The Sri Lankan government has firmly assured the public that there will be no data breaches or misuse of personal or biometric information in the India-funded digital National Identity Card (NIC) project, which has faced delays over growing concerns regarding data privacy and national security.
“There is no way for any data breach. We will ensure that,” said Deputy Minister of Digital Economy Eranga Weeraratne, addressing journalists at a media briefing held on Monday (14). He dismissed recent claims made in media and political circles as “baseless and politically motivated.”
“Many things spoken out in the media are not true,” Weeraratne added. “For example, iris scanners have not been purchased yet. Also, the system would not collect any medical information. It is simply a digital ID containing standard ID and biometric data.”
The government has clarified that data capturing, system support, and ongoing maintenance will be entirely managed by Sri Lankan entities. “Everything from implementation to system control will be handled 100 percent by local companies and personnel,” Weeraratne emphasized. “There is nothing to fear.”
The project, funded with a 450 million Indian rupee grant extended by India to former President Ranil Wickremesinghe’s administration, aims to create a centralized digital ID system based on international ICAO (International Civil Aviation Organization) standards. It will include biometric and biographic data such as facial, fingerprint, and iris information for every citizen.
However, the decision to award the ID card printing tender to an Indian company has triggered scrutiny from civil society and cybersecurity experts, who have questioned the long-term safety of sensitive data in foreign hands.
In a broader move to strengthen digital safeguards, the Cabinet of Ministers has approved Sri Lanka’s second five-year National Cyber Protection Strategy (2025–2029). The new strategy, developed by Sri Lanka CERT with support from the World Bank, aims to enhance the country’s legal and regulatory framework, public awareness, cybersecurity readiness, and civilian-sector resilience.
This follows the successful completion of the first national cybersecurity strategy, which concluded in 2023. The updated plan focuses on improving cooperation, knowledge-sharing, and response capabilities to meet emerging digital threats in a rapidly evolving tech landscape.
Officials say the combined efforts reflect the government’s commitment to both digitization and data protection, promising that Sri Lanka’s digital transformation will be secure, sovereign, and people-centered.
