DPI Deep Dive — Wednesday | April 01, 2026
Focus Layer: L3 Documents & Data Exchange
Coverage Period: March 25 - April 01, 2026
Executive Summary
This week’s L3 Documents & Data Exchange layer sees significant momentum as DigiLocker crosses 67 crore users and approaches 950 crore documents issued. The RBI’s integration of DigiLocker into payment safety protocols marks a pivotal shift in fraud prevention, while CKYC 2.0 and APAAR ID expansions signal deeper ecosystem convergence. Gujarat’s Sugam initiative demonstrates state-level digitization at scale, leveraging DigiLocker, eSign, and API Setu for faceless service delivery.
Key Developments
1. DigiLocker Crosses 67 Crore Users, 950 Crore Documents Issued
DigiLocker has reached a significant milestone with 67.63 crore registered users as of early March 2026, with over 950 crore documents issued through the platform. 1 This represents a substantial jump from 62 crore users reported in February 2026. 2 The platform now supports document storage and sharing across multiple sectors including finance, education, healthcare, and transportation.
The growth reflects increasing acceptance of digital documents as legally valid alternatives to physical copies. Several state governments have issued notifications mandating acceptance of DigiLocker documents for official purposes, creating downstream demand from citizens who need to interact with government services.
Analysis: DigiLocker’s trajectory demonstrates the network effects of digital document infrastructure. As more issuers (government departments, regulators, financial institutions) integrate with the platform, the value proposition for users strengthens. The 950 crore documents issued metric is particularly telling—it suggests not just storage but active circulation of documents in digital workflows.
2. RBI Integrates DigiLocker for Payment Fraud Prevention
The Reserve Bank of India (RBI) has integrated DigiLocker into its payment safety protocols, enabling one-time consent verification for high-risk transactions to prevent cyber-fraud. 3 This marks a significant expansion of DigiLocker from document storage into real-time authentication use cases.
The integration allows banks and payment providers to verify user identity and consent through DigiLocker’s secure channel before processing high-value or suspicious transactions. Users can provide time-limited consent for specific transaction verification, reducing the attack surface for social engineering and OTP-based fraud.
Analysis: This development represents the convergence of L3 (Documents) with L2 (Payments) layers—a textbook example of cross-layer DPI integration. By leveraging the trust infrastructure already built into DigiLocker (Aadhaar-linked identity, verified documents), the RBI creates a new fraud prevention mechanism without building parallel infrastructure. This sets a precedent for other regulators to embed DPI rails into supervisory systems.
3. APAAR ID Integration for Education Verification
DigiLocker now supports the APAAR (Automated Permanent Academic Account Registry) ID, streamlining student verification for national-level examinations like NEET and JEE. 3 Academic records automatically sync to the Academic Bank of Credits, enabling seamless verification by examining authorities.
The integration addresses a long-standing friction point in education verification—students previously needed to carry physical certificates to examination centers. With APAAR-linked DigiLocker accounts, verification becomes instantaneous and tamper-proof.
Analysis: The APAAR-DigiLocker connection exemplifies the L3 layer’s role in enabling sectoral DPI (L5) functionality. Education verification historically required manual document collection and verification. By embedding academic credentials into DigiLocker, the system creates a verifiable digital record that can be queried in real-time—reducing certificate forgery, eliminating paperwork, and accelerating examination processes.
4. CKYC 2.0 Enables Instant Paperless Onboarding
The Central KYC (CKYC) 2.0 framework has launched, enabling instant, paperless onboarding for banking and insurance services through real-time data integration with DigiLocker. 3 Users can now complete KYC onboarding in minutes rather than days, with DigiLocker serving as the single source of verified identity and address documents.
Financial institutions have direct API access to CKYC registries, retrieving pre-verified KYC records with user consent. This eliminates the need for physical document submission, in-person verification, and redundant KYC across multiple financial institutions.
Analysis: CKYC 2.0 is a major win for financial inclusion. The previous KYC process—requiring physical documents, branch visits, and manual verification—created friction that discouraged account opening, particularly in rural and semi-urban areas. By leveraging DigiLocker’s verified document repository, banks can now onboard customers remotely, reducing cost-to-serve and expanding market reach. The real-time integration also enables instant account opening for credit products, addressing the “time-to-credit” friction that plagues small borrowers.
5. Passport Verification Records Now Accessible via DigiLocker
Passport Verification Records (PVR) are now accessible through DigiLocker, simplifying travel and employment verification processes. 3 Citizens can now share verified passport data directly with prospective employers, visa authorities, or rental agencies without handing over physical documents.
The feature addresses a common pain point: passport originals are often required for verification but citizens are understandably reluctant to part with travel documents. DigiLocker’s PVR provides a digitally signed, verification-friendly alternative that employers and agencies can validate in real-time through API Setu.
Analysis: PVR access represents expansion of DigiLocker into credential verification beyond government-to-citizen services. The use case—employment verification—is high-frequency and high-stakes. By enabling verified digital sharing, DigiLocker reduces document handling risks (loss, damage, retention) while creating a verifiable audit trail.
6. Biometric Authentication Replaces OTP for DigiLocker Login
DigiLocker has upgraded its security with biometric login options, replacing OTPs with Face ID and fingerprint authentication for faster, more secure access. 3 The change addresses persistent OTP-related security issues—SIM swapping, OTP interception, social engineering—while improving user experience by eliminating the wait for OTP delivery.
The biometric authentication is tied to the user’s device, providing hardware-level security that is significantly harder to bypass than SMS-based OTPs. For users without biometric-enabled devices, the existing OTP option remains available.
Analysis: The shift to biometric authentication reflects the broader DPI security evolution. As more critical services (payment verification, KYC, document sharing) rely on DigiLocker as a trust anchor, the authentication mechanism must scale in security. Device-bound biometrics also create a stronger authentication posture than phone-number-based OTPs, which can be compromised through social engineering or SIM swapping.
7. Gujarat’s Sugam Initiative Digitizes Citizen Services at Scale
Gujarat’s Sugam Digital Gujarat Initiative has digitized key citizen services across departments including Social Justice, Revenue, Legal, Food and Civil Supplies, and Tribal Development. 4 The initiative leverages DigiLocker, eSign, Aadhaar-based authentication, API verification, and UPI payments to enable faceless, paperless, and cashless service delivery.
The program aims to improve efficiency, transparency, and accessibility across state government services. Plans include integration of Gujarati-language AI models to improve accessibility for non-English speaking citizens.
Analysis: Gujarat’s Sugam demonstrates state-level DPI adoption at scale. By combining multiple DPI rails—DigiLocker for documents, eSign for approvals, Aadhaar for authentication, API Setu for verification, and UPI for payments—the initiative creates an end-to-end digital service delivery model. This serves as a template for other states considering DPI integration. The planned addition of vernacular AI models also addresses the digital divide concern—ensuring that language barriers don’t exclude citizens from digital services.
Cross-Layer Connections
| From Layer | To Layer | Connection Point |
|---|---|---|
| L1 (Identity) | L3 (Documents) | Aadhaar-linked authentication enables DigiLocker account creation; biometric login upgrade reinforces identity layer |
| L2 (Payments) | L3 (Documents) | RBI’s payment safety integration uses DigiLocker for consent verification; UPI powers Sugam’s cashless transactions |
| L3 (Documents) | L5 (Sectoral) | APAAR enables education verification for exams; CKYC 2.0 powers banking/insurance onboarding; PVR enables employment verification |
The week’s developments underscore L3’s role as the data interoperability layer that connects identity verification (L1), payment security (L2), and sectoral applications (L5). As more sectors integrate with DigiLocker/API Setu, the network effects compound—each new use case increases the platform’s value for all participants.