CHAPTER VII
OFFENCES AND PENALTIES
34. Whoever impersonates or attempts to impersonate another person, whether dead
or alive, real or imaginary, by providing any false demographic information or biometric
information, shall be punishable with imprisonment for a term which may extend to three
years or with a fine which may extend to ten thousand rupees or with both.
35. Whoever, with the intention of causing harm or mischief to an Aadhaar number
holder, or with the intention of appropriating the identity of an Aadhaar number holder
changes or attempts to change any demographic information or biometric information of an
Aadhaar number holder by impersonating or attempting to impersonate another person,
dead or alive, real or imaginary, shall be punishable with imprisonment for a term which may
extend to three years and shall also be liable to a fine which may extend to ten thousand
rupees.
36. Whoever, not being authorised to collect identity information under the provisions
of this Act, by words, conduct or demeanour pretends that he is authorised to do so, shall
be punishable with imprisonment for a term which may extend to three years or with a fine
which may extend to ten thousand rupees or, in the case of a company, with a fine which
may extend to one lakh rupees or with both.
37. Whoever, intentionally discloses, transmits, copies or otherwise disseminates
any identity information collected in the course of enrolment or authentication to any
person not authorised under this Act or regulations made thereunder or in contravention of
any agreement or arrangement entered into pursuant to the provisions of this Act, shall be
punishable with imprisonment for a term which may extend to three years or with a fine
which may extend to ten thousand rupees or, in the case of a company, with a fine which
may extend to one lakh rupees or with both.
38. Whoever, not being authorised by the Authority, intentionally,—
(a) accesses or secures access to the Central Identities Data Repository;
(b) downloads, copies or extracts any data from the Central Identities Data
Repository or stored in any removable storage medium;
(c) introduces or causes to be introduced any virus or other computer
contaminant in the Central Identities Data Repository;
(d) damages or causes to be damaged the data in the Central Identities Data
Repository;
(e) disrupts or causes disruption of the access to the Central Identities Data
Repository;
(f) denies or causes a denial of access to any person who is authorised to
access the Central Identities Data Repository;
(g) reveals any information in contravention of sub-section (5) of section 28, or
shares, uses or displays information in contravention of section 29 or assists any
person in any of the aforementioned acts;
(h) destroys, deletes or alters any information stored in any removable storage
media or in the Central Identities Data Repository or diminishes its value or utility or
affects it injuriously by any means; or
(i) steals, conceals, destroys or alters or causes any person to steal, conceal,
destroy or alter any computer source code used by the Authority with an intention to
cause damage,
shall be punishable with imprisonment for a term which may extend to three years and shall
also be liable to a fine which shall not be less than ten lakh rupees.
Explanation.— For the purposes of this section, the expressions “computer
contaminant”, “computer virus” and “damage” shall have the meanings respectively
assigned to them in the Explanation to section 43 of the Information Technology Act, 2000,
and the expression “computer source code” shall have the meaning assigned to it in the
Explanation to section 65 of the said Act.
39. Whoever, not being authorised by the Authority, uses or tampers with the data in
the Central Identities Data Repository or in any removable storage medium with the intent
of modifying information relating to Aadhaar number holder or discovering any information
thereof, shall be punishable with imprisonment for a term which may extend to three years
and shall also be liable to a fine which may extend to ten thousand rupees.
40. Whoever, being a requesting entity, uses the identity information of an individual
in contravention of sub-section (3) of section 8, shall be punishable with imprisonment
which may extend to three years or with a fine which may extend to ten thousand rupees or,
in the case of a company, with a fine which may extend to one lakh rupees or with both.
41. Whoever, being an enrolling agency or a requesting entity, fails to comply with
the requirements of sub-section (2) of section 3 or sub-section (3) of section 8, shall be
punishable with imprisonment which may extend to one year or with a fine which may
extend to ten thousand rupees or, in the case of a company, with a fine which may extend to
one lakh rupees or with both.
42. Whoever commits an offence under this Act or any rules or regulations made
thereunder for which no specific penalty is provided elsewhere than this section, shall be
punishable with imprisonment for a term which may extend to one year or with a fine which
may extend to twenty-five thousand rupees or, in the case of a company, with a fine which
may extend to one lakh rupees, or with both.
43. (1) Where an offence under this Act has been committed by a company, every
person who at the time the offence was committed was in charge of, and was responsible to,
the company for the conduct of the business of the company, as well as the company, shall
be deemed to be guilty of the offence and shall be liable to be proceeded against and
punished accordingly:
Provided that nothing contained in this sub-section shall render any such person
liable to any punishment provided in this Act if he proves that the offence was committed
without his knowledge or that he had exercised all due diligence to prevent the commission
of such offence.
(2) Notwithstanding anything contained in sub-section (1), where any offence under
this Act has been committed by a company and it is proved that the offence has been
committed with the consent or connivance of, or is attributable to, any neglect on the part
of any director, manager, secretary or other officer of the company, such director, manager,
secretary or other officer shall also be deemed to be guilty of the offence and shall be liable
to be proceeded against and punished accordingly.
Explanation.— For the purposes of this section—
(a) “company” means any body corporate and includes a firm or other
association of individuals; and
(b) “director”, in relation to a firm, means a partner in the firm.
44. (1) Subject to the provisions of sub-section (2), the provisions of this Act shall
apply also to any offence or contravention committed outside India by any person,
irrespective of his nationality.
(2) For the purposes of sub-section (1), the provisions of this Act shall apply to any
offence or contravention committed outside India by any person, if the act or conduct
constituting the offence or contravention involves any data in the Central Identities Data
Repository.
45. Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a
police officer not below the rank of Inspector of Police shall investigate any offence under
this Act.
46. No penalty imposed under this Act shall prevent the imposition of any other
penalty or punishment under any other law for the time being in force.
47. (1) No court shall take cognizance of any offence punishable under this Act, save
on a complaint made by the Authority or any officer or person authorised by it.
(2) No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial
Magistrate shall try any offence punishable under this Act.
