Consent of the Aadhaar holder needs be procured for conducting an eKYC transaction.
The Aadhaar holder needs to be adequately notified of the purpose for which his eKYC transaction is
being conducted.
The Aadhaar holder needs to be notified as to the agency/company on whose behalf the eKYC transaction is
being conducted.
The agency that conducted the eKYC transaction cannot share it with any third party, without the consent
of Aadhaar resident.
eKYC flow
e-KYC front-end application captures Aadhaar number + biometric/OTP of resident and forms the
encrypted PID block
KUA forms the Auth XML using the PID block, signs it, uses that to form final e-KYC input XML and
sends to KSA
KSA forwards the KYC XML to Aadhaar e-KYC service
Aadhaar KYC service authenticates the resident and if successful responds with digitally signed and
encrypted XML
containing resident’s latest demographic and photograph information
E-KYC response (containing demographic data and photograph), by default, is encrypted with KUA
public
key
KSA sends the response back to KUA enabling paperless electronic KYC
EKYC will perform using two ways
1. OTP
2. Biometric