Don’t miss the latest developments in business and finance.

Amping up DigiLocker as India moves to the next wave of digitisation

India's citizens will soon be able to access a wider range of authentic documents through their digital document wallets

Amping up DigiLocker as India moves to the next wave of digitisation
Sourabh Lele
4 min read Last Updated : Feb 05 2023 | 7:50 PM IST
This year’s Economic Survey says that dematerialisation of documents will be the focus of the next wave of digitisation in the country, after the success of Aadhaar as an instrument of digital identity and the widespread adoption of UPI (Unified Payments Interface), a seamless platform for financial transactions. Finance Minister Nirmala Sitharaman took this a notch further in her Budget speech, declaring that the scope of DigiLocker, a centralised digital repository of documents, would be expanded.

The plan is to expand DigiLocker for availing digital health records, simplify Know Your Customer processes, and provide a one-stop solution for the identities and addresses of individuals maintained by various agencies, thereby enhancing the ease of living of citizens.

However, policy advocates and security researchers warn that greater vigilance is needed to mitigate the risks to data security on the platform. DigiLocker has already seen a security threat in 2020, when a vulnerability was detected. Though reports said that 38 million accounts were impacted, the government maintained that no data had been compromised.

“The expansion of the DigiLocker system brings with it an enhanced risk, as it will handle more and more personal data. A robust legally-backed data protection framework may go some way in preventing misuse of such vulnerabilities and ensuring user trust in the DigiLocker system,” says Deepro Guha, senior manager at The Quantum Hub, a public policy firm in Delhi.

In June 2020, DigiLocker had to issue a clarification on a vulnerability that allowed unauthorised access to accounts and documents on the platform. The security gap, which was later patched with a software update, could have allowed attackers to bypass the need for a One Time Password for logging in.

Says Mahesh Mohan, an independent security researcher who alerted the government about the vulnerability: “I found that the system had some design issues when it comes to integrations between different components. This is why I was able to trick the solution to gain access. These issues come up if solutions are created hurriedly and without enough thought behind it from a system architect’s perspective.”

DigiLocker was launched in 2015 and was meant to be a relief from the tedious process of gathering copies of important documents like educational certificates and other records. To date, the DigiLocker portal has issued 5.62 billion documents and has 146.79 million users. The platform has 2,311 issuers and some 166 requesters (entities that accept documents via DigiLocker).

Mohan says the platform’s security features might have improved since 2020, but it is necessary to stay up to date with the technology stack: “Better security features are needed in many layers, including better development, governance, testing, and monitoring practices. Open-source platforms must have an army of development teams with a sustainable process to cater to any challenge.”

DigiLocker users are already seeing the benefits of the platform. A case in point is the Account Aggregator ecosystem. This, together with Digital Document Execution, enhances financial inclusion and ease of doing business.

“UPI led to a growth in small-ticket-size payments. Similarly, the Account Aggregator framework will make it feasible to give sachet-based (small amount) loans. It drastically reduces the time, effort and cost involved in approving loans,” says B G Mahesh, co-founder and CEO of Sahamati, an industry alliance for the Account Aggregator ecosystem.

Loans worth Rs1,700 crore have been disbursed from April to September 2022, he adds, and adoption of the Account Aggregator framework is set to increase.

“It has reduced a lot of friction in accessing financial data for consumers as well as service providers. For Financial Information Users, it has solved the challenge of authentication. Also, the Reserve Bank of India has notified the Goods and Services Tax Network as a Financial Information Provider. This will make it even easier to check the financial pipeline of the borrower at the time of lending money,” says Mahesh.

Even as the country moves to the next phase of digitisation, the DigiLocker platform is set to go international. Union Minister for Telecom, Electronics and Information Technology, Ashwini Vaishnaw, recently said that “at least three countries are almost on the verge of implementing DigiLocker.”

The government will also launch an Entity DigiLocker for micro, small and medium enterprises (MSMEs), large businesses and charitable trusts, Sitharaman said in her Budget speech. This will be for securely storing and sharing documents online with various authorities, regulators, banks and other business entities.

Topics :AadhaarDigiLockerUPI

Next Story