Skip to content
Certopact certopact
← Articles Identity verification

Aadhaar verification: online (AUA/KUA) vs offline (OVSE)

12 May 2026 8 min read

If you verify visitors, contractors or staff against Aadhaar in India, there are two distinct routes — online and offline. They answer the same question (is this person who they say they are?) in very different ways, with different infrastructure, consent and connectivity requirements. Knowing which to use where saves you both compliance headaches and queue time at the gate.

This guide explains how each route works, what it needs to run, how they compare on speed, assurance and privacy, and how to decide which belongs at which of your sites.

First, what Aadhaar verification is (and isn't)

Aadhaar verification confirms that a person's claimed identity matches UIDAI's records. It is not the same as photographing an ID card and filing it away — a card can be forged or borrowed. Verification ties the person to an authoritative source, either by asking UIDAI in real time (online) or by checking a document UIDAI has digitally signed (offline). In both cases, done properly, you never need to store the full 12-digit Aadhaar number.

Online verification: AUA / KUA

Online verification uses UIDAI's authentication APIs through a licensed Authentication User Agency (AUA) or e-KYC User Agency (KUA). The resident enters their Aadhaar number and approves an OTP sent to their registered mobile; UIDAI returns a yes/no result and, for e-KYC, a signed set of identity attributes such as name, photo and demographics.

  • Real-time: you get a fresh response from UIDAI at the moment of verification.
  • Authoritative: the answer comes straight from UIDAI's records.
  • Needs connectivity to UIDAI and a registered mobile to receive the OTP.
  • Consent is captured per transaction; no Aadhaar number is stored by Certopact.

Online is the strongest, most current check — but it leans on two things being available at the moment of entry: a working connection and the resident's registered phone. Where either is unreliable, throughput suffers.

Offline verification: OVSE

Offline verification is built on UIDAI's OVSE (Offline Verification Seeking Entity) framework. Instead of calling UIDAI live, you verify a UIDAI-signed artefact the resident presents — the secure QR code on the Aadhaar letter or PVC card, or an Aadhaar Paperless Offline e-KYC XML the resident downloads themselves and protects with a share code. Certopact checks UIDAI's digital signature to confirm the data is genuine and untampered, then reads the name and photo for matching.

  • No live UIDAI call and no OTP — useful where connectivity or mobile access is unreliable.
  • Consent-based and privacy-preserving: the resident chooses to share the artefact, and the Aadhaar number stays masked.
  • Tamper-evident: a forged or edited document fails the signature check.
  • Pairs well with Live Face matching against the photo in the signed record.

Side by side: how they compare

  • Connectivity: online needs a live link to UIDAI; offline does not.
  • Resident's phone: online needs the registered mobile for the OTP; offline does not.
  • Freshness: online reflects UIDAI's records right now; offline reflects them as of when the artefact was issued.
  • Speed at scale: offline avoids OTP waits, which matters at high-volume gates.
  • Assurance: both are government-backed; combine either with Live Face and name-match for the strongest result.

Privacy and consent in both routes

Whichever route you use, the same data-protection principles apply: collect consent with a clear notice, use the data only to admit and account for the visit, keep the Aadhaar number masked, and retain records only as long as you have a reason to. Both online and offline verification are designed to work without storing the Aadhaar number — a good fit for the expectations of India's DPDP Act.

Which should you use — and where

Use online (AUA/KUA) when you have reliable connectivity and the resident has their registered mobile to hand — it is the most authoritative, real-time check, well suited to corporate receptions and offices. Use offline (OVSE) for gates, plants, construction and remote sites where connectivity or OTP delivery is patchy, or for high-throughput entrances where OTP waits would create queues. Many organisations run both — offline as the gate default, online where a live check is warranted.

Doing both with Certopact Entry

Certopact Entry supports online AUA/KUA and offline OVSE verification from one identity engine, with name-match scoring, Live Face and blacklist screening. Because the mode is configurable per location, a single organisation can run offline at the plant and online at head office, all managed from one console — and the same engine powers identity checks inside Certopact Access for India deployments.

This article is general guidance, not legal advice. Always confirm your obligations under UIDAI rules and the DPDP Act for your specific deployment.

Keep reading

More articles.

Identity verification

What is OVSE? Offline Aadhaar verification, explained

Buyer's guide

Choosing a visitor management system: a buyer's checklist

Compliance

The DPDP Act and visitor data: what Indian workplaces should know

Stay in touch

Get a heads-up on new articles, customer stories and events from Certopact.

See Certopact verify a visitor in minutes.

Book a 30-minute demo. We'll walk through Entry, Access and offline verification on your use case.

Book a demo