legalanswers.in logolegalanswers.in
General Legal Services & Documentation

How do I update or correct my Aadhaar card details in India?

Updated · 6 July 2026

Update name, address, DOB, gender, mobile, email, photo, biometrics via UIDAI's myAadhaar portal (myaadhaar.uidai.gov.in), Aadhaar Seva Kendra, or authorised enrolment centres. UIDAI mandates document update every 10 years; document update via portal currently ₹50. Children's biometric mandatory at age 5 and 15.

What are the procedures for different updates?

Aadhaar updates flow through several channels depending on what you're changing.

Online at myaadhaar.uidai.gov.in: log in with Aadhaar and OTP, use the 'Update Aadhaar' menu, and update name, address (limited), DOB, gender, language, mobile and email — upload documents; fees are ₹50 for document updates and ₹25 for basic; SRN is tracked; timeline 7-30 days. At an Aadhaar Seva Kendra (ASK) (locate on uidai.gov.in): book an appointment or walk in, show originals, and capture biometrics or photo. Fees: ₹50 demographic, ₹100 biometric, and free child biometric updates; timeline 7-15 days. Authorised Enrolment Centres at banks, post offices and CSCs offer the same fees and often less crowding.

Mobile and email update is needed for OTP services (a bank-registered mobile is not automatically registered with Aadhaar) — via ASK, enrolment centre or bank-based facility, ₹50. Photograph update is ASK or enrolment centre only at ₹100, and is mandatory for children at ages 5 and 15. Biometric update (fingerprints, iris) is mandatory at ages 5 and 15 and offers alternative authentication for elderly with worn fingerprints, ₹100.

Documents accepted: identity or name — PAN, passport, driving licence, voter ID, school certificate; address — utility bill within 3 months, bank passbook, voter ID, passport; DOB — birth certificate, school certificate, passport, PAN. Common rejection grounds: documents not in the approved list, old utility bills (over 3 months), photo mismatch, demographic mismatch beyond tolerance, vague address, or need for verification. Track updates through 'Check Update Status' on myAadhaar using URN or SRN, with SMS notifications. Once approved, the updated Aadhaar PDF is downloadable and a physical PVC card is optional at ₹50.

What is the mandatory document update?

UIDAI's 2022 notification (updated 2023) mandates a document update every 10 years to keep the Aadhaar database accurate, improve government scheme delivery, reduce fraud and maintain authentication reliability.

Do it on the myAadhaar portal's Document Update menu: upload the latest identity and address proof, complete OTP authentication, pay ₹50, and receive approval in 7-30 days. The free update window was originally open until December 2023 but has been extended several times — currently extended to June 2026 (check UIDAI notifications for the latest). Required documents: identity proof (PAN, passport, DL, voter ID) and address proof (recent utility bill, bank statement, passport). Re-upload even if unchanged from enrolment as confirmation.

Consequences of not updating: Aadhaar continues to function but is flagged for verification; authentication failures become more likely; agencies may refuse older document evidence.

For children: separate mandatory biometric updates at ages 5 and 15; the document update follows the 10-year cycle; parents handle updates for minors. For senior citizens: same process with ASK assistance; doorstep updates are in pilot in some areas. For NRIs: documents from the country of residence are accepted (Indian address is mandatory); UIDAI has an NRI desk; some Indian embassies facilitate updates.

Aadhaar itself has no expiry — the document update is a continuous renewal model that keeps records current. Each update adds to UIDAI data and the authentication trail is accessible to authorised entities. DPDPA 2023 provides additional rights: access, correction, limited erasure, and grievance redressal.

What about lost Aadhaar, biometric lock, and Virtual ID?

Aadhaar has several built-in security and recovery features that most people underuse.

Lost Aadhaar or forgotten number: retrieve via myAadhaar's 'Retrieve EID/Aadhaar' (name + mobile + OTP), download e-Aadhaar PDF (four-digit password = first 4 letters of name plus birth year in CAPS), or order a PVC Aadhaar card (₹50, 15 days). A police FIR isn't required unless you suspect identity theft.

Biometric Lock protects against biometric misuse — enable via myAadhaar or the mAadhaar app. When locked, biometric authentication is blocked while OTP and demographic authentication still work; temporarily disable when you actually need biometric auth. Virtual ID (VID) is a 16-digit temporary ID linked to your Aadhaar — generate via myAadhaar, mAadhaar, helpline 1947 or SMS to 1947; valid until you generate the next one; accepted by all UIDAI partners and privacy-friendly. Masked Aadhaar hides the first 8 digits, is downloadable from myAadhaar, and is acceptable for many purposes.

Authentication History in myAadhaar shows attempts over the last 90 days — date, time, agency, success or failure — so you can detect unauthorised use and report to UIDAI. The mAadhaar app generates offline e-KYC and QR code identity useful at airports and banks. Grievance: UIDAI helpline 1947 (toll-free), email help@uidai.gov.in, online complaint via myAadhaar, or the UIDAI Regional Offices.

If you suspect identity theft: lock biometrics immediately, generate a fresh VID, check authentication history, file an FIR and cybercrime portal complaint, and inform banks, employers and the IT Department. For children, Baal Aadhaar (blue) is issued for under-5 children with no biometrics; it becomes a regular Aadhaar at age 5, with mandatory biometric updates at 5 and 15 — failure leads to deactivation. For elderly: alternative authentication for worn fingerprints, iris recognition, OTP-based verification, and special handling at ASKs.

What are my rights and privacy protections under Aadhaar?

Your Aadhaar rights come from the Aadhaar Act, Supreme Court rulings and the DPDPA 2023 layered together.

Puttaswamy v. Union of India (2017, 2018) confirmed privacy as fundamental. Aadhaar is valid for Section 7 subsidies and IT, but is not mandatory for bank accounts, mobile SIMs, school admission, NEET or professional exams. Section 57 was struck down — private entities cannot demand Aadhaar. Aadhaar can be required for Income Tax PAN linkage (Section 139AA), ITR filing, government subsidies and welfare (Section 7), DBT, PDS, MGNREGA and scholarships. Aadhaar cannot be mandated for bank account opening, mobile SIM, private school admission, most private services (post Section 57), or most professional exams — alternatives must be accepted.

The Aadhaar (Amendment) Act 2019 permits private entities to use Aadhaar for KYC only voluntarily with an alternative ID available; introduces offline verification via Aadhaar PDF / QR code without database connection; and imposes penalties for misuse — up to 10 years imprisonment and ₹1 crore for entities.

Privacy protections in the Act: Section 28 (confidentiality), Section 29 (restrictions on sharing identity or authentication data), Section 33 (disclosure only on court order or notification), and general protection for biometric and demographic information. Your rights: access authentication history, biometric lock, update or correct data, grievance redressal, refuse unauthorised demands, and offer alternative identification.

DPDPA 2023 adds: right to access data, correction / completion / update, limited erasure, grievance redressal, nomination for incapacity or death, and complaints to the Data Protection Board. Report Aadhaar misuse via UIDAI helpline 1947, cybercrime portal, police FIR, and Sections 66, 66C, 66D IT Act where hacked. Special categories: under-5 children (voluntary), elderly with worn fingerprints (alternative auth), disabled persons (assistive enrolment), and transgender persons ('Third Gender' option). Court remedies: writ petition, civil suit for misuse damages, Consumer Commission and NHRC. Best practice: don't share Aadhaar unnecessarily, use masked Aadhaar or VID, lock biometrics when idle, review authentication history periodically, and verify entities asking for Aadhaar.

How does Aadhaar interact with DPDPA 2023?

DPDPA and Aadhaar together create a new, layered privacy framework.

UIDAI is now a Data Fiduciary under DPDPA and is subject to its principles — consent, purpose limitation, data minimisation. Aadhaar Authentication Service Providers and e-KYC entities are also Data Fiduciaries, following DPDPA plus Aadhaar Act. Explicit consent is required for processing, with specified purpose and the right to withdraw; the Aadhaar Act already required this. Biometric, health and financial data are classified as sensitive personal data and get higher protection.

Children's data: those under 18 need parental consent, Aadhaar for under-5 is voluntary, and processing is limited. Rights of data principals: information about data processed, purpose and recipients; correction and (limited) erasure — Aadhaar erasure is constrained by regulatory necessity; grievance redressal; and nomination.

Penalties: significant data breach — up to ₹250 crore; children's data violation — up to ₹200 crore; failure to notify the Board — up to ₹200 crore. Data breaches must be reported to the Data Protection Board and affected data principals within specified timelines. Cross-border transfers can only go to government-notified destinations; Aadhaar and biometric data must stay in India.

Practical implications for citizens: more transparency, more control rights, more accountability from entities, easier grievance redressal, and more accessible compensation for breaches. Aadhaar-DPDPA intersections cover authentication consent (explicit, purpose-specific), e-KYC records (retention limits), and biometric verification logs (privacy-preserving). Future developments include the Digital India Act (under consultation), Aadhaar in a broader digital identity framework, and Aadhaar 2.0 discussions involving blockchain elements. Citizen action: understand your rights, exercise them actively (DSARs, correction requests, complaints), monitor authentication history, and stay informed about UIDAI and DPDPA developments.

Reference Citation: Aadhaar Act, 2016 (as amended 2019); Aadhaar (Enrolment and Update) Regulations, 2016; Digital Personal Data Protection Act, 2023; K.S. Puttaswamy v. Union of India, (2018) 1 SCC 809

Disclaimer: Content provided here is for general legal knowledge only and does not constitute formal legal advice. If you have an urgent or specific matter, please consult a registered advocate.