Section 22 in AADHAAR (AUTHENTICATION AND OFFLINE VERIFICATION) REGULATIONS, 2021
22. Data Security.—
(1)Requesting entities and Authentication Service Agencies/OVSEs shall have their servers used forAadhaar authentication request formation and routing to CIDR/Offline Verification respectively, to belocated within data centres or cloud storage centres located in India.(1A)Authentication requests shall not be accepted from entities located outside the territorial borders ofIndia. For allowing authentication requests from outside India, the requesting entity shall take specificpermission from the Authority.(2)Authentication Service Agency shall establish dual redundant, secured leased lines or MPLSconnectivity with the data centres of the Authority, in accordance with the procedure and securityprocesses as may be specified by the Authority for this purpose.(3)Requesting entities shall use appropriate license keys to access the authentication facility provided bythe Authority only through an ASA over secure network, as may be specified by the Authority for thispurpose.(4)Requesting Entities, Authentication Service Agencies and Offline Verification Seeking Entities shalladhere to all regulations, information security policies, processes, standards, specifications andguidelines issued by the Authority from time to time.
