Sri Lanka Digital ID project faces scrutiny after claims that citizen biometric data could be handled by an Indian firm under a grant-backed tender.
The Sri Lanka Digital ID project has come under renewed scrutiny after allegations emerged that the tender involving sensitive biometric information may be awarded to an Indian technology company, raising concerns about data sovereignty, national security, and foreign influence.
At a media briefing held in Colombo on June 17, 2026, the Frontline Socialist Party (FSP) made a series of claims regarding the Sri Lanka Unique Digital Identity (SL-UDI) initiative. Addressing the media, FSP Education Secretary Pubudu Jayagoda alleged that the government was preparing to award the highly sensitive project to Infosys, an Indian information technology giant that the party claims has close links to Indian Prime Minister Narendra Modi.
Origins of the Project and India’s Role
The electronic national identity card initiative was first launched during the administration of former President Mahinda Rajapaksa in 2012. Over time, what began as a digital modernization project has increasingly become part of a wider geopolitical discussion.
The current phase of the project is being funded through an Indian government grant worth Rs. 10.4 billion. According to information presented at the media briefing, one of the conditions attached to the funding arrangement requires that only Indian companies be considered for selection as Master System Integrators.
As a result, five finalist companies were shortlisted through a tender process reportedly overseen by India’s National Institute for Smart Government (NISG). The bidding process closed on May 8, 2026, and by June 16 the successful company had reportedly been selected and finalized.
Questions Over Political Consistency and Data Control
A key criticism raised by the Frontline Socialist Party relates to what it describes as a contradiction between past political statements and current government actions.
Jayagoda pointed out that in 2023, while serving in the Opposition, current President Anura Kumara Dissanayake strongly criticized what he described in Parliament as “data trafficking,” arguing that it was more dangerous than the trafficking of drugs or weapons.
The FSP argues that the current administration has now adopted a position that contradicts those earlier warnings. The party alleges that during President Dissanayake’s visit to India in December 2024, authority over the tender process was effectively handed to India.
“Only an Indian company will get the right to access the biometric data of the people of Sri Lanka. The power to choose which company that will be lies with the Indian government. Sri Lanka has no power at all,” Pubudu Jayagoda stated during the briefing.
The comments have intensified debate over who should control access to the biometric information of Sri Lankan citizens, including fingerprints, facial recognition data, and iris scans.
Infosys and Concerns Raised by Critics
Although Infosys is one of India’s largest technology companies with a significant international presence, the Frontline Socialist Party alleges that the company operates within a broader political and economic network associated with Narendra Modi and India’s ruling Bharatiya Janata Party (BJP).
The party claims that awarding control of a project involving the biometric data of an entire population to a foreign company connected to a regional power carries implications that extend far beyond a standard commercial contract.
According to the FSP, such a decision raises geopolitical concerns because biometric information represents one of the most sensitive categories of personal data maintained by a modern state.
Data Sovereignty and National Security Issues
The controversy has also reignited discussion about the concept of data sovereignty.
Critics argue that in the digital age, a nation’s sovereignty is increasingly tied to its ability to secure and control its citizens’ information. They contend that allowing a foreign company to oversee critical citizen identity infrastructure could create long-term strategic vulnerabilities.
Additional concerns have been raised regarding the tender process itself. According to the allegations presented by the FSP, Sri Lankan companies were not permitted to compete for the project.
The party further claims that any legal disputes arising from the contract would ultimately be determined by Indian authorities and Indian courts rather than institutions within Sri Lanka, further fuelling concerns about control and accountability.
Silence From Political Rivals Draws Criticism
The Frontline Socialist Party also criticized what it described as a lack of meaningful opposition to the project from other major political parties.
According to Jayagoda, both the government and the principal opposition have remained largely silent despite the significance of the issue. He argued that this reflects a broader political culture that accepts Indian influence regardless of whether parties are in government or opposition.
The National Identity Card remains the most important document used to establish a citizen’s legal identity and access fundamental rights and services. Because of this, the FSP argues that safeguarding the confidentiality and security of that information should be one of the state’s highest responsibilities.
The party maintains that citizens themselves may ultimately need to take a more active role in questioning decisions that affect the ownership and management of their personal data.
As of June 2026, the ongoing identity card tender has become a focal point in a larger discussion about Sri Lanka’s geopolitical direction, digital governance, and policy priorities. While few dispute the importance of modernizing national identity infrastructure, critics argue that such progress should not come at the expense of national security, data sovereignty, or citizens’ rights.
For those raising concerns, the prospect of granting a company such as Infosys a central role in managing sensitive biometric information represents a decision with consequences that could extend far beyond the immediate scope of the project and shape the country’s digital future for years to come.
