Umang App’s Aadhaar-Based Facial Authentication Linkage Raises Data Privacy Concerns: Simplicity vs. Sensitive Data

The Employees’ Provident Fund Organisation (EPFO) has mandated Aadhaar-based facial authentication technology (FAT) for Universal Account Number (UAN) generation and activation through the UMANG app, effective August 1, 2025, which has raised several legal and practical concerns. While the directive aims to streamline and secure the process, industry bodies and stakeholders have flagged potential legal issues.

Industry Body Warns of ‘Major Disruption’ from EPFO’s New Facial Authentication Mandate

The Association of Industries & Institutions (AII) voiced strong objections to a recent directive from the Employees’ Provident Fund Organisation (EPFO), warning that it could lead to significant operational challenges for businesses nationwide. The AII, representing over 7,000 members across private, public, and multinational sectors, has urged the Labour Ministry to reconsider the mandate.

The EPFO directive makes Aadhaar-based facial authentication mandatory for generating Universal Account Numbers (UANs), exclusively via the UMANG mobile application. The AII contends that this unilateral move, communicated to Labour and Employment Minister Mansukh Mandaviya, was made “without adequate consideration” of its real-world implications.

Below are the key legal and compliance-related challenges associated with the UMANG app’s FAT mandate, based on available information:

1. Privacy and Data Security Concerns

• Issue: The mandatory use of Aadhaar-based FAT raises questions about compliance with India’s data protection laws, particularly the Digital Personal Data Protection Act, 2023 (DPDP Act). The collection, storage, and processing of biometric data (facial scans) linked to Aadhaar could risk unauthorized access or misuse if not adequately safeguarded.
• Details: Industry bodies, such as the Association of Industries & Institutions (New Delhi), have expressed concerns about the security of biometric data processed through the UMANG app. The app’s reliance on the Aadhaar Face RD app and UIDAI’s API for facial authentication introduces potential vulnerabilities, especially if third-party servers or inadequate encryption are involved.
• Legal Risk: Without transparent safeguards or audits, the mandate could be challenged for violating privacy rights under the DPDP Act or the Supreme Court’s 2017 Puttaswamy judgment, which recognizes privacy as a fundamental right and limits Aadhaar’s mandatory use for non-essential services. Critics may argue that mandatory FAT for UAN generation exceeds the scope of “essential” services, potentially leading to legal scrutiny.

2. Exclusion and Accessibility Issues

• Issue: The mandate may disproportionately exclude workers with limited access to smartphones, stable internet, or digital literacy, potentially violating principles of equitable access under labor laws like the Employees’ Provident Funds and Miscellaneous Provisions Act, 1952.
• Details: The Indian Staffing Federation (ISF) and Southern India Mills’ Association (SIMA) have highlighted that many employees, especially in rural areas or unorganized sectors, lack smartphones or the technical know-how to use the UMANG app. This could deny them access to provident fund benefits, raising concerns about discrimination and non-compliance with labor welfare objectives.
• Legal Risk: Such exclusion could be challenged as a violation of equal protection under Article 14 of the Indian Constitution, as it creates barriers for certain groups (e.g., low-income or digitally illiterate workers) to access statutory benefits. Legal action could demand alternative mechanisms, such as employer-assisted UAN generation, to ensure inclusivity.

3. Lack of Stakeholder Consultation

• Issue: The EPFO’s circular (dated July 30, 2025) was implemented without sufficient consultation with industry stakeholders, potentially contravening principles of administrative fairness and procedural due process.
• Details: The Association of Industries & Institutions criticized the lack of consideration for practical challenges, such as high attrition rates and low digital literacy in certain sectors. The abrupt shift from employer-driven UAN generation to a mandatory app-based system has been flagged as poorly planned, leading to operational disruptions.
• Legal Risk: Industry bodies could challenge the directive in court, arguing that the EPFO failed to follow proper administrative procedures, such as issuing a public consultation or impact assessment, as required for significant policy changes under administrative law principles.

4. Potential Non-Compliance with Aadhaar Regulations

• Issue: The mandatory linkage of Aadhaar with UAN generation may conflict with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which restricts mandatory Aadhaar use to specific government schemes.
• Details: The Supreme Court’s 2018 Aadhaar verdict (Justice K.S. Puttaswamy v. Union of India) limited mandatory Aadhaar usage to welfare schemes involving public funds. Critics may argue that requiring Aadhaar-based FAT for UAN generation, a non-welfare administrative process, oversteps these boundaries, especially for private sector employees. Additionally, issues like Aadhaar-mobile number mismatches or discrepancies in Aadhaar data (e.g., name mismatches) could lead to wrongful denials of UAN activation.
• Legal Risk: Legal challenges could arise if the mandate is deemed an overreach of Aadhaar’s permissible use, potentially leading to judicial intervention to make FAT optional or allow alternative authentication methods.

5. Operational and Compliance Burdens on Employers

• Issue: The shift to employee-driven UAN generation via the UMANG app places indirect compliance burdens on employers, potentially conflicting with their obligations under the EPF Act, 1952, to ensure timely provident fund contributions.
• Details: Employers, particularly in sectors like staffing and textiles, face delays in onboarding and payroll processing due to employees’ inability to complete FAT. The ISF reported that over 1,000 candidates couldn’t be enrolled in two days due to technical issues with the UMANG app, such as crashes or server errors.
• Legal Risk: Employers could face penalties or disputes for delayed PF contributions if employees fail to generate UANs promptly. This could lead to litigation against the EPFO for imposing a system that indirectly hinders statutory compliance.

6. Technical Reliability and Accountability

• Issue: The UMANG app’s technical limitations, such as crashes, server errors, or FAT failures due to poor lighting or camera quality, raise questions about the reliability of the system and accountability for service disruptions.
• Details: Stakeholders have reported frequent app malfunctions and FAT inaccuracies, which prevent employees from completing UAN activation. There’s no clear mechanism to address grievances or provide fallback options (e.g., OTP-based authentication) when FAT fails.
• Legal Risk: If employees are denied access to PF benefits due to technical failures, they could file complaints with labor tribunals or consumer courts, alleging negligence by the EPFO or UIDAI. This could prompt demands for a more robust system or alternative authentication methods.

Industry Recommendations to Mitigate Legal Risks

Industry bodies like the ISF and the Association of Industries & Institutions have proposed solutions to address these concerns, which could preempt legal challenges:

• Reinstate Dual-Channel UAN Generation: Allow employers to generate UANs via the Unified Employer Portal alongside the UMANG app to ensure inclusivity.
• Optional FAT: Make facial authentication a voluntary feature for digitally equipped employees, rather than mandatory, to comply with privacy and accessibility norms.
• Grace Period: Defer mandatory FAT implementation by 6–12 months to allow for awareness campaigns, training, and infrastructure upgrades.
• Fallback Mechanisms: Introduce alternative authentication methods (e.g., OTP or biometric kiosks) for employees facing technical or access issues.
• Enhanced Support: Establish helpdesks, Common Service Centres (CSCs), or workplace kiosks to assist employees with FAT and app navigation.

Marc Rotenberg, president and founder of the Center for AI and Digital Policy, explains that governments need to find a balance between security needs and privacy concerns when employing new technologies such as facial-recognition software.

Current Status: The UMANG app, while aiming to be an integrated platform for all Indian government services, has faced serious complaints about its performance and reliability, especially for Employees’ Provident Fund Organisation (EPFO) services. Complaints from users included persistent issues like logging in difficulties, inability to access passbooks or balances, as well as the app’s inability or unresponsiveness to load. The app’s performance has provoked stark frustrations within EPF members, which many have also taken to social media platforms.

Ref:

1. New EPFO Feature: Your Face Is Enough To Activate And Manage Your Account! [ https://www.news18.com/business/new-epfo-feature-your-face-is-enough-to-activate-and-manage-your-account-ws-dkl-9485294.html ]
2. EPFO makes Aadhaar-based face authentication mandatory for UAN generation. [ https://www.indiatoday.in/information/story/epfo-makes-aadhaar-based-face-authentication-mandatory-for-uan-generation-2766402-2025-08-05 ]
3. New EPFO rule: No UAN without Aadhaar face scan, what you must know now. [ https://www.ndtv.com/feature/new-epfo-rule-no-uan-without-aadhaar-face-scan-what-you-must-know-now-9024144 ]
4. EPFO enables face authentication for UAN generation and activation. [ https://m.economictimes.com/news/india/epfo-enables-face-authentication-for-uan-generation-and-activation/articleshow/120100123.cms ]
5. EPFO rolls out Aadhar-based face authentication for UAN generation and activation. [ https://www.angelone.in/news/market-updates/epfo-rolls-out-aadhar-based-face-authentication-for-uan-generation-and-activation ]
6. EPFO launches Aadhaar-based face authentication for self-service UAN generation. [ https://mobileidworld.com/epfo-launches-aadhaar-based-face-authentication-for-self-service-uan-generation/ ]
7. Generating UAN via UMANG? Aadhaar-based face ID now a must, says EPFO. [ https://www.businesstoday.in/personal-finance/retirement-planning/story/epfo-aadhaar-face-authentication-mandatory-uan-generation-umang-app-488382-2025-08-07 ]
8. EPFO Witnesses Remarkable Surge in Facial Authentication for Digital Life Certificates. [ https://mas360.moneylife.in/article/epfo-witnesses-remarkable-surge-in-facial-authentication-for-digital-life-certificates/4610.mas ]
9. Aadhaar facial authentication for UAN generation: Labour Ministry urged to reconsider. [ https://www.livemint.com/news/aadhaar-facial-authentication-umang-app-uan-generation-labour-ministry-epfo-circular-11754379079681.html ]
10. Users: https://www.reddit.com/r/epfoindia/comments/1iw46ep/something_wrong_with_claim_raised_through_umang/
11. EPFO face authentication norms: Staffing companies flag issues with the implementation of new rules for UAN generation. [ https://indianexpress.com/article/business/banking-and-finance/epfo-face-authentication-norms-staffing-companies-flag-issues-with-implementation-of-new-rules-for-uan-generation-10180079/ ]

Also read: