The Legal Architecture Of Digital Public Infrastructures: Consent, Accountability, And Data Sovereignty In India's Aadhaar And UPI Systems

Abstract

Digital Public Infrastructures (DPIs) represent a fundamental transformation in state-citizen interactions, with India's Aadhaar biometric identification system and Unified Payments Interface (UPI) serving as paradigmatic examples. This paper examines the legal architecture governing these systems through the triadic framework of consent, accountability, and data sovereignty. The analysis reveals critical tensions between technological innovation and rights protection, particularly following the Supreme Court's 2018 Puttaswamy judgment and the enactment of the Digital Personal Data Protection Act (DPDPA), 2023. Through doctrinal analysis and comparative evaluation, this paper demonstrates that while India has constructed a sophisticated legal framework for DPIs, significant gaps persist in consent mechanisms, accountability structures, and sovereignty protection. The paper argues that the current legal regime, though progressive, requires strengthening through enhanced institutional oversight, clearer data localization mandates, and robust enforcement mechanisms. These findings contribute to understanding how emerging democracies can balance digital inclusion with fundamental rights protection in the era of data-driven governance.