Decoding the Aadhaar (Amendment) Bill – PMLA Amendment

The amendment made by way of the Aadhaar and Other Laws (Amendment) Bill, 2018 to the Prevention of Money Laundering Act,2002 gives true effect to the intention of the Hon’ble Supreme Court as set out in their judgment of September 2018.

It is clear from the judgment that the objective was to empower the individual and allow for the resident to be able to uniquely identify herself to avail of every service of her choice while ensuring that there are adequate protections for such use under the force of law.

Aadhaar Act Amendment

This is clearly set out in the now amended Section 4(3) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Aadhaar Act”) as follows:

Section 4(3) – Every Aadhaar number holder to establish his identity, may voluntarily use his Aadhaar number in physical or electronic form by way of authentication or offline verification, or in such other form as may be notified, in such manner as may be specified by regulations.

Explanation-For the purposes of this Section, voluntary use of the Aadhaar number by way of authentication means the use of such Aadhaar number only with the informed consent of the Aadhaar number holder.

And further in Section 4(4)-

An entity may be allowed to perform authentication if the Authority is satisfied that the requesting entity is-

  1. Compliant with such standards of privacy and security as may be specified by regulations; and
  2. (i) permitted to offer authentication services under the provisions of any other law made by Parliament; or

(ii) seeking authentication for such purpose, as the Central Government in consultation with the Authority and in the interest of the State may prescribe.

With the above amended provisions, it is clarified that (a) the objective is to ensure that the Aadhaar number holder is empowered to establish her identity voluntarily with informed consent (b) Entities that may be permitted to offer authentication services will do so pursuant to a law made by Parliament or by way of Central Government direction in consultation with the UIDAI and in the interest of the State.

PMLA Amendment

The amendment to the Prevention of Money Laundering Act,2002 (the “PMLA”) seeks to give clear direction to the above-enunciated ideas.

The newly inserted Section 11A of the PMLA provides for the manner in which a Reporting Entity may verify the identity of its clients and beneficial owner (conduct KYC). This is by way of offline verification of Aadhaar or where the Reporting Entity is a banking company- online verification of Aadhaar.

However, it is further clarified (in tandem with the aforesaid amendments to the Aadhaar Act) that upon satisfaction of standards of privacy and security, the Central Government may, in consultation with the UIDAI and appropriate regulator provide for online authentication for Reporting Entities other than banking companies.

And it is further explicitly clarified that in the scenarios as contemplated in this provision, nobody will be denied services for not having an Aadhaar number, i.e: ensuring that the presence of Aadhaar number is not mandatory but purely enables and eases the availing of services.

As next steps on this front, distinct Reporting Entities, including NBFCs, Mutual Fund Houses and other financial institutions need to approach the Central Government with requests for access to online Aadhaar authentication services.

Organisations such as DICE would be useful in mobilising groups of different financial institutions in approaching the relevant regulators and Central Government authorities for Aadhaar authentication access.

Saranya Gopinath is the co-founder of DICE (Digital India Collective for Empowerment)- an industry body representation across emerging technology sectors.

She can be reached on [email protected]

Story in Asia Times, on iSPIRT, and Aadhaar

Last week, on Thursday evening, we received an email from Saikat Datta, where he claimed that he had a recording of a conversation, from an iSPIRT meeting, where we discussed various ways to get around the Supreme Court verdict on Aadhaar, along with other allegations.

While this recording was unauthorised, and we were in the midst of internal deliberations (and we have pointed this out to Mr Datta), we have engaged with the reporter to ensure that our view was presented fairly.  We are publishing this email exchange and that audio file in the interest of full disclosure, and transparency.

Thursday 3rd Jan 12:52 PM, separate emails from Saikat Datta to Sanjay Jain & Sharad Sharma 

Thursday 3rd Jan 10:32 PM, response from Sanjay Jain to Saikat Datta

Sunday 6th Jan, 3:47 PM, a second email from Saikat Datta along with Audio recording

Sunday 7th Jan, 12:13 AM, the response from Sanjay to Saikat Datta

In our last email to Saikat, we have mentioned that we have earlier seen activism in the form of reporting, and requested that he report on this issue fairly and that he present our answers in full.  We do hope that he will do so.

In the meantime, we wanted to let the iSPIRT community know that we will continue to deal with issues such as these with transparency.  If we are doing something incorrect/inappropriate, we will welcome any feedback.

The post is authored by Sanjay Jain and Sharad Sharma.

Why the SC ruling on ‘Private Players’ use of Aadhaar doesn’t say what you think it does

On behalf of iSPIRT, Sanjay Jain recently published an opinion piece regarding the recent supreme court judgement on the validity of Aadhaar. In there, we stated that section 57 had been struck down, but that should still allow some usage of Aadhaar by the private sector. iSPIRT received feedback that this reading may have been incorrect and that private sector usage would not be allowed, even on a voluntary basis. So, we dug deeper, and analyzed the judgement once again, this time trying to disprove Sanjay’s earlier statement. So, here is an update:

Section 57 of the Aadhaar act has NOT been struck down!

Given the length of the judgement, our first reading – much like everyone else’s was driven by the judge’s statement and confirmed by quickly parsing the lengthy judgement. But in this careful reanalysis, we reread the majority judgement at leisure and drilled down into the language of the operative parts around Section 57. Where ambiguities still remain, we relied on the discussions leading up to the operative conclusions. Further, to recheck our conclusions, we look at some of the other operative clauses not related to Section 57. We tested our inference against everything else that has been said and we looked for inconsistencies in our reasoning.

Having done this, we are confident in our assertion that the judges did not mean to completely blockade the use of Aadhaar by private parties, but merely enforce better guardrails for the protection of user privacy. Let’s begin!

Revisiting Section 57

Here is the original text of section 57 of the Aadhaar Act

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose a purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Now, let us simply read through the operating part of the order with reference to Section 57, ie. on page 560. This is a part of paragraph 447 (4) (h). The judges broke this into 3 sections, and mandated changes:

  1. ‘for any purpose’ to be read down to a purpose backed by law.
  2. ‘any contract’ is not permissible.
  3. ‘any body corporate or person’ – this part is struck down.

Applying these changes to the section, we get:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose a purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Cleaning this up, we get:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual pursuant to any law, for the time being in force:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

It is our opinion that this judgement does not completely invalidate the use of Aadhaar by private players, but rather, specifically strikes down the use for “any purpose [..] by any body corporate or person [..] (under force of) any contract”. That is, it requires the use of Aadhaar be purpose-limited, legally-backed (to give user rights & protections over their data) and privacy-protecting.

As an exercise, we took the most conservative interpretation – “all private use is struck down in any form whatsoever” – and reread the entire judgement to look for clues that support this conservative view.

Instead, we found that such an extreme view is inconsistent with multiple other statements made by the judges. As an example, earlier discussions of Section 57 in the order (paragraphs 355 to 367). The conclusion there – paragraph 367 states:

The respondents may be right in their explanation that it is only an enabling provision which entitles Aadhaar number holder to take the help of Aadhaar for the purpose of establishing his/her identity. If such a person voluntary wants to offer Aadhaar card as a proof of his/her identity, there may not be a problem.

Some pointed out that this is simply a discussion and not an operative clause of the judgement. But even in the operative clauses where the linking of Aadhaar numbers with bank accounts and telecom companies is discussed, no reference was made to Section 57 and the use of Aadhaar by private banks and telcos.

The court could have simply struck down the linking specifically because most banks and telcos are private companies. Instead, they applied their mind to the orders which directed the linking as mandatory. This further points to the idea that the court does not rule out the use of Aadhaar by private players, it simply provides stricter specifications on when and how to use it.

What private players should do today

In our previous post, we had advised private companies to relook at their use of Aadhaar, and ensure that they provide choice to all users, so that they can use an appropriate identity, and also build in better exception handling procedures for all kinds of failures (including biometric failures).

Now, in addition to our previous advice, we would like to expand the advice to ask that each company look at how their specific use case draws from the respective acts, rules, regulations and procedural guidelines to ensure that these meet the tests used by this judgement. That is, they contain adequate justification and sufficient protections for the privacy of their users.

For instance, banks have been using Aadhaar eKyc to open a bank account, Aadhaar authentication to allow operation of the bank accounts, and using the Aadhaar number as a payment address to receive DBT benefits. Each of these will have to be looked at how they derive from the RBI Act and the regulations that enable these use cases.

These reviews will benefit from the following paragraphs in the judgement.

The judgement confirmed that the data collected by Aadhaar is minimal and is required to establish one’s identity.

Paragraph 193 (and repeated in other paras):

Demographic information, both mandatory and optional, and photographs does not raise a reasonable expectation of privacy under Article 21 unless under special circumstances such as juveniles in conflict of law or a rape victim’s identity. Today, all global ID cards contain photographs for identification alongwith address, date of birth, gender etc. The demographic information is readily provided by individuals globally for disclosing identity while relating with others and while seeking benefits whether provided by government or by private entities, be it registration for citizenship, elections, passports, marriage or enrolment in educational institutions …

The judgement has a lot to say in terms of what the privacy tests should be, but we would like to highlight two of those paragraphs here.

Paragraph 260:

Before we proceed to analyse the respective submissions, it has also to be kept in mind that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21…

Paragraph 289:

‘Reasonable Expectation’ involves two aspects. First, the individual or individuals claiming a right to privacy must establish that their claim involves a concern about some harm likely to be inflicted upon them on account of the alleged act. This concern ‘should be real and not imaginary or speculative’. Secondly, ‘the concern should not be flimsy or trivial’. It should be a reasonable concern…

Hence, the privacy risk in these use cases must be evaluated in terms of the data in the use case itself, as well as in relation to biometrics, and the Aadhaar number in the context of the user’s expectations, and real risks. Businesses must evaluate their products, and services – particularly those which use Aadhaar for privacy risks. It is helpful that the UIDAI has provided multiple means of mitigating risks, in the form of Registered Devices, Virtual Ids, Tokenization, QR Codes on eAadhaar, etc. which must be used for this purpose.

What private players should do tomorrow

In the future, the data protection bill will require a data protection impact assessment before deploying large scale systems. It is useful for businesses to bring in privacy and data protection assessments early in their development processes since it will help them better protect their users, and reduce potential liability.

This is a useful model, and we would hope that, in light of the Supreme Court judgement, the Government will introduce a similar privacy impact review, and provide a mechanism to regulate the use of Aadhaar for those use cases, where there are adequate controls to protect the privacy of the users and to prevent privacy harms. Use cases, and an audit/enforcement mechanism matter more than whether the entity is the state, a public sector organization, or a private sector organization.

Note: This is in continuation of Sanjay Jain’s previous op-ed in the Economic Times which is available here and same version on the iSPIRT blog here.

The writer is currently Partner, Bharat Innovation Fund, and Chief Innovation Officer at the Centre for Innovation, Incubation and Entrepreneurship, IIM Ahmedabad. As a volunteer at iSPIRT, he helped define many of the APIs of the India Stack.  He was the Chief Product Manager of UIDAI till 2012

(Disclaimer: This is not legal advice)

eKYC – Know Your Customer unassisted using Aadhaar, OTP and Face Biometrics


Know Your Customer (KYC) is essential for obtaining Financial, Healthcare, Insurance, and Telecom services around the world. In the Indian context, until Aadhaar opened up its APIs, KYC was a laborious process costing billions to services providers and inconveniencing customers with a mountain of paper identity documents. The thoughts here are confined to the Banking sector but applies to other sectors equally.

eKYC “assisted”

With the advent of electronic KYC or eKYC using the Aadhaar biometrics platform, things haven’t changed a lot. It certainly has reduced paper documents. However, eKYC is still done in “assisted” mode – meaning either the customer has to be present at the Bank or a Bank Executive has to reach the customer to collect the biometric data. Besides, in most Banks, a paper trail is still maintained despite the biometrics data – reasons best known to themselves. What was costing the Banks earlier is what is costing today – perhaps more with the new biometric devices and the cost to maintain them.

eKYC “unassisted”

The Reserve Bank of India (RBI) took a significant step in December 2016 to allow opening of deposits and borrower accounts using OTP based eKYC, albeit with some restrictions (RBI notification on 08 December 2016, Chapter VI – Customer Due Diligence (CDD) Procedure – Clause 17 and 38 amendments). This has opened up the opportunity to provide this service to customers at the comfort of their homes at a vastly reduced cost to Banks. This would satisfy the two-factor authentication needed by RBI and would suffice to open an Account. However, with increasing volumes (500 million eKYCs projected for 2020 by UIDAI), and the possibility for this service to be abused through third party fraud, this would need additional authentication to ensure that the person completing the transaction is who he really says he is (as close to a physical check).

eKYC “unassisted” with three factor authentication – Aadhaar, OTP and Face Biometrics

To solve this particular problem, FRS Labs rolled out the “Atlas eKYC” solution – fully integrated with Aadhaar – with face biometrics as the third factor of authentication (watch the 60 second video here). While the face is captured by UIDAI as the third biometric element (fingerprints and IRIS being the other two), RBI has not mandated the use of face for biometric authentications – for reasons that face is considered not as unique as fingerprints and certainly not IRIS – and the false acceptance rates (e.g. twins) could be high and that people’s faces change over time – but as always research contradicts this notion and there are plenty of evidence to prove that face is a reliable biometric feature. And it can only get better.

Notwithstanding, RBI has not specified that face could not be used if a commercial organisation wishes to do so as additional factor of authentication to protect their businesses and consumers, so long as the mandatory 2 factor authentication is in force. In a similar tone, RBI has not ruled out authenticating customers using their voice (another biometric element not in Aadhaar). ICICI Bank and Citibank have rolled out voice biometrics to authenticate customers to call centres is a case in point – It is still two factor authentication (the registered mobile phone as the first factor and the consumer’s voice as the second factor of authentication). Therefore, there is a great opportunity here for Banks to provide face biometrics as the third factor of authentication for secure “unassisted” OTP based eKYC without the need for biometric devices. I can only begin to image the convenience for consumers and cost savings for Banks.

Author: P. Shankar – Founder & CEO of FRS Labs.

BHIM (Android/*99#) & AadhaarPay


This afternoon the Prime Minister unveiled BHIM – an Android app from NPCI with an equivalent USSD-based *99# service.

Additionally, recently one of the banks launched AadhaarPay – a capability that allows merchants to collect payments from consumers with their Aadhaar# and fingerprint.

There has been a bit of confusion about the role of Aadhaar in BHIM – so this blog clarifies.

BHIM/SmartPhone – the Android and soon iOS app – is a UPI app – no different from PhonePe or any other bank applications. It has been developed by NPCI and is a common application across all banks. As with ALL UPI apps, BHIM has NO connection to Aadhaar – the customer is authenticated by his issuing bank using his Mobile# and MPIN and nothing else. Of course this app conforms to all the security-standards of any UPI application and has gone through the rigorous certification process.

*99# is merely a USSD front-end to the same capabilities. It does exactly what BHIM does but can be accessed on all phones – SmartPhones and Feature-Phones.

Aadhaar itself has NO direct role to play in BHIM – whether on Android or USSD/*99#.

So what is AadhaarPay?

AadhaarPay – leverages the Aadhaar-linked bank accounts to allow payments to a retailer. The payer need not provide anything more than an Aadhaar number and their biometric to the payee. The retailer receiving a payment needs to have a SmartPhone with an Aadhaar-approved secure Biometric Sensor and a certified AadhaarPay application. In this case the security-standards for customer data and biometric must comply both with UPI’s transaction level security and Aadhaar’s biometric security. In the case of AadhaarPay – ONLY Authentication is performed by Aadhaar/UIDAI – the transaction details are never sent to Aadhaar. Think of it as Authentication is done by Aadhaar and Authorization by NPCI/Banks.

One instance of AadhaarPay was released last week by IDFCBank and over time one may see a common AadhaarPay app that at the front-end uses Aadhaar for authentication and the BHIM/UPI back-end for authorization for users who don’t have a mobile phone.

National Pride Moment

The UPI platform, BHIM, *99# and AadhaarPay are great state-of-the-art platforms and applications that are a boon to all Indians. 2016 has been a great year in Payments progress worldwide – and India is leading the way!

With BHIM, *99# and AadhaarPay, the entire 1Billion plus population is now covered with a state-of-the-art real-time payments system. Those who have Smartphones will get the rich-app experience, those who have feature phones will use the USSD interface and the rest will merely need Aadhaar# and their fingerprint/IRIS biometric for to make payments.

3-Cheers to NPCI and the government for blazing such a fabulous trail! The new Twitter handle @NPCI_BHIM is a great way to stay informed about future developments regarding BHIM!

Guest Post by Sanjay Swamy, Entrepreneur & Early-Stage VC! IndiaStack Evangelist

I wish all readers a happy end of 2016 and an awesome year in 2017 – Payments geeks will indeed have a lot of fun working on UPI and the new world of interoperable, secure and universal payments!


Ease of Doing Business – Is India Game?

Conducting business in one’s own country is never easy, let alone conducting business overseas, where rules, regulations and business environments differ. ‘Ease of doing business’ is also an Index created by the World Bank. It ranks economies from high to low, with the former indicating easier, simpler and better conditions for business as compared to the latter, indicating difficulty in conducting business. This article aims at giving you a glimpse into the world of investing in and conducting a business in India.

Economies are ranked based on parameters such as starting a business, dealing with construction permits, availability of electricity, registering property, availing credit, protection of minority investors, paying taxes, international trading, distance to frontier, entrepreneurship, good practices, transparency in business regulation, resolving insolvency and enforcing contracts. For any business, it is important to acknowledge these factors, or at least those that apply, as they decide how easy or difficult it is to conduct or start the business in a country.

For the year 2016 by World Bank’s records- India moved up from 134th to 130th rank in the Ease of doing business Index. Among the parameters mentioned earlier, India has best ranked in the protection of minority shareholders. It has also bettered its rank in the availability of electricity, getting construction permits and starting a business. On the downside, paying taxes and accessing credit have been the most difficult for business. Additionally, two key parameters that India needs to work on are enforcing contracts and resolving insolvency, that have both been a hindrance in conducting business.

To give you an idea of how few other countries fare in the rankings; Singapore, New Zealand and Denmark occupy the first three spots in the world, whereas Eritrea, Central African Republic and Libya occupy the last three spots.

The Indian Government has taken several initiatives towards increasing the ease of doing business, here are some that deserve a mention:

Ease of Doing Business.png


  • The availability of, a Government portal where services are provided such as employee registration, name availability, Director Identification Number, PAN, Certificate of Incorporation, TAN, RBI (Foreign Remittances), EPF, Importer-exporter code, Foreign currency – transfer of shares, etc. Making registering and running a business much easier than before.

  • Now Aadhaar eKYC and eSign are being used to grant Digital Certificates to directors (DSC) of the company. This process is now made paperless and takes only a few minutes.

  • The requirements for minimum paid-up capital and common seal for companies has been removed as per the Companies (Amendment) Act, 2015 and the process for starting a business is now streamlined.

  • The Indian Prime Minister has shown particular interest in building a positive entrepreneurial spirit. He launched MakeInIndia, a website helping young entrepreneurs set up, access information, and build a business of their own.

  • Employee Provident Fund Organisation (EPFO) and Employee State Insurance Corporation have online portals so that businesses have real-time registration, online application for clearances and payments be made through 56 partner banks.

  • An Investor Facilitation Cell has been introduced as a first in order to help investors and guide them through the course of their business.


  • GST (Goods and Service Tax) will replace indirect-tax, to be implemented by 2017. That is the removal of several layers of multi-layered taxes and multiple tax rates into one uniform Goods and Service Tax. This will make India attractive to foreign Investors as well as boost India’s exports because of less regulatory and bureaucratic tangles.


  • In cities like Delhi and Mumbai, online construction permits such as DPMS (Development Permissions Management Systems) are in the process of being launched. Since the permits are completely digitized, the biggest impact this will have is speeding up the process of getting a permit by 5-8 months. It will save one the trouble of meeting someone in person, which has a direct positive impact on reducing corruption, delayed work and human error to a large extent.

  • A business being affected by a cyber crime is every founder and investors’ nightmare. Training programmes for officers in the sensitization towards cyber crimes and related infringements is also a significant initiative taken by the Indian Government.

  • Special management teams have been set up to fast track and facilitate investments made to India from South Korea or Japan. The plans are coined ‘Japan Plus’ and ‘Korea Plus’.


  • If your business deals with cross-border trading, you’re in luck. The Government has made the process highly efficient by reducing the time utilised at ports and airports. Necessary clearances for exporters and importers has also been prioritized. As a result of the improvements made, export and import clearance that once used to take nearly 5 and 11 days has reduced by more than half the time.

  • Minority shareholder’s Interests are well protected in India. Apart from ranking high on the ‘ease of doing business Index’, a greater disclosure is now required of the board members on matters of ‘conflict of interest’.


  • A National Company Law tribunal and an appellate tribunal was set up to replace the existing Board for Industrial and Financial Reconstruction (BIFR) and Company Law Board (CLB). The National Company Law Tribunal was set up to resolve corporate disputes faster and efficiently, to examine existing laws that relate to winding up procedures and to suggest reforms regarding winding up and insolvency in an effort to match up to international standards and practice in this field.

  • The ease of doing Business in India is also about exiting a business efficiently as much as it is about starting and running one. Thankfully, the Government is soon to enact the ‘Bankruptcy Code’, which will make it easier for investors to exit a business in case of Insolvency.  At present, it takes 4 years to resolve an issue related to insolvency. With the new code, time taken to exit from a business will be reduced to a period of under a year.

Foreign companies that invest in Indian businesses have contributed heavily to India’s economic growth over the past years. The Government has set up FDI and FEMA measures to increase economic activity, set regulations and caps on sectors and generate employment opportunities.

Foreign Direct Investment (FDI)

Money that India receives from investors abroad is FDI. Foreign companies that invest in Indian businesses gain a monetary advantage in terms of labour wages and benefit from the high economic growth rate prevailing in India.

The Foreign Direct Investment allowed for an entity based in another country is:

Sector FDI Allowed
Direct route Indirect route
Insurance and Pension 49%
Defence 49% above 49%
DTH, Cable, sky broadcasting 100%
Brownfield Airport Projects 100%
Scheduled Air Transport Services 49% 49%-100%
Foreign Airline Companies 49% of paid up capital Upto 49%
Marketplace Model of e-commerce 100%
Food products manufactured/produced in India 100%
Asset Reconstruction Companies 100%
Brownfield Pharmaceuticals 74% above 74%
Private Security Agencies 74%
Non ‘News and Current Affairs’ linking channel 100%
Mining and Mineral separation of Titanium Upto 100%
Publishing/Periodicals/Journals Upto 100%
Publication of foreign newspapers Upto 100%
Publication of Indian versions of foreign magazines Upto 26%
Satellites Upto 100%
Telecom 49% 49%-100%
Banking Private Sector 50%-Upto 74%
Banking Public Sector Upto 20%
FM Radio Upto 49%
NBFC 100%
Commodity Exchange 49%

(Figures as of August 2016)

The Foreign Exchange Management Act, 1999 (FEMA)

The Foreign Exchange Management Act, 1999, was set up with the aim of Increasing foreign exchange through increasing external trade and promoting foreign exchange markets in India. All Offences relating to Foreign exchange are considered Civil offences.

Some of the revisions in regulations of FEMA to promote the ease of doing business are:

  • Acquisition and transfer of fixed/immovable property – several conditions for which RBI approval is no longer required to buy immovable property outside India by a company registered in India.
  • Possession and Retention of Foreign currency – an individual can have up to a maximum of USD 2000 in foreign currency at any time. This applies in all cases other than if the individual is not  a permanent resident of India, he obtained the foreign currency while being resident outside India or if such currency was brought in compliance with the laws applicable.
  • Export and Import of Foreign Currency – the upper limit of notes an individual can take outside the country or bring into India is INR 25000 (currency notes or RBI notes).
  • Import of Foreign Exchange – foreign exchange sent to India has no upper limit except in the case of currency notes, traveler’s cheques and bank notes. The upper limit on these types is USD 10000.
  • Postal Order/Money Order – any person can buy foreign exchange from any Indian Post Office in the form of money order or postal order.
  • Declaration of exports – for businesses that are either engaged in exports or those that are set up in Special Economic Zones or Special Technological Parks need to declare their exports backed up with evidence.
  • Insurance – regulations that are stated for an individual resident in India that avails a general or a life insurance policy issued by an insurer outside India and vice-versa.

Routes to Invest in India

Automatic/ Direct Route – No permission from the Central Government required under this route.

Government Route – Applications that are considered by the Foreign Investment Promotion Board (FIPB) come under this route.

Who can Invest in India?

  1. An Individual – FCVI, Pension/PF, Financial Institutions

  2. A Company – Non-Resident Indians, Foreign Trusts, Wealth Fund

  3. Foreign Institutional Investors – Private Equity Funds, Partnership Firm, Proprietorship Firm

Note: Investors from Pakistan and Bangladesh can Invest only through the Government of India. Residents from Pakistan cannot invest in Defence, Atomic, Space and other select sectors of the economy.

How to Invest?

Foreign Investors can invest in India in the following ways:

  • Incorporating a company – Either a ‘Private limited’ or a ‘Public Limited’ Company.
  • Sole Proprietorship/Partnership – Under RBI approval.
  • Limited Liability Partnerships – Allowed under Government Route in sectors that have 100% FDI.
  • Other Structures – Not for Profit entities, etc. are subject to FCRA regulations.

The steps an Investor should follow before investing are:

  1. Identify Sector
  2. Obtain Central Government approval if required for that sector
  3. Transfer Funds through eligible financial instruments
  4. Meet the stipulated requirements of the RBI Act
  5. Registration and Document Filing (PAN, TIN)
  6. Find Ideal Space and obtain clearances, if any
  7. Obtain Licence(s) if required
  8. Finding staff, paying taxes, etc


An individual – Is taxed on the net income earned based on the tax bracket

A company – 30% tax + surcharge + education cess. Profits withdrawn are Taxed

Branch Office or Permanent Establishment – 40% + surcharge + cess

Incentives provided by the Government

  • Special Economic Zones (SEZ), Export Oriented Units (EOU) and National Investment and Manufacturing Zones (NIMZ) offer incentives such as tax reduction and tax holidays for businesses set up in such zones. Manyata Tech Park and Eco-Space are examples of SEZ’s.
  • Incentives on exports such as duty remission/exemption scheme, market schemes, focus products, duty drawback, etc.  to increase exports.
  • Area based Incentives for operating in particular areas of India such as Uttarakhand, Assam, Jammu and Kashmir, etc.
  • Apart from these Incentives, each State Government has its own incentive policy.

It is safe to say that with the Governments several acts and initiatives to stimulate increased investment and growth, India has truly built favourable all-round business conditions. India emerged as the top destination for foreign direct investment (FDI) by capital investment in 2015, attracting $65 billion worth of investments, overtaking China and USA. Business in India? Absolutely.

Guest post by, a Do-It-Yourself legal platform for making legal documents online. helps startups with incorporation and legal documentation services. It also provides Aadhaar-based eSign service to businesses.

Reactions from #iSPIRT to the Union Budget presentation

iSPIRT is happy to note the Union Finance Minister, Mr. Arun Jaitley’s thrust in the direction of boosting the digital infrastructure in the country with specific reference to the Aadhar.

Aadhar powered by India Stack will allow people to offer presence less, cashless paperless service delivery to millions. Also digital literacy will also provide a big impetus in the rural areas.

The second initiative of iSPIRT which has been positively impacted by the Union budget is the ease of doing business in India and therefore the incentive for companies to Stay-In-India through the capital gains incentives where there will be no capital gains tax applicable if the funds so received are invested in a notified fund of funds by individuals in specific start-ups. The other major step is the decision to tax the Royalty Income from Patents developed and filed in India at only 10%, this we believe will certainly encourage companies to file more IPR in the country.

That said, we are disappointed with no attention being given to easing taxation norms of software companies where there is significant friction, the confusion on “goods” verses “service” tax on online downloads, TDS on sale of Software products and competition from foreign selling B2C products without any tax in India.

iSPIRT continues to work closely with the Government of India to enable the software product companies and start-ups to make the next leap with incentives from the Government. The Union Budget just presented is semi-sweet with specific sops being given to the start-up community in continuation of earlier policy announcements made by the Prime Minister Mr. Narendra Modi. There is a lot more that could be done to incentivize innovation and specifically ease the TDS conundrum which start-up and product companies find themselves adversely caught in.

Here are some specific comments from the iSPIRT team:

According to Mohandas Pai, Advisor, iSPIRT, “The Government continues to incentivize the start-up ecosystem as we have seen in the recent budget pronouncement. I am glad that the Government clearly recognizes that start-ups can be powerful problem solvers for the myriad issues facing the country and in turn generate employment as well. The Government’s decision to allow for 100% deduction of profits for 3 out of 5 years between April 2016 and March 2019 is certainly a welcome step that will boost start-ups.”

“While there are no major sops announced for the software product industry, the Government must understand that incentives to this segment of the industry will result in an exponential leap in exports and place India in an unshakable position on the world software product stage. That said, the decision to tax the Royalty Income from Patents developed and filed in India at only 10%  is a good move by the Government and will certainly encourage companies to develop and file more IPR in the country ,“ says Vishnu Dusad, Co-Founder & Governing Council member of iSPIRT & MD, Nucleus Software Exports Ltd.

Sharad Sharma Co-Founder & Governing Council member of iSPIRT says, “Start-ups in the country will certainly benefit from the budget announcement of amending the Companies Act to announce easier and swifter registration of companies. Another positive announcement from the budget speech by Mr. Arun Jaitley has been the focus on Aadhar for subsidy delivery. The Aadhar powered India stack from authentication to exection, coupled with the open API policy in India, can certainly transform the way in which digitally focused companies can reach the masses quicker and more effectively.”

Says Jay Pullur, Governing Council member of iSPIRT & CEO & Founder of Pramati Technologies.“The Government through the Union Budget has done well to do away with capital gains taxation if the funds so received are invested in a notified fund of funds or in specific start-ups. Of course, a lot more can be done to ease working norms for the software industry by looking into issues like dividends from overseas subsidiaries and a clearer and unambiguous definition of digital goods and digital services from a taxation point of view.”

SBI and iSPIRT discuss future of banking in India

iSPIRT and SBI had a 4-hour meeting on the future of banking. 30+ seniormost officers of SBI – including all the MDs, DMDs, CGMs, and GMs – participated. Two SBI Board members were also present. Nandan Nilekani chaired the session from iSPIRT side.
DSC_2148The first session was about understanding the technology trends that are shaping banking. There was special focus on understanding implications of eKYC, Aadhaar, new payment infrastructure and GST Network. There was also a good discussion how point-solutions by startups are changing banking.
The second session showcased 7 Fintech software product companies (NovopayHappay,Vote4CashCapitalFloatCustomerXPSProbeEquity, Enstage) and 2 non-FinTech product companies(InMobi, TeamIndus). The third session session was about SBI strategy. This was a very productive discussion. We can’t share the details as it was confidential.
This meeting brought together two threads within iSPIRT. One thread was related to its Policy work related to Open APIs (that is shaping the technology infrastructure of banking and finance in India) and the push for Cashless India. The other thread was InTech50, which is a market catalyst that helps big companies leverage software products startups to drive innovation throughout their business.
DSC_2150iSPIRT is fostering many such dialogs with not just banking giants like SBI, but with Regulatory institutions like SEBI, RBI and others, to fashion a new India.

Aadhaar and the 7 principles of Product Management

Sanjay Jain, Entrepreneur in Residence, Khosla Labs spoke at the IPMA 2nd annual event. The Unique Identification Authority of India (UIDAI) is an agency responsible for implementing the AADHAAR scheme, a unique identification project. It was established in February 2009, with an aim to provide a unique identification number to all Indians, by eliminating duplicate and fake identities. Biometrics features are selected to be the primary mechanism for ensuring uniqueness.

The primary reason for the UID project was to establish the bona fide identity of a person. Lack of an identity proof often excludes people from many facilities and formal systems in society such as opening a bank account or access to public distribution system (PDS).  In most cases the rural poor find it difficult to even produce birth records to prove their identity even to claim their (legitimate) privileges.

Sanjay Jain who spoke at the IPMA second annual event which was held on the 8th of December, was the chief product manager for this project.  He spoke about 7 principles of Product Management and mapped it to Aadhaar, the ambitious Government Project.

Below is an excerpt from the presentation where Sanjay Jain took the 7 Principles of Product Management elucidated by Deep Nishar (at the NASSCOM Product Conclave earlier this year) and looked at Aadhaar through that lens:

The 7 Principles of Product bliss:

  1. Know thy User
  2. Simplicity is a feature
  3. Embrace Constraints
  4. Data is your guide
  5. Innovation is not instant
  6. Adapt
  7. Manifest Destiny

Know thy user: Aadhaar has a process called ‘Know Your Resident’ which is about proving the identity of a resident of India. So it has information like their name, finger print, gender, date of birth, where they live, who is their parents etc. which helps knowing the resident intimately through the data collected.

Simplicity is a Feature:  What could be simpler than one person – one Aadhaar Id. The principle that Biometrics doesn’t change even with time and they are unique to a person is the basis for issuing Aadhaar.
The biometric of a person – impression of all the 10 fingers and the iris scan are the authentication or the proof of identity. There is no need for an

Aadhaar card, the 12 digit identification number and the biometric of the person are the authentication.
Embrace Constraints: There were many constraints; public funds were used so the accountability was to public as the policies and principles were sacrosanct. So a bunch of architectural principles were defined to guide the project and they were not to be violated. Some of them are:

  • To use open source technologies where ever prudent
  • The decision not to lock-in any vendor
  • Performance matrices are made public
  • Strong end-to-end security was ensured

A committee was put in place to take decisions. First data definition standards and biometric data standards were created and a broad concurrence from across the government was obtained to implement the same.

Data is your Guide: A public portal was created which gives complete visibility and transparency to anybody at any time, satisfying RTI norms.  A person who has applied for Aadhaar can check status on the UIDAI website by entering his/her 14 digit enrollment id.

The UIDAI being a part of the Central government agency works with the partners whom the state government outsources the work to; they are 3 levels away from central body, so everybody in the chain gets complete visibility to all information. So the processes are standard and details of contracts are available on the partner portal. The operators had to go through rigorous training and certification before they were activated.
Innovation is not instant: Innovation takes time. Central identity repository (CIDR) is the repository where all the identity data pertaining to Biometric subsystem, Demographic data, Business analytics, Infrastructure management, Application servers etc. resides.

The attempt is to build the world’s largest biometric database, India’s current population is 1.21 billion and the UID scheme aims to cover all the residents. No country has attempted an identification and verification system on this massive scale.

The method adopted is ‘the best fingerprint technology’, the resident provides all 10 fingerprints, 2 best finger prints are taken and the success rate is 95%.

Adapt: Competition brought in a drop in prices; for example when the project started the price of the fingerprint scanners, like the ones used in the US immigration, was 5000 USD; it came down to INR 25,000.

Manifest Destiny:
To take up a project of this magnitude needed conviction – One needs to believe one can do it, believe in success and work backwards.

Contributed by Mangal D Karnad, Tally Solutions