Nepal's National Identity Card programme, known as the Rastriya Parichaya Patra, is a nationwide biometric identity initiative managed by the Department of National ID and Civil Registration (DoNIDCR) under the Ministry of Home Affairs. The programme deploys an Automated Biometric Identification System (ABIS) supplied by the French identity technology firm IDEMIA to perform 1:N deduplication and 1:1 verification of citizens during enrolment, with the primary purpose of preventing duplicate identities and authenticating applicants to support secure access to government services, social security allowances, and civil registration.
The programme has its origins in a 2012 government decision to replace paper-based citizenship certificates with smart biometric identity cards, with initial funding of approximately USD 14 million provided by the Asian Development Bank. IDEMIA (formerly Morpho) was selected as the system integrator following a competitive procurement process in 2016, and the first biometric identity cards were delivered in December 2018. The initial pilot phase saw approximately 117,000 national ID cards issued through 66 enrolment stations, capturing photographs, personal information, and ten fingerprints. A subsequent contract phase, valued at approximately USD 14.6 million, expanded the scope to distribute 12 million biometric ID cards nationwide and upgraded the system from an Automated Fingerprint Identification System (AFIS) to a multimodal ABIS. This upgraded system captures ten fingerprints and two iris scans per enrollee, along with a facial photograph and digital signature, all stored on a chip-equipped polycarbonate smart card with multiple security features.
The ABIS performs biometric deduplication across the entire enrolled population to ensure that each citizen receives a single unique identity number. During enrolment, the system compares the applicant's biometric templates against the existing database in a 1:N search to detect and prevent duplicate registrations. For subsequent authentication events, the system performs 1:1 verification matching the individual's live biometric capture against their stored templates. The system is designed to process data from millions of citizens and has been operational since late 2018, with progressive national rollout across Nepal's 77 districts.
As of mid-2024, biometric data has been collected from over 14 million citizens, representing approximately 90 percent of the eligible population. Over 16.54 million applications have been received nationwide. However, card production and distribution have lagged significantly behind data collection: approximately 3 million biometric ID cards have been printed, 1.8 million distributed to district offices, and only around 350,000 cards delivered directly to citizens as of mid-2024. The Department assigns approximately 2,000 unique identity numbers daily during birth registrations, integrating newborn registration into the National Identity Management Information System (NIDMIS) from the outset.
The legal basis for the programme is provided by the National Identity and Civil Registration Act, 2076 (2020) and the National Identity and Civil Registration Regulations, 2077 (2021). Nepal's Constitution, under Article 51, mandates the development of an integrated national identity management information system. In January 2025, Nepal's Supreme Court dismissed writ petitions challenging the mandatory implementation of the national ID, directing the government to proceed with compulsory use for accessing passports, bank accounts, social security allowances, mobile SIM cards, and health insurance.
The programme has raised significant data protection and privacy concerns. Digital security professionals and lawmakers have questioned how sensitive personal biometric information is stored, accessed, and handled, drawing comparisons to data breaches in other large-scale biometric systems such as India's Aadhaar. Nepal's data protection framework includes Article 28 of the Constitution (right to privacy), the Individual Privacy Act (2018), and the Individual Privacy Regulation (2020), but cyberlaw experts have identified insufficient data protection in the existing legal frameworks, with significant loopholes. Parliamentary members have highlighted a lack of financial and human resources, including insufficient IT staff and skilled engineers, within the implementing agencies.
The system presents notable exclusion risks. An estimated 6.7 million people in Nepal lack citizenship certificates, which are a prerequisite for national ID enrolment, effectively excluding them from the biometric identity system. Affected groups include foreign residents, refugees, asylum seekers, stateless persons, persons with disabilities who face administrative discrimination in practice, minorities, elderly citizens, and low-income populations without internet access for the mandatory online pre-registration step. The government has not implemented special measures for vulnerable and isolated communities to ensure equitable access to enrolment.
Implementation challenges extend beyond exclusion risks. Local ward offices continue to require paper-based citizenship certificates for many administrative functions despite the digital mandate, creating disjointed implementation. Citizens report that the national ID card remains limited in practical utility for accessing health subsidies, land registration, and bank account opening, necessitating further legislative amendments and digital integration across government systems. Card distribution has been hampered by slow production rates and insufficient wages paid to distribution workers. Research has identified political instability, inadequate infrastructure, limited education, and constrained resource capacities as significant barriers to the programme's success.
In November 2025, the Election Commission of Nepal integrated the national ID biometric database with the voter registration system, allowing citizens with national identity cards to register as voters online without visiting election offices for separate biometric capture. This cross-system data sharing between DoNIDCR and the Election Commission resulted in over 200,000 new voter registrations in a short period, demonstrating the system's potential for interoperability across government functions, but also raising questions about purpose limitation and data minimisation in the absence of comprehensive data protection legislation.
No published data protection impact assessment (DPIA), algorithmic impact assessment, or independent technical audit of the ABIS system has been identified in publicly available documentation. No formal grievance mechanism for biometric mismatches or erroneous deduplication outcomes has been documented beyond basic administrative error correction forms. The oversight model for the biometric matching process — specifically, whether human adjudication is required for cases flagged by the ABIS as potential duplicates — has not been described in any publicly available government or vendor documentation.