Aadhaar

Detects Aadhaar patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

Medium confidence: pattern has structural constraints but corroborative keywords are recommended to reduce false positive rates. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

in

Regulations

DPDPA, IT Act 2000 (India)

Frameworks

ISO 27001, ISO 27701

Data categories

pii, government-id

Scope

narrow

Risk rating

9

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible

Pattern

\b[2-9]\d{3}\s?\d{4}\s?\d{4}\b

Corroborative evidence keywords

identifier, number, ID, ID number, identification, ID card, license, permit, registration, certificate, data record, database record, record set, data extract, data export, database table, spreadsheet, data registry, registry entry, master data (+13 more)

Proximity: 300 characters

Should match

• 2345 6789 0124 — Spaced Aadhaar number with valid Verhoeff check digit
• 234567890124 — Continuous Aadhaar number with valid Verhoeff check digit
• 9987 6543 2105 — High-range Aadhaar with valid Verhoeff check digit

Should not match

• 1234 5678 9012 — Starts with 1 (must start with 2-9)
• 0234 5678 9012 — Starts with 0 (must start with 2-9)
• 2345 6789 012 — Only 11 digits instead of 12
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Common words and phrases related to aadhaar appearing in policy documents, training materials, HR templates, or compliance guidelines without actual personal data. Mitigation: Require corroborative evidence keywords within the proximity window to confirm sensitive data context rather than general discussion.
• In Hindi and English (India), similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.

References

• India unique identification (Aadhaar) number entity definition - Microsoft Learn

Collections

• APAC Government IDs