A Constitutional Challenge to the Validity of Aadhaar Scheme under Aadhaar Act, 2016

Introduction

The Aadhaar scheme represents one of India’s most ambitious identification projects, designed to provide a unique twelve-digit identification number to every resident based on biometric and demographic data. The constitutional validity of this Aadhaar scheme under Aadhaar Act, 2016 became the subject of intense judicial scrutiny, culminating in a landmark judgment that reshaped India’s approach to privacy, data protection, and welfare delivery. The constitutional challenge to the Aadhaar Act, 2016, raised fundamental questions about the balance between state interests in efficient service delivery and individual rights to privacy and dignity under the Indian Constitution.

Genesis of the Aadhaar Scheme and Legislative Framework

The Unique Identification Authority of India was established in 2009 through an executive order to issue unique identification numbers to Indian residents. What began as an administrative initiative gained statutory backing when Parliament passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. This legislation was introduced as a Money Bill on March 3, 2016, by then Finance Minister Arun Jaitley and passed by the Lok Sabha on March 11, 2016[1]. The Act came into force progressively, with certain provisions becoming effective from July 12, 2016.

The primary objective articulated in the Aadhaar Act, 2016, was to provide legal backing for issuing Aadhaar numbers to facilitate targeted delivery of subsidies, benefits, and services funded from the Consolidated Fund of India. The Act established a statutory framework for collection, storage, and authentication of biometric and demographic information. Section 7 of the Act formed the cornerstone of the legislative scheme, empowering the Central Government and State Governments to require individuals seeking any subsidy, benefit, or service to undergo Aadhaar authentication. This section stated that the government may “require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment”[2].

Constitutional Foundations: The Right to Privacy Determination

Establishment of Privacy as a Fundamental Right

Before examining the constitutional challenge to Aadhaar, it becomes essential to understand the foundational right upon which most challenges were premised. In November 2012, retired Justice K.S. Puttaswamy and advocate Pravesh Khanna filed a writ petition challenging the constitutional validity of the Aadhaar scheme primarily on grounds that it violated the right to privacy under Article 21 of the Constitution[3]. At that juncture, the legal position regarding whether privacy constituted a fundamental right remained unsettled, with earlier Supreme Court benches in M.P. Sharma v. Satish Chandra and Kharak Singh v. State of Uttar Pradesh having taken contrary positions.

The matter was referred to a nine-judge Constitution Bench, which delivered its historic verdict on August 24, 2017, in Justice K.S. Puttaswamy (Retd.) v. Union of India. The unanimous bench held that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution”[4]. This judgment explicitly overruled the earlier precedents and established that privacy forms an integral component of the golden triangle of Articles 14, 19, and 21 of the Constitution. Article 14 guarantees equality before law and equal protection of laws, Article 19 protects various freedoms including speech, expression, assembly, and movement, while Article 21 safeguards life and personal liberty.

The Proportionality Test Framework

Crucially, the Puttaswamy judgment established that any infringement of the right to privacy must satisfy a three-fold test: first, there must be a law authorizing the infringement; second, the law must serve a legitimate state aim; and third, the means adopted must be necessary and proportionate to the object sought to be achieved. This proportionality framework became the benchmark against which the Aadhaar Act would subsequently be evaluated.

The Constitutional Challenge: Arguments and Contentions

Primary Grounds of Challenge

After the Aadhaar Act received statutory backing in 2016, multiple petitions were filed challenging various provisions of the Act, the Aadhaar (Authentication) Regulations, 2016, the Prevention of Money Laundering (Maintenance of Records) Second Amendment Rules, 2017, and notifications issued under Section 7. The petitioners raised several constitutional objections that can be broadly categorized into procedural and substantive challenges.

On the procedural front, a significant challenge was mounted against the passage of the Aadhaar Bill as a Money Bill under Article 110 of the Constitution. The petitioners contended that the Bill did not satisfy the requirements of a Money Bill and that its passage through this route effectively bypassed the constitutional authority of the Rajya Sabha, thereby damaging the delicate balance of bicameralism which forms part of the basic structure of the Constitution. This argument gained particular traction as the ruling party did not command a majority in the Rajya Sabha at the time.

On substantive grounds, the petitioners argued that the Aadhaar scheme violated fundamental rights guaranteed under Articles 14, 19, and 21 of the Constitution. The primary contention was that the scheme created an architecture for pervasive state surveillance, enabling the government to profile and track every citizen through the centralized database maintained by UIDAI. The collection and storage of biometric data, including fingerprints and iris scans, was challenged as being disproportionate to the stated objective of welfare delivery.

Specific Provisions Under Attack

Several specific provisions of the Aadhaar Act came under sustained attack, raising questions about the constitutional validity of Aadhaar Act. Section 57, which enabled “any body corporate or any individual” to seek authentication using Aadhaar, was challenged as being excessively broad and allowing private entities unfettered access to sensitive biometric data without adequate safeguards. Section 33(2), which permitted disclosure of information in the interest of national security without judicial oversight, was contested as violating privacy rights. Section 47, which required complaints about offenses under the Act to be filed only by UIDAI or authorized persons, was challenged for denying individual victims the right to initiate criminal proceedings. Additionally, mandatory linkage requirements under various government notifications, particularly linking Aadhaar with bank accounts under the Prevention of Money Laundering Rules and with PAN cards under the Income Tax Act, were challenged as being arbitrary and disproportionate.

The Supreme Court Verdict: Upholding the Constitutional Validity of Aadhaar Act with Safeguards

Composition of the Bench and Judicial Opinions

After 38 cumulative weeks of hearings spanning four months, a five-judge Constitution Bench comprising Chief Justice Dipak Misra and Justices A.K. Sikri, A.M. Khanwilkar, D.Y. Chandrachud, and Ashok Bhushan delivered judgment on September 26, 2018. The verdict produced three separate opinions with a 4:1 majority upholding the constitutional validity of the Aadhaar Act while striking down certain provisions. Justice Sikri wrote the lead majority judgment on behalf of himself, Chief Justice Misra, and Justice Khanwilkar. Justice Bhushan delivered a separate concurring opinion, while Justice Chandrachud authored a comprehensive dissenting opinion running over 500 pages.

The Majority View: Constitutional Validity Affirmed

The majority judgment approached the constitutional challenge by applying the three-fold proportionality test established in the earlier Puttaswamy privacy judgment. On the first prong regarding legislative backing, the Court noted that the Aadhaar scheme was supported by the statute, namely the Aadhaar Act, 2016, thereby satisfying the requirement of a law authorizing the collection and processing of personal data.

Regarding legitimate state aim, the majority found that the Act served the important objective of ensuring that social benefit schemes reach deserving beneficiaries. The Court observed that failure to establish identity had proved a major hindrance to successful implementation of welfare programmes, as it was difficult to ensure subsidies, benefits, and services reached intended beneficiaries in the absence of a credible authentication system. The judgment emphasized that the rationale behind Section 7 was to ensure targeted delivery of subsidies and benefits funded from the Consolidated Fund of India, thereby protecting the right to life of marginalized sections by ensuring they receive welfare scheme benefits.

On the question of proportionality and necessity, the Court held that the Act struck a fair balance between the right to privacy and the right to life of beneficiaries. The majority concluded that during the enrollment process, only minimal biometric data in the form of iris scans and fingerprints was collected, and UIDAI did not collect information about the purpose, location, or details of transactions. Consequently, the manner of Aadhaar’s operation did not tend to create a surveillance state. The Court noted that UIDAI had mandated only registered devices to conduct biometric-based authentication transactions, with biometric data encrypted within the device using a key, creating a unidirectional relationship that ruled out use of stored biometrics or replay of biometrics captured from another source.

Upholding Section 7 and Welfare Delivery

The majority specifically upheld Section 7 of the Act, which makes Aadhaar mandatory for receiving subsidies, benefits, and services funded from the Consolidated Fund of India. However, the Court clarified that Aadhaar could not be made mandatory by bodies like CBSE, NEET, or UGC, as they do not provide services or benefits by the State in the constitutional sense. Similarly, the Court held that Aadhaar could not be made mandatory for children under the Sarva Shiksha Abhiyan scheme, as elementary education is not a state benefit but a fundamental right and entitlement under Article 21A of the Constitution.

The majority also upheld the validity of Section 139AA of the Income Tax Act, which mandated linking of Aadhaar with PAN cards, finding that this provision satisfied the proportionality test and served the legitimate aim of preventing tax evasion and curbing black money. The Court reasoned that there was justifiable reason for the State to collect and store data in the form of Aadhaar and link it with PAN for purposes of financial accountability and transparency.

Provisions Struck Down and Read Down

Despite upholding the core constitutional validity of the Aadhaar Act, the majority struck down and read down several provisions to address privacy concerns. Section 57, which allowed “any body corporate or any individual” to use Aadhaar authentication, was struck down to the extent it enabled private entities to seek Aadhaar authentication. The Court held this provision violated the right to privacy as private contracts do not constitute a “law” under the first criterion of the proportionality test. This effectively meant that private companies could no longer mandate Aadhaar for their services.

Section 33(2), which permitted disclosure of information in the interest of national security on orders of an officer not below the rank of Joint Secretary, was struck down entirely. The Court found this provision lacked adequate judicial oversight and could be misused. Section 33(1), which prohibited disclosure of Aadhaar information except by court order, was read down to ensure that individuals whose information is sought must be afforded an opportunity of being heard.

The Court struck down Section 47 to the extent it prevented individual victims from filing complaints about offenses under the Act, holding that only allowing UIDAI or authorized persons to file complaints violated principles of natural justice and access to remedy. The majority recommended an amendment to allow individual victims to file complaints.

Regulation 27 of the Aadhaar (Authentication) Regulations, 2016, which allowed retention of authentication data for five years, was struck down with the Court holding that such data could not be retained beyond six months. Similarly, Rule 9 of the Prevention of Money Laundering (Maintenance of Records) Second Amendment Rules, 2017, which required mandatory linking of Aadhaar with bank accounts, was declared unconstitutional. The Court found this provision failed the proportionality test as it presumed that any person opening a bank account was a potential money launderer, and the consequences of failure to provide Aadhaar were draconian and disproportionate.

The Money Bill Controversy

On the contentious issue of whether the Aadhaar Act was rightly passed as a Money Bill, the majority upheld the Speaker’s decision. While acknowledging that the Rajya Sabha plays a significant role in the bicameral parliamentary system and that Article 110 provisions for Money Bills must be interpreted strictly, the majority held that since Section 7 is the main provision of the Act and relates to expenditure from the Consolidated Fund of India, the Act qualified as a Money Bill under Article 110(1)(c) of the Constitution. The Court clarified that this determination is subject to judicial review in appropriate cases.

The Dissenting Opinion: A Fundamental Disagreement

Justice D.Y. Chandrachud delivered a powerful dissenting opinion spanning over 500 pages, fundamentally disagreeing with the majority on multiple fronts. On the Money Bill issue, Justice Chandrachud held that passing the Aadhaar Bill as a Money Bill when it did not qualify as such constituted a fraud on the Constitution and damaged the delicate balance of bicameralism, which forms part of the basic structure. He noted that the ruling party may not command a majority in the Rajya Sabha, but the legislative role of that body cannot be obviated by mischaracterizing ordinary legislation as a Money Bill.

On substantive grounds, Justice Chandrachud found that the entire Aadhaar Act violated fundamental rights and needed to be thoroughly reworked before enforcement. He held that by collecting identity information from every citizen, the Aadhaar programme treated every person as a potential criminal without requiring the state to draw reasonable belief that a citizen might be perpetrating a crime or identity fraud. The dissent argued that the legitimate aims of the state could be fulfilled by adopting less intrusive measures as opposed to mandatory enforcement of Aadhaar as the sole basis of identification.

Justice Chandrachud’s analysis of biometric technology and data protection found that consideration of risks and implementation of safeguards were lacking in the Act. He noted that procedures for alternatives were not adequately provided, security concerns were not properly addressed, and the powers of UIDAI were overly wide without sufficient checks. His judgment concluded that the Aadhaar programme violated essential norms pertaining to informational privacy, self-determination, and data protection. On Section 7, the dissent held that it suffered from over-breadth since the broad definitions of “services” and “benefits” enabled the government to regulate almost every facet of its engagement with citizens under the Aadhaar platform. Justice Chandrachud also found Section 139AA of the Income Tax Act unconstitutional as violating Articles 14, 19(1)(g), and 21 of the Constitution.

Regulatory Framework and Implementation

The Role of UIDAI

The Aadhaar Act established the Unique Identification Authority of India as a statutory body responsible for issuing Aadhaar numbers and maintaining the Central Identities Data Repository. Under Section 12 of the Act, UIDAI consists of a chairperson, two part-time members, and a chief executive officer, all appointed by the Central Government. Section 13 mandates that the chairperson and members must have experience and knowledge of at least ten years in matters relating to technology, governance, law, development, economics, finance, management, public affairs, or administration.

UIDAI’s functions include specifying the demographic and biometric information to be collected for registration, issuing Aadhaar numbers to residents, performing authentication, and specifying the subsidies and services for which Aadhaar will be required. Section 25 provides that any fees collected and revenue generated by UIDAI must be deposited in the Consolidated Fund of India, ensuring transparency and accountability. Section 27(2) mandates UIDAI to submit annual reports to the Central Government detailing activities, revenues, expenditures, and future plans.

Data Protection and Security Provisions

The Act contains several provisions aimed at protecting the security and confidentiality of Aadhaar data. Section 28 mandates that the Authority shall ensure security of identity information and authentication records while maintaining confidentiality of such information. Section 29 prohibits sharing of core biometric information, which includes fingerprints and iris scans, except under limited circumstances and with the consent of the Aadhaar holder. The Aadhaar (Sharing of Information) Regulations, 2016, specifically state that core biometric information collected by the Authority shall not be shared with anyone for any reason.

Section 32 criminalizes unauthorized access to the Central Identities Data Repository or disclosure of information in violation of the Act. Section 37 makes it an offense to impersonate another person by using their Aadhaar information. Section 39 penalizes tampering with data in the repository with intent to modify information or discover any information fraudulently. These provisions carry imprisonment terms ranging from three to ten years along with monetary penalties.

Enrollment Procedures and Safeguards

Section 3 of the Act specifies that every resident is entitled to obtain an Aadhaar number by submitting demographic information, which includes name, date of birth, and address, along with biometric information comprising fingerprints, iris scans, and photographs. At the time of enrollment, Section 3(2) mandates that the enrolling agency must inform the resident about how the data will be used, with whom it will be shared, and the procedure for accessing their own information. Upon verification of data, UIDAI issues a unique twelve-digit random Aadhaar number as specified under Section 3(4).

Special provisions exist for children under Section 5 of the Act. Children can be enrolled, but only with the consent of their parent or guardian, and the enrolling agency must inform the parent or guardian of the details specified under Section 3(2). Significantly, Section 5(2) provides that a child who is an Aadhaar number holder may, within six months of attaining eighteen years of age, apply to the Authority for cancellation of their Aadhaar number. This exit option was specifically designed to protect children’s autonomy and privacy rights. Section 5(3) further provides that notwithstanding anything in Section 7, a child shall not be denied any subsidy, benefit, or service in case of failure to establish identity by undergoing authentication.

Judicial Impact and Subsequent Developments

The Puttaswamy judgment on Aadhaar has had far-reaching implications for Indian constitutional law and data protection jurisprudence. By establishing privacy as a fundamental right and then applying rigorous proportionality standards to evaluate the Aadhaar scheme, the Supreme Court created a framework for assessing future legislation involving collection and processing of personal data. The judgment influenced subsequent landmark cases, including Navtej Singh Johar v. Union of India, which decriminalized consensual homosexual conduct under Section 377 of the Indian Penal Code, and Joseph Shine v. Union of India, which struck down the offense of adultery, with both cases relying heavily on the privacy precedent established in Puttaswamy.

Following the judgment, the government introduced the Personal Data Protection Bill, 2019, based on recommendations of the Justice B.N. Srikrishna Committee. The Supreme Court in its judgment specifically directed the respondents to bring out a robust data protection regime in the form of an enactment based on the Srikrishna Committee Report with necessary modifications. Although the 2019 Bill was eventually withdrawn, it laid the groundwork for the Digital Personal Data Protection Act, 2023, which Parliament passed to provide a statutory framework for data protection in India.

The judgment also led to practical changes in Aadhaar implementation. Private entities that had previously mandated Aadhaar authentication for services like mobile phone connections, bank account openings, and school admissions could no longer do so following the striking down of Section 57. The six-month limit on retention of authentication data required UIDAI to modify its systems and delete older records. Banks had to reverse their mandatory Aadhaar-account linking requirements following the striking down of Rule 9 of the PMLA Rules.

Critical Analysis and Ongoing Debates

Balancing Welfare Delivery and Privacy

The Aadhaar judgment represents the Court’s effort to balance two competing constitutional values: the state’s obligation to ensure welfare benefits reach intended beneficiaries versus individuals’ fundamental right to privacy and dignity. In upholding the scheme, the Court effectively affirmed the constitutional validity of the Aadhaar Act while emphasizing that the right to privacy is not absolute and must be weighed against other legitimate state interests. By upholding Section 7 and striking down provisions enabling private sector use, the Court drew a clear line between using Aadhaar for welfare delivery from public funds and commercial exploitation of biometric data.

Critics of the judgment have pointed out that the distinction between public and private use may be artificial given increasing integration of private service providers in welfare delivery. The exclusions resulting from authentication failures, particularly affecting vulnerable populations with damaged fingerprints or vision problems, raised questions about whether the system truly served its stated purpose of financial inclusion. Reports of beneficiaries being denied rations, pensions, and other entitlements due to authentication failures suggested that the promised alternative mechanisms were not adequately implemented.

Surveillance and Data Security Concerns

The majority’s conclusion that Aadhaar does not create a surveillance state remains contested. Justice Chandrachud’s dissent highlighted that while individual data points collected may appear minimal, the aggregation and linking of information across databases creates possibilities for profiling and surveillance that the majority did not adequately address. Subsequent data breaches and security lapses, including reports of Aadhaar data appearing on public websites and being available for purchase, vindicated concerns about inadequate security safeguards.

The technical argument that biometric authentication involves one-way encryption and does not permit tracking may be theoretically correct, but critics point out that authentication logs themselves create trails of location and transaction data that can reveal sensitive information about individuals’ movements, financial activities, and personal lives. The reduction of authentication data retention from five years to six months addressed this concern only partially.

The Money Bill Controversy and Constitutional Propriety

The Money Bill issue remains one of the most controversial aspects of the judgment. Constitutional experts have criticized the majority’s validation of the Speaker’s decision as undermining bicameralism and creating a dangerous precedent for future governments to bypass the Rajya Sabha by characterizing ordinary legislation as Money Bills. Justice Chandrachud’s characterization of the maneuver as a fraud on the Constitution resonated with critics who argued that the Aadhaar Act contained numerous provisions relating to privacy, data protection, and criminal offenses that had no connection with the Consolidated Fund of India.

The majority’s position that judicial review of Money Bill certification remains available in appropriate cases left open the question of what standards courts would apply in such review. Subsequent attempts to challenge other Money Bills have faced difficulties in light of the Aadhaar precedent, suggesting that the majority may have inadvertently weakened an important constitutional check on executive power.

Conclusion

The constitutional challenge to the Aadhaar Act, 2016, resulted in a nuanced judgment that upheld the core scheme while imposing significant limitations to protect privacy rights. The Supreme Court’s 4:1 majority verdict established the constitutional validity of Aadhaar Act, confirming that Aadhaar, when limited to welfare delivery funded from public revenues, passes constitutional muster under the proportionality framework established in the privacy judgment. However, the striking down of provisions enabling private sector use, national security exceptions without judicial oversight, and mandatory bank account linking demonstrated the Court’s commitment to preventing executive overreach and protecting individual privacy.

The judgment represents a milestone in Indian constitutional jurisprudence by applying substantive fundamental rights analysis to evaluate the constitutional validity of the Aadhaar Act. It established important precedents regarding the right to privacy, proportionality testing, and the limits of state power in the digital age. The dissenting opinion by Justice Chandrachud, though not binding, provided a comprehensive critique that influenced subsequent data protection discourse and legislation.

As India continues to digitize governance and welfare delivery, the principles established in the Aadhaar judgment remain relevant for evaluating new initiatives involving collection and processing of personal data. The emphasis on necessity, proportionality, and adequate safeguards provides a framework for ensuring that technological solutions to governance challenges do not come at the cost of constitutional rights. The tension between efficiency and privacy, between welfare inclusion and surveillance, between technological progress and human dignity, will continue to shape legal and policy debates in years to come. The Aadhaar judgment, for all its complexity and internal contradictions, provides a starting point for navigating these difficult questions while remaining grounded in constitutional values.

References

[1] Wikipedia Contributors. (2025). Aadhaar Act, 2016. Wikipedia. Available at: https://en.wikipedia.org/wiki/Aadhaar_Act,_2016

[2] Indian Kanoon. Section 7 in The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. Available at: https://indiankanoon.org/doc/153107550/

[3] Supreme Court Observer. Constitutionality of Aadhaar Act – Case Background. Available at: https://www.scobserver.in/cases/puttaswamy-v-union-of-india-constitutionality-of-aadhaar-act-case-background/

[4] Wikipedia Contributors. (2025). Puttaswamy v. Union of India. Wikipedia. Available at: https://en.wikipedia.org/wiki/Puttaswamy_v._Union_of_India

[5] Drishti IAS. Supreme Court Upholds Aadhaar’s Constitutional Validity. Available at: https://www.drishtiias.com/daily-news-analysis/supreme-court-upholds-aadhaars-constitutional-validity

[6] Global Freedom of Expression. Puttaswamy v. Union of India (II). Columbia University. Available at: https://globalfreedomofexpression.columbia.edu/cases/puttaswamy-v-union-of-india-ii/

[7] Supreme Court Observer. Constitutionality of Aadhaar Act: Judgment Summary. Available at: https://www.scobserver.in/reports/constitutionality-of-aadhaar-justice-k-s-puttaswamy-union-of-india-judgment-in-plain-english/

[8] Indian Kanoon. Justice K.S.Puttaswamy(Retd) vs Union Of India on 26 September, 2018. Available at: https://indiankanoon.org/doc/127517806/

[9] Wikipedia Contributors. (2025). Fundamental Rights in India. Wikipedia. Available at: https://en.wikipedia.org/wiki/Fundamental_rights_in_India

Published and Authorized by  Sneh Purohit