India Stack

India Stack is a marketing term coined by iSPIRT to brand a collection of government-operated digital infrastructure systems in India as a unified platform. The term encompasses identity verification, payments, document storage, and data sharing layers--each governed by separate government bodies with distinct legal frameworks.
The systems have achieved significant scale, with UPI processing over 10billion monthly transactions and Aadhaar covering 1.4billion residents. However, the platform has faced sustained criticism regarding welfare exclusion linked to biometric authentication failures, privacy and surveillance concerns, and the gap between "open" branding and closed, proprietary governance.

Origin of the term

The term "India Stack" was coined by iSPIRT, a technology industry think tank co-founded by Sharad Sharma in 2013. iSPIRT positioned the branding to describe separate government systems as a unified, exportable model of "digital public infrastructure".
Critics characterise "India Stack" as a PR construct--branding separate closed systems as unified "open" infrastructure for international promotion. Each component is closed-source and separately governed; the unified branding suggests cohesion and openness while the underlying systems remain proprietary and siloed.

Components

India Stack comprises several separately governed layers:

Identity Layer : Biometric identification system covering 1.4billion residents, governed by Unique Identification Authority of India
Payments Layer : Digital payment infrastructure governed by National Payments Corporation of India, a private Section 8 company
Data Layer : Document storage governed by MeitY; financial data sharing governed by Sahamati
Health Layer : Health records infrastructure governed by National Health Authority
Commerce Layer : E-commerce protocol governed by ONDC Ltd, a Section 8 company
History

Governance structure

Despite "open" branding, India Stack components are governed by government bodies and private entities with restricted access:

Component	Governing Body	Legal Status	Access Model
Aadhaar	UIDAI	Statutory authority	Government licence required
UPI/BBPS	NPCI	Private Section 8 company	Membership approval required
Account Aggregator	Sahamati	Industry alliance	Membership required
ABDM	NHA	Government authority	Partnership required
ONDC	ONDC Ltd	Private Section 8 company	Licensing required

Participation model

Unlike open protocols such as HTTP, email, or TCP/IP where anyone can implement independently, India Stack requires permission at every layer. There is no public RFC process, no citizen representation on technical committees, and no mechanism to challenge design decisions before deployment.
Researchers note this differs fundamentally from both the IETF model of "rough consensus and running code" and FOSS contribution models where rejected proposals can still be implemented independently. In India Stack, if a proposal is rejected, there is no alternative--the gatekeeper's decision is final.

Scale and adoption

India Stack components have achieved significant transaction volumes:

UPI: Over 10billion monthly transactions by 2023
Aadhaar: 1.4billion enrolments
DigiLocker: Over 150million registered users

Proponents credit India Stack with expanding financial inclusion through Jan Dhan bank accounts, reducing subsidy leakage through Direct Benefit Transfer, and enabling digital service delivery.

Concerns and criticism

Welfare exclusion and documented denials

Aadhaar-based biometric authentication for welfare distribution has been linked to documented exclusions and deaths. Research by economists including Reetika Khera of IIT Delhi has found significant exclusion of genuine beneficiaries.
Key findings include:

Between 2013-2021, 4.39crore ration cards were deleted nationally
A 2020 J-PAL study found 88% of cancelled ration cards in Jharkhand belonged to genuine beneficiaries, not fraudulent "ghost" entries
The Right to Food Campaign documented 57 starvation deaths in nine Indian states from 2015 onwards, with at least 19 directly linked to Aadhaar-related denial
Of 42 hunger-related deaths documented between 2017-2019, 25 were linked to Aadhaar issues

Documented cases include Santoshi Kumari, Arjun Hembram, and others.
Human Rights Watch documented 2.5million families in Rajasthan denied ration supplies between September 2016 and June 2017 due to Aadhaar issues. The report also found children without Aadhaar excluded from government schools and hospitals demanding Aadhaar enrolment before issuing birth certificates.

Biometric authentication failures

Studies have documented significant biometric authentication failure rates:

6-12% fingerprint authentication failure rates among manual labourers, construction workers, and farmers
Fingerprints degrade due to age, manual labour, and certain medical conditions
Elderly people have degraded fingerprints; children's biometrics are unstable
In 2023, UIDAI acknowledged 54+ hours of service downtime due to OTP delays and server issues

A 2018 analysis estimated that "two to five per cent of the Indian population would be excluded" due to biometric failures alone.

Facial authentication expansion (2023-2025)

Despite documented fingerprint exclusion, states began adding facial authentication requirements. Rajasthan mandated facial authentication for pensioners via the RAJSSP app in February 2023. Data from January-April 2025 showed:

Facial authentication success rate: 69.11%
Fingerprint authentication success rate: 76.27%
OTP had 90%+ success rate but was deemed "unreliable" by authorities
The system was tested on only 15-20 people before statewide rollout to 600,000+ pensioners in Jaipur district alone

Despite 30% failure rates, UIDAI reported 50million+ facial authentication transactions monthly since 2023.

Consent issues

Critics argue that consent is structurally compromised when Aadhaar authentication is mandatory for essential services. UIDAI claims authentication requires "explicit consent," but researchers note consent is meaningless when refusal means exclusion from:

Food rations under Public Distribution System
Pension disbursement
Bank account access
LPG subsidies
Government employment wages
Healthcare access
Vehicle toll payment
Privacy and surveillance

The centralised nature of India Stack creates surveillance infrastructure concerns:

Centralised biometric database of 1.4billion people
Authentication logs enabling tracking of citizens' access to services
Cross-linking of identity, financial, health, and location data
Limited independent oversight and RTI exemptions

The Supreme Court of India ruled privacy a fundamental right in August 2017.
In September 2018, the court upheld Aadhaar's constitutional validity but struck down Section 57 allowing private sector use. The government subsequently amended laws through ordinances to restore private sector access.

Open source claims

While described as "open APIs," India Stack does not follow free and open-source software principles:

Source code is not publicly available
No public contribution or proposal mechanism exists
Alternative implementations are legally prohibited
Governance is not participatory
Cannot be forked or independently operated

The Financial Times noted these concerns in 2023, questioning claims of openness.

Accountability gaps

Several structural accountability issues have been identified:

UIDAI is exempt from RTI for certain categories of information
Only UIDAI can sue for Aadhaar-related issues; individuals cannot sue UIDAI under Section 47
Aadhaar deactivations occur without prior notice
A 2022 CAG report found UIDAI takes no responsibility for deficient biometric capture
No public auditing of authentication success/failure rates across welfare programs
Digital divide

The COVID-19 vaccination rollout via CoWIN highlighted digital divide issues:

CoWIN required smartphone, internet access, and digital literacy
200-280million Indians had no or poor internet access
25% of India's population had no smartphone
No offline registration option initially
Supreme Court noted "CoWIN not accessible to persons with disabilities"
Court cases

Key judgments

Justice K.S. Puttaswamy v. Union of India : Nine-judge bench unanimously ruled privacy a fundamental right
Justice K.S. Puttaswamy v. Union of India : Five-judge bench upheld Aadhaar's validity but struck down Section 57 and Section 33
Koili Devi v. Union of India: Petition filed by Santoshi Kumari's mother challenging deletion of ration cards
Orissa High Court : Ruled welfare schemes cannot exclude on grounds of lacking Aadhaar or mobile phone
P. Pushpam v. UIDAI : Ruled Aadhaar correction is a fundamental right
e-KYC mandate (2024)

In June 2024, the government directed 100% e-KYC compliance for all ration card holders. Odisha suspended rice distribution for 20+ lakh eligible individuals for e-KYC non-compliance. The Right to Food Campaign urged the government to halt e-KYC and remove exclusionary digital measures from PDS.

International adoption

Several countries have expressed interest in adopting India Stack components. Sri Lanka, Morocco, the Philippines, Guinea, Ethiopia, and Togo have reportedly started using components.
Critics note that countries adopting the model may also adopt its structural issues regarding exclusion, consent, and accountability.