In late December 2025, the Office of the Principal Scientific Adviser to the Government of India (“OPSA”) released a white paper titled “Democratizing Access to AI Infrastructure”. In the white paper, the OPSA underscored the ‘need to treat AI infrastructure as a shared national resource and identifying key enablers such as access to high-quality datasets, affordable computing resources, and integration with Digital Public Infrastructure (DPI)’. The OPSA’s recommendations were a reiteration of India’s DPI ambitions, as framed under the India AI Governance Guidelines, with the latter recommending integration of artificial intelligence (“AI”) into India’s digital public infrastructure (“DPI”). With the advent of monopolisation in Big Tech markets, governments and policymakers have prioritized development and adoption of technology and digital infrastructure that is developed by domestic enterprises. Such technologies are often assimilated within systems of governance and solve societal issues at scale. India began its foray into developing the foundations of its DPI with the institutionalisation of the Unique Identity Project (“UID”) — a programme aimed towards provisioning each Indian citizen with a unique digital identity authenticated based on optic and facial biometric data. The UID Project is recognized as the foundational layer of the India Stack, forming the basis for digitizing social welfare delivery to its digital citizens.
According to the G20 consensus, DPI is broadly defined as “a set of shared digital systems that should be secure and interoperable, and can be built on open standards and specifications to deliver and provide equitable access to public and / or private services at societal scale and are governed by applicable legal frameworks and enabling rules to drive development, inclusion, innovation, trust, and competition and respect human rights and fundamental freedoms”.
In this blog post, SFLC.in analyses the role of DPIs and how such foundational technologies should be developed to benefit the larger public. Through the course of the implementation of the UID, India’s digital identity project has been subject to numerous controversies. For one, the UID was developed and deployed with little to no public transparency. Several instances in media reporting indicate that the UID programme not only fails to authenticate the identities of its own population (especially those who are marginalized and vulnerable due to their socio-economic realities) and ensure last mile delivery of benefits. At the outset, Indians who are in dire need of social welfare benefits are often the ones who are denied access at the enrollment stage itself. Furthermore, critical facets of any technological infrastructure such as privacy and security seem to have been deprioritized — given the increasing number of instances where Aadhaar data has been leaked by third-parties.
Exclusion: A feature of the process and the product, not a bug
Unequivocally, the G20 members recognized that ‘meaningful connectivity can be enhanced through human-centric, development-oriented, sustainable, scalable, secure, accessible, and inclusive digital systems…’. Theoretically, this could be true — technology could ameliorate social welfare delivery and make digital inclusion a reality. However, this can only be achieved if, from the outset, such technologies are modelled on the basis of the social, economic and political realities of its population. In the case of India, the development and deployment of India’s foundational DPI layer, the UID, occurred in silos.
The very aim of the UID programme was to achieve systemic reform of the erstwhile social welfare delivery systems by providing everyone with a unique identity, especially those marginalized communities who did not have identity documents. However, ironically, a huge percentage of Indians enrolled into the programme based on identity documents (ration cards, voter cards or through the National Population Register) from earlier social welfare delivery systems that were considered to be flawed.
Furthermore, this exclusion continues to exacerbate itself as Aadhaar-based Authentication is mandated for various aspects of a person’s life. Despite the Supreme Court of India’s ruling in K.S. Puttaswamy v Union of India (2019), multiple instances have emerged where UID has been made de facto mandatory for obtaining food rations, opening a bank account or for enrolling a child in a school. What is worse is the consequence of foisting the UID on people who rely on food rations to sustain themselves. When there are instances where people are denied the same, the unfortunate yet definite consequence of such exclusion is starvation until death.
Bolstering development without public participation
Almost a decade after the passage of the Aadhaar Act, fundamental issues such as biometric authentication failures, errors in the UID database and poor internet connectivity continue to plague the programme. So the question still remains — who was supposed to benefit from such digital welfare technologies, if not the people and communities who need them the most? More importantly, what strategies are being considered to mitigate the amplification of technological exclusion if artificial intelligence is integrated within India’s DPI matrix?
Further, the very technical foundations of India’s DPI were established without pursuing an exhaustive participatory process. The initial phase of implementation of India’s digital identity layer not only consulted stakeholders from industry but also leveraged their participation for the development of digital solutions like the Unified Payments Interface (“UPI”) and Digi Yatra. Despite India’s commitments to the usage of Free and Open Source Software (“FOSS”), all the layers of India’s DPI matrix largely remain closed-source. Additionally, misconceptions still exist on whether Aadhaar is open-source or not. While open-source tools might have been used to build India’s DPI matrix, it does not translate into the end products being open-source. Nevertheless, India had a great opportunity to co-create and ensure that public-by-design was not merely a catchphrase. Exhaustive consultation processes could have given worthy and essential diagnosis of the systemic issues that vulnerable communities in India encounter on a daily basis.
Digital privacy and security on the backburner
Till date, the Unique Identification Authority of India (“UIDAI”) has maintained that it ensures the security and confidentiality of the data collected. Once the enrollment data is collected on the client application (provided by the UIDAI), it is encrypted at source and the packet is transmitted in a secure manner. Additionally, UIDAI has published guidelines and also has a security policy established for data security in motion and at rest.
However, there have been numerous instances where UID data has been leaked (even though, as per official statements from the UIDAI, leaks did not occur through the UID database). This has occurred due to a multiplicity of factors, lack of a governing data protection framework, weak cybersecurity and privacy safeguards as well as inadequate control over data protection and security practices of third-parties. Policy and legal discourse on data governance and cybersecurity was significantly outpaced by the implementation of India’s DPI layers. While the Government of India saw an opportunity in leveraging technology as a maximizing enabler of social welfare and digital inclusion, data shared with third-parties for the purposes of registering beneficiaries or authenticating their identities was not properly managed and subjected to independent audits by the UIDAI. This leads to a point of no return— where a citizen has no substantive remedies once their UID data is leaked in the public. A recent instance of an AI-enabled UID fraud racket further signifies a dangerous shift in how authentication processes are being circumvented, leaving citizens increasingly vulnerable to cyber frauds and crimes.
Conclusion
India’s mission to achieve digital sovereignty through DPI resulted in intensifying the same divides that technology was meant to bridge. Further, foisting adoption of digital systems without providing citizens with comprehensive public education (from the outset) on its risks, safeguards and effective remedies is likely to cause more problems down the line.
With DPI 2.0, it becomes increasingly clear that the next landmark for India falls on achieving AI sovereignty. As conversations on integrating AI systems into India’s DPI solutions have already begun, it will be critical for every stakeholder to carefully weigh the benefits with the costs of deploying such systems for the public. In a country where a majority of the population still does not possess digital literacy and access to the internet and technology in a meaningful manner, it is a non-negotiable to first understand the core problems that persist for people, especially for those whom last mile access is a necessity and not an option) and whether they can be solved through AI solutions. It is only then that meaningful, responsible and safe adoption of AI systems into public sector use cases should be undertaken.
