The Proposal
On June 22, 2026, at the foundation-laying ceremony for the Central Industrial Security Force's new headquarters in New Delhi, CISF Director General Praveer Ranjan outlined an ambitious surveillance architecture: a Data Fusion Centre in Delhi that would aggregate feeds from approximately 150,000 CCTV cameras installed across CISF-protected facilities — power plants, metro systems, ports, and government complexes — and link facial recognition systems at six major airports (Delhi, Mumbai, Bengaluru, Chennai, Hyderabad, Kolkata) into what Ranjan described as an "integrated command and control centre at vital installations." The proposal is now before the Ministry of Home Affairs for approval.
NATGRID, the intended intelligence backend, is not a new system. Created in the aftermath of the 2008 Mumbai attacks, it aggregates data from over 21 categories of records: Aadhaar biometrics, driving licences, vehicle registrations, bank accounts and FIU suspicious transaction reports, airline passenger name records, FASTag toll transactions, railway bookings, passport data, and social media posts. As of late 2025, it held over 119 crore facial recognition entries — roughly 82 percent of India's population — and processed upwards of 45,000 data requests per month from central and state agencies.
The CISF proposal would make NATGRID actionable in real time at the country's highest-throughput identity checkpoints.
The Security Case
The rationale deserves to be stated fairly. India faces credible threats from organised crime networks, cross-border terror, and fugitives who exploit the anonymity of busy transit hubs. Airports are the most controlled and documented environment the state can monitor: every passenger is ticketed, identified, and funnelled through discrete checkpoints. If real-time watchlist matching at departure gates stops a known terrorist or intercepts a high-value fugitive, the operational argument is difficult to dismiss.
The technical groundwork also already exists. DigiYatra, India's biometric boarding system, is operational at over 38 airports and has facilitated more than 100 million domestic passenger journeys. Since June 1, 2026, it is mandatory for international transit at Delhi, Mumbai, Bengaluru, and Hyderabad. The cameras, processing pipelines, and identity linkages are in place. From a purely operational standpoint, the CISF proposal is less a new system than a routing decision — redirect existing feeds to an intelligence backend rather than a boarding convenience platform.
The Governance Gap
The problem is not the cameras. It is the legal architecture — or the absence of one — surrounding them.
NATGRID was established not by an Act of Parliament but by a Cabinet Committee on Security decision in 2011. There is no dedicated NATGRID statute defining its mandate, setting purpose limitations, specifying data retention periods, or establishing independent oversight. The system is explicitly exempt from the Right to Information Act, 2005, making it largely opaque to public scrutiny. No dedicated parliamentary committee audits its budget, operations, or civil liberties impact. When state police officers at Superintendent of Police rank can query a system containing biometrics for 82 percent of the population — with no external audit trail — the oversight gap is structural, not incidental.
India's Digital Personal Data Protection Act, 2023 was supposed to address some of this. It does not. The DPDP Act empowers the central government to exempt "instrumentalities of the government" from its data protection requirements entirely, in the interest of national security, sovereignty, or public order. Analysis by PRS India and independent researchers highlights that exempted agencies may build "360-degree profiles" of citizens with no mandated deletion requirement once the original purpose lapses. Rule 23 of the DPDP Rules, 2025, compounds the problem: it allows state agencies to demand data from private platforms without prior judicial authorisation, transparent reporting, or independent review. A system that exempts the state from its own data protection law while simultaneously proposing to aggregate biometric intelligence from 150,000 cameras is not a privacy-by-design architecture — it is the opposite.
Purpose Creep in Real Time
DigiYatra illustrates the pattern at work. Launched as a passenger convenience tool, it relied on one-time Aadhaar-linked enrollment for frictionless boarding. Civil liberties researchers at the Internet Freedom Foundation have flagged inadequate governance: no clear data deletion timeline, opaque third-party arrangements, and no independent audit mechanism. The facial infrastructure built for boarding convenience is now proposed as the feed for a counterterrorism intelligence grid — without new consent, new legal authority, or any change to what passengers were told when they enrolled.
That is purpose creep, and it is the predictable consequence of deploying biometric systems without statutory purpose limitations from the outset.
The Technical Risks Are Not Hypothetical
Facial recognition systems fail unequally. Peer-reviewed research consistently documents higher false-positive rates for darker-skinned individuals — a materially significant concern in one of the world's most ethnically diverse countries. A false positive at an airport checkpoint is not a minor inconvenience: it can mean wrongful detention, a missed flight, and reputational harm with no clear redress mechanism under India's current surveillance framework.
The data security risk is equally concrete. In May 2024, Tamil Nadu's facial recognition technology portal suffered a breach that exposed the facial and personal data of more than 50,000 individuals, which subsequently appeared on darknet markets. A centralised Data Fusion Centre aggregating feeds from 150,000 cameras and linking them to NATGRID's 119 crore facial entries creates a target of extraordinary value — and extraordinary consequence if compromised.
What Proportionate Oversight Requires
Proportionate airport surveillance is achievable. Real-time watchlist matching at entry and exit points, limited to individuals under active judicial warrants for serious offences, with mandatory data deletion after defined retention windows and an independent oversight body reporting to Parliament, would serve genuine security objectives without suspending the rule of law for every air traveller in India.
What India should not do is build a mass biometric intelligence grid on top of an executive-order intelligence platform, exempted from its own data protection law, and opaque to parliamentary scrutiny. The Ministry of Home Affairs should condition any approval on a clear statutory foundation for NATGRID, a purpose-limitation framework for airport biometric data, and an independent audit mandate — before a single camera feed is routed to Delhi.