The ordinance -- necessitated because the Rajya Sabha could not approve a Bill after its passage by the Lok Sabha -- was promulgated on Saturday.
Last week, the Cabinet approved the promulgation of an ordinance to give effect to changes proposed in Aadhaar and two others legislations. The amendments provide for stiff penalties for violation of norms set for the use of Aadhaar and violation of privacy.
It bans storing of core biometric information as well as Aadhaar number by service providers in cases of individuals who have voluntarily offered the national ID as a means of authentication. The ordinance gives effect to the changes in the Aadhaar Act such as giving a child an option to exit from the biometric ID programme on attaining 18 years of age.
The changes also lay down the procedure for offline verification of an Aadhaar number holder, and confers enhanced regulator-like power on the Unique Identification Authority of India (UIDAI) to give directions as it may consider necessary to any entity in the Aadhaar ecosystem.
Every requesting entity to whom an authentication request is made will have to inform the Aadhaar number holder of alternate and viable means of identification and will not deny any service to them for refusing to, or being unable to undergo authentication.
The changes entail a civil penalty of up to Rs 1 crore on entities that violate the provisions of the Aadhaar Act, with an additional fine of up to Rs 10 lakh per day in case of continuous non-compliance.
Unauthorised use of identity information by a requesting entity or offline verification seeking entity would be punishable with imprisonment of up to three years with a fine that may extend to Rs 10,000 or in case of a company with a fine of up to Rs 1 lakh.
The ordinance will omit the Section 57 of the Aadhaar Act relating to the use of Aadhaar by private entities. The changes have been brought about through amendments in Aadhaar Act, the Indian Telegraph Act and the Prevention of Money Laundering Act.