DPI Brief — April 07, 2026
India’s Digital Public Infrastructure ecosystem saw notable movement this week across payments authentication, agricultural modernisation, and cybersecurity — though much of the week’s news was dominated by non-DPI events. Here’s a layered snapshot of what matters.
Today’s DPI Updates (7 Layers)
L1: Identity & Authentication
Aadhaar website quietly updated its FAQ pages on 2 April, clarifying that Aadhaar should not be shared on public platforms. UIDAI also updated its contact and Aadhaar online services pages. No new policy changes — the updates appear to be routine content maintenance reinforcing existing guidance around Aadhaar misuse.
The Census 2027 self-enumeration portal (se.census.gov.in) launched on 1 April, with Phase I covering houselisting and housing census. PMO Principal Secretary PK Mishra completed his self-enumeration early in the week, setting an example. Senior dignitaries including the President, Vice President, and Chief Justice of India have also completed theirs. The portal uses Aadhaar-linked identity for verification, making this a significant L1 integration point.
L2: Payments & Financial Rails
NPCI BHIM Services Limited launched biometric authentication for UPI payments up to ₹5,000 on the BHIM app (iOS and Android). Users can now approve transactions using smartphone fingerprint or face unlock, reducing dependence on UPI PIN entry for low-value transactions. NBSL stated the goal is to make payments “simple, secure and accessible” while keeping transactions tied to the user’s physical device. For amounts above ₹5,000, the existing PIN-based authentication remains mandatory.
This is a meaningful UX improvement for feature phone users and users with low digital literacy, and aligns India with global trends in FIDO2/passkey-based payment authentication.
L3: Documents & Data Exchange
No significant DigiLocker, API Setu, or eSign updates reported this week. The infra remains operational with no announced policy changes or new integrations. This layer continues to be the quietest of the seven.
L4: Commerce & Logistics
India extended duty-free imports of yellow peas until 31 March 2027, via a commerce ministry notification — this is a trade policy update that could indirectly affect agricultural commodity pricing on ONDC and GeM-connected supply chains.
No specific ONDC or GeM announcements this week. The ONDC network continues to scale quietly with no major protocol updates flagged in the last 7 days.
L5: Sectoral Infrastructure
Union Agriculture Minister Shivraj Singh Chouhan announced sustained reforms under the Viksit Krishi Sankalp Abhiyan, which directly engaged 1.34 crore farmers across 1.42 lakh villages. The campaign will transition from a one-time effort to a sustained movement under the “One Nation – One Agriculture – One Team” framework. The government aims to bridge the gap between research labs and fields, increase productivity, and reduce input costs. These reforms connect directly to AgriStack’s goals of digitising farmland records and farmer identity.
Meanwhile, IIT Ropar’s ANNAM.AI Centre of Excellence (established under a ₹990 crore Ministry of Education AI initiative) launched deployment of 100 free weather stations and AI training for 10,000 students and agri-professionals — advancing AI-driven farming at scale.
Agrospectrum India — Agri Reforms | The Daily Jagran — ANNAM.AI IIT Ropar
L6: Governance & Grievance
No significant CPGRAMS, DARPG, or eOffice updates this week. The governance layer remains operational with no announced reforms or new grievance mechanisms flagged in recent news.
L7: Security, Privacy & Trust
CERT-In issued no new advisories this week specific to Indian digital infrastructure. However, globally:
- Fortinet patched CVE-2026-35616 (CVSS critical) in FortiClient EMS — actively exploited pre-auth API bypass vulnerability. Organisations using Fortinet products should update immediately.
- 36 malicious npm packages were discovered exploiting Redis and PostgreSQL to deploy persistent implants — a supply chain attack targeting developer pipelines.
- Drift Protocol (Solana DeFi) lost $200–285 million in an exploit on 1 April — a reminder that DeFi remains a high-risk vector.
No specific Indian DPDP enforcement actions or TRAI updates were reported this week.
The Hacker News — Fortinet CVE-2026-35616 | The Hacker News — Malicious npm Packages | CERT-In