The Unique Identification Authority of India (UIDAI) on Monday said entities are required to obtain residents’ informed consent either on paper or electronically before carrying out Aadhaar authentications under the new guidelines for requesting entities.

“UIDAI has urged REs (requesting entities), which carry out online authentications, to ensure that residents understand the type of data being collected and the purpose of Aadhaar authentications,” said the ministry of electronics and information technology.

The authority underlined that logs of authentication transactions including the consent taken are kept only for the period as prescribed in the Aadhaar Regulations. Purging of such logs after the expiry of the said time period will also be done as per the Aadhaar Act and its regulations.

UIDAI has also highlighted that REs should be courteous to residents and assure them about the security and confidentiality of the Aadhaar numbers, which are being used for authentication transactions, said the ministry in a statement.

The authority has also urged REs to immediately report to the UIDAI about any suspicious activity around authentications like suspected impersonation by residents, or any compromise or fraud by any authentication operator.

REs are engaged in providing Aadhaar authentication services to residents. REs are responsible for submitting the Aadhaar number and demographic/biometric OTP information to the Central Identities Data Repository for the purpose of authentication.