Banking and Financial Services 
Payment 
Legal 
Insurance 
E-Commerce Marketplace 
Gaming 
Fintech 
Securities & Investments 
Digital Lending 
Embedded Finance 
Customer Acquisition 
Fraud Check 
Employee Vendor BGV 
Customer Engagement 
Underwriting 
Risk Assessment 
Digital Onboarding 
Perfios Analyse 
Document Analysers 
ITR Analyser 
GST Analyser 
Payslip Analyser 
Credit Card Statement Analyser 
Financial Statement Analyser 
Perfios Verify 
KYC/KYB 
VKYC 
Liveness Detection 
OCR 
Video PD 
PIVC 
Compliance Check 
OneClick Onboarding 
OneSDK 
AI Enabled ID Verification 
Digital Signature 
Perfios Lens 
Garner 
PFM 
CAM 
LeadGen 
Due Diligence 
Legal and Criminal Diligence 
kscan AI 
Perfios Protect 
Document Tamper and Behavioural Check 
TrustArmour 
Health Insurance Fraud Detection 
Deepfake Detection 
Perfios DPI Stack 
FIU++ 
FIP++ 
PCG 
Perfios Platforms 
iAdore 
InteGreat 
OneVigil 
Perfios Hub 
Acclaim 
Consent Management 
Nexus 360 
Journey builder 
About Us 
Management 
Awards 
Life At Perfios 
Careers 
FINteraction 
Global Presence 
Our Customers 
Perfios Trust Center 
Perfios In News 
Blogs 
Videos 
Tech Blogs 
What is DigiLocker?
Digital Locker provides a secure and safe cloud-based platform for storing, presenting, and verifying documents and certificates. The platform manages and stores all virtual identity proof documents and is linked to the Aadhaar Number of the user.
With the aim of facilitating paperless governance and simplifying the lives of citizens, the government has decreed that documents such as driving license, car registration, voter ID, PAN card, school and college certificates, and many other valid identity proofs issued by the government will now be accepted as officially valid documents when presented in digital form.
DigiLocker provides uninhibited access to authentic documents in digital format in what can be perceived as a digital documents’ wallet.
TLDR: When DigiLocker Aadhaar works for KYC (and when it doesn’t)
For lenders and regulated entities, DigiLocker-fetched Aadhaar documents can be useful but only in specific scenarios. Understanding where they fit (and where they don’t) is critical to staying compliant while optimising onboarding speed.
DigiLocker Aadhaar works well for KYC when:
1. The use case involves low-risk or short-tenure products
2. Aadhaar data is supplemented with Video KYC or in-person verification
3. The document is used for document authenticity, not standalone identity assurance
4. The organisation’s KYC policy explicitly allows DigiLocker-fetched documents as an input
DigiLocker Aadhaar may not be sufficient on its own when:
Opening full-KYC accounts or long-term financial relationships
There are two kinds of Digilocker services
DigiLocker for Consumers
Individuals can create an account easily through the DigiLocker website. He/She can also log in using your Aadhaar number and the OTP sent to the Aadhaar-linked mobile number. He/She can upload the documents or get them issued by the relevant statutory authority such as the UIDAI, the Income Tax Department, the CBSE, etc.
DigiLocker for Businesses
DigiLocker has evolved beyond a citizen-facing document repository which has garnered hundreds of millions of users as 2026 has rolled around. Through secure APIs and regulated access mechanisms, DigiLocker enables organisations to fetch issuer-verified documents directly from authoritative sources, with user consent. To grow the user base DigiLocker has partnered with UIDAI to create a specific configuration allowing Registered Requestor Agencies like Perfios to enable DigiLocker account creation on the fly for clients and fetch their DigiLocker issued Aadhaar cards.
A critical difference brought by Perfios is that even if the user does not have a DigiLocker account, Perfios, with explicit consent, creates the Digilocker account on the fly by using Aadhaar Number and OTP on the fly and fetches the Digilocker issued Aadhaar XML for its clients.
What DigiLocker actually provides for Aadhaar (PDF vs XML)
DigiLocker enables users and businesses to access Aadhaar data in two distinct formats, each designed for different purposes.
1. Aadhaar PDF
- Human-readable document
- Displays basic demographic details and masked Aadhaar number
- Useful for visual reference and customer-facing workflows
- Not machine-readable and not ideal for automated verification
2. Aadhaar XML
- Machine-readable, digitally signed file
- Enables automated data extraction and validation
- Designed for system-to-system verification workflows
- Contains metadata such as issuance timestamp and cryptographic signature
While both formats originate from DigiLocker, their intended usage differs significantly. PDFs are primarily for viewing and record-keeping, whereas XML files are meant for programmatic verification and integration into digital onboarding systems.
DigiLocker Aadhaar XML vs UIDAI Paperless Offline e-KYC (Aadhaar XML)
The terms “Aadhaar XML” and “Offline e-KYC” are often used interchangeably, but they are not identical in origin or compliance treatment. The table below highlights the key differences lenders should understand.
| Parameter | DigiLocker Aadhaar XML | UIDAI Paperless Offline e-KYC (Aadhaar XML) |
|---|---|---|
| Issuing Authority | DigiLocker (Govt. of India platform) | UIDAI |
| Method of Generation | Retrieved via DigiLocker with user consent | Downloaded directly by resident from UIDAI |
| Data Format | Digitally signed XML | Digitally signed XML |
| Machine Readability | Yes | Yes |
| Timestamp / Freshness Indicator | Typically present | Generated at download time |
| Technical Validity | Depends on organisational policy | Cryptographically verifiable |
| Reusability | May require revalidation based on policy | Can be verified offline repeatedly |
| Regulatory Treatment | Depends on internal KYC framework | Explicitly recognised as offline verification |
| Best Use Case | Assisted or interim KYC flows | Full offline Aadhaar verification |
Digilocker <> XML File – Must Read
Earlier via DigiLocker accounts, a PDF with basic details like photo and masked Aadhaar number was available for download. With the latest advancement, DigiLocker now provides an Aadhaar XML file instead of a PDF copy.
Aadhaar XML is in machine-readable XML format digitally signed by the UIDAI to verify and validate the authenticity of Aadhaar card. Aadhar XML is also known as Aadhar Paperless offline e-KYC.
It is a digitally signed machine-readable XML document that is encrypted, safe, secure, and shareable to establish and authenticate the identity of the cardholder offline. It can be stored on the laptop or the phone once extracted from the UIDAI website. XML file comes in handy in the KYC processes undertaken by various institutions.
What’s the Difference?
There is one key difference between the DigiLocker issued Aadhaar XML file and the Aadhaar XML file downloadable from the UIDAI website. DigiLocker issued Aadhaar XML file is built on similar lines to Aadhaar e-KYC. Aadhaar e-KYC contains demographic data that is time-stamped known as “Time to Live” and is hosted by Authentication User Agency, an entity engaged in offering Aadhaar-enabled services to Aadhaar cardholders. This ‘TTL’ field has an expiration date of exactly one year, which effectively indicates a one-year expiration period.
The XML file cannot be used for identity verification or authentication beyond the expiration date or one year after the issuance date. As an AUA, this means you may have to redo the KYC process again after one year for the concerned individual unless the DigiLocker issued Aadhaar XML file was validated and ratified with a Video KYC, which concludes the KYC process.
The accounts that are created as minimal KYC accounts or created solely on the basis of DigiLocker issued Aadhaar XML file, may not be accepted as fully KYC-compliant accounts. The recent shift to Digilocker at an industry level has been primarily owing to the fact that a few technology service providers have had a low success (50-60%) in fetching the Aadhaar OKYC from UIDAI website directly.
An FYI, Perfios’ Aadhaar OKYC API has a 95%+ Success Rate!
Vendors are seen encouraging clients to use DigiLocker’s Aadhaar XML file as a replacement for the Aadhaar OKYC, capitalizing on the widespread ignorance that KYC is valid for only a year. These firms obfuscate the fact that their KYC is not fully compliant. This is due to the fact that these firms spend an inordinate amount of time retrieving the Aadhaar Paperless Offline e-KYC from the UIDAI website with a relatively low success rate.
It should be noted that the Aadhaar Paperless Offline e-KYC or the Aadhaar XML file, which can be downloaded from the UIDAI website, is valid for a lifetime. This means that this Aadhaar XML file can be used for identity verification and authentication for perpetuity. Hence, it is evident that Aadhaar Paperless Offline e-KYC is a far superior alternative to DigiLocker issued Aadhaar XML file.
With an astounding 95%+ success rate in retrieving, extracting, and verifying Aadhaar Paperless Offline e-KYC from the UIDAI website, Perfios has exceptionally low downtime. As an authorised Registered Requestor Agency or Authentication User Agency, Perfios can also facilitate the retrieval and extraction of DigiLocker issued Aadhaar XML files.
Nevertheless, we wholeheartedly recommend fetching the DigiLocker issued Aadhaar XML file and its concurrent identity authentication and verification for short-term loans, where you will not be using the DigiLocker issued Aadhaar XML file in the future, or if a Video KYC or in-person KYC is performed alongside the extraction, verification, and authentication of the DigiLocker provided Aadhaar XML file, thereby completing the KYC process.
How Offline Aadhaar Verification works (Secure QR + Offline XML)
Businesses can validate someone’s identity without making a live authentication request to UIDAI systems by using offline Aadhaar verification. This method is especially helpful when privacy constraints, rules that have to be followed, or problems with connectivity make online authentication impossible. Offline verification uses digitally signed data that can be cryptographically checked to make sure that both security and user permission are in place. This also means that real-time integrations are less important.
People generally check by scanning the Secure QR code that is printed on the Aadhaar letter. This QR code has the Aadhaar holder’s demographic information and photo, and UIDAI has digitally signed it. You can check the QR code offline with UIDAI’s public key and allowed apps. This allows businesses to check the data’s accuracy without having to go to central databases. This strategy works well for verification flows that need to be quick and easy and entail aid or talking to someone face to face.
Another common way is Aadhaar Paperless Offline e-KYC. It arrives as an encrypted XML file that the resident can get straight from the UIDAI website or app. The Aadhaar holder delivers this XML file and a sharing phrase that the user picked. This lets the entity that is checking the file decrypt it and look at its digital signature. Once it has been checked, the XML lets you safely access demographic information and an image. This makes it suitable for onboarding processes that can be done automatically and checked.
Secure QR and Offline XML-based verification both protect users’ sensitive information. They don’t employ biometric authentication or real-time UIDAI certification. Instead, they only work with data that has been agreed to and can be checked locally. These offline techniques enable lenders and regulated organisations a strong and legal means to incorporate Aadhaar in digital or hybrid onboarding experiences while preserving rigorous controls on data security and compliance.
Conclusion
Be fully aware while opting for an alternate for OKYC from UIDAI with DigiLocker issued Aadhaar XML when using the same for minimum KYC accounts. You can reach out to Perfios for understanding this in much greater depth at any time.
