(1) The Authority may, by notification, make regulations consistent with this Act and the rules made thereunder, for carrying out the provisions of this Act.
(2) In particular, and without prejudice to the generality of the foregoing power, such regulations may provide for all or any of the following matters, namely:
1[(a) the entities or group of entities in the Aadhaar ecosystem under clause (aa), the biometric information under clause (g) and the demographic information under clause (k), the process of collecting demographic information and biometric information from the individuals by enrolling agencies under clause (m), and the modes of offline verification of Aadhaar number holder under clause (pa) of section 2;]
(b) the manner of verifying the demographic information and biometric information for issue of Aadhaar number under sub-section (3) of section 3;
2[(ba) the manner of generating an alternative virtual identity under sub-section (4) of section 3;
(bb) the manner in which cancellation of an Aadhaar number may be carried out under sub-section (2) of section 3A;]
(c) the conditions for accepting an Aadhaar number as proof of identity of the Aadhaar number holder under sub-section (3) of section 4;
2[(ca) standards of privacy and security to be complied with by the requesting entities under sub-section (4) of section 4;
(cb) the classification of requesting entities under sub-section (5) of section 4;]
(d) the other categories of individuals under section 5 for whom the Authority shall take special measures for allotment of Aadhaar number;
(e) the manner of updating biometric information and demographic information under section 6;
(f) the procedure for authentication of the Aadhaar number under section 8;
3[(fa) the alternate and viable means of identification of individual under the proviso to clause (b) of sub-section (2) of section 8;
(fb) the manner of obtaining consent under clause (a) of sub-section (2), the manner of providing information to the individual undergoing offline verification under sub-section (3), and the obligations of offline verification-seeking entities under clause (c) of sub-section (4) of section 8A;]
(g) the other functions to be performed by the Central Identities Data Repository under section 10;
(h) the time and places of meetings of the Authority and the procedure for transaction of business to be followed by it, including the quorum, under sub-section (1) of section 19;
(i) the salary and allowances payable to, and other terms and conditions of service of, the chief executive officer, officers and other employees of the Authority under sub-section (2) of section 21;
(j) the demographic information and biometric information under clause (a) and the manner of their collection under clause (b) of sub-section (2) of section 23;
(k) the manner of maintaining and updating the information of individuals in the Central Identities Data Repository under clause (f) of sub-section (2) of section 23;
(l) the manner of omitting and deactivating an Aadhaar number and information relating thereto under clause (g) of sub-section (2) of section 23;
(m) the manner of use of Aadhaar numbers for the purposes of providing or availing of various subsidies, benefits, services and other purposes for which Aadhaar numbers may be used under clause (h) of sub-section (2) of section 23;
(n) the terms and conditions for appointment of Registrars, enrolling agencies and other service providers and the revocation of appointments thereof under clause (i) of sub-section (2) of section 23;
(o) the manner of sharing information of Aadhaar number holder under clause (k) of sub-section (2) of section 23;
(p) various processes relating to data management, security protocol and other technology safeguards under clause (m) of sub-section (2) of section 23;
(q) the procedure for issuance of new Aadhaar number to existing Aadhaar number holder under clause (n) of sub-section (2) of section 23;
(r) manner of authorising Registrars, enrolling agencies or other service providers to collect such fees for services provided by them under clause (o) of sub-section (2) of section 23;
(s) policies and practices to be followed by the Registrar, enrolling agencies and other service providers under clause (r) of sub-section (2) of section 23;
(t) the manner of accessing the identity information by the Aadhaar number holder under the proviso to sub-section (5) of section 28;
(u) the manner of sharing the identity information, other than core biometric information, collected or created under this Act under sub-section (2) of section 29;
(v) the manner of alteration of demographic information under sub-section (1) and biometric information under sub-section (2) of section 31;
(w) the manner of and the time for maintaining the request for authentication and the response thereon under sub-section (1), and the manner of obtaining, by the Aadhaar number holder, the authentication records under sub-section (2) of section 32;
(x) any other matter which is required to be, or may be, specified, or in respect of which provision is to be or may be made by regulations.
1Subs. by s. 24, ibid., for clause (a) (w.e.f. 25-7-2019).
2Ins. by s. 24, ibid, (w.e.f. 25-7-2019).
3Ins. by Act 14 of 2019 (w.e.f. 25-7-2019).