The Identification Authority of India (UIDAI), the body that manages all Aadhaar data in the country, has said it does not want to procure foreign origin equipment for its Information Technology (IT) and Information Security (IS) needs, and wants to go local to avoid the risk of embedded code or malware in the former.

“For replacement of aging components and to upgrade the existing infrastructure, all Information Technology (IT) & Information Security (IS) infra procurements are being done…it has been observed that most of the offerings for IT & IS procurements are from foreign origin OEMs (Original Equipment Manufacturers). This poses issues related to the supply chain management (delays in delivery) and support problems. Additionally, the possibility of Supply Chain Risks associated with embedded code or malware, due to off-shoring of productions by even the Industry leaders to other countries, cannot be ruled out," the UIDAI has said in a June 15 circular.

News18 has seen a copy of the circular. It says that customisation of the products from foreign origin OEMs is not feasible as the resellers have very little say over the OEMs who do not readily agree to harden or comply with technical specification requirements of UIDAI. “In view of the above, as part of Make in India initiative, handholding of indigenous firms and OEMs to produce items required in the security domain, which meet international standards, has been considered by UIDAI," the circular mentions.

UIDAI has deployed a state-of-the-art private cloud infrastructure to operate its CIDR operations through captive Data Centers and has deployed a robust security outlay to protect CIDR operations considering the sensitive nature of the PII (Personal Identifiable Information) data, UIDAI adds. The UIDAI holds PII data of nearly 127.5 crore Indians who have been enrolled under Aadhaar.

The Way Ahead

UIDAI has decided to establish a POC (Proof of Concept) environment at UIDAI office, located at Bengaluru, to facilitate Indian OEMs to demonstrate their products and capabilities. “The assessment criteria for the equipment under POC shall be as follows - mapping of equipment specification with technical specification as per UIDAI requirement, feasibility of customisation, indigenous content and reference certificate for the offered solution in conformance with Make in India Policy and assessment of supply chain and support issues and risks for the product," the circular says.

UIDAI has said it is looking forward to indigenous products for secure key management or exchange, Cloud Security Tools, Network Monitoring, Identity and Authentication systems and Vulnerability Management. The Government of India had issued a public procurement (Preference to Make in India) order in 2017 to encourage ‘Make in India’ and promote manufacturing and production of goods and services in India.

