India Stack

India Stack

Type	Marketing term / branding
Coined by	iSPIRT (c. 2012-2013)
Components	Aadhaar, UPI, DigiLocker, ABDM, ONDC
Governing bodies	UIDAI, NPCI, NHA, MeitY
Country	India
Websites	indiastack.org (promotional) indiastack.in (structural analysis)

India Stack is a marketing term coined by iSPIRT (Indian Software Product Industry Round Table) to brand a collection of government-operated digital infrastructure systems in India as a unified platform. ^[1] The term encompasses identity verification (Aadhaar), payments (UPI), document storage (DigiLocker), and data sharing layers--each governed by separate government bodies with distinct legal frameworks.

The systems have achieved significant scale, with UPI processing over 10 billion monthly transactions and Aadhaar covering 1.4 billion residents. However, the platform has faced sustained criticism regarding welfare exclusion linked to biometric authentication failures, privacy and surveillance concerns, and the gap between "open" branding and closed, proprietary governance. ^{[1] [2]}

Origin of the term

The term "India Stack" was coined by iSPIRT, a technology industry think tank co-founded by Sharad Sharma in 2013. iSPIRT positioned the branding to describe separate government systems as a unified, exportable model of "digital public infrastructure" (DPI). ^[3]

Critics characterise "India Stack" as a PR construct--branding separate closed systems as unified "open" infrastructure for international promotion. Each component (Aadhaar under UIDAI, UPI under NPCI, DigiLocker under MeitY, ABDM under NHA) is closed-source and separately governed; the unified branding suggests cohesion and openness while the underlying systems remain proprietary and siloed. ^[4]

Components

India Stack Layers

Identity	Aadhaar (UIDAI)
Payments	UPI, BBPS, AePS (NPCI)
Documents	DigiLocker (MeitY)
Health	ABDM (NHA)
Commerce	ONDC (ONDC Ltd)

India Stack comprises several separately governed layers: ^[5]

• Identity Layer (Aadhaar): Biometric identification system covering 1.4 billion residents, governed by Unique Identification Authority of India (UIDAI)
• Payments Layer (UPI, BBPS, AePS): Digital payment infrastructure governed by National Payments Corporation of India (NPCI), a private Section 8 company
• Data Layer (DigiLocker, Account Aggregator): Document storage governed by MeitY; financial data sharing governed by Sahamati (industry alliance)
• Health Layer (ABDM): Health records infrastructure governed by National Health Authority (NHA)
• Commerce Layer (ONDC): E-commerce protocol governed by ONDC Ltd, a Section 8 company

• Aadhaar
• Unified Payments Interface (UPI)
• DigiLocker
• Ayushman Bharat Digital Mission (ABDM)
• Bharat Bill Payment System (BBPS)
• BharatQR
• Digi Yatra
• eSign
• Government e Marketplace (GeM)
• Open Network for Digital Commerce (ONDC)
• FASTag
• Account Aggregator (AA/DEPA)
• Aadhaar Enabled Payment System (AePS)
• Open Credit Enablement Network (OCEN)
• UMANG

History

Year	Event
2009	Aadhaar pilot launched under UIDAI, led by Nandan Nilekani
2013	iSPIRT founded; "India Stack" terminology emerges
2016	UPI launched by NPCI; 2016 Indian banknote demonetisation accelerates digital adoption
2017	Supreme Court of India rules privacy a fundamental right (Puttaswamy judgment)
2018	Supreme Court upholds Aadhaar but strikes down Section 57 (private sector use)
2019	Government re-enables private sector Aadhaar use via ordinance
2021	Account Aggregator framework launches; CoWIN for COVID vaccination
2023	UIDAI expands facial authentication; 50 million+ monthly facial auth transactions
2024	100% e-KYC mandate for ration cards; Odisha suspends 20+ lakh beneficiaries
2025	Madras High Court rules Aadhaar correction a fundamental right

Governance structure

Despite "open" branding, India Stack components are governed by government bodies and private entities with restricted access: ^[6]

Component	Governing Body	Legal Status	Access Model
Aadhaar	UIDAI	Statutory authority (exempt from RTI for certain categories)	Government licence required
UPI/BBPS	NPCI	Private Section 8 company	Membership approval required
Account Aggregator	Sahamati	Industry alliance	Membership required
ABDM	NHA	Government authority	Partnership required
ONDC	ONDC Ltd	Private Section 8 company	Licensing required

Participation model

Unlike open protocols such as HTTP, email, or TCP/IP where anyone can implement independently, India Stack requires permission at every layer. There is no public RFC process, no citizen representation on technical committees, and no mechanism to challenge design decisions before deployment. ^[6]

Researchers note this differs fundamentally from both the IETF model of "rough consensus and running code" and FOSS contribution models where rejected proposals can still be implemented independently. In India Stack, if a proposal is rejected, there is no alternative--the gatekeeper's decision is final. ^[4]

Scale and adoption

India Stack components have achieved significant transaction volumes:

• UPI: Over 10 billion monthly transactions by 2023 ^[7]
• Aadhaar: 1.4 billion enrolments
• DigiLocker: Over 150 million registered users

Proponents credit India Stack with expanding financial inclusion through Jan Dhan bank accounts, reducing subsidy leakage through Direct Benefit Transfer, and enabling digital service delivery.

Concerns and criticism

Welfare exclusion and documented denials

Main article: Aadhaar § Threat of exclusion

Aadhaar-based biometric authentication for welfare distribution has been linked to documented exclusions and deaths. Research by economists including Reetika Khera of IIT Delhi has found significant exclusion of genuine beneficiaries. ^[8]

Key findings include:

• Between 2013-2021, 4.39 crore (43.9 million) ration cards were deleted nationally
• A 2020 J-PAL study found 88% of cancelled ration cards in Jharkhand belonged to genuine beneficiaries, not fraudulent "ghost" entries ^[9]
• The Right to Food Campaign documented 57 starvation deaths in nine Indian states from 2015 onwards, with at least 19 directly linked to Aadhaar-related denial ^[10]
• Of 42 hunger-related deaths documented between 2017-2019, 25 were linked to Aadhaar issues ^[11]

Documented cases include Santoshi Kumari (11, Jharkhand, 2017), Arjun Hembram (11, Odisha, 2023), and others. ^[8]

Human Rights Watch documented 2.5 million families in Rajasthan denied ration supplies between September 2016 and June 2017 due to Aadhaar issues. The report also found children without Aadhaar excluded from government schools and hospitals demanding Aadhaar enrolment before issuing birth certificates. ^[2]

Biometric authentication failures

Studies have documented significant biometric authentication failure rates: ^[12]

• 6-12% fingerprint authentication failure rates among manual labourers, construction workers, and farmers
• Fingerprints degrade due to age, manual labour, and certain medical conditions
• Elderly people have degraded fingerprints; children's biometrics are unstable
• In 2023, UIDAI acknowledged 54+ hours of service downtime due to OTP delays and server issues

A 2018 analysis estimated that "two to five per cent of the Indian population would be excluded" due to biometric failures alone. ^[12]

Facial authentication expansion (2023-2025)

Despite documented fingerprint exclusion, states began adding facial authentication requirements. Rajasthan mandated facial authentication for pensioners via the RAJSSP app in February 2023. Data from January-April 2025 showed: ^[13]

• Facial authentication success rate: 69.11% (nearly 1 in 3 fail)
• Fingerprint authentication success rate: 76.27%
• OTP had 90%+ success rate but was deemed "unreliable" by authorities
• The system was tested on only 15-20 people before statewide rollout to 600,000+ pensioners in Jaipur district alone

Despite 30% failure rates, UIDAI reported 50 million+ facial authentication transactions monthly since 2023. ^[13]

Consent issues

Critics argue that consent is structurally compromised when Aadhaar authentication is mandatory for essential services. UIDAI claims authentication requires "explicit consent," but researchers note consent is meaningless when refusal means exclusion from: ^{[8] [14]}

• Food rations under Public Distribution System
• Pension disbursement
• Bank account access (KYC requirements)
• LPG subsidies
• Government employment wages (MGNREGA)
• Healthcare access (ABDM)
• Vehicle toll payment (FASTag - mandatory by law)

Privacy and surveillance

Main article: Surveillance in India

The centralised nature of India Stack creates surveillance infrastructure concerns: ^[15]

• Centralised biometric database of 1.4 billion people
• Authentication logs enabling tracking of citizens' access to services
• Cross-linking of identity, financial, health, and location data
• Limited independent oversight and RTI exemptions

The Supreme Court of India ruled privacy a fundamental right in August 2017 (Justice K.S. Puttaswamy v. Union of India). ^[16]

In September 2018, the court upheld Aadhaar's constitutional validity but struck down Section 57 allowing private sector use. The government subsequently amended laws through ordinances to restore private sector access. ^[17]

Open source claims

While described as "open APIs," India Stack does not follow free and open-source software principles: ^[4]

• Source code is not publicly available
• No public contribution or proposal mechanism exists
• Alternative implementations are legally prohibited
• Governance is not participatory
• Cannot be forked or independently operated

The Financial Times noted these concerns in 2023, questioning claims of openness. ^[3]

Accountability gaps

Several structural accountability issues have been identified: ^[18]

• UIDAI is exempt from RTI for certain categories of information
• Only UIDAI can sue for Aadhaar-related issues; individuals cannot sue UIDAI under Section 47
• Aadhaar deactivations occur without prior notice
• A 2022 CAG report found UIDAI takes no responsibility for deficient biometric capture
• No public auditing of authentication success/failure rates across welfare programs

Digital divide

The COVID-19 vaccination rollout via CoWIN highlighted digital divide issues: ^[19]

• CoWIN required smartphone, internet access, and digital literacy
• 200-280 million Indians (33-45% of 18-44 age group) had no or poor internet access
• 25% of India's population had no smartphone
• No offline registration option initially
• Supreme Court (May 2021) noted "CoWIN not accessible to persons with disabilities"

Court cases

Key judgments

• Justice K.S. Puttaswamy v. Union of India (2017): Nine-judge bench unanimously ruled privacy a fundamental right
• Justice K.S. Puttaswamy v. Union of India (2018): Five-judge bench upheld Aadhaar's validity but struck down Section 57 (private sector use) and Section 33(2) (disclosure without judicial oversight)
• Koili Devi v. Union of India: Petition filed by Santoshi Kumari's mother challenging deletion of ration cards
• Orissa High Court (May 2023): Ruled welfare schemes cannot exclude on grounds of lacking Aadhaar or mobile phone
• P. Pushpam v. UIDAI (Madras HC, 2025): Ruled Aadhaar correction is a fundamental right

e-KYC mandate (2024)

In June 2024, the government directed 100% e-KYC compliance for all ration card holders. Odisha suspended rice distribution for 20+ lakh (2 million+) eligible individuals for e-KYC non-compliance. The Right to Food Campaign urged the government to halt e-KYC and remove exclusionary digital measures from PDS. ^[14]

International adoption

Several countries have expressed interest in adopting India Stack components. Sri Lanka, Morocco, the Philippines, Guinea, Ethiopia, and Togo have reportedly started using components. ^[20]

Critics note that countries adopting the model may also adopt its structural issues regarding exclusion, consent, and accountability. ^[1]

See also

• India portal

• Digital public infrastructure
• Aadhaar
• Unified Payments Interface
• National Payments Corporation of India
• Data protection in India
• Digital India
• Surveillance in India
• iSPIRT

References

1. "India Stack Watch" . Retrieved 7 January 2025.
2. "India: Identification Project Threatens Rights". Human Rights Watch. 13 January 2018. Retrieved 7 January 2025.
3. "The India Stack: Opening the digital marketplace to the masses". Financial Times . 20 April 2023. Retrieved 7 January 2025.
4. "Is India Stack Open Source?". India Stack Watch. Retrieved 7 January 2025.
5. "India Stack Layers". India Stack Watch. Retrieved 7 January 2025.
6. "Can You Participate?". India Stack Watch. Retrieved 7 January 2025.
7. "NPCI - National Payments Corporation of India" . Retrieved 7 January 2025.
8. "The Human Cost". India Stack Watch. Retrieved 7 January 2025.
9. "J-PAL Studies on Aadhaar and Welfare" . Retrieved 7 January 2025.
10. "Right to Food Campaign" . Retrieved 7 January 2025.
11. Khera, Reetika (9 August 2018). "Aadhaar, India's ID system, is a cautionary tale". The Washington Post . Retrieved 7 January 2025.
12. Ramanathan, Usha. "UID: Questions without Answers". Centre for Internet and Society . Retrieved 7 January 2025.
13. "No Match: Rajasthan's Push for Facial Authentication on Pensioners Leaves Many Behind". The Wire. 2025. Retrieved 7 January 2025.
14. "Infrastructures of Exclusion: How e-KYC Impacts Access to Food". IDR Online. Retrieved 7 January 2025.
15. "Surveillance Architecture". India Stack Watch. Retrieved 7 January 2025.
16. "Right to Privacy a Fundamental Right, Says Supreme Court in Unanimous Verdict". The Wire. 24 August 2017. Retrieved 7 January 2025.
17. "India expands Aadhaar authentication for businesses, raising privacy concerns". TechCrunch. 2 February 2025. Retrieved 7 January 2025.
18. "Can You Audit It?". India Stack Watch. Retrieved 7 January 2025.
19. "SFLC.in Raises Concerns Related to CoWIN". Software Freedom Law Centre, India. 2021. Retrieved 7 January 2025.
20. "World rushes to adopt the 'India Stack' while 'UPI' goes global". ThePrint. 15 February 2023. Retrieved 7 January 2025.

Further reading

Critical views

• "The Human Cost of India Stack". India Stack Watch. Retrieved 7 January 2025.
• Khera, Reetika (9 August 2018). "Aadhaar, India's ID system, is a cautionary tale". The Washington Post.
• Ramanathan, Usha. "UID: Questions without Answers". Centre for Internet and Society.

Other views

• "The India Stack: Opening the digital marketplace to the masses". Financial Times . 20 April 2023.

External links

• India Stack Watch - Structural analysis and documentation of concerns
• IndiaStack.org - Official promotional website
• UIDAI - Unique Identification Authority of India
• NPCI - National Payments Corporation of India
• Rethink Aadhaar - Exclusion testimonials
• Right to Food Campaign