Last Updated on August 12, 2025 by Chicago Policy Review Staff
With a population of over 1 billion and a deep colonial past, India has come a long way since gaining independence. In recent years, the country took the world by storm with its Unified Payments Interface (UPI) technology. This digital payment system played a large role in facilitating economic activity during the pandemic by reducing people’s dependence on paper money at a time when we didn’t even know how the COVID-19 virus spread. Another reason why UPI has garnered attention is that it solved an interoperability issue. Unlike applications like Zelle that solely allow transfers between Zelle users, UPI allows transfers regardless of the application used. However, UPI represents only one layer of a much larger digital infrastructure: India Stack.
Diagram courtesy of Author.
India Stack is a holistic digital infrastructure framework based on a set of APIs designed to promote financial inclusion, streamline government processes, and enhance service delivery. It comprises three layers: the Identity Layer, the Payment Layer, and the Data Layer. Aadhaar, India’s biometric-based unique identity system launched in 2010, serves as the foundation of the framework. It enables identity verification, facilitating access to government services and financial inclusion through the Jan Dhan Yojana program, which has brought millions into the formal banking system. According to World Bank’s Global Findex Database 2017, “the program had brought an additional 310 million Indians into the formal banking system by March 2018”. Alongside Aadhaar, DigiLocker allows individuals to digitally store and verify official documents, reducing dependence on physical identification. UPI and other digital payment systems enable seamless financial transactions, while the Data Empowerment and Protection Architecture (DEPA), a framework guiding the construction of the stack, aims to ensure secure, consent-driven data sharing, particularly in sectors like healthcare, finance, and governance.
India Stack has been widely adopted across various sectors. With regards to financial inclusion, JAM Trinity (Jan Dhan Yojana–Aadhaar–Mobile) has significantly increased access to banking and digital payments. Aadhaar-based Direct Benefit Transfers (DBTs) have improved efficiency in welfare distribution, ensuring that subsidies and social benefits reach the intended recipients without leakage.
Image courtesy of Author.
A few instances of the Data Layer being utilized have been seen in the past decade. In 2017, the taxation system also leveraged the digital infrastructure to streamline tax collection and compliance by creating the Goods and Services Tax Network which allows registration, filing and processing of GST with real time tracking. In 2021, within the banking sector, Account Aggregators went live under the Reserve Bank of India’s governance using the DEPA framework and in healthcare, the Ayushman Bharat Digital Mission started working toward building an Electronic Health Record (EHR) system to create a Unified Health Interface (UHI), facilitating interoperability in e-health services and connect patients to healthcare providers and platform services.
The fact that developers around the world are racing to perfect this technology highlights its potential. In the United States, EHR adoption is driven by policies like the Health Information Technology for Economic and Clinical Health (HITECH) Act, which provides incentives for “meaningful use” of EHRs. Companies like Epic Systems and Cerner dominate the U.S. market, focusing on patient engagement. In places where EHRs have already been used, it is noticed that beyond implementation, ongoing costs, such as maintenance, software updates, and operational expenses, further strain budgets, discouraging long-term engagement with EHRs. Technical concerns, such as a lack of interoperability and reliable technical support, exacerbate these financial challenges. Many systems fail to integrate seamlessly with existing technologies, limiting their utility and creating frustration for users. India Stack might solve this problem for institutions within the country, but the question remains on whether interoperability will exist internationally.
Yet, India Stack has demonstrated transformative potential in the global stage. Partnering with Google, India is working on expanding its network of UPI for Indians traveling abroad; through select banks and payment networks, UPI is also accepted in 12 countries including, France, Sri Lanka, Mauritius, United Arab Emirates, Nepal, Singapore and Bhutan.
By digitizing identity verification and eliminating the need for paper-based documentation, bureaucratic delays have been significantly reduced. Automation of government services optimizes resource allocation and minimizes administrative costs, making public service delivery more efficient. Comparisons with countries such as Estonia, which has pioneered e-governance, and Singapore, with its Smart Nation initiatives, highlight how India Stack can enhance digital inclusion while ensuring data security.
Despite its advantages, India Stack raises significant concerns. Data vulnerability remains a pressing issue. The fragility of data aggregation, demonstrated by the 2023 data breach where Aadhaar and passport details of over 815 million Indians was found on sale on the dark web. Since this data falls under personally identifiable information, it is of utmost importance to ensure the highest privacy standards. Having a digital stack that rests on personal data is a huge problem for successfully implementing digital transformation policy. The absence of a comprehensive Data Protection Act has further exacerbated these anxieties, especially in a socio-political climate where religious and caste-based tensions persist. The potential for government overreach, combined with weak data protection mechanisms, raises ethical questions about how citizen data is collected, stored, and used.
In 2018, the Supreme Court of India (SCoI) deemed the Aadhaar unconstitutional and just last year stated that it is not valid for identification. The SCoI attempting to uphold the fundamental right to privacy subsequently ruled to prohibit Aadhaar from being mandatory for any service not funded by the Consolidated Fund of India. Keeping in mind most government funded schemes cater to the marginalized, this ruling begs the question of whether the right to privacy only applies to the privileged. Lastly, the right to privacy extends to the right to be forgotten, which has been upheld in cases where individuals have requested their information to be removed from search engines. This shows the lack of trust the public has in the larger network of data which can hinder the successful building of the India Stack.
To ensure India Stack’s continued success while addressing concerns, policymakers must take several steps. Enhancing data protection laws and implementing robust cybersecurity measures are crucial to securing user data and preventing breaches. Transparency in data collection and usage must be improved, with clear consent mechanisms ensuring that citizens have control over their personal information. Public awareness campaigns are also necessary to educate individuals on digital privacy and security, fostering greater trust in India’s digital ecosystem. Additionally, the adoption of privacy-preserving technologies such as encryption, data anonymization, and decentralized frameworks can help strike a balance between efficiency and security.
India Stack represents a paradigm shift in digital governance, offering both opportunities and challenges. With its clear pitfalls, India Stack might crumble unless there is vigilance within the legal and cyber community to keep improving this revolutionary technology with the potential to create a future with a better standard of living and effective executive of welfare schemes.