A recent report by Moody’s Investors Service on “Decentralized Finance and Digital Assets” has brought to the fore some pressing concerns about India’s Aadhaar, the world’s largest digital ID programme. While Aadhaar’s scale is undeniably impressive, encompassing biometric and demographic details of over a billion residents, Moody’s cautionary note on the potential security and privacy risks of such “centralised” systems cannot be ignored. Aadhaar, controlled by a single entity, presents vulnerabilities that decentralized ID systems might mitigate. These decentralized systems, as proposed by Moody’s, would offer users greater autonomy over their personal data. Furthermore, the report underscores the challenges of Aadhaar’s biometric authentication, particularly its reliability in adverse climates and for manual labourers. The current government’s enthusiastic endorsement has seen the 12-digit ID become almost ubiquitous, essential for a plethora of services from welfare benefits to tax remittances. While the integration of Aadhaar with banking and mobile services has streamlined benefit transfers, eliminating fraudulent beneficiaries, it has not been without its pitfalls. There are numerous accounts of individuals, particularly the elderly and manual labourers, facing exclusion due to biometric verification failures. Last year’s audit of the UIDAI by the Comptroller and Auditor General of India further highlighted issues that could compromise data security and privacy. The report also pointed out inconsistencies in the enrolment process, leading to potential data duplication. India’s advocacy for digital public infrastructure, modelled on Aadhaar, for G-20 nations is commendable. However, before further expansion, especially in critical areas like electoral rolls or MGNREGA payments, a comprehensive review is imperative. The recent appointment of a part-time chief to the UIDAI after a four-year hiatus is a step, but what’s needed is a thorough evaluation and recalibration of the Aadhaar programme to ensure it serves its purpose without compromising the rights and privacy of its billion-plus users.