The Central Industrial Security Force (CISF) wants to install facial recognition cameras at six major airports — Delhi, Mumbai, Bengaluru, Hyderabad, Chennai and Kolkata — and connect them to NATGRID, a centralised database that already holds information on hundreds of millions of Indians.

CISF Director General Praveer Ranjan announced the plan on June 22, 2026, while laying the foundation stone for the force's new headquarters in Delhi. He said a "data fusion centre" is proposed for the city, and that integrating facial recognition across major airports is "under consideration with the concerned ministries"

According to The Hindu, which first reported the airport list, the plan could eventually feed in nearly 1.5 lakh CCTV cameras the CISF already guards — not just at airports, but at metro stations, ports, power plants and government buildings.

Nothing has been approved yet. But if it goes ahead, it would plug ordinary air travel into one of India's most far-reaching surveillance systems.

What is NATGRID?

NATGRID is a giant, shared lookup tool for government agencies. Instead of approaching a dozen different departments for a dozen different pieces of information, an authorised investigator can search one platform and pull records from many sources at once.

Those records include driving licences, vehicle registration, Aadhaar, bank accounts, FASTag, airline bookings, passport and travel history, tax filings, phone and internet metadata, and reports of suspicious financial transactions.

It was first proposed after the 26/11 Mumbai attacks but only became fully operational in 2024, and has faced sustained criticism over secrecy and the absence of clear rules governing its use

Why does linking cameras to NATGRID change things?

There are two very different ways facial recognition can be used, explained Tavishi, a South Asia researcher with the Centre for the Study of Organised Hate.

One is retrospective: investigators pull CCTV footage after something has happened and match faces in it against a database. The other is far more intrusive — cameras that scan faces live and check them instantly against large databases, in real time.

The CISF's plan appears to be the second kind. "Real-time systems significantly increase surveillance risks," Tavishi said, noting that other countries usually treat this as "high-risk" technology requiring tight rules, a clear legal basis, and a narrow, specific purpose.

"You cannot have an open-ended deployment. There have to be limits on when and why such systems are used."

If airport cameras are wired into NATGRID, a passenger's face could be checked against several government databases at once — turning something as routine as catching a flight into a continuous identity check.

Isn't there already a facial recognition system at airports?

Yes — but it's a different kind of system. In 2022, the government rolled out DigiYatra, which lets passengers use their face instead of a boarding pass. It was introduced as optional, but at many terminals it has quietly become the default way through security.

DigiYatra runs through a public-private setup, which means it doesn't fall under the Right to Information Act the way a government department would — and that has already raised questions about how passenger data is collected, stored, and shared.

But DigiYatra is mostly a convenience tool, meant to speed people through the airport. The CISF's plan is something else entirely: by connecting airport cameras to NATGRID, it shifts facial recognition from making travel easier to actively gathering intelligence on travellers. That shift — from a single, contained use to a connected surveillance network — is what worries privacy researchers most.

How big is NATGRID getting?

When NATGRID launched, only 10 central agencies could access it — including the Intelligence Bureau, the Research and Analysis Wing, the National Investigation Agency, the Enforcement Directorate, the Financial Intelligence Unit, and the Narcotics Control Bureau. Access has since widened to police officers at the rank of Superintendent of Police.

The data it holds keeps growing too. In December 2025, NATGRID was linked to the National Population Register, which holds family-level details of more than 119 crore residents — over 80% of India's population. Investigators are now sending the system roughly 45,000 queries a month.

Legal researcher and activist Usha Ramanathan said this growth marks a real shift in what NATGRID was meant to be. It was designed as a tool agencies could turn to when they needed specific information for a specific case. "Now it seems to be turning into something that can be used routinely, like any other policing tool," she said.

She added that attempts to get even basic information about the project through RTI requests have repeatedly been blocked, with authorities citing national security. "We had filed an RTI regarding it in around 2012. People are not even asking what data has been collected, just what the project is. But even that was not disclosed."

The deeper problem, she argued, isn't just the secrecy — it's the assumption baked into the system. "If every person is treated as a potential threat, that is the only way to justify something like this," she said.

Tavishi said other countries pair this kind of technology with real safeguards: a court's approval before use, an independent body to oversee it, and strict limits on what it can be used for, such as locating a missing person or investigating a specific crime. "There is no clarity on how these systems are developed, what their accuracy rates are, whether they have undergone safety or bias audits," she said of the Indian context.

Where else is facial recognition already being used in India?

Most public debate around facial recognition focuses on its mistakes — false matches, wrongly identifying someone, bias. But experts say the real concern starts once those technical flaws are fixed. At that point, the system stops being unreliable and becomes something far more effective: a tool that can track and profile people at scale. Given how fast it's spreading across policing and welfare programmes already, that point may not be far off.

The National Crime Records Bureau runs its own Automated Facial Recognition System (AFRS) to identify suspects, missing persons, and unidentified bodies. Delhi Police used facial recognition while investigating the 2020 riots, which drew criticism from digital rights groups, including the Internet Freedom Foundation, over risks to civil liberties.

It isn't limited to policing either. Decode has previously reported on facial recognition in welfare delivery, where Anganwadi centres now require pregnant women and new mothers to pass a facial scan before they can collect rations. Failed scans have repeatedly blocked women and children from food they're entitled to — a system introduced in the name of efficiency that ended up excluding the very people it was meant to help

These systems also aren't neutral, Tavishi said. "They operate like a black box. It becomes very difficult to detect bias or discrimination." Groups like dissidents, transgender persons, and Dalit, Adivasi, and Muslim communities already face disproportionate surveillance and suspicion, she noted — and that risk grows when it intersects with technology nobody can fully see into.

Ramanathan raised a related concern, "We assume there will be false positives that can be corrected. But what if the system itself becomes the authority?" In that scenario, someone could be flagged without ever knowing it, let alone being able to challenge it.

"How do you challenge something you cannot see or understand?" she asked.

Is any of this regulated?

No. India does not have a dedicated law governing facial recognition technology. The Digital Personal Data Protection (DPDP) Act exists, but it gives the government broad exemptions, which limits how much it can actually protect people from state surveillance.

A private member's bill — the Facial Recognition Technology (Regulation of Police Powers) Bill, 2023 — has been pending in Parliament. It proposes safeguards meant to balance police powers with constitutional rights, but it hasn't moved forward.

Officials involved in the CISF proposal have said privacy and data protection will "remain a priority," but none of the public reporting so far specifies what legal checks, technical limits, or independent oversight would actually apply.

Ramanathan sees this as part of a larger pattern: "There is a growing belief that technology should not be bound by law, and that laws should be shaped to accommodate technology instead." In her view, that turns the constitutional order on its head.

"When a state begins to treat its own people as a threat and justifies constant monitoring, it creates a climate of suspicion. That is not how a society is meant to function."

The bigger picture

The CISF's airport proposal doesn't exist in isolation. It's one more piece of a surveillance system India has been quietly building for years — NATGRID, AFRS, biometric welfare checks, telecom data monitoring. Each piece is usually justified on its own terms, in the name of efficiency or security.

Put together, though, they add up to an infrastructure capable of tracking people across nearly every part of their lives — one that, experts say, is being built well ahead of any law designed to govern it.

Reference Links
A Unique Identity Bill - By Usha Ramanathanielrc.org‘Natgrid’, the search engine of digital authoritarianisminternetfreedom.in
About the author
Hera Rizwan
Hera Rizwan

Hera Rizwan is a correspondent with Decode. She covers AI, technology, and accountability, with a focus on how digital systems shape welfare, governance, and public life in India. Her work examines the real-world impact of emerging technologies, from biometric systems and surveillance tools to platform-driven scams and digital policy. She has reported extensively on cybercrime, AI in welfare delivery, and the intersection of tech and democracy. She is a Pulitzer Grantee and won Ramnath Goenka Award for Investigative Reporting in 2022.