DigiLocker

DigiLocker is a flagship digital governance initiative of the Government of India, launched in 2015 under the Digital India programme and operated by the Ministry of Electronics and Information Technology (MeitY) through its implementation agency, the National e-Governance Division (NeGD). Its legal foundation rests on the Information Technology Act, 2000, and specifically on the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016, notified under Section 87 read with Sections 6A and 10A of the Act. Rule 9 of these rules establishes that documents issued into a DigiLocker account by a registered issuer are deemed to be at par with original physical documents. This statutory equivalence distinguishes DigiLocker from an ordinary file-storage service and gives uploaded or issued records evidentiary standing before government departments and authorities.

The platform operates on an issuer–requester–repository architecture. A citizen registers using an Aadhaar number or a mobile number, after which the account is linked to a unique identifier. Two categories of documents exist. The first, "issued documents," are pulled directly from the digital repositories of registered issuer organisations—such as the Central Board of Secondary Education (CBSE), the Ministry of Road Transport and Highways, or state transport departments—as machine-readable, digitally signed records carrying a Uniform Resource Identifier (URI). The second, "uploaded documents," are scanned files the user adds and may optionally self-attest using the e-Sign facility. Requester agencies, with the citizen's consent, fetch documents through the platform's APIs, completing a paperless verification loop without physical exchange.

DigiLocker integrates with the broader India Stack, the layered set of open digital public infrastructure that includes Aadhaar for identity, e-Sign for digital signatures based on Aadhaar e-KYC, and consent-based data exchange. The e-Sign service allows a document to be signed electronically with legal validity under Section 5 of the IT Act. Each issued document is rendered tamper-evident through digital signatures, and authenticity can be confirmed by scanning an embedded QR code or by querying the issuing authority's system. The platform is delivered through a web portal and a mobile application, and it has been progressively woven into UMANG, the unified mobile application for government services, broadening citizen access points.

By the mid-2020s DigiLocker had registered hundreds of millions of users and onboarded thousands of issuer and requester organisations across New Delhi's central ministries and state secretariats. Concrete uses include CBSE and the Council for the Indian School Certificate Examinations issuing Class X and XII marksheets directly to student lockers; the Ministry of Road Transport and Highways making the driving licence and vehicle registration certificate retrievable, with the Motor Vehicles rules amended in 2018 to direct traffic police and the Regional Transport Offices to accept these electronic records; the Election Commission of India enabling digital voter identity cards; and the Income Tax Department and the Pension Fund Regulatory and Development Authority integrating onboarding flows. During the COVID-19 pandemic, vaccination certificates from the CoWIN platform were issued into DigiLocker, demonstrating its role in mass document distribution.

DigiLocker should be distinguished from adjacent concepts. It is not the same as the Aadhaar system itself, which is the identity and authentication layer administered by the Unique Identification Authority of India under the Aadhaar Act, 2016; DigiLocker consumes Aadhaar for registration but is a separate document service. It differs from commercial cloud storage such as Google Drive because of its statutory equivalence to originals and its issuer-verified provenance. It is also narrower than e-Governance writ large or the National e-Governance Plan, of which it is a component rather than a synonym. Finally, it must not be conflated with the Account Aggregator framework, which governs consent-based sharing of financial data among regulated entities; both rely on consent architecture, but DigiLocker handles documents broadly while Account Aggregators handle financial information flows.

Edge cases and controversies attach to the platform's dependence on Aadhaar and on data protection. Critics have raised concerns about centralised storage of sensitive credentials, the security of API-based access, and surveillance risks—debates sharpened by the Supreme Court's 2017 Puttaswamy judgment recognising privacy as a fundamental right and its 2018 Aadhaar verdict restricting mandatory linkage. The Digital Personal Data Protection Act, 2023, now frames the consent and data-fiduciary obligations within which DigiLocker must operate. Subsequent developments include the extension of DigiLocker to organisational entities, integration with the Account Aggregator ecosystem for verified documents, and proposals to use it as a foundation for digital identity wallets aligned with emerging global standards.

For the working practitioner—whether a civil-services aspirant preparing General Studies Paper II on governance and e-governance, a desk officer designing service-delivery workflows, or a researcher assessing digital public infrastructure—DigiLocker is a reference case in how statutory backing converts a technology platform into administrative reality. It illustrates the policy logic of paperless, presence-less, and cashless governance, the interplay of identity, signature, and consent layers, and the tension between efficiency and privacy that defines contemporary digital statecraft. Understanding its legal basis in the IT Act and the 2016 Rules, rather than treating it as a mere app, is essential for analysing India's broader digital governance architecture and its export as a model of digital public goods.