforcement agencies.

Offline verification refers to the use of Aadhaar for local identity verification and KYC processes without connecting to UIDAI's Central Identities Data Repository. Organizations that conduct legal offline verification of Aadhaar number holders are known as OVSEs.