India has eased restrictions on its Aadhaar authentication service, a digital identity verification framework linked to the biometrics of over 1.4 billion people, to let businesses including those offering services such as e-commerce, travel, hospitality, and healthcare use the verification system to authenticate their customers. The update has raised privacy concerns as New Delhi has yet to define the guardrails it would consider to avoid misuse of individuals biometric IDs.On Friday, the Indian IT ministry introduced the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025 to amend the legislation introduced in 2020 as a consequence of a Supreme Court judgment that restricted the access of private entities seeking Aadhaar data. The new amendment comes nearly two years after the Indian government began its public consultation, the responses to which have not been disclosed.The update aims to enhance scope and utility of Aadhaar authentication by allowing the usage of Aadhaar for improving service delivery and enables both government and non-government entities to avail Aadhaar authentication service for providing various services in the public interest, the IT ministry said in its press statement.Compared to their previous version, the amended rules excluded the sub-rule that allowed Aadhaar authentication to prevent the leaking of public funds. This broadens the scope of the unique ID-based verification provided by the Indian governments Unique Identification Authority of India (UIDAI) and expands the authentication service to various public and private sectors. Previously, banking and telecom operators predominantly used Aadhaar authentication to onboard new customers and verify their existing consumers.Aadhaar authentication hit 129.93 billion transactions in January, up from 109.13 billion in February last year, per the UIDAI website. National Informatics Center, National Health Agency, State Bank of India, Bank of Baroda, and Punjab National Bank were among the top entities using Aadhaar-based authentication to verify their users this month.Aadhaar Authentication TrendImage Credits:UIDAIUnder the new rules, entities looking to enable Aadhaar authentication will be required to apply with the details of intended requirements the concerned ministry or department of the Central or the State government which will be examined by UIDAI and MeitY [the IT ministry] that will approve these applications based on UIDAIs recommendation, the government stated.What criteria the MeitY and UIDAI would be taking into consideration for evaluating such applications have to be made clearer and more transparent to weed out misuse, which is a concern flagged by the Supreme Court while deliberating on Section 57 of the Aadhaar Act, said Kamesh Shekar, a digital governance lead at New Delhi-based tech policy think-tank The Dialogue.Section 57 of the Aadhaar Act 2016, which the Supreme Court struck down in 2018, allowed private entities to use the Aadhaar numbers to establish individuals identities. The Indian government amended the Aadhaar Act in 2019 to enable voluntary authentication based on Aadhaar. However, that amendment has been challenged and is currently pending in the Supreme Court.Prasanna S, an advocate-on-record in the Supreme Court, who was among the advocates fighting for the Right to Privacy and had challenged the Aadhaar Act, said the amendment attempts to re-legislate the struck-down Section 57.Licensing regime existed even earlier under the 2020 rules. But now, with the access being expanded, the concern with the kind of a regime gets reinforced multifold, he told TechCrunch.Sidharth Deb, associate director for public policy at the New Delhi-based consultancy firm The Quantum Hub, said the expansion of Aadhaar authentication carries the risk of exclusion.Once you start linking ID documentation or ID instruments to accessing digital services, there is always the risk of exclusion, he said. We really need to start thinking about how we define voluntary so that citizens have as much autonomy as possible to be able to access digital services in as frictionless a manner as possible.TechCrunch has reached out to the Indian IT ministry about the key concerns raised by policy experts and the measures in place to prevent Aadhaars misuse and will update when the ministry responds.