The change, counted as a significant shift in the approach of the Aadhaar authority which critics say had been too trusting of agencies that it authorised. Wednesday's order will also end the practice of giving all agencies registered as Authentication User Agency, or AUA, access to complete information of the individual whose identity it wants to authenticate.
In the new framework, there will be two kinds of authentication agencies. One, like banks and income tax authorities, would be given complete access to an individual's demographic details. The other, would get limited access depending on their requirement. This time, it will be the Unique Identification Authority, or UIDAI that will decide what this requirement would be.
"For example," an official explained, "the UIDAI might decide that the user agency can do with just the name and date of birth of an individual. Someone else could be given access to the name and address and another agency, the photograph too."
Once the new system kicks in, people will also be able to generate their Virtual ID from the website run by the Unique Identification Authority or UIDAI, Aadhaar enrolment centre and the Aadhaar application on their mobile phone. This will be a 16-digit number and will be valid only for a limited duration.
The twin measures by UIDAI, officials say, have been in the works for months, taking into account feedback from public-spirited analysts and an internal assessment at the authority that is also fighting petitions in court that see the Aadhaar-must rule as an intrusion of privacy.
It was, however, unusual for the UIDAI to acknowledge that its existing processes left scope for misuse.
"While it is important to ensure that Aadhaar number holders can use their identity information to avail many products and services, the collection and storage of Aadhaar numbers by various entities has heightened privacy concerns," the UIDAI said.