The National Intelligence Grid (NATGRID), an intelligence platform that enables law enforcement agencies, including the state police, to access government and private databases in real time, has been linked to the National Population Register (NPR), The Hindu reported.
According to the report, the Ministry of Home Affairs told the Lok Sabha on December 9 that an Organised Crime Network Database is being developed on NATGRID’s IT platform to facilitate secure intelligence-sharing between the National Investigative Agency (NIA) and State Anti-Terror Squads.
Additionally, NATGRID’s advanced analytics tool “Gandiva” can reportedly be used for facial recognition of criminals and potential suspects. “If the image of a suspect is available, it can be fed into Gandiva. If any photo identity document, such as telecom KYC, vehicle registration or driving licence, matches with the photo, Gandiva can provide the details, thereby saving the time and resources of an investigator,” a police official was quoted as saying in the report.
Gandiva reportedly provides intelligence agencies with AI-assisted insights into data of a suspect. The information they can request has been classified as non-sensitive, sensitive and highly sensitive. Details such as bank statements, financial transactions, tax records and export-import data have been deemed highly sensitive.
NATGRID is a state-backed surveillance database that gives security agencies access to all kinds of data about a citizen, including details of driving licence, vehicle registration, bank records, Aadhaar registration, FASTag, hospital data, airline data, tax records and telecom and internet usage metadata.
First envisaged in 2009 in the aftermath of the 26/11 Mumbai terror attacks, the platform became operational last year. Before NATGRID, intelligence and investigative agencies had to formally request information from different departments.
Earlier, NATGRID was accessible to 10 central agencies, such as the Intelligence Bureau (IB), the Research and Analysis Wing (R&AW), the National Investigative Agency (NIA), the Enforcement Directorate (ED), the Financial Intelligence Unit (FIU) and the Narcotics Control Bureau, among others. Since then, the platform has also been made available to Superintendent of Police (SP) rank officers.
A separate, recent report by The Hindu said that NATGRID is receiving 45,000 requests per month. The platform gathered pace after investigating agencies and the state police were asked to scale up the use of NATGRID in all investigations at the November 28-30 annual Director General of Police conference, chaired by Prime Minister Narendra Modi.
The National Population Register has family-wise details of 119 crore residents of India. The demographic data for the creation of NPR was first collected in 2010 with the first phase of the 2011 Census and was last updated in 2015. While the data was to be updated further during the 2021 Census, it was deferred in the wake of the COVID-19 pandemic.
On December 12, the Union cabinet approved a proposal to conduct Census 2027 using digital means at a cost of Rs 11,718 crore. However, there was no separate allocation for the NPR. In July this year, the government told the Lok Sabha that no decision had been taken to update the NPR during the upcoming census exercise.
The objective of the NPR was to create the National Register of Citizens (NRC), a comprehensive identity database of every resident in the country. While NATGRID integrates data from multiple agencies, NPR helps validate identities across these datasets.
The Ministry of Home Affairs has repeatedly said that NATGRID is aimed at strengthening “national security”, and it has also been advocating the use of the platform to fast-track the investigation into criminal cases. However, its linkage with NPR raises concerns about data privacy and its potential misuse, as it would allow investigative agencies and the state police to unearth vast amounts of personal data even without having to register a First Information Report (FIR).
Last month, the Union government notified large parts of the Digital Personal Data Protection (DPDP) Act, 2023. However, many of the Act’s provisions will come into force in late 2026 and mid-2027. The lack of a fully operational data protection law also brings issues of consent, proportionality and grievance redressal mechanisms equally into focus. While the Centre is leveraging technology to enhance security, it must do so while upholding constitutional values and following due process.
Furthermore, as per the Indian Census Act, 1948, data collected under the census is confidential and can be used only for statistical purposes. The NATGRID-NPR linkage blurs the line between confidentiality and data governance.
Another point to note here is that the government has kept NATGRID out of the RTI ambit. The Right to Information Act, 2005, was amended in 2011 to include NIA, NATGRID and CBI in its second schedule that exempts “intelligence and security organisations created by the central government” from the purview of the Act.