INDIA STACK is a set of open APIs and digital public goods that allow governments, businesses, startups, and developers to build sophisticated digital services. It is the technical architecture of India's DIGITAL PUBLIC INFRASTRUCTURE (DPI). Four layers: (1) IDENTITY LAYER — AADHAAR (12-digit biometric identity, ~140 crore enrolled) + eKYC (electronic verification) + eSign (electronic signature); (2) PAYMENTS LAYER — UPI (Unified Payments Interface, 2016; ~18 lakh crore monthly value), IMPS, AePS, Bharat Bill Pay; (3) DATA LAYER — DigiLocker (cloud document storage), CoWIN (vaccine certificates), Account Aggregator framework (consent-based financial data sharing); (4) COMMERCE LAYER — Open Network for Digital Commerce (ONDC, 2022), Open Credit Enablement Network (OCEN, 2021). DESIGN PRINCIPLES: (1) Open APIs — any developer can build; (2) Interoperability — vendor lock-in avoided; (3) Privacy by design — consent-based, minimal data; (4) Inclusion — accessible to bottom-of-pyramid users; (5) Scale — built for billion+ users. ARCHITECT: NANDAN NILEKANI led UIDAI (Aadhaar) 2009-14; iSPIRT non-profit incubated India Stack. The framework has produced extraordinary outcomes: 50 crore Jan Dhan accounts; UPI processing 18+ billion transactions/month; ~₹40 lakh crore Direct Benefit Transfer through Aadhaar.

What is UPI and why is it transformative?

UPI (UNIFIED PAYMENTS INTERFACE) is a real-time interbank payments system developed by National Payments Corporation of India (NPCI), launched APRIL 2016. KEY FEATURES: (1) Bank-agnostic — works across all banks; (2) 24x7 instant transfer; (3) Mobile-first — uses Virtual Payment Address (VPA) like email; (4) Free or near-free for users; (5) Open API — any developer can build a UPI app (PhonePe, GooglePay, Paytm, BHIM, ~50+ apps); (6) Interoperable across PSPs (payment service providers); (7) QR code based for merchant payments; (8) Built on India's IMPS rail. SCALE (2024): (1) ~18 BILLION transactions/month; (2) ~₹18 lakh crore monthly value; (3) ~46% of global real-time payments; (4) 49 crore users; (5) 5 crore merchant acceptance points; (6) Now ~80% of India's retail digital payments. INTERNATIONAL: UPI accepted in France, UAE, Singapore, Sri Lanka, Mauritius, Nepal, Bhutan, Maldives, parts of Africa. RBI's CBDC (e-Rupee) integrates with UPI. PHASES: (1) 2016-19: foundation; (2) 2020-21: COVID accelerated adoption; (3) 2022 onwards: international rollout. WHAT MAKES IT TRANSFORMATIVE: (1) Brings 'last mile' digital payments to small merchants; (2) Cuts transaction costs to near-zero; (3) Enables small-ticket transactions impractical with cards; (4) Reduces cash dependence; (5) Generates digital transaction data for credit access. UPI is widely studied internationally as the canonical case of public infrastructure approach to fintech.

What is the Account Aggregator framework?

The ACCOUNT AGGREGATOR (AA) framework is RBI's CONSENT-BASED FRAMEWORK for sharing financial data securely. Notified 2016, operationalised 2021. PROBLEM IT SOLVES: Indians' financial data is scattered across banks, mutual funds, insurance, EPF, etc. Traditional borrowing required physical document submission. Lenders couldn't see comprehensive financial picture. AA framework lets users SHARE their data securely with consent. ARCHITECTURE: (1) FINANCIAL INFORMATION PROVIDERS (FIPs) — banks, mutual funds, etc. who hold data; (2) ACCOUNT AGGREGATORS (AAs) — RBI-licensed intermediaries who route consent + data; ~15 AAs operational; (3) FINANCIAL INFORMATION USERS (FIUs) — lenders, insurers, advisors who consume data. PROCESS: User consents through AA app → AA fetches data from FIPs → AA delivers data to FIU → User can revoke consent anytime. PRIVACY FEATURES: (1) AAs are 'data-blind' — cannot see contents; (2) Time-limited consent (e.g. 30 days); (3) Purpose-limited (e.g. only loan assessment); (4) Auditable consent trail; (5) User control over revocation. SCALE: ~10 crore consents processed by 2024; ~150+ FIPs onboarded. USE CASES: (1) MSME lending — small businesses get loans based on actual cash flow; (2) Personal loans — faster, cheaper; (3) Mutual fund advisory — personalised; (4) Insurance underwriting; (5) Wealth management. The AA framework is the world's first systematic CONSENT-BASED DATA ARCHITECTURE. EU's PSD2 is similar but more limited. AA is being studied by other countries — recommended at G20 Bali 2022 as DPI model.

OPEN NETWORK FOR DIGITAL COMMERCE (ONDC) is India's open e-commerce protocol — designed to democratise digital commerce, currently dominated by Amazon and Flipkart. Launched September 2022 by Department for Promotion of Industry and Internal Trade (DPIIT). ARCHITECTURE: (1) OPEN PROTOCOL — not a platform; any seller can join any compliant buyer app; (2) INTEROPERABILITY — sellers on one app can be discovered by buyers on another; (3) UNBUNDLING — separates buyer app, seller app, logistics, payments; (4) CATALOGUE STANDARDISATION — common product catalogue format. GOAL: Break platform monopoly; enable small sellers; reduce commissions (current platforms 30-40%; ONDC targets 5-10%). COVERAGE: Food & beverages, grocery, fashion, electronics, beauty, mobility (taxis), agriculture, healthcare, financial services. SCALE (2024): ~6 lakh merchants onboarded; ~25 crore orders cumulative; major retailers (Reliance Retail, Mall91), apps (Paytm, PhonePe), logistics (Delhivery, Shadowfax) participating. CHALLENGES: (1) Network effects — Amazon and Flipkart's scale advantage; (2) Customer experience standardisation; (3) Returns and disputes; (4) Logistics costs; (5) Marketing budgets needed to drive adoption. INTERNATIONAL INTEREST: similar architectures being explored by EU (DSA), South Africa, others. ONDC is the most ambitious DPI experiment after UPI.

How is India exporting DPI globally?

India's DPI is becoming a major SOFT POWER and EXPORT story. KEY EXPORTS: (1) MODULAR OPEN-SOURCE PROTOCOLS — countries can adopt and adapt; (2) IDENTITY systems — Modular Open Source Identity Platform (MOSIP, hosted IIIT-Bangalore) used by Philippines, Morocco, Ethiopia, Sri Lanka, Togo, Mauritius, others; (3) PAYMENTS — UPI accepted in France, UAE, Singapore, Sri Lanka, Mauritius, Nepal, Bhutan, Maldives, parts of Africa; UPI-PayNow (Singapore) integration 2023 most prominent; (4) PROTOCOLS — Beckn Protocol (basis of ONDC) being adopted globally; (5) HEALTH — CoWIN deployed in Sri Lanka, Mauritius; recommended for COVID-19 globally. INSTITUTIONAL CHANNELS: (1) G20 INDIA PRESIDENCY 2023 — DPI prominently featured in New Delhi Declaration; G20 Framework on DPI adopted; (2) UN SDG Summit — India advocated DPI for SDGs; (3) GLOBAL SOUTH partnerships — Africa, Latin America, ASEAN; (4) WORLD BANK + IMF endorsement; (5) MOSIP COMMUNITY — open-source community around India's identity stack. STRATEGIC IMPLICATIONS: (1) Soft power gain; (2) Demonstrates that India can be infrastructure provider, not just consumer; (3) Counters Chinese tech offering (Alipay, WeChat Pay) with open alternative; (4) Creates 'India tech' brand; (5) Establishes governance norms in emerging tech. CRITIQUES: (1) Privacy concerns particularly around Aadhaar-style biometric systems in countries with weaker protections; (2) Risk of authoritarian uses; (3) Commercial interests of Indian tech companies sometimes drive adoption beyond country's own readiness. The DPI export model is also reshaping India's foreign policy — DPI diplomacy has become a distinctive Indian tool, particularly in the Global South.

India Stack & Digital Public Infrastructure (DPI) — Aadhaar, UPI, ONDC, Global Export | UPSC Notes

Why this matters now

India Stack is the most influential public technology project of the 21st century. It has demonstrated that government can be a builder of foundational infrastructure rather than just a regulator — and that such infrastructure can be more transformative than private platform-economy approaches. The international interest in DPI as an alternative to Big Tech-led digital economies is one of the most significant geopolitical shifts of our time.

140 cr

Aadhaar enrolments

18 bn

UPI txns/month

~46%

Share of global real-time payments

Countries using MOSIP

DPI as a concept

Digital Public Infrastructure (DPI) is the framework where government provides foundational digital infrastructure — like roads or electricity — that private actors can build on. Key properties:

Open — APIs available to all developers;
Interoperable — vendor lock-in avoided;
Public good — accessible to everyone, not just the wealthy;
Privacy-respecting — consent-based, minimal data;
Scale-ready — built for billion+ users.

DPI contrasts with the platform-economy model (Amazon, Facebook, WeChat) where private platforms control the digital layer.

India Stack — the four layers

Layer	Components	Year
1. Identity	Aadhaar, eKYC, eSign	2009 onwards
2. Payments	UPI, IMPS, AePS, Bharat Bill Pay, NACH	2016 onwards
3. Data	DigiLocker, CoWIN, Account Aggregator	2015 onwards
4. Commerce	ONDC (e-commerce), OCEN (credit), Beckn protocol	2021 onwards

Design principles

Open APIs — any developer can build;
Interoperability — no vendor lock-in;
Privacy by design — consent-based, minimal data;
Inclusion — accessible at bottom of pyramid;
Scale — built for billion+ users.

Architects

Nandan Nilekani — Infosys co-founder; led UIDAI (Aadhaar) 2009-14; intellectual force behind India Stack;
iSPIRT Foundation — non-profit incubator;
UIDAI — Aadhaar authority;
NPCI — National Payments Corporation of India (UPI);
RBI — payment and data regulator;
MeitY — Ministry of Electronics and IT.

Aadhaar — the foundation

Aadhaar is a 12-digit unique identification number tied to biometric (fingerprints, iris) and demographic data. UIDAI established 2009; first enrolment September 2010.

Status (2024):

~140 crore enrolments — covers ~98% of adult Indians;
~50 crore Aadhaar-linked bank accounts (Jan Dhan);
Direct Benefit Transfer (DBT) of ₹40 lakh crore cumulative;
Estimated ~₹2.7 lakh crore saved in welfare leakage by DBT (some debate);
~100 schemes linked.

Use cases: KYC, mobile SIM verification, DBT, IT returns, EPF, pension, scholarships, healthcare, vehicle registration, agricultural subsidies.

Legal framework: Aadhaar Act 2016 (challenged); Puttaswamy 2018 — Supreme Court upheld Aadhaar but restricted private use without authorisation.

UPI — the payments revolution

Unified Payments Interface (UPI) — developed by NPCI; launched April 2016. Real-time interbank payments.

Key features:

Bank-agnostic;
24x7 instant transfer;
Mobile-first (VPA like email);
Free or near-free for users;
Open API — any developer can build UPI app (PhonePe, GooglePay, Paytm, BHIM, 50+ apps);
Interoperable across PSPs;
QR code based for merchants.

Scale (2024):

~18 billion transactions/month;
~₹18 lakh crore monthly value;
~46% of global real-time payments;
49 crore users;
5 crore merchant acceptance points;
~80% of India's retail digital payments.

UPI Lite for small amounts; UPI 123Pay for feature phones; e-Rupee CBDC integration.

Data layer — DigiLocker, CoWIN, Account Aggregator

DigiLocker (2015)

Cloud document storage for government and personal documents;
~25 crore users;
Driving licences, vehicle RC, education certificates, PAN, ration card;
Equivalent legal status as physical documents.

CoWIN (2020-21)

COVID-19 vaccination platform;
~220 crore doses administered;
~110 crore vaccination certificates;
Open-sourced as Co-WIN-Global; used by Sri Lanka, Mauritius, others.

Account Aggregator (2021)

RBI's consent-based framework for sharing financial data. Architecture:

FIPs — Financial Information Providers (banks, MFs, EPF, etc.);
AAs — Account Aggregators (RBI-licensed intermediaries; ~15 operational);
FIUs — Financial Information Users (lenders, insurers, advisors).

Privacy features: AAs are 'data-blind' (cannot see contents); time-limited consent; purpose-limited; auditable trail; user revocation. ~10 crore consents processed by 2024.

Use cases: MSME lending; personal loans; mutual fund advisory; insurance underwriting; wealth management.

The world's first systematic consent-based data architecture. EU's PSD2 is similar but more limited.

ONDC — open e-commerce

Open Network for Digital Commerce (ONDC) — launched September 2022 by DPIIT.

Architecture:

Open protocol — not a platform;
Sellers on one app can be discovered by buyers on another;
Unbundles buyer app, seller app, logistics, payments;
Common product catalogue format.

Goal: break Amazon-Flipkart duopoly; enable small sellers; reduce commissions (current 30-40%; ONDC targets 5-10%).

Coverage: food & beverages, grocery, fashion, electronics, beauty, mobility (taxis), agriculture, healthcare, financial services.

Scale (2024): ~6 lakh merchants; ~25 crore orders cumulative; major retailers and apps participating.

Challenges: network effects; customer experience standardisation; logistics costs; marketing budgets.

Privacy & Puttaswamy

Aadhaar and India Stack have faced significant privacy debate.

Justice K.S. Puttaswamy v. Union of India (2017) — 9-judge Supreme Court bench unanimously held that the right to privacy is a fundamental right under Article 21.

Puttaswamy II (2018) — upheld Aadhaar Act 2016 by 4-1 majority but:

Struck down Section 57 (private use without authorisation);
Banks and telcos cannot mandate Aadhaar;
Aadhaar limited to government welfare and tax;
Justice D.Y. Chandrachud's dissent (later CJI) called Aadhaar Act unconstitutional.

DPDP Act 2023 — Digital Personal Data Protection Act — operationalises Puttaswamy. Provides for Data Fiduciary obligations, Data Principal rights, Data Protection Board. Cross-border data transfer framework. Coverage discussed in our Privacy Policy and the deep-dive Right to Privacy (Puttaswamy 2017).

Global DPI export

India's DPI has become a distinctive foreign policy tool:

Identity export

MOSIP (Modular Open Source Identity Platform) — hosted at IIIT-Bangalore. Adopted by Philippines, Morocco, Ethiopia, Sri Lanka, Togo, Mauritius, Guinea, Madagascar, and others. Open-source, customisable.

Payments export

UPI accepted in: France (Eiffel Tower payments!), UAE, Singapore (UPI-PayNow integration 2023), Sri Lanka, Mauritius, Nepal, Bhutan, Maldives, parts of Africa.

Protocol export

Beckn Protocol — basis of ONDC — being adopted globally. Health, mobility, education applications.

Health export

CoWIN deployed in Sri Lanka, Mauritius; recommended for COVID-19 globally.

Institutional channels

G20 India Presidency 2023 — DPI prominently featured in New Delhi Declaration; G20 Framework on DPI adopted;
UN SDG Summit — DPI for SDGs;
Global South partnerships;
World Bank + IMF endorsement;
MOSIP community.

Strategic implications: soft power gain; India as infrastructure provider not just consumer; counters Chinese tech offering (Alipay/WeChat); 'India tech' brand; governance norms in emerging tech.

Critiques

Privacy concerns — particularly biometric systems in countries with weaker protections; risk of mission creep;
Authoritarian uses — DPI exported to less-democratic regimes;
Surveillance risks — comprehensive data trail enables tracking;
Exclusion errors — biometric failures excluding poor users from welfare;
Commercial drivers — Indian tech companies sometimes drive adoption beyond country readiness;
Centralisation — concentration of power in technology architects (Nilekani, iSPIRT);
Data sovereignty — cross-border flows raise issues;
Algorithmic governance — automated decision-making in welfare requires accountability frameworks.

"India Stack is the most ambitious public technology project of the 21st century. Its success or failure will shape whether DPI becomes the global alternative to platform capitalism." — paraphrasing scholars at the Berkman Klein Center, Harvard

UPSC PYQs and likely future questions

UPSC angle

India Stack and DPI questions span GS-3 (Science & Tech, Economy) and GS-2 (governance, e-governance). Strong answers describe the four layers accurately, identify specific products, address privacy debate, and connect to global DPI export.

2020 GS-3: "Discuss the Aadhaar architecture and its constitutional implications post-Puttaswamy."
2023 GS-2: "Examine the role of Digital Public Infrastructure (DPI) in India's G20 Presidency. What is the global significance?"
2024 GS-3: "Discuss UPI as a model of public digital infrastructure. What lessons does it offer for emerging economies?"
Likely 2026 question: "Examine the Account Aggregator framework as a privacy-respecting financial data architecture. To what extent does it solve the trade-off between innovation and privacy?"
Likely 2026 question: "Discuss ONDC as a regulatory intervention in platform commerce. What are the constraints to scaling?"
Likely 2026 question: "Trace the evolution of India's DPI export model. What does it tell us about India's foreign policy in the digital era?"

💻

Science & Technology cluster opens here

Seventh thematic cluster — alongside Federalism, Rights, Economy, IR, Society, Climate (all complete). Companion: Semiconductor Mission. Forthcoming: AI Policy, Space Programme.

See all topics →