India’s leading telecom operators, Airtel and Reliance Jio, are facing serious privacy concerns after reports emerged that they have been mandating Aadhaar-based facial authentication for SIM issuance and replacements—without informing or obtaining consent from users. The practice contradicts existing guidelines from the Unique Identification Authority of India (UIDAI), which states that face authentication is strictly optional.
Face scans enforced silently, bypassing user awareness
Investigations in multiple locations across Chennai revealed that store staff from both companies conducted facial scans under the guise of taking photographs for ID verification. In reality, these were covert Aadhaar face authentications—conducted without clearly explaining the process or offering alternatives like fingerprint, iris scan, or OTP verification. Users were often asked to “blink” at the camera, unaware that they were undergoing biometric verification linked to their Aadhaar credentials.
This practice has reportedly been ongoing for over a year and disproportionately affected customers seeking new SIM cards or replacements. In many instances, if the face scan failed, SIM requests were denied outright without offering other modes of verification.
UIDAI and DoT rules say consent and choice are mandatory
According to UIDAI regulations, Aadhaar-based face authentication is an optional method and must be conducted only with user consent. Other valid authentication methods include fingerprint, iris, and OTP. The Department of Telecommunications (DoT) reiterated that while Aadhaar authentication is compulsory for SIM issuance from January 2025, the method of authentication remains flexible.
Despite these directives, Airtel and Jio outlets have reportedly made face authentication the default and only method—removing user agency at the point of service. Customers who questioned the procedure were either misled or given no alternatives.
Telcos issue mixed responses as public backlash grows
After public outrage and media attention, Airtel acknowledged that a “communication gap” led to the situation and stated that fingerprint authentication had been reinstated at Chennai outlets. The company said it had instructed staff not to deny SIM cards based on face scan failures.
Reliance Jio, on the other hand, claimed that face authentication is mandatory for SIM replacements but only advisory for new connections. However, the company did not address the lack of informed consent or the absence of alternate verification options.
Government officials have indicated that investigations may follow, especially in cases where customers were misled or denied service. As digital privacy takes centre stage in India’s regulatory space, the episode has spotlighted the urgent need for better enforcement of consent-based authentication practices.
