The National Transport Repository: Legal Fault Lines in India’s Transport Data Policy

Muskan Sharma
Muskan Sharma
Research Analyst- Policy & Advocacy, CyberPeace
PUBLISHED ON
Sep 5, 2025
10

Introduction

India’s new Policy for Data Sharing from the National Transport Repository (NTR) released by the Ministry of Road Transport and Highways (MoRTH) in August, 2025, can be seen as a constitutional turning point and a milestone in administrative efficiency. The state has established an unprecedentedly large unified infrastructure by combining the records of 390 million vehicles, 220 million driver’s licenses, and the streams from the e-challan, e-DAR, and FASTag systems. Its supporters hail its promise of private-sector innovation, data-driven research, and smooth governance. However, there is a troubling paradox beneath this facade of advancement: the very structures intended to improve citizen mobility may simultaneously strengthen widespread surveillance. Without strict protections, the NTR runs the risk of violating the constitutional trifecta of need, proportionality, and legality as stated in Puttaswamy v. UOI, which brings to light important issues at the nexus of liberty, law, and data.  

The other pertinent question to be addressed is as India unifies one of its comprehensive datasets on citizen mobility the question becomes more pressing: while motorised citizens are now in the spotlight for accountability, what about the millions of other datasets that are still dispersed, unregulated, and shared inconsistently in the areas of health, education, telecom, and welfare?

The Legal Backdrop

MoRTH grounds its new policy in Sections 25A and 62B of the Motor Vehicles Act, 1988. Data is consolidated into a single repository since states are required by Section 136A to electronically monitor road safety. According to the policy, it complies with the Digital Personal Data Protection Act, 2023. 

The DPDP Act itself, however, is rife with state exclusions, particularly Sections 7 and 17, which give government organisations access to personal information for “any function under any law” or for law enforcement purposes. This is where the constitutional issue lies. Prior judicial supervision, warrants, or independent checks are not necessary. With legislative approval, MoRTH is essentially creating a national vehicle database without any constitutional protections. 

Data, Domination and the New Privacy Paradigm

As an efficiency and governance reform, VAHAN, SARATHI, e-challan, eDAR, and FASTag are being consolidated into a single National Transport Repository (NTR). However, centralising extensive mobility and identity-linked records on a large scale is more than just a technical advancement; it also changes how the state and private life interact. The NTR must therefore be interpreted through a more comprehensive privacy paradigm, one that acknowledges that data aggregation is a means of enhancing administrative capacity and has the potential to develop into a long-lasting tool of social control and surveillance unless both technological and constitutional restrictions are placed at the same time. 

Two recent doctrinal developments sharpen this concern. First, the Supreme Court’s foundational ruling that privacy is a fundamental right remains the constitutional lodestar, any state interference must satisfy legality, necessity and proportionality (KS Puttaswamy & Anr. vs UOI). Second, as seen by the court’s most recent refusals to normalise ongoing, warrantless location monitoring, such as the ruling overturning bail requirements that required accused individuals to provide a Google maps pin, as movement tracking necessitates closer examination (Frank Vitus v. Narcotics Control Bureau & Ors.,).When taken as a whole, these authorities maintain that unrestricted, ongoing access to mobility and toll-transaction records is a constitutional issue and cannot be handled as an administrative convenience. 

Structural Fault Lines in the NTR Framework

Fundamentally, the NTR policy generates structural vulnerabilities by providing nearly unrestricted access through APIs and even mass transfers on physical media to a broad range of parties, including insurance companies, law enforcement, and intelligence services. This design undermines constitutional protections in three ways: first, it makes it possible to draw conclusions about private life patterns that the Supreme Court has identified as one of the most sensitive data categories by exposing rich mobility trails like FASTag logs and vehicle-linked identities; Second, it allows bulk datasets to circulate outside the ministry’s custodial boundary, which creates the possibility of function creep, secondary use, and monetisation risks reminiscent of the bulk sharing regime that the government itself once abandoned; and third, it introduces coercive exclusion by tying private sector access to Aadhaar-based OTP consent. 

Reference

PUBLISHED ON
Sep 5, 2025
Category
TAGS
No items found.

Related Blogs