How-to Aadhaar DigiLocker KYC PMLA

How to unlink Aadhaar from a Zerodha account

From WebNotes, a public knowledge base. Last updated 20 June 2026. Reading time ~9 min.

Key facts

Time required	About 15 minutes to raise the request; resolution within Zerodha's ticket cycle
Cost	Free
What you can do	Withdraw DigiLocker consent for future pulls and revoke a saved Virtual ID
What you cannot do	Strip a completed Aadhaar eKYC from an active KYC record without re-doing KYC by another officially valid document
Retention floor	Five years after the account closes, under the Prevention of Money Laundering Act 2002

Procedure

Decide which sense of unlink you meanSeparate two things: stopping future Aadhaar use, which is possible, and erasing a completed eKYC from an open account, which is not. KYC is mandatory for any demat account, so the identity record cannot simply be deleted while the account stays open.
Withdraw the standing DigiLocker consentLog in to digilocker.gov.in or the DigiLocker app, open the consent or issued-documents history, and revoke the standing authorisation given to the broker. This stops any future automated pull but does not retract data already delivered.
Revoke a saved Virtual ID at UIDAIIf you shared a Virtual ID rather than the full Aadhaar, generate a fresh VID at myaadhaar.uidai.gov.in, which invalidates the previous one. The full 12-digit Aadhaar number cannot be revoked because it is permanent.
Ask Zerodha to switch the KYC basis to a non-Aadhaar documentTo remove Aadhaar as the live identity basis on an open account, raise a Zerodha support ticket asking to re-do KYC using another officially valid document, such as a passport, voter ID or driving licence, through the offline route.
Close the account if you want the data purgedIf your real goal is to remove your Aadhaar-derived data entirely, the route is account closure, after which the broker retains records only for the statutory period and then disposes of them.

Unlinking Aadhaar from a Zerodha account is not a single switch, and the word covers two very different requests. One is to stop any further Aadhaar authentication or document pull, which a customer can do by withdrawing the standing DigiLocker consent and revoking a shared Virtual ID. The other is to strip a completed Aadhaar eKYC out of an active account, which cannot be done, because know your customer verification is mandatory for every demat account and the identity record has to rest on some officially valid document. This guide separates the two, walks the steps that are actually available, and sets out what the Prevention of Money Laundering Act requires a broker to keep.

The distinction matters because most people who search for this want one of two outcomes that pull in opposite directions. A privacy-minded holder wants the broker to stop reaching into UIDAI on their behalf, which is achievable. A holder who wants their Aadhaar data erased while keeping the account open is asking for something the KYC framework does not allow: an open demat account with no identity basis on file. The achievable middle path, swapping the Aadhaar-based KYC for KYC built on a passport or driving licence, exists but means re-doing KYC, not deleting it.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Step-by-step procedure

The numbered procedure in the infobox above is the canonical flow. The sections below expand each step, and they are deliberately ordered from the lightest action, withdrawing future consent, to the heaviest, closing the account. Pick the step that matches your actual goal rather than running all of them.

1. Decide which sense of unlink you mean

Aadhaar enters a Zerodha account at one moment: the DigiLocker eKYC during onboarding, when the broker pulls a digitally signed Aadhaar from UIDAI and reads your name, date of birth, gender, address, photograph and the last four digits. That pull populates the KYC record filed with a KYC Registration Agency . Once it is done, two things are separable. The standing consent that would let the broker pull again is one thing; the data already delivered and filed is another. You can stop the first. You cannot retract the second while the account is open, because a demat account with no identity on file is not a permitted state under SEBI KYC norms.

DigiLocker keeps a record of every requester you have authorised and every document issued to a requester. Log in to digilocker.gov.in or open the DigiLocker app, go to the consent or issued-documents history, and revoke the authorisation tied to the broker. This stops a future automated pull. It does not retract the signed Aadhaar already delivered during onboarding, which the broker holds as the source artefact for your KYC. Think of it as cancelling a standing instruction, not recalling a letter already posted.

3. Revoke a saved Virtual ID at UIDAI

If, during onboarding, you used a Virtual ID rather than the full Aadhaar number, you have a cleaner lever. A VID is a temporary 16-digit token mapped to your Aadhaar, and generating a fresh one at myaadhaar.uidai.gov.in invalidates the previous VID. Any party holding the old VID can no longer use it to authenticate. The full 12-digit Aadhaar number is different: it is a permanent lifelong identifier and cannot be revoked or cancelled, which is exactly why UIDAI built the VID and the masked Aadhaar for situations where you would rather not expose the real number.

4. Ask Zerodha to switch the KYC basis to a non-Aadhaar document

This is the closest thing to genuinely unlinking Aadhaar while keeping the account. Raise a Zerodha support ticket asking to re-do KYC on the basis of another officially valid document. The offline route accepts a self-attested passport, voter ID or driving licence as proof of identity and address, the same set used when an Aadhaar is not mobile-linked . The account then rests on that document rather than on Aadhaar. This is re-KYC, not deletion: you are replacing one valid identity basis with another, because the account must always have one.

5. Close the account if you want the data purged

If your real objective is to remove your Aadhaar-derived data entirely, the only route that triggers disposal is account closure. While the account is open, the broker is required to keep the KYC record. Once you close it, the retention clock runs and the broker disposes of the records after the statutory period. Closing the account is covered in the broader account modification and closure flows; the relevant point here is that closure, not a mid-life deletion request, is what eventually clears the data.

What unlink does not mean: KYC is mandatory

A demat or trading account in India cannot exist without a completed KYC record. PAN is the primary identifier, and identity and address verification sit under the KYC Registration Agency system and the customer due-diligence duties of the Prevention of Money Laundering Act 2002 . Aadhaar is one accepted way to satisfy the identity and address legs, not a bolt-on you can remove and leave a gap. That is the structural reason a request to delete Aadhaar from an open account is refused: it would leave the account without the identity basis the law requires it to carry. The choice is between keeping Aadhaar, swapping it for another valid document, or closing the account.

Data retention under PMLA

The five-year figure is the one to remember. Under Section 12 of the Prevention of Money Laundering Act 2002, read with the PML (Maintenance of Records) Rules 2005, a reporting entity must keep records of the identity of its clients for five years after the business relationship ends or the account is closed. SEBI carries the same requirement into the securities market through its KYC norms. So even after you close the account, the broker does not delete your KYC immediately; it holds the records for five years and disposes of them after that. The retention is a legal obligation on the broker, not a discretionary choice, and no support request can shorten it.

The offline-KYC alternative in plain terms

For a holder who never wants Aadhaar involved, the cleaner path is to avoid the Aadhaar eKYC at the start by opening through the offline paper route , which uses a self-attested Aadhaar copy or another officially valid document and physical signatures rather than a live DigiLocker pull. An existing holder can move to that footing through re-KYC as in step 4. Either way the account ends up with a non-Aadhaar identity basis, which is the practical meaning of not having Aadhaar linked, as far as the live KYC record is concerned.

What can go wrong

You expect the eKYC to be deleted on request. It will not be. An open account must carry an identity basis; the available moves are to change that basis or close the account, not to erase it.
You revoke DigiLocker consent and assume the data is gone. Revoking consent stops future pulls only. The signed Aadhaar already delivered during onboarding stays as the KYC source artefact until the account closes and the retention period lapses.
You try to cancel your Aadhaar number. The 12-digit Aadhaar number is permanent and cannot be revoked. You can only regenerate a Virtual ID to invalidate a shared VID, or lock biometrics at UIDAI.
You close the account expecting instant deletion. Records are held for five years after closure under PMLA. That is a legal floor, not a Zerodha policy choice, and it cannot be waived.
Re-KYC fails on a name mismatch. Switching to a passport or voter ID still runs a name and date-of-birth match against PAN. Align the records first; see how to find your name and date of birth as per PAN .

External references

References

Prevention of Money Laundering Act 2002, Section 12, read with the Prevention of Money-laundering (Maintenance of Records) Rules 2005; records of client identity retained for five years after the business relationship ends.
SEBI Master Circular on Know Your Client (KYC) norms for the securities market, October 2023.
UIDAI, Virtual ID and Aadhaar locking services, uidai.gov.in (as of 20 June 2026).
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016, on Aadhaar as a permanent identifier and proof of identity.

Frequently asked questions

Can I unlink Aadhaar from my Zerodha account?

Only partly. You can withdraw the standing DigiLocker consent for future pulls and revoke a shared Virtual ID. You cannot strip a completed Aadhaar eKYC from an open account, because KYC is mandatory for every demat account and the identity record must rest on an officially valid document.

How do I withdraw DigiLocker consent given to Zerodha?

Log in to digilocker.gov.in or the DigiLocker app, open the consent or issued-documents history, and revoke the authorisation tied to the broker. This stops any future automated pull but does not retract the signed Aadhaar already delivered during onboarding, which the broker holds as the KYC source artefact.

Can I cancel or revoke my Aadhaar number itself?

No. The 12-digit Aadhaar number is a permanent lifelong identifier and cannot be revoked or cancelled. You can regenerate a Virtual ID at myaadhaar.uidai.gov.in to invalidate a shared VID, or lock biometrics at UIDAI, but the underlying Aadhaar number stays fixed.

How can I remove Aadhaar as the KYC basis but keep my account open?

Raise a Zerodha support ticket to re-do KYC on another officially valid document, such as a passport, voter ID or driving licence, through the offline route. The account then rests on that document. This is re-KYC, not deletion, because an open demat account must always carry an identity basis.

How long does Zerodha keep my Aadhaar data after I close the account?

Five years. Under Section 12 of the Prevention of Money Laundering Act 2002, read with the PML (Maintenance of Records) Rules 2005, a reporting entity must keep client-identity records for five years after the account closes. The retention is a legal floor on the broker, not a discretionary choice.

What is the cleanest way to avoid Aadhaar in a Zerodha account?

Open through the offline paper route, which uses a self-attested Aadhaar copy or another officially valid document and physical signatures rather than a live DigiLocker pull. An existing holder can move to that footing through re-KYC, leaving the account on a non-Aadhaar identity basis.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed: 20 June 2026
Conflicts of interest: WebNotes is independent. No relationship with any broker, registrar or bank named in this article.