Most people building KYC flows in India think of Aadhaar authentication as a single thing — user enters number, gets OTP, done. But there’s a whole separate lane that doesn’t touch UIDAI’s servers at all. It’s called Aadhaar offline verification, and as of January 2026, UIDAI has published a full handbook on it. If you haven’t read it yet, this guide breaks it down for you.
What Aadhaar Offline Verification Actually Means
The official definition, straight from the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, describes it as: the process of verifying the identity of an Aadhaar number holder without authentication — through offline modes as specified by regulations.
In plain terms: the Aadhaar Number Holder (ANH) shares digitally signed identity information directly with the verifying entity. No request goes to UIDAI’s Central Identities Data Repository (CIDR). No real-time database lookup. The trust comes from UIDAI’s cryptographic signature on the data — not from a live server handshake.
This is fundamentally different from online authentication, where a verifier (an AUA or KUA) sends an authentication request to the CIDR and gets a Yes/No response or an e-KYC packet back. In offline verification, the ANH hands over the signed data themselves, and the verifier checks the signature locally.
Who is an OVSE?
OVSE stands for Offline Verification Seeking Entity — any organization that wants to verify identity using Aadhaar’s offline mechanisms. This could be a government department, a private fintech, an NBFC, a cab aggregator, a gated community security system — the range is wide.
There’s an important distinction UIDAI draws between registered and non-registered OVSEs, and it matters for what you can actually do:
Non-registered OVSEs can use Aadhaar secure QR code scanning or e-Aadhaar verification. These are document authenticity checks — the verifier scans a QR code, sees the demographic details, but cannot save the output. It’s display-only. Useful for physical access control, but limited.
Registered OVSEs unlock Aadhaar Verifiable Credential (VC) verification through the new Aadhaar App. This is where it gets significantly more capable: you can verify complete or selective Aadhaar data, perform offline face verification for proof of presence, seamlessly integrate with the Aadhaar App via QR, app-to-app, or web-to-app flows, and access digitally signed, savable verification output. Registration is governed by the Aadhaar (Authentication and Offline Verification) Amendment Regulations, 2025.
The Four Types of Aadhaar Offline Verification
UIDAI’s handbook outlines four distinct verification types, and choosing the right one depends on your use case and assurance requirements.
1. Aadhaar Secure QR Code Verification
The secure QR code is embedded in the Aadhaar letter, PVC card, e-Aadhaar, mAadhaar, and the new Aadhaar App. It carries demographic data and a photograph, signed by UIDAI. An OVSE scans the QR using an Aadhaar application, the digital signature is validated locally, and the ANH’s details are displayed. No CIDR connection. No savable output — this one is strictly for real-time visual checks.
2. Aadhaar Paperless Offline e-KYC Verification
This is the XML-based flow most developers are familiar with. The ANH generates a signed XML file through an Aadhaar application and shares it along with a 4-digit share code. The OVSE uses the share code to decrypt the file, then verifies the UIDAI digital signature. Upon successful verification, demographic details and a photograph are available and may be stored by the OVSE in accordance with applicable laws. This is the type that most API-based KYC flows use.
3. e-Aadhaar Verification
e-Aadhaar is a password-protected, digitally signed PDF version of the Aadhaar letter — legally equivalent to the physical card. The ANH downloads it from UIDAI’s portal after OTP-based verification, then shares it with the OVSE. The OVSE opens the document using a compatible PDF reader, checks the embedded UIDAI digital signature for tamper-proofing, and optionally scans the secure QR code within the e-Aadhaar for an additional verification layer. All of this happens locally.
4. Aadhaar Verifiable Credential (VC) Verification
This is the newest and most capable type, introduced with the Aadhaar App launched in January 2026. Verifiable Credentials are digitally signed, stored locally on the ANH’s device, and can be shared fully or partially based on what the OVSE actually needs. The ANH decides which attributes to disclose — name only, name and address, photo and age status, and so on. The OVSE then verifies the UIDAI digital signature to confirm data integrity. VCs can be shared via cross-device QR scanning, app-to-app intent, web-to-app intent, or selective self-sharing.
The New Aadhaar App: What’s Changed
UIDAI launched the new Aadhaar App in January 2026, and it’s the central piece of how offline verification evolves going forward. For OVSEs, this app is the key integration point for VC-based verification.
The app’s core capabilities for offline verification are: sharing verifiable credentials that are digitally signed and tamper-proof, enabling selective data sharing (only the attributes needed for a specific purpose), performing offline face verification locally on the ANH’s device without CIDR connectivity, and generating savable, digitally signed outputs for registered OVSEs.
The face verification flow is worth calling out separately. If an OVSE needs proof of presence — not just document authenticity — the Aadhaar App can capture a live face image, run a local face match against the photograph stored in the VC, and generate a signed output confirming the match. No biometric data leaves the device. This closes the gap between “this document belongs to someone” and “this person is who the document says they are.”
Three Stakeholders, One Ecosystem
UIDAI describes the offline verification ecosystem as having three key players:
The ANH is at the center. Offline verification is entirely voluntary. The ANH controls what gets shared, approves each verification request, and can reject it. Consent is non-negotiable — OVSEs must seek explicit consent before any Aadhaar data is accessed or verified.
The OVSE acts as the verifier. They validate the integrity of whatever the ANH presents — QR code, XML, VC — by checking UIDAI’s digital signature. Because offline verification doesn’t involve transmitting or storing the Aadhaar number itself, OVSEs carry significantly less compliance burden than AUAs.
UIDAI sits in the background as the trust anchor. They don’t participate in individual verification transactions, but they define the regulatory framework, issue the digital signatures that make everything verifiable, and operate the Aadhaar App through which VC-based verification flows.
Where Offline Verification Actually Gets Used
UIDAI’s handbook identifies several concrete use cases, and they stretch well beyond fintech KYC:
Access control at data centers, educational campuses, and government buildings — where employees or visitors can scan an OVSE QR code via the Aadhaar App, approve the data request, and complete face verification at the gate. No physical document handling, no manual inspection bottlenecks.
Residential and community management — gated societies using offline verification to screen delivery executives, domestic workers, and guests. The delivery executive scans the society’s QR at the gate, shares VCs, and security can verify identity without ever collecting a photocopy.
Gig and workforce verification — cab aggregators, food delivery platforms, and facility management companies conducting driver or worker onboarding. The digitally signed VC output gives the platform verifiable identity data backed by UIDAI’s signature, replacing OCR on physical documents.
NBFCs and MFIs doing customer due diligence — historically reliant on physical Aadhaar cards supplemented by voter IDs or PAN cards, with OCR extraction that’s error-prone and unverifiable. Offline verification gives them data integrity assurance that a photocopied document simply cannot provide.
The Practical Difference This Makes for Product Teams
The shift from online authentication to Aadhaar offline verification isn’t just a technical choice — it’s a different privacy architecture. The ANH doesn’t share their 12-digit Aadhaar number with you. They share time-limited, UIDAI-signed credentials containing only the attributes relevant to your use case. You verify a signature, extract what you need, and you’re done.
For teams building onboarding flows: the XML-based paperless e-KYC path is available today without OVSE registration. For teams that need deeper integration — face verification, app-based consent flows, savable outputs — the registered OVSE pathway is where the ecosystem is clearly heading, especially now that UIDAI has launched the Aadhaar App and updated the regulations in 2025.
The compliance burden difference between an OVSE and a full AUA is real and worth factoring into your architecture decisions early.
Gridlines provides APIs for Aadhaar-based KYC, offline XML verification, and the broader identity verification stack — purpose-built for teams that need compliant, reliable identity infrastructure without the overhead of building it from scratch.
Leave a Reply