(1)  The Authority shall perform authentication of the Aadhaar number of an Aadhaar number holder submitted by any requesting entity, in relation to his biometric information or demographic information, subject to such conditions and on payment of such fees and in such manner as may be specified by regulations.

   (2)  A requesting entity shall--

   (a)  unless otherwise provided in this Act, obtain the consent of an individual 1[or in the case of a child obtain the consent of his parent or guardian] before collecting his identity information for the purposes of authentication in such manner as may be specified by regulations; and

   (b)  ensure that the identity information of an individual is only used for submission to the Central Identities Data Repository for authentication.

   ¹[Provided that the requesting entity shall, in case of failure to authenticate due to illness, injury or infirmity owing to old age or otherwise or any technical or other reasons, provide such alternate and viable means of identification of the individual, as may be specified by regulations.]

   (3)  A requesting entity shall inform, in such manner as may be specified by regulations, the individual submitting his identity information for authentication 1[or in the case of a child, his parent or guardian], the following details with respect to authentication, namely: --

   (a)  the nature of information that may be shared upon authentication;

   (b)  the uses to which the information received during authentication may be put by the requesting entity; and

   (c)  alternatives to submission of identity information to the requesting entity.

   (4)  The Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information.