Examining the legality of deploying facial recognition technologies in social welfare contexts in India

Starting with the issue of the first AADHAAR card in India in 2010, we’ve seen a strong push from the Indian government to digitize identity, payments, and lately, access to social welfare schemes. Similar to the biometrics-based recognition system encoded in AADHAR, increasingly facial recognition technologies are being deployed by both central and state governments in India as ‘identity’ verification systems to avail welfare schemes.

What are facial recognition technologies (‘FRT’)?

The Algorithmic Justice League defines FRT to mean “a group of technologies that perform tasks on human faces. It relies on artificial intelligence (AI) to learn the patterns of a human face.” FRT systems are trained on databases of images, photographs, and videos to measure human features, “such as the shape of the chin, distance between the eyes” and other facial metrics, to generate a “mathematical sequence” or a “face template”.

These systems, trained on large volumes of data scraped from the internet have exhibited documented biases, when it comes to race, gender, caste, and other marginalized communities. Technology is not neutral; it takes on the biases and prejudices of those designing it, and where adequate safeguards and impact assessments are not conducted, of the vast swath of prejudiced information available on the internet. It is in this context that we need to examine both the policy objective of using FRT in social welfare schemes, as well as the underlying legality of FRT dependent scheme access.

Where have FRT’s been deployed and why?

In August 2023, The Pradhan Mantri Kisan Samman Nidhi (PM-Kisan), which enables eligible farmers to claim INR 6,000 as monetary assistance, mandated that farmers needed to complete an eKYC process – either through biometric or OTP based verification, or through face recognition based eKYC on the PM Kisan mobile application to avail financial relief.

In January 2024, reports surfaced of passengers being coerced into using Digi Yatra at Indian airports, including security personnel necessitating that boarding passes be scanned only through Digi Yatra. Digi Yatra is designed to be a voluntary scheme, in no way are passengers mandated to consent to FRT based identity verification through Digi Yatra. Mandating people to enrol on Digi Yatra is clearly illegal, the Ministry of Civil Aviation reiterated the voluntary nature of this scheme in its response to a RTI filed by SFLC. 

In July 2025, the Union Ministry of Women and Child Development mandated that women seeking take-home rations under the POSHAN Abhiyaan scheme (which seeks to improve the nutritional intake of children, pregnant women, and lactating mothers) need to verify their identity through the POSHAN tracker – featuring a government deployed facial recognition system. This was a marked departure from the previous approach, whereby the facial recognition process was optional. 

As of July 2025, Himachal Pradesh became one of the first Indian states’ to implement AADHAR-based face recognition to access ration foods under the Public Distribution System. Touted as a significant ‘technological advancement’, the Department of Digital Technologies and Governance, Himachal Pradesh claimed that the move to FRT was driven by issues with OTP based verifications (SMS delivery failures) and biometric mismatches through the UIDAI system. The face authentication would now take place at the ration shop itself, instead of the beneficiaries’ phone.

Is the use of FRT’s legal in social welfare contexts?

The use of FRT’s in social welfare contexts violates the internationally recognized principle of free and informed consent. Beneficiaries, who are otherwise eligible under government schemes, are deprived of any real choice to avail the relief other than through FRT verification of their identity. It is the lack of alternative means of verification that hits at the very core of free and informed consent.

Jurisdictions like Illinois, USA, have passed stringent laws regulating how entities collect, store, and use biometric data - The Illinois Biometric Information Privacy Act, 2008. Importantly, biometric information includes facial contours, retina or iris scans, fingerprints, and other unique biological information. The act clearly mandates that no biometric information can be collected, stored, or used, without the individual’s consent, making mandatory FRT illegal in the state. Similarly, the Washington Biometric Privacy Protection Act, 2017, and the Texas Capture or Use of Biometric Identifier Act, 2009 requires prior consent for the collection and use of any biometric data, including FRT. In May 2024, Meta was found to have violated the Texas biometric laws, resulting in a settlement of $ 1.4 Billion. 

The Indian Supreme Court, in Justice K.S. Puttuswamy v. Union of India, while analyzing the legality of the Aadhar scheme, recognized citizen’s fundamental right to privacy under Articles 14, 19, and 21 of the Constitution. The Supreme Court clearly stated that:

“Even where a person is availing of a subsidy, benefit or service from the State, mandatory authentication through the Aadhaar platform (without an option to the citizen to use an alternative mode of identification) violates the right to informational privacy.”

“It would be appropriate if a suitable provision be made in the concerned regulations for establishing an identity by alternate.” 

The Supreme Court in Puttuswamy, also held that any intrusion on a fundamental right to privacy should satisfy the proportionality test of legality, legitimate aim, and that the adopted means be necessary and least restrictive.

Considering the use of FRT under the POSHAN scheme, or to access ration foods in Himachal Pradesh raises serious questions on whether the above-mentioned conditions have been met. Mandating pregnant women and infants to undergo a necessary FRT based verification is fraught at many levels, particularly on whether this intrusion is necessary, and least restrictive – given realities of poor internet connectivity, high transaction costs, the necessary need for the women to travel the distance to the ration shops (removing the option of home visits or friends and family picking up the provisions for the intended beneficiary).

Neither the POSHAN scheme nor Himachal Pradesh’s PDS scheme contemplate cases of identity verification failure, bandwidth disruptions, or inability of beneficiaries to travel to the ration shops. Nor do these schemes envisage the establishment of adequate grievance redressal mechanisms in case beneficiaries are denied benefits due to issues with FRT.

In Pragya Prasun vs. Union of India, the Supreme Court opined that the right to life under Article 21 now bakes in a concept of digital access for all citizens. Commenting on issues of digital inclusion, the court found that

“…individuals in remote or rural areas often face poor connectivity, limited digital literacy, and a scarcity of content in regional languages, effectively denying them meaningful access to e-governance and welfare delivery systems. In such circumstances, the State’s obligations under Article 21– read in conjunction with Articles 14,15 and 38 of the Constitution – must encompass the responsibility to ensure that digital infrastructure, government portals…are universally accessible, inclusive and responsive to the needs of all vulnerable and marginalized populations.”

Ultimately, the judgment directed the state to provide alternative methods of KYC – going beyond FRT or iris scans for populations who cannot partake in these. It is equally important to note that facial recognition algorithms have shown demonstrably higher error rates for women, people with darker skin, and other marginalized groups – further risking underserved populations’ access to necessary government schemes and benefits. For instance, Amazon’s facial recognition software ‘Rekognition’ incorrectly identified 28 members of the US congress as criminals - the system disproportionately ascribed this tag to black faces and people of colour. Similarly, one of HP’s facial recognition tools came under intense scrutiny when workers exposed how the tool was ‘racist’ , it was only recognizing workers with lighter skin tones, and was unable to pick up darker skin tones. Microsoft's FaceDetect model demonstrated an overall error rate of 6.3% on its gender classification tasks.

Conclusion

State sponsored FRT systems, when made mandatory in nature, violate core principles of data ownership and control – right from citizen’s free and informed consent, to data purpose limitations, and data minimization considerations. These systems also pave the way for mass surveillance by forcing beneficiaries to surrender their data and information with no say or guardrails around how it may be used in the future.

The deployment of most state and central FRT’s in India have been done through executive decisions and administrative circulars, and not through clear laws from relevant authorities. This is also in contravention of Article 21, which requires a clear legal basis for the restriction of fundamental rights, not just executive action.  

While courts are yet to rule on the legality of FRT based verification processes to avail social welfare schemes; an analysis of the mandatory nature of these schemes, their intended purpose, and their potential to exacerbate exclusion and perpetuate existing digital divides, surfaces serious tensions between the state’s declared objectives of efficiency gains and fraud reduction, and meaningful receipt of benefits to beneficiaries.