The Aadhaar-bridge for attendance was a brilliant solution to a real problem — but it was always meant to be one option, not the only option. In practice, NIC's eHRMS module, GeM-procurement guidelines, and most state-treasury integration scripts have pushed PSUs into Aadhaar-only attendance as if it were mandatory. It isn't.
This article is a practical guide for PSU CIOs, defence-research labs, atomic-energy bodies, financial-sector PSUs, and any government department where "everyone marks attendance via Aadhaar API" is genuinely the wrong answer for security, sovereignty, or workflow reasons.
When Aadhaar attendance is genuinely the wrong fit
- Defence research and DRDO labs — Personnel data flowing across the open Aadhaar bridge represents an unnecessary attack surface for high-value targets.
- Atomic-energy installations (DAE, BARC, NPCIL) — Same threat model. Personnel patterns are sensitive intelligence.
- Intelligence-affiliated PSUs — Self-explanatory.
- Some financial-sector PSUs — When linking attendance + cadre + posting yields exploitable insider-trading signals.
- Departments with non-Aadhaar workforce — Foreign nationals on contract, refugees on rehabilitation projects, certain border-zone postings.
- Privacy-conscious establishments — Some autonomous bodies have CISO mandates rejecting biometric-as-a-service for non-citizen-services use.
The four legitimate non-Aadhaar attendance modes
1. RFID-card attendance
Each employee gets an RFID card. Tap-in / tap-out at a reader installed at every entry. Card → encrypted local database → no biometric, no Aadhaar, no central registry. Simple, robust, works with existing access-control infrastructure most PSUs already have. Cost: ~₹2,500/reader + ~₹120/card. Scales to 5,000+ employees easily.
2. Face recognition (locally hosted)
Camera + NPU edge box at entry points. Face match against on-device employee database. Match result → attendance log. Database lives on your local server, never leaves your DC. No central biometric registry. Modern accuracy: 99.5%+ for enrolled employees, sub-1-second match. Cost: ~₹35,000/edge unit + software licence.
3. Fingerprint biometric (locally hosted)
Standard fingerprint sensor (Mantra / Cogent / Morpho), local match, local storage. Same model as Aadhaar's biometric flow but the database lives on your premises and never communicates with UIDAI. Cost: ~₹4,500/device.
4. Mobile + GPS for field staff
App-based punch from authorised mobile, GPS-stamped, geo-fenced to authorised work locations. Photo-capture optional. For inspectors, field engineers, surveyors, linemen. Works offline; syncs when network returns. Particularly useful for road, electricity, water, forest department field staff.
Architecture: how to keep ALL data on-premises
The standard architecture we deploy:
- Edge layer: RFID readers / face cameras / fingerprint sensors at entry points. No internet egress required.
- Local server: Single rack server in your machine room. Holds the employee master, biometric templates (if used), attendance log. PostgreSQL + Linux. Backed up to a second server.
- Web admin: Internal-only URL, accessible only on your LAN/VPN. HR / supervisor / cadre-head dashboards.
- Mobile app: Distributed via your own MDM (not Play Store). VPN-only API endpoints. No connection to external services.
- Reporting: Exports to your existing payroll / HR system via secure file transfer.
No data leaves your premises. No external service has access. No central registry. Audit-friendly. CISO-friendly. CAG-friendly.
Cost vs Aadhaar-based eHRMS
| Approach | Setup (1,000 emp) | Annual operating | Privacy footprint |
|---|---|---|---|
| NIC eHRMS (Aadhaar-bridge) | ~₹0 software | ~₹0 + UIDAI API costs (recharged) | UIDAI registry sees every punch |
| RFID custom | ₹14 lakh (readers + build) | ₹2 lakh maintenance | Zero external data flow |
| Face recognition local | ₹22 lakh (cameras + NPU + build) | ₹3 lakh maintenance | Zero external data flow |
| Fingerprint local | ₹16 lakh (devices + build) | ₹2 lakh maintenance | Templates never leave premises |
Compliance footprint
- DPDP Act 2023: ✓ Better than Aadhaar-bridge. You're a Data Fiduciary handling Sensitive Personal Data of your own employees on your own premises. Standard data-fiduciary obligations apply (consent, purpose limitation, retention). No third-party processor.
- Aadhaar Act 2016: ✓ N/A — you're not using Aadhaar.
- IT Act + Reasonable Security Rules 2011: ✓ Standard ISO 27001-aligned controls; we ship with the relevant SOPs documented.
- CAG audit: ✓ Local audit trail with timestamps + user attribution; CAG can directly inspect your local DB.
- CVC vigilance: ✓ Tamper-detection logs; supervisor-level over-ride requires reasoned approval; everything logged.
The "but Aadhaar is mandatory" myth
Aadhaar-based attendance is NOT mandatory for PSUs. Department of Personnel and Training (DoPT) circulars from 2014-2015 introduced AEBAS (Aadhaar-Enabled Biometric Attendance System) as a recommended option, not a legally mandated one. Many sensitive establishments — DRDO labs, BARC, ISRO components, IBO/RAW-affiliated bodies — have opted out from inception with full DoPT clearance.
The KS Puttaswamy v Union of India judgment (2017, 9-judge bench) clarified that Aadhaar use must be consensual + purpose-limited. Forcing Aadhaar attendance on employees who object is constitutionally questionable. Establishments are free to deploy alternative systems.
📐 We build this for PSUs
Custom non-Aadhaar attendance (RFID, face, fingerprint, mobile-GPS) deployed entirely on your premises. Full source code transferred. No external data flow. CISO-friendly architecture.
What about integration with NIC payroll?
Custom attendance can output exactly the file format NIC payroll (or your in-house payroll, or your SAP HR module) expects. We've built export adapters for:
- NIC eHRMS payroll input format (CSV)
- SAP HCM time-evaluation upload (XML)
- Tally Prime payroll module (Excel)
- Custom in-house payroll built on Oracle / MySQL
You don't have to abandon your existing payroll. The attendance system feeds into it cleanly.
Implementation timeline
Standard rollout for a 1,000-2,000 employee PSU:
- Week 1-2: Site survey, choose entry points, choose hardware (RFID / face / fingerprint).
- Week 3-6: Backend build (employee master import, attendance logic, policy engine, reports). Hardware procurement in parallel.
- Week 7-8: Hardware installation, network commissioning, employee enrolment.
- Week 9-10: Pilot with one department. Real-time monitoring, edge cases.
- Week 11-12: Full rollout, training, parallel run with old system.
Total: 12 weeks for a 2,000-employee PSU. Cost: ₹16-22 lakh depending on choice of biometric mode.
Final thought
Privacy-first attendance is not just a security choice; it's increasingly a legal expectation under DPDP Act 2023. PSUs that lock themselves into Aadhaar-only architecture today will be unwinding it within 5 years. Building right the first time costs less.
If your CISO is uncomfortable with the Aadhaar bridge, your CAG flagging Aadhaar-flow audit trails, or your employees informally objecting to Aadhaar attendance — there is a clean technical alternative. Build it.
Want to discuss your PSU's privacy posture? WhatsApp Kashvi at +91 99939 82666. NDA before specific discussion. — Kashvi
Discuss privacy-first attendance for your PSU
30-min discovery call · NDA before any details · Indicative quote within 5 working days
💬 WhatsApp Kashvi See Govt/PSU programme →