How to respond when Zerodha emails asking you to update KYC details
When Zerodha emails asking you to update your KYC details, verify the email’s sender domain first, then update the details yourself by logging in to account.zerodha.com , clicking Complete Rekyc, and working through the flow; the account reactivates within 48 working hours of completing every step. The request is legitimate where it comes from a Zerodha domain and routes you to log in and complete Re-KYC yourself; it is phishing where it comes from a lookalike domain or asks you to enter your password or OTP into a link.
KYC-update emails arise for two reasons: your recorded details are incomplete or stale, or your account has been flagged dormant after a long spell without trading. This guide separates the genuine email from the scam, explains the KYC and dormancy rules behind it, and walks the Re-KYC flow field by field, including the income-range field that most of these emails are really asking you to refresh.
Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.
Step-by-step procedure
The numbered box above gives the sequence. The detail below covers verifying the email and the two fields that trip people up: the income range and the Aadhaar-linked address change.
1. Verify the email is genuinely from Zerodha
Read the sender address after the @ sign before doing anything. A genuine KYC-update request comes from a Zerodha domain, zerodha.com or a zerodha.net mailer subdomain on Zerodha’s published list. A lookalike such as zerodha-kyc.in is phishing, and the tell is usually a link that asks you to “verify your KYC” by entering your password or OTP, which Zerodha never asks for. The full domain list and method are in how to verify whether an email is genuinely from Zerodha
. Wrong domain means report it and stop.
2. Log in to account.zerodha.com yourself
Ignore the email’s link entirely. Open account.zerodha.com/account, click Login, and sign in to Kite
. A genuine Re-KYC requirement appears here as a Complete Rekyc prompt; if nothing is pending inside your own login, the email’s claim is fabricated. Reaching the action by your own route, not the email’s, is what makes a phishing page useless against you.
3. Start Complete Rekyc and select segments
Click Complete Rekyc, select the trading segments you want active, and click Continue. For a dormant account this same flow is the reactivation path, so you are both refreshing KYC and switching the account back on in one pass.
4. Update contact, income and profile details
Update your contact details and click Continue, then update profile details including your annual income range and click Continue. The income range is the field most KYC-update emails are really targeting, because exchanges and SEBI expect brokers to keep client risk profiles current. Be accurate: the range you declare governs whether you can be enabled for futures and options and feeds your suitability profile.
5. Update address, bank and FATCA
Update your address if it has changed; the online address change requires your mobile number to be linked to Aadhaar, and without that link you must use the offline process. Update bank details if needed, complete the FATCA declaration, and, if you want F&O, upload income proof. Zerodha accepts a six-month bank statement with average balance above Rs 10,000, a salary slip with gross monthly above Rs 15,000, an ITR or Form 16 with gross annual above Rs 1,20,000, a net-worth certificate above Rs 10,00,000, demat holdings above Rs 10,000, or an FD receipt above Rs 1,00,000.
6. Complete in-person verification
Finish with in-person verification (IPV), the short video step that confirms you are the account holder. Once every step is done, the account is reactivated within 48 working hours, though the exchanges may take additional time to enable specific segments after approval.
Why Zerodha asks: incomplete KYC and dormancy
Two distinct triggers produce a KYC-update email, and it helps to know which one you are dealing with.
The first is incomplete or stale KYC: a missing or out-of-date field, such as an income range that was never refreshed, that the broker must update to keep your record valid. The second is dormancy. Per NSE and BSE circulars, an account is treated as inactive once there has been no trading activity for 24 consecutive months, and Zerodha then flags it for Re-KYC as additional due diligence before you can resume. A point that catches investors: placing IPO or corporate-action orders does not count as trading for this purpose, so a buy-and-hold investor who only applies to IPOs can still be marked dormant.
The consequences of leaving it are limited but real. A dormant account continues to receive cash and stock dividends, so you do not lose income. But you cannot trade, and you cannot participate in buybacks, offers for sale , rights issues or similar corporate actions until you complete Re-KYC and reactivate. So the email is worth acting on even if you trade rarely.
Genuine request versus phishing
Apply the same filter every time, because scammers reuse this exact subject line. A genuine KYC email comes from a Zerodha domain on the authorised list, routes you to log in and Complete Rekyc yourself, and never asks for your password, PIN, OTP, TOTP or a payment. A phishing one comes from a lookalike domain, pushes a login link that is not kite.zerodha.com, and asks for a secret or a fee. Zerodha never charges to “update” or “reactivate” KYC and never asks for a login secret by email. When unsure, log in to account.zerodha.com by typing it yourself and check for a pending Re-KYC step; if there is none, report the email through a ticket
.
See also
- Zerodha
- How to verify whether an email is genuinely from Zerodha
- How to re-KYC at Zerodha
- How to respond to a document re-submission email from Zerodha
- How to respond to an additional-documents email from Zerodha
- How to check KYC status at Zerodha
- How to update KYC via DigiLocker
- How to reactivate a dormant Zerodha account
- How to reactivate a voluntarily deactivated Zerodha account
- How to fix stuck KYC verification at Zerodha
- How to activate F&O at Zerodha
- How to update address at Zerodha (KRA)
- How to verify PAN and Aadhaar at Zerodha
- How to update PAN resident status for an NRI
- FATCA
- In-person verification
- Know your customer (KYC)
- Central KYC Records Registry
- Zerodha KRA
- How to create a ticket at Zerodha
- Zerodha Console
- Kite by Zerodha
- How to participate in an OFS at Zerodha
- Initial public offering
- Zerodha investor charter
External references
- Zerodha support: Why did Zerodha send an email requesting KYC details be updated?
- Zerodha support: Why did Zerodha send an email asking for KYC information?
- Zerodha support: How to verify if the email from Zerodha is genuine?
- SEBI master circular on KYC norms for the securities market
- National Stock Exchange of India circulars on account inactivity
References
- Zerodha support, Why did Zerodha send an email requesting KYC details be updated? (24-month dormancy per NSE and BSE circulars; Complete Rekyc flow; 48-working-hour reactivation; income-proof thresholds), as of 20 June 2026.
- Zerodha support, Why did Zerodha send an email asking for KYC information? (incomplete-KYC re-verification), as of 20 June 2026.
- SEBI master circular on KYC requirements and KYC Registration Agencies (KRA) for the securities market.
- NSE and BSE circulars on treatment of inactive and dormant trading accounts.
- Zerodha support, How to verify if the email from Zerodha is genuine? (authorised sender-domain list).