eKYC vs offline KYC at Zerodha
Know Your Client (KYC) is the identity-verification step every Indian market intermediary must complete before opening a trading or demat account , and at Zerodha it runs through one of two paths: Aadhaar-based electronic KYC (eKYC) pulled through DigiLocker, or offline KYC built on printed, signed and attested physical forms. Both satisfy the same regulatory requirement set by SEBI in its Master Circular on KYC norms for the securities market dated October 2023, and both end at a KYC Registration Agency (KRA) that validates and stores the record. The two paths differ in how identity is captured, who can use each, and how long they take.
For most resident Indians, eKYC is automatic and quick: the permanent account number and Aadhaar are fetched from official sources, an OTP confirms consent, and the account is typically opened within 24 to 48 working hours of document submission. Offline KYC is the fallback and, for some applicants, the only option. NRIs cannot use the online Aadhaar flow at all, and resident applicants are pushed to manual correction whenever the online records do not line up. This article sets out each path, the SEBI framework behind them, the role of the KRA, and the situations that force an applicant from one to the other.
What eKYC captures at Zerodha
Zerodha’s online eKYC relies on DigiLocker as the verified source for both PAN and Aadhaar, and it pulls three specific things for three stated reasons. It pulls the PAN to make sure the name the applicant provides matches the name registered with the Income Tax Department. It pulls the Aadhaar image to match against the photo captured during in-person verification. And it pulls the Aadhaar address to update the address in the KYC records.
In the DigiLocker step the applicant must select both PAN and Aadhaar; selecting only one triggers an error. The Aadhaar authentication itself is OTP-based: the OTP goes to the mobile number seeded with Aadhaar at UIDAI, which is why an applicant whose mobile is not linked to Aadhaar cannot complete the fully online OTP flow and has to take an alternative route. Once consent is given and the OTP authenticated, the name, address and photograph are fetched without the applicant typing them in, which removes a common source of data-entry error.
The single most frequent failure in this flow is a mismatch between PAN and Aadhaar. The name and date of birth must match across both records, or DigiLocker returns an invalid-consent error. The two documented causes of that error are not selecting both PAN and Aadhaar in DigiLocker, and PAN or Aadhaar records not being up to date in DigiLocker. The fix is to update the underlying record first, PAN through Protean (the TIN-PAN service) or Aadhaar through UIDAI, then retry the eKYC.
What offline KYC involves
Offline KYC replaces the digital pull with physical paper. The applicant prints the account-opening forms, completes every field, signs each page, affixes a photograph, and attaches self-attested copies of the identity and address documents. Where the regulatory framework requires it, those copies are attested by an authorised official before they are couriered to Zerodha rather than uploaded.
The attestation requirement is what separates a casual physical form from a compliant one. For an applicant whose KYC status is already recorded as non-resident, documents do not need notarisation. For an applicant whose KYC status is not yet NRI-verified and who cannot visit a Zerodha office in India, documents must be notarised by an Indian embassy or consulate, by authorised officials of overseas branches of scheduled commercial banks registered in India, by public notaries, or by court magistrates or judges in the country of residence. Getting this attestation right matters, because a self-attested-only copy from abroad is returned without processing.
Offline KYC is slower by design. There is a courier leg, a manual document-verification leg at Zerodha, and a correction loop if any field is wrong, where a fresh signed form is needed rather than an in-transit fix. Against that, offline KYC is the only path that works when the online prerequisites are absent, an Aadhaar not seeded to a mobile, a name mismatch the applicant cannot resolve quickly, or a residency status the online flow does not support.
When each path is required
The choice between eKYC and offline KYC is not usually a preference; the applicant’s situation decides it.
Resident individuals with PAN, Aadhaar, an Aadhaar-seeded mobile and matching name and date of birth use eKYC. This is the default, and it is the path the how to open a Zerodha account online guide documents.
NRIs use offline KYC. Account opening for NRIs at Zerodha is offline: an applicant inside India can complete it online via Aadhaar eSign, but an applicant outside India fills the forms online, prints the pre-approved forms, and couriers them to the head office. The full NRI mechanics, including the PIS or non-PIS decision, are in the how to open a Zerodha NRI account guide and the PIS vs non-PIS comparison .
Resident applicants are also pushed off eKYC by specific mismatches. A name that does not match between PAN and Aadhaar, a date of birth that differs across the two, a signature or eSign name mismatch, or a PAN-Aadhaar that is not linked at the Income Tax Department side all force either a correction step or the physical route. These are the same conditions that cause an application to be rejected or put on hold , so resolving them up front is what keeps an applicant on the fast eKYC path.
| Factor | eKYC | Offline KYC |
|---|---|---|
| Identity capture | DigiLocker pull of PAN and Aadhaar, UIDAI OTP | Printed, signed, attested physical forms |
| Who uses it | Resident with Aadhaar-seeded mobile and matching records | NRIs; residents with record mismatches or no Aadhaar-mobile link |
| Attestation | Not needed; sourced from official records | Notary or consulate attestation where KYC is not already verified |
| Speed | Account typically opened in 24 to 48 working hours | Slower; courier plus manual verification plus correction loop |
| In-person verification | Video or selfie matched against Aadhaar image | Signature with photograph on the physical form |
The KRA: where KYC is stored and validated
Both paths converge on a KYC Registration Agency. A KRA is a SEBI-regulated agency that validates and stores a client’s KYC record so it does not have to be rebuilt at every intermediary. SEBI registers several of them: CVL, NDML, DOTEX, Karvy and CAMS are the named agencies. The framework comes from the SEBI KYC (Know Your Client) Registration Agency Regulations 2011, last amended on 18 August 2023, read with the October 2023 Master Circular on KYC norms.
Two properties of the KRA system matter to an applicant. First, portability: each KYC record is unique and tagged to a single PAN, and once a KRA has validated the record, the client need not repeat KYC across intermediaries. Second, validation status: the KRA is responsible for validating clients’ KYC details against records, and it notifies both existing and new clients by email and SMS when KYC is successfully registered. If the applicant receives a KRA validation email, the instruction is to click the link to validate the email address, checking spam and trash folders if it is not in the inbox.
There is a status nuance for an already-validated record: the KRA status may not update for up to 72 hours, and the SMS arrives only if the mobile number is active and not on DND. For NRIs, only the email validation is mandatory; the mobile SMS step applies when an Indian number is registered, and international numbers are exempt. If the KRA holds incorrect details, the applicant completes a re-KYC to match Aadhaar, after which Zerodha processes the request in 24 to 48 working hours, informs the KRA, and the KRA takes a further 5 working days before the client validates through the link.
The SEBI eKYC framework
The legal backing for the online flow sits in two SEBI instruments. The Master Circular on KYC norms for the securities market, issued in October 2023, consolidates the KYC requirements that intermediaries follow. Alongside it, SEBI has separately permitted entities to use the e-KYC Aadhaar authentication services of UIDAI in the securities market as a sub-KUA, the arrangement that lets a broker authenticate Aadhaar through a registered KYC User Agency.
A practical consequence of the framework worth noting: a client whose KYC attributes cannot be validated by a KRA is not allowed to transact further in the securities market until the attributes are verified. Existing clients on record as of 31 March 2024 whose attributes could not be validated were allowed only to exit existing investments, through sale or redemption, subject to the intermediary’s due diligence. This is why a clean, validated KYC is not a one-time formality; it is the condition for continuing to trade, and it is why the eKYC-versus-offline choice ultimately ends at the same KRA gate.
Getting eKYC right the first time
Most eKYC failures trace to records that do not agree, so the work is front-loaded. Confirm the mobile number is the one seeded with Aadhaar at UIDAI, since the OTP goes there. Check that the name and date of birth match exactly across PAN and Aadhaar, and if they do not, update the lagging record through Protean for PAN or UIDAI for Aadhaar before starting. Confirm PAN and Aadhaar are linked at the Income Tax Department, because an unlinked or inoperative PAN blocks the flow. In DigiLocker, select both PAN and Aadhaar, and make sure both are current inside DigiLocker by re-fetching them from the Income Tax Department and UIDAI sources if needed.
If any of these cannot be fixed quickly, offline KYC is the route that still works, at the cost of the courier and verification time. For NRIs the question does not arise: offline is the only path, and the priority is correct notarisation and an exact name match across PAN, passport and the PIS letter where one is used.
See also
- How to open a Zerodha account online
- How to open a Zerodha NRI account
- Zerodha IPV via video
- How to complete Zerodha KYC online
- How to verify PAN and Aadhaar e-sign with Zerodha
- Why a Zerodha account application is rejected
- How to track Zerodha account opening status
- Documents required to open a Zerodha account
- KYC Registration Agency
- DigiLocker
- Aadhaar
- Permanent Account Number
- PAN and Aadhaar linking
- Central KYC Records Registry
- In-person verification
- Demat account
- SEBI
- Reserve Bank of India
- Non-resident Indian
- Zerodha NRI PIS vs non-PIS account
- Zerodha
- Kite
- Zerodha Console
- CDSL
- NSDL
- Zerodha account opening charges
- Mutual funds in India
- FATCA self-certification
- Bank account validation (penny drop)
- Video KYC
- Aadhaar eSign
External references
- SEBI Master Circular on KYC norms for the securities market (October 2023)
- SEBI KRA Regulations 2011, last amended 18 August 2023
- SEBI: entities allowed to use e-KYC Aadhaar authentication as sub-KUA
- Zerodha support: PAN and Aadhaar via DigiLocker
- UIDAI
References
- SEBI, Master Circular on Know Your Client (KYC) norms for the securities market, October 2023 (document Id 77945).
- SEBI {KYC (Know Your Client) Registration Agency} Regulations 2011, last amended on 18 August 2023.
- SEBI circular, Entities allowed to use e-KYC Aadhaar Authentication services of UIDAI in the Securities Market as sub-KUA, February 2023.
- Zerodha support article, “Why does Zerodha collect PAN and Aadhaar via DigiLocker for KYC?”, accessed 19 June 2026.
- Zerodha support article on KRA KYC validation email and SMS, accessed 19 June 2026.