Consider the following statements regarding API-led governance models:
1. The e-Way Bill system is integrated with the GST portal through the NIC-developed API, which automatically updates the inventory management software of registered taxpayers upon the generation of a unique e-way bill number.
2. The India Stack consists of a layered API architecture, where the e-Sign service is based on the PKI infrastructure and provides for the digital verification of physical signatures on paper-based contracts.
3. The Unified Health Interface (UHI) operates under the Ayushman Bharat Digital Mission, providing a standardized API layer that allows private insurance companies to directly access patient diagnostic records without individual consent.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because while the e-Way Bill system integrates with GST, it does not automatically update private inventory management software; integration requires third-party API implementation by the taxpayer. Statement 2 is incorrect because e-Sign is a digital signature service based on Aadhaar-based e-KYC, not a tool for verifying physical signatures on paper. Statement 3 is incorrect because the UHI is built on a consent-based architecture where patient data access is strictly governed by the Health Information User (HIU) and requires explicit patient consent for every transaction.
Consider the following statements regarding Cybersecurity resilience in DPI frameworks:
1. The National Cyber Security Strategy 2020 emphasizes the adoption of a 'Zero Trust' architecture to protect critical information infrastructure from unauthorized access.
2. The India Stack, a collection of open APIs, incorporates the Data Empowerment and Protection Architecture to facilitate secure consent-based data sharing.
3. The Digital Personal Data Protection Act, 2023, establishes the Data Protection Board of India to oversee compliance and address grievances related to digital data processing.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
All three statements are correct: the National Cyber Security Strategy (drafted in 2020) advocates for a 'Zero Trust' framework to mitigate evolving threats; the India Stack utilizes the Data Empowerment and Protection Architecture (DEPA) to enable secure, user-centric data portability; and the Digital Personal Data Protection Act, 2023, formally mandates the establishment of the Data Protection Board of India as the primary regulatory body to enforce compliance and resolve data-related grievances.
Consider the following statements regarding Account Aggregator (AA) ecosystem:
1. Consent managers in the Account Aggregator architecture operate based on the ReBIT-designed technical specifications for secure data exchange.
2. The Sahamati protocol serves as a collective industry alliance that promotes the adoption of the Account Aggregator framework across the Indian financial sector.
3. The Reserve Bank of India permits Account Aggregators to charge a fee to the Financial Information Users for the services provided during the data retrieval process.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct because ReBIT (Reserve Bank Information Technology Pvt Ltd) designed the technical specifications, including the API standards, to ensure interoperability and security within the AA ecosystem. Statement 2 is correct as Sahamati is a non-profit industry alliance that facilitates the adoption of the AA framework by providing a common platform for stakeholders to collaborate and standardize implementation. Statement 3 is correct because the RBI framework allows AAs to function as financial intermediaries that can levy service fees on Financial Information Users (FIUs) for facilitating the secure transfer of financial data from Financial Information Providers (FIPs).
Consider the following statements regarding DPI regulatory sandboxes:
1. The 2019 NITI Aayog report on Digital Public Infrastructure proposed the creation of a national-level regulatory sandbox overseen by the Ministry of Electronics and Information Technology.
2. The Payments and Settlement Systems Act of 2007 contains specific provisions for the establishment of a regulatory sandbox for blockchain-based central bank digital currencies.
3. The 2022 framework for the Regulatory Sandbox on Retail Payments allows for the testing of offline digital payment solutions under the supervision of the National Payments Corporation of India.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because NITI Aayog's 2019 report did not propose a centralized national-level sandbox under MeitY, but rather emphasized sectoral innovation. Statement 2 is incorrect as the Payments and Settlement Systems Act, 2007, does not contain specific provisions for blockchain-based CBDC sandboxes, which are instead governed by RBI's internal frameworks. Statement 3 is incorrect because the RBI's Regulatory Sandbox framework for retail payments is supervised directly by the Reserve Bank of India, not the National Payments Corporation of India (NPCI).
Consider the following statements regarding Cybersecurity resilience in DPI frameworks:
1. The 2022 amendments to the Information Technology Rules introduced the Grievance Appellate Committee, and the Ministry of Electronics and Information Technology currently oversees the implementation of the 2019 draft Data Protection Bill.
2. The CERT-In guidelines issued under Section 70B of the Information Technology Act, 2000, require service providers to report cyber incidents within a six-hour window.
3. The G20 New Delhi Leaders' Declaration of 2023 recognizes Digital Public Infrastructure as a foundational element for enhancing financial inclusion and cybersecurity resilience.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect.
Statement 1 is incorrect because the Digital Personal Data Protection Act (DPDPA) was enacted in 2023, not 2019. Statement 2 is correct as the April 2022 CERT-In guidelines mandate that cyber incidents must be reported to the agency within six hours of noticing them. Statement 3 is correct because the 2023 G20 New Delhi Leaders' Declaration explicitly acknowledged DPI as a critical framework for fostering inclusive growth and strengthening global cybersecurity resilience.
Consider the following statements regarding Digital Public Goods (DPG) definition and criteria:
1. The Digital Public Goods Alliance criteria include a requirement that the software must be licensed under an OSI-approved open-source license to ensure community-led development.
2. India's Unified Payments Interface, launched by the National Payments Corporation of India in 2016, serves as a foundational layer for interoperable real-time retail payments.
3. The G20 New Delhi Leaders' Declaration in 2023 acknowledged the role of Digital Public Infrastructure in promoting financial inclusion and productivity growth.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct because the Digital Public Goods Alliance (DPGA) mandates that DPGs must use OSI-approved open-source licenses to foster transparency and collaborative development. Statement 2 is correct as the NPCI launched UPI in 2016, establishing a revolutionary, interoperable real-time payment framework that serves as a core pillar of India's DPI. Statement 3 is correct because the 2023 G20 New Delhi Leaders' Declaration explicitly recognized DPI as a transformative tool for accelerating financial inclusion and sustainable economic growth globally.
Consider the following statements regarding DPI regulatory sandboxes:
1. The International Financial Services Centres Authority (IFSCA) launched a dedicated regulatory sandbox in 2021 to support fintech solutions within the GIFT City ecosystem.
2. The Ministry of Finance issued the 2021 guidelines for the Digital Public Infrastructure Sandbox, which facilitates the testing of interoperable identity verification protocols across state-run welfare portals.
3. The Digital India Stack, which serves as the foundation for various DPIs, includes the Aadhaar authentication layer and the Unified Payments Interface as core components.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as IFSCA introduced its Regulatory Sandbox in 2021 to promote innovation in fintech within the GIFT-IFSC. Statement 3 is correct because the India Stack is a comprehensive set of APIs, including Aadhaar (identity) and UPI (payments), that forms the bedrock of India's DPI ecosystem. Statement 2 is incorrect because there is no such 'Ministry of Finance 2021 guidelines for the Digital Public Infrastructure Sandbox'; DPI-related sandboxes are typically sectoral, managed by regulators like the RBI or SEBI, rather than being a centralized cross-state welfare protocol.
Consider the following statements regarding Consent architecture under DEPA:
1. The Unified Payments Interface (UPI) infrastructure incorporates the Account Aggregator framework as a core component, allowing users to view their bank balances and tax filings through a single mobile application.
2. The Digital Personal Data Protection Act of 2023 provides for the establishment of the Data Protection Board, which functions as the primary technology provider for the national consent architecture.
3. The Reserve Bank of India launched the Account Aggregator framework in 2018 to replace the existing credit bureau system, enabling direct data portability between competing commercial banks.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
All three statements are incorrect: Statement 1 is false because UPI is a payment system, whereas the Account Aggregator (AA) framework is a separate financial data-sharing protocol, not a core component of UPI. Statement 2 is incorrect as the Data Protection Board is a regulatory and adjudicatory body under the DPDP Act, not a technology provider for the consent architecture. Statement 3 is false because the AA framework was launched by the RBI in 2016 to facilitate secure data sharing, not to replace credit bureaus, which continue to operate independently.
Consider the following statements regarding Digital exclusion and universal access metrics:
1. The OECD's 2022 Recommendation on Broadband Connectivity provides for the universal adoption of 5G standards in developing nations to bridge the rural-urban divide identified in the 2019 report.
2. The World Bank's Digital Economy for Africa (DE4A) initiative aims to ensure every individual on the continent has a digital identity by 2025, a goal aligned with the Addis Ababa Action Agenda.
3. The G20 New Delhi Leaders' Declaration of 2023 formally recognized the G20 Framework for Systems of Digital Public Infrastructure to support inclusive growth and sustainable development.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect.
Statement 3 is correct as the 2023 G20 New Delhi Leaders' Declaration explicitly endorsed the G20 Framework for Systems of Digital Public Infrastructure to foster inclusive growth. Statement 1 is incorrect because the OECD 2022 Recommendation focuses on high-quality, resilient broadband connectivity rather than mandating 5G standards, which are often not feasible for immediate rural deployment in developing nations. Statement 2 is incorrect because while the World Bank's DE4A initiative aims for universal digital access, the specific target of providing every individual with a digital identity by 2025 is not a formal mandate of the Addis Ababa Action Agenda, which primarily focuses on financing for development.
Consider the following statements regarding Open API standards in DPI:
1. The Co-WIN platform utilized open API standards to allow third-party applications to check vaccination slot availability during the national immunization program.
2. The Goods and Services Tax Network utilizes the GST API ecosystem to streamline tax compliance, and the platform was launched in 2017 under the direct administrative control of the Ministry of Finance.
3. The Unified Health Interface is designed as an open network based on the Ayushman Bharat Digital Mission, allowing various health service providers to interact through standardized protocols.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as Co-WIN used open APIs to enable third-party apps like Aarogya Setu and private platforms to integrate slot availability. Statement 3 is correct because the Unified Health Interface (UHI) is a core component of the Ayushman Bharat Digital Mission, utilizing open protocols to enable interoperability between diverse health service providers. Statement 2 is incorrect because while the GST Network (GSTN) utilizes an API ecosystem, it is a private limited company under the Ministry of Finance, not a platform launched directly under the Ministry's administrative control in 2017; it was incorporated in 2013.
Consider the following statements regarding Digital exclusion and universal access metrics:
1. The ITU's Measuring Digital Development: Facts and Figures 2023 report indicates that approximately 2.6 billion people globally remain offline, representing roughly 33 percent of the world population.
2. The 2021 Bali Fintech Agenda includes provisions for the immediate interoperability of central bank digital currencies across G20 member states to reduce cross-border transaction costs.
3. The UN Secretary-General's Roadmap for Digital Cooperation, launched in 2020, establishes the Global DPI Fund to provide direct financial subsidies for hardware procurement in Least Developed Countries.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct as the ITU's 2023 report confirms that 2.6 billion people, or about 33% of the global population, remain offline. Statement 2 is incorrect because the Bali Fintech Agenda, introduced by the IMF and World Bank in 2018, focuses on policy frameworks for financial technology rather than mandating immediate CBDC interoperability. Statement 3 is incorrect because the UN Roadmap for Digital Cooperation focuses on multi-stakeholder collaboration and digital inclusion, but it does not establish a Global DPI Fund for direct hardware procurement subsidies.
Consider the following statements regarding Cross-border DPI integration standards:
1. The Data Empowerment and Protection Architecture (DEPA) in India leverages the Consent Manager framework to facilitate secure data sharing across financial sectors, aligning with international Open Banking standards.
2. The World Bankβs 'DPI Approach' document identifies the modular stack architecture as a key design principle to ensure that national digital systems remain compatible with regional cross-border gateways.
3. The International Telecommunication Union (ITU) established the 'Focus Group on Digital Public Infrastructure' in 2023 to develop technical specifications for cross-border digital identity verification.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as DEPA utilizes the Consent Manager framework to enable secure, user-centric data portability, mirroring global Open Banking protocols. Statement 2 is correct because the World Bank emphasizes modularity as a foundational principle to ensure DPI interoperability across sovereign borders. Statement 3 is correct as the ITU launched the Focus Group on DPI in 2023 specifically to harmonize technical standards for cross-border identity and data exchange.
Consider the following statements regarding Open Network for Digital Commerce (ONDC) protocol stack:
1. The ONDC protocol stack incorporates the Account Aggregator framework to verify consumer credit scores before allowing the completion of high-value e-commerce transactions.
2. The Ministry of Electronics and Information Technology launched the ONDC pilot project in 2021, initially focusing on the integration of public distribution system records with private retail chains.
3. The ONDC network utilizes a centralized gateway architecture where all transaction data is processed by a single nodal server to ensure uniform tax compliance across states.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
All three statements are incorrect because ONDC is an open, decentralized network based on the Beckn protocol, not a centralized gateway as suggested in statement 3. Statement 1 is false as ONDC is designed for interoperable e-commerce rather than credit score verification via the Account Aggregator framework. Statement 2 is incorrect because ONDC was launched by the Department for Promotion of Industry and Internal Trade (DPIIT) under the Ministry of Commerce and Industry, not MeitY, and it focuses on democratizing digital commerce rather than integrating PDS records.
Consider the following statements regarding Digital infrastructure sustainability and maintenance:
1. The G20 New Delhi Leaders' Declaration of 2023 formally recognized the role of Digital Public Infrastructure in accelerating the achievement of the Sustainable Development Goals.
2. The Open Network for Digital Commerce, initiated in 2022, operates under the regulatory oversight of the Reserve Bank of India to ensure interoperability between e-commerce platforms.
3. India's Unified Payments Interface, launched by the National Payments Corporation of India in 2016, currently processes over 10 billion transactions on a monthly basis.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as the 2023 G20 New Delhi Leaders' Declaration explicitly acknowledged DPI as a key enabler for achieving the UN Sustainable Development Goals. Statement 3 is correct because UPI, launched by the NPCI in 2016, consistently surpassed the 10 billion monthly transaction milestone in 2023. Statement 2 is incorrect because ONDC is a non-profit initiative under the Department for Promotion of Industry and Internal Trade (DPIIT), not the Reserve Bank of India, and it functions as a network protocol rather than a regulated financial entity.
Consider the following statements regarding Federated architecture vs centralized DPI:
1. The concept of 'Data Empowerment and Protection Architecture' was introduced by NITI Aayog in 2020 to facilitate a federated framework for secure data sharing through Account Aggregators.
2. The Open Network for Digital Commerce, incorporated in 2021, functions as a protocol-based federated network that enables unbundled discovery and fulfillment across diverse e-commerce platforms.
3. The Reserve Bank of India introduced the Centralized KYC Registry in 2016, which serves as the foundational federated node for all private sector digital identity verification protocols.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is incorrect.
Statement 1 is correct as NITI Aayog introduced the DEPA framework in 2020 to enable consent-based data sharing via Account Aggregators. Statement 2 is correct because ONDC, launched in 2021, utilizes an open protocol-based federated architecture to decouple discovery, logistics, and payments in e-commerce. Statement 3 is incorrect because the Central KYC (CKYC) Registry, established in 2016, is a centralized repository managed by CERSAI for storing customer KYC records, not a federated node for private sector protocols.
Consider the following statements regarding Digital infrastructure scalability challenges:
1. The Data Empowerment and Protection Architecture (DEPA), introduced by NITI Aayog in 2020, provides a framework for consent-based data sharing through regulated Financial Information Providers.
2. The CoWIN platform, deployed during the 2021 national vaccination drive, successfully managed the registration and certification of over 2 billion vaccine doses through its scalable API-based architecture.
3. The DigiLocker system, launched in 2015 under the Digital India program, currently hosts over 6 billion issued documents for more than 200 million registered users.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as DEPA was introduced by NITI Aayog in 2020 to facilitate secure, consent-based data sharing via Financial Information Providers. Statement 2 is correct because CoWIN utilized a highly scalable API-based architecture to manage the registration and certification of over 2 billion vaccine doses during the national drive. Statement 3 is correct as DigiLocker, launched in 2015 under the Digital India initiative, has achieved significant scale, hosting over 6 billion documents for more than 200 million registered users.
Consider the following statements regarding Security and encryption standards in DPI:
1. The Unified Payments Interface (UPI) framework incorporates the use of SHA-256 hashing algorithms to ensure the integrity of transaction messages during the processing phase.
2. Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules of 2011, body corporates are responsible for implementing ISO/IEC 27001 standards.
3. The 2022 RBI guidelines on Tokenization for card-based transactions involve the replacement of actual card details with a unique alternate code known as a token.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as UPI utilizes SHA-256 hashing to maintain data integrity and prevent tampering during transaction transmission. Statement 2 is correct because the 2011 IT Rules mandate that body corporates implement international standards like ISO/IEC 27001 to ensure robust information security practices. Statement 3 is correct as the RBI's 2022 mandate requires the replacement of sensitive card data with a unique 'token' to enhance security and prevent unauthorized data exposure during online transactions.
Consider the following statements regarding Digital identity verification mechanisms (Aadhaar/e-KYC):
1. The e-KYC service is associated with the India Stack initiative, which provides for the real-time sharing of bank statements between financial institutions and the UIDAI servers.
2. The Aadhaar Act 2016 allows for the collection of iris scans and fingerprints, and the data architecture is designed to share these biometric templates with third-party service providers upon user request.
3. The Prevention of Money Laundering Act was amended in 2019 to include provisions for voluntary Aadhaar authentication, which serves as the legal basis for the Digital Locker platform.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because e-KYC facilitates identity verification between an agency and UIDAI, not the sharing of bank statements. Statement 2 is incorrect as the Aadhaar Act strictly prohibits the sharing of core biometric information (fingerprints/iris) with any third-party service provider. Statement 3 is incorrect because while the PMLA amendment allowed voluntary Aadhaar authentication for KYC, it is not the legal basis for the Digital Locker platform, which operates under the Information Technology Act, 2000.
Consider the following statements regarding DPI regulatory sandboxes:
1. The RBI's regulatory sandbox for cross-border payments focuses on testing products that utilize the Bharat Bill Payment System for non-resident transactions.
2. The Reserve Bank of India introduced the 'Enabling Framework for Regulatory Sandbox' in August 2020 to foster innovation in fintech products.
3. The G20 New Delhi Leaders' Declaration of 2023 formally recognized the role of Digital Public Infrastructure in advancing financial inclusion and productivity.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as the RBI's sandbox framework includes cross-border payments, leveraging infrastructure like BBPS to enhance non-resident transaction efficiency. Statement 2 is correct because the RBI issued the 'Enabling Framework for Regulatory Sandbox' in August 2020 to provide a controlled environment for testing innovative fintech solutions. Statement 3 is correct as the 2023 G20 New Delhi Leaders' Declaration explicitly acknowledged the transformative potential of DPI in driving global financial inclusion and economic productivity.
Consider the following statements regarding Cybersecurity resilience in DPI frameworks:
1. The Reserve Bank of India's Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices, 2023, applies to all regulated entities including commercial banks.
2. The Budapest Convention on Cybercrime, which India has not yet signed, provides a framework for international cooperation on investigating digital offenses across borders.
3. The Unified Payments Interface, launched by the National Payments Corporation of India in 2016, utilizes multi-factor authentication to mitigate risks associated with digital transaction fraud.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as the RBI's 2023 Master Direction mandates robust IT governance and cybersecurity frameworks for all regulated entities, including commercial banks. Statement 2 is correct because India has not acceded to the Budapest Convention, citing concerns over sovereignty and data access provisions, despite it being the primary international treaty for cybercrime cooperation. Statement 3 is correct because UPI, launched by NPCI in 2016, incorporates mandatory multi-factor authentication (MFA) and end-to-end encryption to secure digital transactions against unauthorized access.
Consider the following statements regarding API-led governance models:
1. The Co-WIN platform utilized a RESTful API architecture to manage vaccine scheduling, and it allowed third-party applications to bypass the OTP-based authentication process for bulk registration of healthcare workers.
2. The Public Financial Management System (PFMS) uses a direct benefit transfer API to facilitate fund tracking, which enables the Ministry of Finance to monitor the real-time cash flow of state-level private bank accounts.
3. The Unified Payments Interface (UPI) architecture utilizes the Common Library (CL) to enable interoperability between diverse Payment Service Providers and the National Payments Corporation of India (NPCI) core switch.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect.
Statement 3 is correct because the UPI architecture employs the Common Library (CL) to standardize communication protocols, ensuring seamless interoperability between various Payment Service Providers (PSPs) and the NPCI's core switch. Statement 1 is incorrect because Co-WIN mandated OTP-based authentication for all users to ensure security and prevent unauthorized bulk registrations, strictly prohibiting any bypass mechanisms. Statement 2 is incorrect because while PFMS facilitates Direct Benefit Transfer (DBT) and monitors fund flow, it is restricted to government-linked accounts and does not grant the Ministry of Finance access to monitor real-time cash flow in private bank accounts.
Consider the following statements regarding Consent architecture under DEPA:
1. The Account Aggregator (AA) ecosystem operates under the regulatory oversight of the Reserve Bank of India, which issued the Master Direction for NBFC-Account Aggregators in 2016.
2. The Open Credit Enablement Network (OCEN) utilizes the DEPA consent architecture to allow lenders to access real-time GST returns, which are verified through the Ministry of Finance's centralized blockchain ledger.
3. The Data Empowerment and Protection Architecture (DEPA) framework was formally introduced by NITI Aayog in its 2020 discussion paper to facilitate user-controlled data sharing.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as the RBI introduced the NBFC-Account Aggregator Master Direction in 2016 to regulate data-sharing entities, and Statement 3 is correct because NITI Aayog's 2020 paper established DEPA as a framework for user-centric data portability. Statement 2 is incorrect because while OCEN leverages DEPA for credit access, GST data is verified via the GST Network (GSTN) API, not through a centralized blockchain ledger managed by the Ministry of Finance.
Consider the following statements regarding Digital infrastructure sustainability and maintenance:
1. The 2020 Data Empowerment and Protection Architecture introduces the concept of 'Consent Managers' to facilitate data sharing, which are governed by the Securities and Exchange Board of India.
2. The India Stack, a collection of APIs developed since 2009, includes the DigiLocker system which is maintained by the National Informatics Centre under the Ministry of Finance.
3. The BharatNet project, which aims to connect gram panchayats via optical fiber, is funded through the Universal Service Obligation Fund managed by the Ministry of Electronics and Information Technology.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because Consent Managers under DEPA are regulated by the Reserve Bank of India (RBI), not SEBI. Statement 2 is incorrect because DigiLocker is maintained by the Ministry of Electronics and Information Technology (MeitY), not the Ministry of Finance. Statement 3 is incorrect because the Universal Service Obligation Fund (USOF) is managed by the Department of Telecommunications under the Ministry of Communications, not MeitY.
Consider the following statements regarding India Stack architecture layers:
1. The Aadhaar Authentication API, forming the identity layer of the India Stack, was formally launched by the Unique Identification Authority of India in 2010.
2. The Unified Payments Interface (UPI) architecture, managed by the National Payments Corporation of India, processed over 100 billion transactions in the fiscal year 2023-24.
3. The DigiLocker platform, serving as the document storage layer, provides for the issuance of electronic documents under the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as the Aadhaar project was launched in 2010 to provide a unique identity, forming the foundational identity layer of India Stack. Statement 2 is correct because UPI, managed by NPCI, achieved a historic milestone by processing over 117 billion transactions in FY 2023-24. Statement 3 is correct as DigiLocker operates under the IT Act, 2000, and specifically adheres to the 2016 Rules which grant electronic documents stored in the locker the same legal status as physical originals.
Consider the following statements regarding Account Aggregator (AA) ecosystem:
1. As of 2023, the Account Aggregator framework supports the integration of GST returns data, allowing businesses to share tax information for credit assessment purposes.
2. The National Payments Corporation of India manages the central registry for Account Aggregators, which has processed over 500 million consent requests since its inception in 2018.
3. The Financial Information Providers include scheduled commercial banks and insurance companies, which are governed by the 2012 SEBI guidelines regarding the storage of encrypted customer metadata.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct because the AA framework was expanded in 2023 to include GST returns, enabling MSMEs to leverage tax data for easier credit access. Statement 2 is incorrect because the Reserve Bank of India (RBI) regulates the AA framework, not the NPCI, and the ecosystem officially launched in 2021, not 2018. Statement 3 is incorrect because Financial Information Providers (FIPs) are regulated by their respective financial sector regulators (RBI, SEBI, PFRDA, IRDAI) under the Master Direction issued by the RBI in 2016, not 2012 SEBI guidelines.
Consider the following statements regarding Federated architecture vs centralized DPI:
1. The Aadhar-enabled Payment System operates on a centralized biometric authentication server established in 2010, which functions as the primary clearing house for all domestic retail banking settlements.
2. The India Stack architecture utilizes a federated approach, allowing independent entities like DigiLocker and UPI to function as interoperable layers without a unified central database of user credentials.
3. The G20 New Delhi Leaders' Declaration of 2023 formally recognized the role of Digital Public Infrastructure in accelerating the achievement of the Sustainable Development Goals by 2030.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect.
Statement 1 is incorrect because while Aadhaar provides biometric authentication, it is not the clearing house for retail banking settlements; that role is performed by the National Payments Corporation of India (NPCI) through systems like IMPS and UPI. Statement 2 is correct as India Stack employs a modular, federated architecture that enables diverse platforms like DigiLocker and UPI to interoperate via APIs without storing user data in a single, monolithic database. Statement 3 is correct because the 2023 G20 New Delhi Leaders' Declaration explicitly acknowledged DPI as a critical catalyst for advancing the 2030 Agenda for Sustainable Development.
Consider the following statements regarding Unified Payments Interface (UPI) technical framework:
1. The Reserve Bank of India introduced the UPI Lite feature in September 2022 to facilitate small-value transactions in an offline-enabled mode.
2. The Common Library component within the UPI technical stack allows third-party application providers to access standardized payment initiation functions.
3. The Immediate Payment Service serves as the underlying backbone infrastructure that enables the 24/7 functionality of the UPI framework.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as the RBI introduced UPI Lite in September 2022 to streamline low-value transactions by utilizing an on-device wallet, reducing the load on core banking systems. Statement 2 is correct because the Common Library (provided by NPCI) acts as a standardized software component that enables Third-Party Application Providers (TPAPs) to seamlessly integrate UPI payment initiation functions. Statement 3 is correct as UPI is built on top of the Immediate Payment Service (IMPS) infrastructure, leveraging its 24/7/365 real-time interbank fund transfer capabilities to facilitate instant settlement.
Consider the following statements regarding Security and encryption standards in DPI:
1. The CERT-In guidelines issued in 2022 provide for a six-hour window for reporting cyber incidents and suggest the use of the RSA-4096 algorithm for all financial data storage in cloud environments.
2. The DigiLocker system architecture employs the AES-256 encryption standard for document storage and relies on the Aadhar-based e-KYC process for verifying the identity of the document issuer.
3. The Open Network for Digital Commerce (ONDC) protocol is built on the Beckn foundation and utilizes blockchain-based smart contracts for settling disputes between buyers and sellers.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because while CERT-In mandates a six-hour reporting window, it does not prescribe RSA-4096 for financial data storage. Statement 2 is incorrect because DigiLocker uses AES-256 for encryption, but it does not rely on Aadhar-based e-KYC for verifying document issuers, as issuers are typically government entities verified via digital signatures. Statement 3 is incorrect because ONDC is built on the Beckn protocol but does not utilize blockchain-based smart contracts for dispute settlement, relying instead on a decentralized grievance redressal framework.
Consider the following statements regarding Privacy-preserving computation in DPI:
1. The 2017 Justice K.S. Puttaswamy judgment established the legal framework for the Data Protection Board, which oversees the deployment of secure multi-party computation across all government-led DPI initiatives.
2. The Zero-Knowledge Proof protocol is integrated into the Unified Payments Interface (UPI) architecture to verify bank account balances without the need for real-time API calls to the core banking system.
3. Secure Multi-Party Computation (SMPC) protocols are defined under the 2022 National Data Governance Policy as the primary standard for storing Aadhaar-linked biometric templates in decentralized cloud storage.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
All three statements are incorrect: The Justice K.S. Puttaswamy judgment (2017) recognized privacy as a fundamental right but did not establish the Data Protection Board, which was created under the Digital Personal Data Protection Act, 2023. Zero-Knowledge Proofs are not currently integrated into the UPI architecture for balance verification, which continues to rely on real-time API calls via the NPCI infrastructure. Finally, the 2022 National Data Governance Policy focuses on data sharing and metadata standards rather than mandating Secure Multi-Party Computation (SMPC) as the primary standard for storing Aadhaar biometric templates, which are managed by UIDAI under the Aadhaar Act.
Consider the following statements regarding Digital Public Goods (DPG) definition and criteria:
1. The 2018 Tallinn Manual on digital governance provides the international legal definition for digital public goods, emphasizing the role of state-owned proprietary software in national security.
2. The World Bankβs 2022 report on Digital Public Infrastructure categorizes Aadhaar as a global digital public good, noting its compliance with the open-source licensing standards set by the DPG Alliance.
3. The 'DPG Charter' initiative, launched at the 2023 UN General Assembly, outlines a framework for the sustainable development and deployment of digital public goods.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect.
Statement 3 is correct as the DPG Charter was indeed introduced at the 2023 UN General Assembly to promote the sustainable development and governance of digital public goods. Statement 1 is incorrect because the Tallinn Manual focuses on the application of international law to cyber warfare, not the definition of digital public goods. Statement 2 is incorrect because Aadhaar is a proprietary system owned by the Unique Identification Authority of India (UIDAI) and does not meet the 'open-source' licensing criteria mandated by the Digital Public Goods Alliance (DPGA).
Consider the following statements regarding Interoperability protocols for DPI:
1. The Open Network for Digital Commerce (ONDC) utilizes the ISO 20022 messaging standard to standardize catalogue discovery, which was adopted by the Ministry of Electronics and Information Technology in 2020.
2. The Aadhaar Authentication API utilizes the e-KYC framework to verify identity, and it currently supports the offline QR code verification method developed by the UIDAI in 2012.
3. The Unified Payments Interface (UPI) utilizes the Common Library (CL) specification to facilitate seamless interoperability between different Payment Service Provider applications.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect.
Statement 3 is correct because UPI utilizes the Common Library (CL) specification, which acts as a standardized interface to ensure interoperability across diverse Payment Service Provider (PSP) applications. Statement 1 is incorrect because ONDC is based on the Beckn protocol for decentralized discovery, not ISO 20022, which is a financial messaging standard for electronic data interchange between financial institutions. Statement 2 is incorrect because while Aadhaar supports offline QR code verification, this feature was introduced by UIDAI in 2018 to enhance privacy, not in 2012.
Consider the following statements regarding Cross-border DPI integration standards:
1. The 2022 EU-India Trade and Technology Council (TTC) agreement refers to the mutual recognition of digital signatures, which allows Indian citizens to access European government portals using their Aadhaar-linked credentials.
2. The 2019 Osaka Track on Data Free Flow with Trust (DFFT) includes provisions for the establishment of a centralized global data repository, managed by the WTO to oversee cross-border digital identity authentication.
3. The 2018 APEC Cross-Border Privacy Rules (CBPR) system encompasses the technical standards for UPI-based payment interoperability, providing a legal framework for direct bank-to-bank settlements between India and APEC member economies.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because the EU-India TTC focuses on strategic cooperation in technology and connectivity, not the mutual recognition of Aadhaar for accessing EU government portals. Statement 2 is incorrect as the Osaka Track's DFFT initiative promotes data flow with trust among participating economies but does not involve a centralized WTO-managed global data repository for identity authentication. Statement 3 is incorrect because the APEC CBPR system is a voluntary, accountability-based framework designed to facilitate cross-border data privacy and protection, and it has no mandate or technical scope regarding UPI-based payment interoperability or bank-to-bank settlements.
Consider the following statements regarding Federated architecture vs centralized DPI:
1. The Unified Payments Interface, launched by the National Payments Corporation of India in 2016, processes transactions through a federated network of banks rather than a single centralized ledger.
2. In a federated DPI model, data remains at the source or within the user's personal data store, adhering to the principle of data minimization as outlined in the Digital Personal Data Protection Act of 2023.
3. The 2022 Global DPI Summit in Tallinn concluded that federated architectures are legally prohibited from integrating with legacy centralized government databases to ensure complete administrative autonomy.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is incorrect.
Statement 1 is correct as UPI utilizes a federated model where banks maintain their own ledgers, facilitating interoperability without a central repository of all transaction data. Statement 2 is correct because federated architectures, such as the Data Empowerment and Protection Architecture (DEPA), prioritize data sovereignty by keeping information at the source, aligning with the data minimization principles of the DPDP Act 2023. Statement 3 is incorrect because federated DPIs are specifically designed to be interoperable and frequently integrate with legacy government databases to enhance service delivery, rather than being legally prohibited from doing so.
Consider the following statements regarding Digital Public Goods (DPG) definition and criteria:
1. The 2020 UN High-Level Panel on Digital Cooperation proposed the creation of the Digital Public Goods Alliance and established the first repository of open-source government tools in Geneva.
2. The UN Secretary-Generalβs Roadmap for Digital Cooperation identifies digital public goods as a critical component for achieving the 2030 Agenda for Sustainable Development.
3. The Digital Public Goods Alliance, established in 2019, defines digital public goods as open-source software, open data, and open AI models that adhere to privacy and other best practices.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect.
Statement 1 is incorrect because the Digital Public Goods Alliance (DPGA) was established in 2019 following the UN Secretary-Generalβs High-Level Panel on Digital Cooperation, but it did not establish a repository in Geneva; rather, it operates as a multi-stakeholder initiative to accelerate the attainment of SDGs. Statement 2 is correct as the UN Secretary-Generalβs 2020 Roadmap explicitly positions DPGs as essential tools for scaling digital solutions to meet the 2030 Sustainable Development Goals. Statement 3 is correct because the DPGA officially defines DPGs as open-source software, open data, open AI models, open standards, and open content that adhere to privacy and 'do no harm' design principles.
Consider the following statements regarding India Stack architecture layers:
1. The Account Aggregator (AA) framework, which enables financial data sharing, is regulated by the Securities and Exchange Board of India through the 2017 Master Directions on non-banking financial companies.
2. The e-KYC service, which functions as a paperless verification tool, was integrated into the India Stack framework following the 2012 Supreme Court judgment on data privacy.
3. The Bharat Bill Payment System (BBPS) operates under the interoperable bill payment layer and was conceptualized by the Reserve Bank of India in its 2013 vision document for payment systems.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because the Account Aggregator framework is regulated by the Reserve Bank of India (RBI), not SEBI. Statement 2 is incorrect because the e-KYC service was launched in 2012, whereas the landmark Supreme Court judgment on data privacy (Justice K.S. Puttaswamy v. Union of India) was delivered in 2017. Statement 3 is incorrect because while BBPS is an interoperable platform, it was conceptualized in the RBI's 2014 vision document, not 2013.
Consider the following statements regarding Digital exclusion and universal access metrics:
1. The 2018 Data Empowerment and Protection Architecture (DEPA) framework in India functions as a regulatory body under the Ministry of Electronics and Information Technology to oversee private sector data compliance.
2. India's Unified Payments Interface (UPI) recorded over 100 billion transactions in the calendar year 2023, reflecting the scale of the country's open-access financial DPI architecture.
3. The International Telecommunication Union's Connect 2030 Agenda sets a target for 95 percent of the global population to have access to high-speed fiber-optic internet by the end of the current decade.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect.
Statement 2 is correct as UPI achieved a historic milestone by processing over 117 billion transactions in 2023, showcasing the success of India's open-access financial DPI. Statement 1 is incorrect because DEPA is a conceptual framework for data sharing and consent management, not a regulatory body. Statement 3 is incorrect because the ITU's Connect 2030 Agenda aims for universal meaningful connectivity, but does not mandate a 95 percent global target specifically for fiber-optic internet access.
Consider the following statements regarding India Stack architecture layers:
1. The Consent Manager architecture, which governs data sharing permissions, is based on the Data Empowerment and Protection Architecture (DEPA) released by the NITI Aayog in its 2018 discussion paper.
2. The Open Network for Digital Commerce (ONDC) utilizes the Beckn protocol to facilitate decentralized e-commerce and was incorporated as a private limited company under the Ministry of Finance in 2021.
3. The Unified Health Interface (UHI), part of the Ayushman Bharat Digital Mission, facilitates interoperability between health applications and was launched by the National Health Authority in 2020.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because DEPA was released by NITI Aayog in 2020, not 2018. Statement 2 is incorrect because ONDC was incorporated under the Department for Promotion of Industry and Internal Trade (DPIIT), Ministry of Commerce and Industry, not the Ministry of Finance. Statement 3 is incorrect because the UHI was launched as part of the Ayushman Bharat Digital Mission in 2022, not 2020.
Consider the following statements regarding Interoperability protocols for DPI:
1. The Unified Health Interface (UHI) allows for the discovery of health service providers, and it is built upon the FHIR R4 standard which was formally adopted by the National Health Authority in 2019.
2. The Bharat Bill Payment System (BBPS) provides for a centralized clearing mechanism for utility payments, and it incorporates the NPCI-developed interoperability layer that was integrated into the IMPS network in 2014.
3. The DigiLocker platform integrates with the National Academic Depository to store digital certificates, and it follows the W3C Verifiable Credentials standard established during the 2018 launch phase.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because while UHI uses FHIR standards, the National Health Authority formally adopted the ABDM health data exchange specifications much later, not in 2019. Statement 2 is incorrect because although BBPS is managed by NPCI, it was launched in 2017, and it is not an integrated layer of the IMPS network but a separate ecosystem built on the Bharat Bill Payment Operating Unit (BBPOU) model. Statement 3 is incorrect because DigiLocker's integration with NAD predates the 2018 timeframe, and it primarily utilizes the Aadhaar-based e-Sign and document repository framework rather than the W3C Verifiable Credentials standard as its foundational launch architecture.
Consider the following statements regarding Unified Payments Interface (UPI) technical framework:
1. The UPI ecosystem utilizes the ISO 20022 messaging standard to ensure interoperability between diverse banking systems and financial institutions.
2. The UPI framework incorporates the Bharat Bill Payment System as its primary settlement layer, which has functioned as the central clearing house since the 2016 launch.
3. The National Electronic Funds Transfer protocol provides the technical foundation for UPI transactions, allowing for the batch-processing of payments every thirty minutes.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct as UPI leverages the ISO 20022 messaging standard to facilitate seamless interoperability and data exchange across diverse banking systems. Statement 2 is incorrect because the National Payments Corporation of India (NPCI) acts as the central clearing house for UPI, while the Bharat Bill Payment System (BBPS) is a separate ecosystem for bill payments. Statement 3 is incorrect because UPI operates on an Immediate Payment Service (IMPS) infrastructure for real-time, 24/7 instant fund transfers, whereas NEFT is a distinct system that utilizes deferred net settlement in half-hourly batches.
Consider the following statements regarding Data sovereignty and localization in DPI:
1. The 2018 Srikrishna Committee report recommended that critical personal data be processed and stored within the territorial boundaries of India to ensure national security.
2. The 2021 Information Technology Rules provide for the grievance redressal mechanism in digital media, and these rules are derived from the data localization clauses contained in the 2000 Information Technology Act.
3. The Unified Payments Interface (UPI) framework is governed by the 2007 Payment and Settlement Systems Act, which allows foreign entities to host transaction metadata on servers located outside the Indian jurisdiction.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct as the Justice S. Srikrishna Committee (2018) explicitly recommended that critical personal data must be processed and stored exclusively within India to protect national sovereignty. Statement 2 is incorrect because the 2021 IT Rules were notified under the Information Technology Act, 2000, but they focus on digital media ethics and grievance redressal rather than deriving their authority from data localization clauses. Statement 3 is incorrect because the RBI's 2018 mandate under the Payment and Settlement Systems Act, 2007, requires all payment system providers to store entire data relating to payment systems exclusively in India, strictly prohibiting the hosting of transaction metadata on servers outside the country.
Consider the following statements regarding Digital infrastructure sustainability and maintenance:
1. The World Bank's 2023 report on Digital Public Infrastructure identifies the 'DPI Safeguards Framework' as a mechanism for ensuring data privacy and cybersecurity in cross-border digital ecosystems.
2. The Aadhar Act of 2016 established the Unique Identification Authority of India as a constitutional body with the power to audit private sector digital infrastructure maintenance logs.
3. The 2021 Digital India Act provides for the creation of a centralized National Data Repository to store all metadata generated by government-led digital public services.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct as the World Bank's 2023 report, 'Digital Public Infrastructure: Stacking Up the Benefits,' emphasizes the DPI Safeguards Framework to manage risks like privacy and security. Statement 2 is incorrect because the UIDAI is a statutory body established under the Aadhaar Act, not a constitutional one, and it lacks the mandate to audit private sector infrastructure logs. Statement 3 is incorrect because the Digital India Act is a proposed legislation currently under consultation and does not yet exist as a 2021 law, nor does it mandate a centralized repository for all government metadata.
Consider the following statements regarding Digital infrastructure scalability challenges:
1. The Unified Payments Interface (UPI), introduced by the National Payments Corporation of India in 2016, currently facilitates over 12 billion monthly transactions across a network of more than 500 participating banks.
2. The India Stack, initiated in 2009 with the launch of Aadhaar, serves as a foundational layer for identity verification and has processed over 100 billion authentication requests as of 2024.
3. The Open Network for Digital Commerce (ONDC) project, incorporated in 2021, utilizes the Beckn protocol to enable interoperability between diverse e-commerce platforms and logistics providers.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as UPI, launched in 2016, has scaled to over 12 billion monthly transactions involving more than 500 banks. Statement 2 is correct because the India Stack, which began with Aadhaar in 2009, has successfully facilitated over 100 billion cumulative authentication requests by 2024. Statement 3 is correct as ONDC, incorporated in 2021, leverages the open-source Beckn protocol to ensure seamless interoperability across various e-commerce and logistics players, moving away from siloed platform models.
Consider the following statements regarding Data sovereignty and localization in DPI:
1. The Digital Personal Data Protection Act of 2023 empowers the Central Government to restrict the transfer of personal data by a data fiduciary to certain notified countries or territories.
2. The G20 New Delhi Leaders' Declaration of 2023 emphasizes the concept of Data Free Flow with Trust, which aligns with the current Indian legislative approach of allowing unrestricted cross-border data transfers for DPI interoperability.
3. The 2019 Personal Data Protection Bill included provisions for the establishment of a Data Protection Authority, and it served as the primary legislative framework for the 2023 Digital Personal Data Protection Act.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct as Section 16 of the DPDP Act, 2023 grants the Central Government the authority to restrict data transfers to specific notified countries. Statement 2 is incorrect because while India supports 'Data Free Flow with Trust' in principle, the DPDP Act maintains a restrictive approach to cross-border transfers rather than allowing unrestricted flow. Statement 3 is incorrect because the 2019 Bill was withdrawn and replaced by the 2023 Act, which notably omitted the creation of a dedicated Data Protection Authority, opting instead for a Data Protection Board of India.
Consider the following statements regarding Digital identity verification mechanisms (Aadhaar/e-KYC):
1. The UIDAI was established as a statutory authority under the Ministry of Electronics and Information Technology following the enactment of the Aadhaar Act 2016.
2. The Aadhaar Act 2016 includes provisions for the creation of the National Population Register, which functions as the primary database for issuing Unique Identification Numbers to residents.
3. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act was notified in the Gazette of India on 26 March 2016.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as the UIDAI was established as a statutory authority under the Aadhaar Act 2016, operating under the Ministry of Electronics and Information Technology. Statement 3 is correct because the Aadhaar Act received Presidential assent and was notified in the Gazette of India on 26 March 2016. Statement 2 is incorrect because the Aadhaar Act and the National Population Register (NPR) are distinct legal frameworks; the NPR is maintained under the Citizenship Act, 1955, and is not the primary database for Aadhaar, which relies on demographic and biometric data collected directly by the UIDAI.
Consider the following statements regarding Account Aggregator (AA) ecosystem:
1. Under the Account Aggregator ecosystem, the Financial Information User requests data, while the Financial Information Provider holds the customer's financial records.
2. The Reserve Bank of India introduced the Account Aggregator framework in 2016 as a non-banking financial company category to facilitate financial data sharing.
3. The Account Aggregator framework operates under the 2019 Data Protection Act, which established the Financial Stability and Development Council as the primary regulator for data privacy.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is incorrect.
Statement 1 is correct as the AA framework functions on a consent-based architecture where the Financial Information User (FIU) requests data and the Financial Information Provider (FIP) shares it upon customer authorization. Statement 2 is correct because the RBI introduced the AA framework in 2016, creating a new class of Non-Banking Financial Companies (NBFC-AA) to act as intermediaries for secure data sharing. Statement 3 is incorrect because the AA framework operates under the RBI's Master Directions and the Information Technology Act, 2000, not a 2019 Data Protection Act, and the Financial Stability and Development Council (FSDC) is a consultative body rather than a data privacy regulator.
Consider the following statements regarding API-led governance models:
1. The DigiLocker platform integrates with the Aadhaar e-KYC API, allowing citizens to store original digital documents that are legally recognized under the Information Technology Act of 2000 for all judicial proceedings.
2. The Open Network for Digital Commerce (ONDC) framework is built upon the Beckn protocol, which serves as a decentralized registry for verifying the financial solvency of participating e-commerce entities.
3. The Account Aggregator (AA) ecosystem functions as a financial data blind-trust, where the Reserve Bank of India acts as the primary data repository for all credit information shared between lenders.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because while DigiLocker documents are legally equivalent to originals under the IT Act, they are not universally admissible for all judicial proceedings without specific procedural compliance. Statement 2 is incorrect as the Beckn protocol is an open-source communication protocol for discovery and transaction in decentralized networks, not a tool for verifying financial solvency. Statement 3 is incorrect because the Account Aggregator ecosystem is a consent-based framework where data flows directly between Financial Information Providers and Users, and the RBI does not act as a data repository or store any financial information.
Consider the following statements regarding Privacy-preserving computation in DPI:
1. The Open Network for Digital Commerce (ONDC) utilizes blockchain-based smart contracts to automate the consent withdrawal process, ensuring that user data is purged from participant servers within 48 hours.
2. Differential privacy adds controlled statistical noise to datasets, a technique currently utilized by the Unique Identification Authority of India to protect individual identity markers in public research outputs.
3. The 2021 Data Protection Bill included provisions for the establishment of a Privacy-Preserving Research Sandbox, which allows private entities to access raw Aadhaar data for training proprietary machine learning models.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect.
Statement 2 is correct because UIDAI employs differential privacy to release anonymized datasets, ensuring individual identities cannot be re-identified in public research. Statement 1 is incorrect as ONDC is an interoperable network based on open protocols, not a blockchain-based system, and does not mandate a 48-hour purge policy. Statement 3 is incorrect because the 2021 Data Protection Bill and the subsequent 2023 Act emphasize data minimization and do not permit private entities to access raw Aadhaar data for training proprietary models.
Consider the following statements regarding Interoperability protocols for DPI:
1. The Account Aggregator (AA) framework operates under the Financial Information Providers (FIP) architecture, which was formally regulated by the Reserve Bank of India through the 2016 Master Direction.
2. The India Stack layer known as e-Sign provides for digital signature services, and it relies on the Aadhaar-based OTP verification process introduced under the Information Technology Act of 2000.
3. The Beckn Protocol, introduced in 2021, functions as an open-source framework designed to enable decentralized discovery and transaction capabilities across heterogeneous digital networks.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as the RBI introduced the Account Aggregator framework via the 2016 Master Direction to facilitate secure financial data sharing between FIPs and Financial Information Users. Statement 3 is correct because the Beckn Protocol, launched in 2021, acts as an open-source, decentralized interface protocol enabling interoperability between diverse platforms like ONDC. Statement 2 is incorrect because while e-Sign is part of the India Stack, it is governed by the Information Technology Act, 2000, but its specific legal framework for electronic signatures was enabled by the 2015 'Electronic Signature or Electronic Authentication Technique and Procedure Rules' rather than being solely defined by the Aadhaar-based OTP process.
Consider the following statements regarding Open API standards in DPI:
1. The Bharat Bill Payment System, established by the Reserve Bank of India in 2013, incorporates open API standards to facilitate utility bill payments and is governed by the Payment and Settlement Systems Act of 2007.
2. The India Stack utilizes the e-KYC API to facilitate paperless verification of identity documents through the Unique Identification Authority of India database.
3. The Unified Payments Interface, launched by the National Payments Corporation of India in 2016, employs open API standards to enable interoperable real-time fund transfers.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect.
Statement 1 is incorrect because while the Bharat Bill Payment System (BBPS) is governed by the Payment and Settlement Systems Act, 2007, it was conceptualized in 2013 but operationalized by the NPCI in 2017, not 2013. Statement 2 is correct as the India Stack integrates the e-KYC API, allowing entities to perform paperless, instant identity verification via the UIDAI's Aadhaar database. Statement 3 is correct because the Unified Payments Interface (UPI), launched by the NPCI in 2016, leverages open API standards to provide a common architecture for interoperable, real-time fund transfers across diverse banking platforms.
Consider the following statements regarding Digital infrastructure scalability challenges:
1. The Unified Health Interface (UHI), launched under the Ayushman Bharat Digital Mission in 2021, integrates the existing CoWIN database to allow private health insurers to access patient medical records without additional user authorization.
2. The Account Aggregator framework, operationalized by the Reserve Bank of India in 2016, utilizes the Aadhaar-based e-KYC infrastructure to facilitate real-time credit scoring for micro, small, and medium enterprises.
3. The BharatNet project, which aims to connect over 250,000 gram panchayats with optical fiber, is governed by the 2014 National Optical Fiber Network policy that established the Unified Payments Interface as its primary financial settlement layer.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because UHI operates on an open network protocol requiring explicit patient consent for data sharing, not automatic access. Statement 2 is incorrect as the Account Aggregator framework, launched in 2021, is based on the Financial Information Providers (FIP) and Financial Information Users (FIU) model rather than relying solely on Aadhaar-based e-KYC. Statement 3 is incorrect because BharatNet is a broadband infrastructure project under the Department of Telecommunications and is entirely unrelated to the Unified Payments Interface, which is a payment system managed by the NPCI.
Consider the following statements regarding Security and encryption standards in DPI:
1. The Aadhar Authentication API 2.0 utilizes HMAC-based authentication for securing data packets during the transmission between the requesting entity and the CIDR.
2. The National Cyber Security Policy of 2013 introduced the concept of the National Critical Information Infrastructure Protection Centre, which functions under the Ministry of Electronics and Information Technology.
3. The Digital Personal Data Protection Act of 2023 establishes the Data Protection Board of India, which oversees the implementation of end-to-end encryption for all government-to-citizen messaging platforms.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is correct as Aadhaar Authentication API 2.0 mandates HMAC-based authentication to ensure data integrity and security during transmission to the CIDR. Statement 2 is incorrect because the National Critical Information Infrastructure Protection Centre (NCIIPC) was established under the Information Technology Act, 2000, and functions under the National Technical Research Organisation (NTRO), not MeitY. Statement 3 is incorrect because while the DPDP Act, 2023 establishes the Data Protection Board of India, the Act does not mandate end-to-end encryption for all government-to-citizen messaging platforms.
Consider the following statements regarding Unified Payments Interface (UPI) technical framework:
1. The Unified Payments Interface was officially launched by the National Payments Corporation of India on 11 April 2016.
2. The UPI architecture operates on an immediate real-time payment system that facilitates inter-bank transactions through a single mobile application.
3. The Virtual Payment Address serves as a unique identifier that replaces sensitive bank account details during the initiation of a transaction.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as UPI was launched by NPCI on 11 April 2016 to facilitate instant fund transfers. Statement 2 is correct because the architecture enables seamless inter-bank transactions through a single mobile interface by leveraging the Immediate Payment Service (IMPS) infrastructure. Statement 3 is correct as the Virtual Payment Address (VPA) acts as a secure alias, masking sensitive bank account numbers and IFSC codes to ensure user privacy and transaction security.
Consider the following statements regarding Open Network for Digital Commerce (ONDC) protocol stack:
1. The Beckn protocol, which underpins the ONDC architecture, was developed by the National Informatics Centre in 2018 to standardize data exchange for government e-marketplaces.
2. The ONDC framework operates under the direct regulatory oversight of the Reserve Bank of India, which manages the settlement of digital payments through the Unified Payments Interface.
3. The ONDC protocol stack is built on the Beckn protocol, which enables decentralized communication between buyer and seller applications through a set of open-source APIs.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect.
Statement 3 is correct because ONDC leverages the Beckn protocol, an open-source specification that enables interoperable, decentralized communication between buyer and seller apps via standardized APIs. Statement 1 is incorrect because the Beckn protocol was developed by a non-profit foundation (Beckn Foundation) and civic technologists, not the National Informatics Centre. Statement 2 is incorrect because ONDC is a Section 8 non-profit company under the Department for Promotion of Industry and Internal Trade (DPIIT), not a regulatory entity under the Reserve Bank of India.
Consider the following statements regarding Privacy-preserving computation in DPI:
1. The Data Empowerment and Protection Architecture (DEPA) framework utilizes the consent manager ecosystem to facilitate secure data sharing between financial information providers and users.
2. Homomorphic encryption allows for mathematical operations on encrypted data, enabling the processing of sensitive personal information without exposing the underlying raw data values.
3. The 2023 Digital Personal Data Protection Act introduces the role of a Data Fiduciary, which is responsible for ensuring the technical implementation of privacy-preserving measures during data processing.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as DEPA uses Consent Managers to act as intermediaries, enabling users to share financial data securely via APIs without the service provider storing the data. Statement 2 is correct because homomorphic encryption is a cryptographic technique that permits computations on ciphertext, producing an encrypted result that, when decrypted, matches the output of operations performed on plaintext. Statement 3 is correct as the Digital Personal Data Protection Act, 2023 mandates that Data Fiduciaries implement reasonable security safeguards and technical measures to prevent personal data breaches, placing the onus of privacy compliance on them.
Consider the following statements regarding Cross-border DPI integration standards:
1. The India-Singapore linkage of Unified Payments Interface (UPI) and PayNow, operationalized in February 2023, utilizes the ISO 20022 messaging standard for real-time cross-border fund transfers.
2. The 2021 Bali Fintech Agenda provides for the universal adoption of the blockchain-based ledger system, which serves as the primary technical protocol for all cross-border DPI transactions in the ASEAN region.
3. The G20 New Delhi Leaders' Declaration of 2023 formally recognized the G20 Framework for Systems of Digital Public Infrastructure as a foundational reference for cross-border interoperability.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as the UPI-PayNow linkage, launched in February 2023, leverages ISO 20022 messaging standards to ensure interoperability between disparate banking systems. Statement 3 is correct because the 2023 G20 New Delhi Leaders' Declaration formally endorsed the G20 Framework for DPI, emphasizing its role in fostering global digital inclusion and cross-border interoperability. Statement 2 is incorrect because the Bali Fintech Agenda, introduced by the IMF and World Bank in 2018, focuses on policy principles for fintech adoption rather than mandating a blockchain-based ledger system for the ASEAN region.
Consider the following statements regarding Open Network for Digital Commerce (ONDC) protocol stack:
1. The ONDC network architecture includes a mandatory escrow mechanism that holds buyer funds in a government-managed account until the delivery of goods is confirmed by the logistics partner.
2. The Quality Council of India serves as the primary technology provider for the ONDC network, maintaining the open-source code repositories and managing the cloud infrastructure.
3. As of December 2023, the ONDC network had expanded its reach to over 500 cities across India, facilitating transactions across retail, mobility, and logistics domains.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect.
Statement 3 is correct as ONDC achieved significant pan-India penetration, covering over 500 cities by late 2023 across diverse sectors like retail and mobility. Statement 1 is incorrect because ONDC is a decentralized network that does not mandate a government-managed escrow account; payments are settled directly between participants via established payment gateways. Statement 2 is incorrect because ONDC is a non-profit company incorporated under Section 8 of the Companies Act, and its technology is built on open-source specifications rather than being managed by the Quality Council of India.
Consider the following statements regarding Data sovereignty and localization in DPI:
1. The India Stack, a collection of open APIs and digital public goods, operates on the principle of data minimization as outlined in the 2017 Justice K.S. Puttaswamy v. Union of India judgment.
2. The 2022 draft of the National Data Governance Policy proposes the creation of the India Data Management Office to oversee the anonymization of non-personal data collected by government entities.
3. Under the Reserve Bank of India's 2018 circular on Storage of Payment System Data, all system providers are directed to ensure that the entire data relating to payment systems is stored in a system located only in India.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as India Stack integrates the 'privacy by design' framework mandated by the 2017 Puttaswamy judgment, which established the right to privacy and data minimization as fundamental rights. Statement 2 is correct because the 2022 National Data Governance Policy framework explicitly proposes the India Data Management Office (IDMO) to standardize the collection and anonymization of non-personal data for research and innovation. Statement 3 is correct as the RBI's April 2018 directive mandated that all payment system data must be stored exclusively within India to ensure sovereign control and regulatory oversight, with no component allowed to be stored abroad.
Consider the following statements regarding Digital identity verification mechanisms (Aadhaar/e-KYC):
1. The Aadhaar ecosystem encompasses the Authentication User Agency framework, which is governed by the Reserve Bank of India to oversee the data security protocols of biometric transactions.
2. The e-KYC authentication process allows for the electronic verification of identity, and the Supreme Court judgment in the K.S. Puttaswamy case provided for the use of Aadhaar by private banks for account opening.
3. The UIDAI maintains the Central Identities Data Repository, which stores the demographic information of residents and provides for the automatic linking of PAN cards with Aadhaar numbers since 2015.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect.
Statement 1 is incorrect because the Aadhaar ecosystem is governed by the Unique Identification Authority of India (UIDAI) under the Aadhaar Act, 2016, not the RBI. Statement 2 is incorrect as the Supreme Court's K.S. Puttaswamy judgment restricted the use of Aadhaar by private entities, leading to the Aadhaar and Other Laws (Amendment) Act, 2019, which permits private entities to use Aadhaar only if authorized by law or for compliance. Statement 3 is incorrect because while UIDAI maintains the Central Identities Data Repository, the mandatory linking of PAN with Aadhaar was introduced via the Finance Act, 2017, not 2015, and is managed by the Income Tax Department, not UIDAI.
Consider the following statements regarding Consent architecture under DEPA:
1. The Sahamati protocol serves as a non-profit industry alliance that supports the adoption of the Account Aggregator framework by providing standardized API specifications for financial data exchange.
2. The FIP-FIU data exchange process relies on the India Stack's e-KYC API to verify user identity, which is then used to generate a permanent digital token for recurring data access permissions.
3. Under the DEPA framework, the Consent Manager acts as an intermediary that retrieves data from a Financial Information Provider (FIP) only after receiving an authenticated digital signature from the user.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect.
Statement 1 is correct as Sahamati is a non-profit industry alliance that facilitates the Account Aggregator (AA) ecosystem by promoting standardized API specifications for interoperable data sharing. Statement 3 is correct because the Consent Manager acts as a fiduciary that manages the consent lifecycle, ensuring data is transferred from the Financial Information Provider (FIP) to the Financial Information User (FIU) only upon the user's explicit, cryptographically signed consent. Statement 2 is incorrect because while e-KYC is used for initial onboarding, the DEPA framework utilizes a granular, time-bound, and revocable consent artifact rather than a 'permanent digital token' for recurring access, ensuring user control over data sharing.
Consider the following statements regarding Open API standards in DPI:
1. The Account Aggregator framework operates under the regulatory oversight of the Reserve Bank of India, utilizing standardized APIs to allow secure data sharing between financial information providers.
2. The Open Network for Digital Commerce protocol is built upon the Beckn framework, which provides open-source specifications for decentralized digital commerce interactions.
3. The DigiLocker platform integrates with the Ministry of Road Transport and Highways database via APIs to provide citizens with digital access to their driving licenses and vehicle registration certificates.
How many of the statements given above are correct?
- Only one
- Only two
- All three
- None
Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct.
Statement 1 is correct as the Account Aggregator (AA) framework, launched in 2021, functions under RBI oversight to enable secure, consent-based financial data sharing. Statement 2 is correct because ONDC leverages the open-source Beckn protocol to facilitate interoperable, decentralized digital commerce, moving away from platform-centric models. Statement 3 is correct as DigiLocker, a flagship initiative under the Digital India programme, utilizes APIs to pull real-time, authentic documents like driving licenses directly from the Ministry of Road Transport and Highways' Vahan and Sarathi databases.