DigiLocker’s ban on Karza has lessons for regtechs

Why read this story?

Editor's note: Update: After this story was published, a government official told The Morning Context that there was no unauthorized access of Aadhaar data by Karza Technologies. The firm failed to redirect its users to DigiLocker's authentication page, which was deemed as a violation of DigiLocker's terms of services that led to the ban, as we have detailed in the story. The official added that the government is now working towards building a comprehensive compliance framework for DigiLocker's partners in lieu of this incident. Karza Technologies would say it only tried to ease the verification process for official documents on behalf of its clients. But, in doing so, not only did the fintech software firm misuse its access to the Indian government’s DigiLocker platform, it may have also allowed its clients to gain unauthorized access to Aadhaar data. In October, DigiLocker, which is operated by the Ministry of Electronics and Information Technology, or MeitY, sent a letter to all the entities on its network informing them that Perfios-owned Karza Technologies had been banned from the platform owing to violations of the Aadhaar …