Aadhaar, DigiLocker & E-Governance: The Gaps and the Fixes

India has built, in barely a decade, the largest digital identity and document stack any country has ever attempted. Aadhaar crossed 142 crore enrolments by 2025, DigiLocker passed 50 crore users and over 940 crore issued documents, and biometric authentications now run into the thousands of crores a year. By any global yardstick, this is an extraordinary public achievement. Yet for many ordinary citizens, the experience at the counter still does not match the scale on the dashboard. This is an analysis of where the e-governance system genuinely works, where it quietly fails people, and what experts say could fix the gap — written without blaming any individual or party, because the problems are structural, not partisan.

What is actually working

It is worth starting with credit, because the wins are real and easy to take for granted. A migrant worker can now open a bank account in minutes, a student can pull a marksheet onto a phone at midnight, and a pensioner in a small town can prove identity without a single photocopy. DigiLocker alone reports nearly 2,000 active issuers and over 2,400 requesters, and the documents it holds — driving licences, PAN, school certificates, vehicle papers — carry the same legal weight as the paper originals.

The convenience is not trivial. It has cut down on touts, bribes for routine paperwork, and the endless re-submission of the same documents. Direct benefit transfers linked to Aadhaar have, by official accounts, helped remove duplicate and fake beneficiaries from several welfare rolls, freeing up money for genuine recipients. The architecture is also famously cheap to run per transaction, which is why other countries now study India's digital public infrastructure as a template.

None of this should be hand-waved away in a rush to criticise. A fair assessment has to hold two truths at once: the system has delivered enormous value, and it still leaves specific groups of people behind in ways that are fixable.

The gaps citizens actually feel

The most documented problem is biometric authentication failure. Fingerprints wear down with age and manual labour, and iris or face matches can fail in poor lighting or with low-end devices. Independent researchers estimate that a small single-digit percentage of authentications fail on any given attempt — which sounds minor until you multiply it across hundreds of millions of monthly transactions. The result is millions of failed attempts a month, and they cluster among exactly the people least able to absorb them: the elderly, farmers, construction and domestic workers, and the very poor who depend on subsidised rations.

The human cost is concrete. There have been documented cases of elderly citizens unable to draw their monthly grain for months because a fingerprint simply stopped matching. When the gateway to food or a pension is a sensor that does not recognise a worn hand, a technical glitch becomes a survival problem.

A second gap is the everyday user experience. Despite shared rails like Aadhaar and DigiLocker, citizens are still asked to key in the same details across portal after portal, hunt for the right sub-site, and decode forms written in officialese. The technology is interoperable on paper, but the front-end often still mirrors old bureaucratic silos rather than the citizen's actual journey.

Third is consent and data control. Indians hand over identity and documents constantly, but there is no single, simple place to see who has accessed your data, for what, and to switch that permission off. Consent exists in law and in click-through screens, but not yet as a tool the average person can meaningfully use.

The redress problem nobody sees on a dashboard

Dashboards count successes — documents issued, transactions cleared. They rarely count the person who walked away empty-handed. When an authentication fails or a record is wrong, the citizen's path to fixing it is often unclear, slow, or dependent on the goodwill of a single counter operator.

This matters because the Supreme Court settled the principle back in 2018. While upholding the Aadhaar Act by a 4:1 majority, the bench was explicit that an eligible beneficiary cannot be denied entitlements merely because biometric authentication fails. In practice, that protection only works if the operator on the ground knows it, has a working manual fallback, and faces consequences for turning someone away. The gap is not in the law; it is in the last mile.

There is also the looming question of data protection. The Digital Personal Data Protection Act, 2023 finally gave India a privacy law with consent rules, breach-notification duties and a regulator. But standing up the Data Protection Board and rolling out full enforcement has taken time, which means the safeguards citizens are promised are still catching up to the systems already running at national scale.

Specific fixes experts suggest

The encouraging part is that almost every gap has a known, practical remedy. Policy researchers and technologists tend to converge on a similar list:

1. Make a manual fallback mandatory and visible. Every Aadhaar-linked service should have a clearly posted, no-blame backup — OTP, face authentication, or officer-verified override — so that a failed fingerprint never means a denied ration. The 2018 ruling already requires this; the fix is enforcement and signage at the counter.
2. Build a real consent dashboard. Extend the Account Aggregator and consent-framework model so any citizen can see, in one place, who pulled their data and revoke it — the way you manage app permissions on a phone.
3. Strengthen grievance redress with deadlines. A single helpline and portal where complaints get a ticket, a time-bound resolution, and an appeal path. What gets measured and published gets fixed.
4. Update biometric records proactively. Free, camp-based re-enrolment for the elderly and manual workers whose biometrics have degraded, rather than waiting for them to fail at a counter first.
5. Design for low-connectivity and low-literacy users. Offline modes, regional-language interfaces, and forms tested with actual first-time users, not just engineers.
6. Publish failure data, not just success data. Transparent, disaggregated numbers on authentication failures and exclusions would let the system be audited and improved.

Why this is worth getting right

India's stack is increasingly a piece of public infrastructure as essential as roads or electricity — and infrastructure is judged by whether it serves everyone, especially on its worst day, not just by how impressive it looks at full strength. A bridge that carries millions but drops the most vulnerable into the river is not a finished bridge.

The optimistic reading is that none of the remaining problems require tearing anything down. They require finishing the job: pairing world-class plumbing with world-class grievance redress, genuine consent, and humane fallbacks. The hard engineering is largely done. What remains is the unglamorous, citizen-facing work of making sure the last mile is as reliable as the back end.

Get that right, and India will not just have the biggest digital public system on earth — it will have one that can be honestly called fair. That is a governance goal worth pursuing patiently, and one on which people across the political spectrum can reasonably agree.