L1 biometric device certification now mandatory for Aadhaar authentication

India has transitioned to more secure biometric authentication devices, with the requirement for only registered devices certified to the Level 1 standard set by the Unique Identification Authority of India (UIDAI) allowed for use with Aadhaar as of January 1, 2025.

All biometric devices used for Aadhaar authentication must now have passed L1 certification, which includes a required test of the false rejection rate (FRR) with at least 5000 people. This “5000 FRR” test is part of the testing specification set by the Standardization Testing and Quality Certification (STQC) Directorate. STQC is part of the Ministry of Electronics and Information Technology (MeitY), and set the specification for biometric device testing back in 2013.

The UIDAI ordered all participants in the Aadhaar ecosystem to phase out fingerprint biometrics scanners that are certified to the lower level, Level 0, with a January 2023 memo, to “enhance the security” of Aadhaar transactions. The change came as part of a larger shift, which also included new guidelines on informed consent and mandated the use of liveness detection.

Understanding L1 security and certification

L1 certification is a key standard for biometric devices in the Aadhaar authentication ecosystem. Unlike L0 devices, which process biometric data at the level of the host’s operating system, L1 devices have a Trusted Execution Environment (TEE) for data signing and encryption. Biometric data is safely processed within the TEE, and not passed unencrypted from the sensor to the host, reducing the risks of unauthorized access or breaches.

To acquire L1 certification, devices must meet UIDAI’s strict security standards, including passing the 1 in 5000 FRR test. This milestone certifies the device’s accuracy, dependability, and resistance to spoofing attempts. By switching to L1 devices, UIDAI strengthens India’s digital infrastructure while providing smooth and secure service delivery.

The general certification specifications for all fingerprint biometric authentication scanners requires an FRR of below 2 percent at a false acceptance rate (FAR) of 0.01 percent, IAFIS image quality certification with built-in NFIQ software and MINEX interoperability compliance.

STQC’s 5000 FRR benchmark

STQC says the 5000 FRR test is validates image quality, and is important to the overall quality assessment of a biometric device.

The specification refers to NIST Special publication 800-76-2 – Biometric Specification for Personal Identity Verification, which sets the technical and operational requirements for America’s PIV government credentials, as the basis for its testing procedure.

Testing FRR with 5,000 or more subjects is intended to demonstrate that the reliability standard is met not just on a specific population, but across India’s demographically diverse population.

Next Biometrics noted the successful completion of the 5000 FRR test by one of its Indian partners weeks ahead of the L1 certification requirement taking effect.

Ghulam Shabir Arain contributed to this report.

Article Topics

Aadhaar  |  biometric authentication  |  biometric testing  |  biometrics  |  certification  |  India  |  L1 certification  |  Standardization Testing and Quality Certification (STQC)  |  standards  |  STQC  |  UIDAI