India Stack = India's Citizen Stack

India's Citizen Stack

India Stack is the moniker for a set of open APIs and digital public goods that aim to unlock the economic primitives of identity, data, and payments at population scale.

IDENTITY

The bedrock of India Stack is a set of digital identity products centered around Aadhaar, India’s national identity program. More than 1.3B Indian citizens possess an Aadhaar number, which allows them to perform a number of actions including:

• Remotely authenticating any one, or indeed all, of these attributes via two-factor or biometric authentication: name, age, address, mobile number, email address, gender- Aadhaar Authentication.

• Receiving digitally signed and universally accepted copies of lifetime records such as driver’s licenses, educational diplomas, insurance policies, and more- DigiLocker.

• Signing documents or messages using a government-backed digital signature service- eSign.

Aadhaar Authentication

The entire point of the Aadhaar program is to seed the population with secure, versatile digital IDs that can be used to quickly authenticate a user’s identity. There are currently a variety of ways in which a petitioner can prove a user’s identity using Aadhaar: 

1. e-Auth

A petitioner sends a user's Aadhaar number and name/address/

birthday/gender/email/phone number to the UIDAI server, which responds with a yes/no answer indicating whether the given fields were correct.

2. e-KYC

A petitioner collects consent (via biometric of two-factor OTP authentication) from a user and submits their Aadhaar number to the UIDAI system. The system then returns the user's entire KYC data including all six demographic fields and the user's photograph.

3. QR code scan

Each Aadhaar card comes with an accompanying QR code that can be scanned, allowing the scanner to verify the user's identity from the UIDAl database. Both physical and digital Aadhaar cards (e-Aadhaar) can be scanned in this manner, from UIDAl-built iOS apps, Android apps, or Windows apps.

4. Offline XML

In this mode of authentication, the user visits the UIDAl website, logs in using his Aadhaar-registered mobile number or email address, and then generates an XML object containing a digital signature from UIDAl. This XML can then be shared with any party, which can easily verify the digital signature and prove the user's identity.

5. e-Aadhaar

Users may obtain and share digitally signed PDF copies of their Aadhaar cards downloaded from the UIDAl database. According to Indian law, this PDF document is equally valid as the physical Aadhaar card which gets issued to users.

DigiLocker

DigiLocker is a public utility provided to Aadhaar holders by the Govt. of India. The service allows an Aadhaar holder to sign in using a one-time password sent to the mobile number used to enroll on Aadhaar. Inside, residents of India will find a number of digitally signed, legally valid electronic documents waiting for them. Currently, there are more than 4.6B documents issued directly into DigiLocker by authorities.

These documents range from driver’s licenses, to educational diplomas, and insurance policies. In total, there are currently more 1460 institutions signed up as document issuers on Digilocker, 233 are integrated with DigiLocker as requesters who can verify user documents with consent. DigiLocker is implemented as a government-operated mobile app and web app.

eSign

eSign is a digital signature product built atop Aadhaar. It allows any Aadhaar holder to produce legally valid digital signatures on any document, at any time, using any device. Consent for this signature is obtained through a one-time password sent to the signer’s Aadhaar-linked mobile number. Presently, eSign is used to streamline workflows for multiple fields including financial services, legal services, healthcare, and more.

In order to gain access to certified eSign in their workflows, application developers must enrol as eSign Application Service Providers (ASPs).

PAYMENTS

In 2016 the National Payments Corporation of India (NPCI) announced the launch of the United Payments Interface (UPI), catapulting India into the age of digital payments.

UPI is India’s homegrown real-time mobile payments system. It was intended to continue the journey of financial inclusion that had begun with the goal of providing every Indian citizen with a bank account, now enabling them to take part in a digital economy that was rapidly becoming smartphone-enabled. UPI was designed to enable interoperability between money custodians, payment rails and front-end payment applications.

In 2023 alone, UPI transactions soared by an astounding 81% compared to 2022, reaching 117.6B transactions. This year, the momentum continues as UPI's transaction volume maintains its rapid ascent. Assuming an average growth rate of 50% for this year and a similar rate for 2025 compared to 2024, the 264B transaction target is attainable. This projection does not even account for the additional increase due to the National Payments Corporation of India's (NPCI) international operations.

To put this into perspective, let's compare this growth to the global card networks. Mastercard, growing at an annual rate of about 14% (2023 vs 2022), could reach 186.1B transactions annually by the end of 2025. Similarly, Visa, assuming a 10% annual growth rate (2023 vs 2022), could reach approximately 257B transactions annually within the same timeframe.

There are a number of reasons why UPI has so rapidly gained ground share in India’s payment ecosystem. This is primarily down to the superiority of the end user experience when compared with digital wallets, card networks or traditional bank transfers. As an interoperable payment rail, UPI obviates the need to fund any kind of intermediary wallet as users can make real time payments directly in and out of their bank accounts, at essentially no cost. Moreover, UPI apps allow consumers to make payments via QR codes as well, thus allowing any UPI-enabled application to account for all the online and offline payment requirements that an Indian user may have.

DATA

The third and final piece of the India Stack puzzle focuses on establishing a new model for data governance in India. Enshrined in a policy framework known as the Data Empowerment and Protection Architecture (DEPA), the ‘data’ layer of India Stack aims to restore the ownership and control over user data to its rightful owners.

Seminal pieces of legislation like the General Data Protection Regulation (GDPR) in the European Union, Open Banking in the UK, and the California Consumer Privacy Bill in the United States have sought to empower individual citizens with agency and control over their personal data. DEPA represents India’s attempt at creating ‘a secure consent-based data sharing framework’ to accelerate the financial inclusion of its citizens.

Where Aadhaar first helped seed India’s economy with hundreds of millions of new economic participants with bank accounts, UPI then gave those account holders an easy and cheap way to transact digitally. In similar fashion, the third layer of India Stack helps those same account holders to leverage the data trail they leave behind as they go about transacting and operating in the digital economy.

At its core, there are three main pillars that make up the DEPA framework: