How to respond to an additional-documents email from Zerodha
If Zerodha emails you asking for additional documents during onboarding or re-KYC , the safe response is to verify the email is genuine first, then upload the document only through your own Zerodha login at support.zerodha.com or signup.zerodha.com/rekyc, never through a link in the email, an SMS or a WhatsApp message. A genuine request always corresponds to a pending item visible inside your own logged-in account; if the demand exists only in the email, treat it as phishing.
These emails are routine and usually legitimate. Onboarding and periodic KYC throw up document requests for ordinary reasons: a PAN or Aadhaar image that uploaded blurry, an income proof needed for the F&O segment or a Client of Special Category , an address proof, or a name that does not match between your PAN and Aadhaar. The problem is that KYC-related fraud rides on exactly these messages, because a fake “your KYC will be blocked, upload documents here” email looks almost identical to the real thing. So the response has two halves: verify, then upload through the right channel.
This guide covers why Zerodha asks, how to confirm the request is real before you act on it, exactly where and how to upload, and how to keep an upload from being rejected.
Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.
Step-by-step procedure
The numbered box at the top sets the sequence. The detail below expands the verify-first discipline that keeps a routine request from turning into a phishing loss, and the upload mechanics that prevent rejection.
1. Read the email but do not click anything in it
Open the email and note what it claims to want, then stop. Do not click any link, button or attachment in the message yet. This is the single habit that defends against KYC phishing: a genuine Zerodha email and a fraudulent one can look the same, so you decide based on what is in your account, not on what is in the email. The text of the request, which document, by when, is useful context, but you will act on it from your own login.
2. Verify the request from your own login, not the email link
Open a fresh browser tab and go to support.zerodha.com, or to your Zerodha account page, by typing the address yourself rather than following the email. Log in. Check whether the same document request appears as a pending item: in the support ticket portal, in the re-KYC flow, or in a banner on your account page. If the request is genuine, it will be there. If you can find no matching pending item inside your logged-in account, the email is suspect, and you should report it rather than respond. Zerodha’s own guidance is to log in directly, without clicking email links, and confirm any actual pending KYC request before submitting anything.
3. Prepare a clean, full document
Once you have confirmed the request is real, get the document ready. Photograph or scan it in good light, in full frame, with all four corners visible and the text sharp. The most common rejection reason is a blurry, cropped or unclear file, so a clean capture saves a second round trip. If the request is for a re-upload because an earlier image was unclear, this is precisely the fix.
4. Upload only through the official Zerodha channel
Submit the document through your logged-in Zerodha session: raise or reply to a support ticket at support.zerodha.com and attach the file there, or upload it inside the re-KYC flow at signup.zerodha.com/rekyc if that is where the request originated. Never send the document to a personal email address, a WhatsApp number, or a link from an SMS. A genuine Zerodha request is satisfied by uploading inside your own account; it never routes you to a third-party site.
5. Fix a name mismatch if that is the issue
If the request is about a name that does not match between PAN and Aadhaar, the upload alone will not clear it. Correct one of the documents so the spellings match exactly, then upload the corrected one. A mismatch between PAN and Aadhaar names is a frequent cause of a stalled KYC, and the fix is to align the two, not to keep re-uploading the same mismatched pair.
6. Track the request to completion
After uploading, track the ticket or the re-KYC status from your account. Zerodha usually updates KYC details within 2 to 3 working days of a valid upload. Where the KRA and exchanges have to update the central record, allow up to 10 working days, after which you can resume trading.
Why Zerodha asks for additional documents
The request almost always traces to one of a handful of routine triggers, and knowing which one tells you what to send.
Onboarding gaps are the first. During account opening, an uploaded image can come through blurry or cropped, or a required field can be incomplete, and Zerodha asks for a re-upload before the account clears. Income proof is the second. If you opted for the F&O segment , or if you are a Client of Special Category , an NRI, a PEP or a high net worth client, income proof is mandatory and the email is asking for it. Re-KYC and periodic refresh are the third. SEBI requires brokers to refresh client KYC on a defined cadence, tighter for high-risk clients, so a KYC-update email may ask for a current address proof or income document. Name and detail mismatches are the fourth: a PAN-Aadhaar name difference, an outdated address, or a changed bank account each generates a document request.
None of these is unusual, and none should be ignored, because an unresolved KYC request can freeze trading. The point is to act on the genuine ones through the right channel and to discard the fake ones.
How to tell a genuine request from a phishing scam
KYC fraud is common because the lure is so plausible: a deadline, a threat that the account will be blocked, and a convenient link to “update KYC”. The defences are simple and absolute.
Use only official channels. A genuine re-KYC or document upload happens through Zerodha’s own portal at signup.zerodha.com/rekyc or a support ticket at support.zerodha.com, both reached by typing the address yourself. Be wary of any link sent by SMS or WhatsApp, or any third-party site, that asks you to update KYC. A genuine email directs you to log in to your own account and upload there; it never asks you to share an OTP or password, never asks you to transfer money, and never routes documents to an outside site. Zerodha itself notes that a fraudster can trivially fabricate an image of a PAN card with anyone’s details, which is why the broker relies on verified uploads inside your account rather than on a scan emailed in from anywhere. If an email’s authenticity is in any doubt, do not respond to it: log in directly, check for an actual pending request, and if none exists, report the message. The companion guide how to verify a Zerodha email sets out the header and sender-address checks in full.
What to do if you cannot find the request inside your account
If you log in and there is no matching pending document request, the email is almost certainly not from Zerodha. Do not click its links, do not upload anything, and do not reply with documents. Report the message to Zerodha through a support ticket raised from your own login so the broker can flag the phishing campaign, and delete the email. A real requirement will always surface inside your logged-in account; the absence of one there is the clearest signal that the email is fraudulent.
See also
- Zerodha
- How to verify a Zerodha email
- How to respond to a KYC-update email from Zerodha
- How to respond to a document-resubmission email from Zerodha
- How to re-KYC your Zerodha account
- How to check your KYC status at Zerodha
- How to create a support ticket at Zerodha
- How to attach files to a Zerodha ticket
- How to attach large files to a Zerodha ticket
- How to track a Zerodha ticket
- How to verify PAN and Aadhaar at Zerodha
- How to activate the F&O segment at Zerodha
- How to reactivate a dormant Zerodha account
- How to reactivate a voluntarily deactivated Zerodha account
- Clients of Special Category (CSC)
- FATF lists and your Zerodha account
- How to verify a Zerodha call
- Zerodha cyber security
- Zerodha official social media handles
- Central KYC Records Registry
- Zerodha KRA
- In-person verification
- Zerodha Console
- Kite by Zerodha
- SEBI
External references
- Zerodha support: What is KYC and how can I check my KYC status?
- Zerodha support: Why did Zerodha send an email asking for KYC information?
- Zerodha support: Why did Zerodha send an email requesting KYC details be updated?
- SEBI: Master Circular on AML/CFT obligations of securities market intermediaries under PMLA
- SEBI: investor cautions on KYC fraud
References
- Zerodha support, What is KYC and how can I check my KYC status? (re-KYC channels and document upload via your own login; as of 20 June 2026).
- Zerodha support, Why did Zerodha send an email asking for KYC information? (genuine-request verification and clean-upload guidance; as of 20 June 2026).
- SEBI Master Circular, Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) / Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002, dated 6 June 2024 (periodic KYC and source-of-funds obligations).
- Prevention of Money Laundering Act, 2002, and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (client due diligence and record-keeping).
WebNotes Editorial Team prepares factual how-to guides based on publicly available regulatory documents and broker disclosures. WebNotes is not affiliated with Zerodha Broking Limited. Procedures change; verify current requirements at support.zerodha.com before acting, and never share OTPs, passwords or documents through unofficial channels.