Do you know that the identity card in your pocket is now legally capable of being verified with a QR code scan — without a microchip reader, without paperwork, and in seconds?
Pakistan made this possible through an amendment to the National Identity Card (NIC) and Pakistan Origin Card (POC) Rules 2002, introduced via statutory notification on 24 February 2026. The revised Rules legally recognise Quick Response (QR) codes as a secure, machine-readable authentication feature for identity verification — both online and offline.
The amendment applies to National Identity Cards (NICs) issued by the National Database and Registration Authority (NADRA). It allows NADRA to deploy QR-based verification systems without requiring a separate amendment to the Rules each time verification technology is updated. Under the revised framework, QR codes may be used as an alternative or additional authentication layer alongside microchips, enabling all citizens to carry a single standardised card type. This removes the legal distinction between chip-based cards and manual Teslin cards — which carry no electronic component — in terms of their standing for verification purposes.
Suspension and Blocking
The amendment also tightens the consequences of NIC suspension. The revised Rules specify that when a card is suspended, all linked services — including digital verification and authentication — are immediately blocked. Suspended cards cannot be used through digital systems. Previously, the Rules did not explicitly extend suspension to linked digital services, creating a gap that the amendment closes.
Two Decades of Identity System Reform
The QR code amendment is the latest in a sequence of regulatory changes to Pakistan’s identity management infrastructure that began with NADRA’s establishment in the early 2000s.
| Period | Development |
|---|---|
| Before 2000 | Manual issuance and verification of identity documents; paper-based records; no centralised database. |
| 2000–2002 | NADRA introduced computerised CNICs and a centralised identity database, improving accuracy and record-keeping. |
| 2004–2015 | Biometric verification and chip-based smart cards progressively rolled out. CNICs linked to banking, telecom, and government services. |
| 2015–2025 | CNICs used for a widening range of essential services as integrated digital delivery systems expanded. |
| November 2025 | The government amended identity card rules to legally recognise facial and iris scans as valid verification methods, providing an alternative for citizens whose fingerprints have degraded — including elderly persons, people with medical conditions, and manual labourers. |
| 24 February 2026 | Federal government amended the NIC and POC Rules 2002 via statutory notification, legally recognising QR codes as a secure, machine-readable authentication feature and immediately blocking all linked services upon card suspension. |
The December 2025 recognition of facial and iris scans addressed a longstanding gap in biometric coverage. Fingerprint degradation — a condition documented among elderly citizens, people with certain medical conditions, and workers in agriculture and manufacturing — had made fingerprint-based verification unreliable for a portion of the population. Facial and iris recognition provides an alternative pathway for those citizens.
How Other Countries Have Legislated Digital ID
Pakistan joins a growing number of countries that have enacted specific legal provisions to recognise QR codes or digital authentication as part of their national identity frameworks. The table below documents selected examples across South Asia, Africa, and the Middle East.
| Country | QR / Digital ID Legal Framework |
|---|---|
| India | Aadhaar-linked QR on national ID cards; legally recognised for banking, welfare, and government service verification since 2016 under the Aadhaar Act. |
| Estonia | QR and chip-based digital ID legally mandated since 2002; among the earliest countries to embed machine-readable authentication in national identity law. |
| United Arab Emirates | Emirates ID carries both a chip and a QR code, legally recognised for identity verification across public and private services. |
| Singapore | SingPass digital identity system uses QR-based verification; legally backed and integrated with over 2,000 government and private sector services. |
| Nigeria | National Identity Number (NIN) cards carry QR codes, legally recognised since 2014 under the National Identity Management Commission Act. |
| Kenya | Huduma Namba national ID programme introduced QR-enabled cards; legal framework for digital identity verification enacted under the Registration of Persons Act. |
| Bangladesh | National ID smart cards with QR codes deployed and legally recognised; used for voter verification, banking, and mobile SIM registration. |
Sources: World Bank ID4D Dataset; respective national identity authority publications; Aadhaar Act 2016 (India); National Identity Management Commission Act 2007 (Nigeria).
Across these frameworks, two common elements are present: a specific legal provision recognising the authentication technology, and a defined governance body responsible for issuance and verification. Pakistan’s 2026 amendment addresses the first element. The governance and data protection framework for QR-based verification remains to be elaborated.
What the Amendment Does Not Address
The notification does not address data protection standards applicable to QR-based identity data, the governance framework for third-party access to QR verification systems, or the timeline for full deployment of QR-enabled cards across the NIC database. These questions remain open in the current regulatory framework.
