DPI Brief — April 18, 2026

Today’s DPI Updates (7 Layers)

L1: Identity & Authentication

India Drops Aadhaar Smartphone Pre-Installation Mandate After Pushback

In a significant policy reversal, India’s government has decided not to mandate pre-installation of the Aadhaar biometric identification app on smartphones. UIDAI confirmed on April 17 that the IT ministry reviewed the proposal—originally floated in January requesting Apple, Google, Samsung, and other manufacturers to consider mandatory Aadhaar app installation—and is “not in favour of mandating the pre-installation of the Aadhaar App on smartphones.” The decision comes after major pushback from smartphone manufacturers concerned about regulatory compliance and user privacy implications. This marks a retreat from what could have been a sweeping expansion of Aadhaar’s presence on mobile devices. 1

L2: Payments & Financial Rails

Kenya Adopts India’s DPI Stack for Governance; MeitY Highlights UPI’s Role

India’s digital public infrastructure continues to gain international traction. Reports confirm Kenya is adopting India’s DPI—including UPI and DigiLocker—to boost governance and digital financial inclusion. This follows the global recognition of India Stack as a model for digital public goods. Meanwhile, official accounts from Digital India and MeitY emphasized that DPI in the Digital India era extends beyond payments to the entire support system “strengthening the merchant-customer bond.” NPCI’s UPI Help portal continues to serve as the official resource for merchant and customer DPI support. 2

BHIM App Biometric Authentication for UPI Up to ₹5,000 (from April 15)

NPCI BHIM Services Limited launched biometric authentication for UPI payments up to ₹5,000 on the BHIM app, available on both iOS and Android. Users can now approve transactions via fingerprint or facial recognition, reducing PIN dependency. PhonePe continues to lead UPI transaction volumes with ~9.3 billion transactions in February 2026, followed by Google Pay at ~6.8 billion. 3

L4: Commerce & Logistics

FICCI-ONDC MoU to Expand Digital Commerce in Travel, Tourism & Hospitality

ONDC and FICCI signed a memorandum of understanding to enhance digital experiences in travel, tourism, and hospitality sectors. This partnership aims to leverage ONDC’s open network protocol to digitize merchant discovery, bookings, and payments across these service categories—potentially expanding ONDC’s footprint beyond retail into services. The network continues beta operations in Bengaluru, Meerut, and five major cities including Mumbai, Delhi NCR, Chennai, Hyderabad, and Kolkata. Network infrastructure development and services fees for credit transactions became effective April 1, 2026. 4

L6: Governance & Grievance

Women’s Reservation Bill Fails in Lok Sabha; Digital Census 2027 Ongoing

Parliament’s special session on the Women’s Reservation Bill ended without passage on April 17. The Constitution Amendment Bill to reserve one-third of seats for women failed to pass, along with the linked delimitation proposal to expand and redraw voting boundaries. While not a DPI platform directly, legislative processes increasingly rely on digital governance infrastructure. Meanwhile, Census 2027’s digital self-enumeration continues with over 5.72 lakh households participating—a landmark shift from paper-based enumeration leveraging DPI principles for large-scale data collection. 5

L7: Security, Privacy & Trust

Three Microsoft Defender Zero-Days Actively Exploited; Apache ActiveMQ Vulnerability in the Wild

The cybersecurity landscape continues to evolve rapidly. Three Microsoft Defender zero-days—BlueHammer (CVE-2026-33825, patched), RedSun (unpatched), and UnDefend (unpatched)—are being actively exploited by threat actors to gain SYSTEM-level access on fully patched Windows systems. Huntress warns that RedSun enables unprivileged users to escalate to full SYSTEM access, while BlueHammer was exploited before patching. Separately, Apache ActiveMQ Classic vulnerability CVE-2026-34197 is being exploited in the wild; CISA added it to the Known Exploited Vulnerabilities catalog with a April 30 patching deadline for federal agencies. Organizations running Windows infrastructure or Apache ActiveMQ should patch immediately. 6

Sources

  1. India drops proposal to mandate Aadhaar app on smartphones - Reuters | UIDAI Statement via Reuters ↩︎

  2. Kenya adopts India’s DPI - YesPunjab | MeitY UPI Post - X | Digital India UPI Post - X ↩︎

  3. BHIM App Biometric Authentication - The Fintech Times | PhonePe UPI Stats - TechCrunch ↩︎

  4. ONDC Notifications | FICCI-ONDC MoU | ONDC Understanding ↩︎

  5. Women’s Reservation Bill failed - AP News | Census 2027 Digital Self-Enumeration - Devdiscourse ↩︎

  6. Three Microsoft Defender Zero-Days - The Hacker News | RedSun Vulnerability - CyberSecurityNews | Apache ActiveMQ CVE-2026-34197 - SecurityWeek ↩︎