Skip to main content

For practising CAs · ICAI compliance

UDIN, explained for the CA who has to actually generate one.

What UDIN is, why ICAI made it mandatory, the exact steps to generate one on the UDIN portal, which documents need it, and how anyone can verify a UDIN you've issued.

  • Reviewed July 2026
  • 7 min read
  • CA Anil Agarwal & the TatvaBooks team

What is UDIN?

UDIN — Unique Document Identification Number — is an 18-digit number that a practising Chartered Accountant generates on ICAI's UDIN portal for every audit report, certificate or attestation they sign. It's stamped with the member's registration number, the document type and the date, and once generated it can be verified independently by anyone who receives the document — a bank, a regulator, the income tax department, or any third party relying on it.

ICAI introduced UDIN to address a real problem: certificates and reports being forged or issued under a CA's name without their knowledge, and non-CAs signing as "Chartered Accountants" on documents submitted to banks and government departments. UDIN closes that gap — a document without a valid, verifiable UDIN (where UDIN is mandatory for that document type) shouldn't be accepted at face value.

Why ICAI made UDIN mandatory

Before UDIN, there was no independent, real-time way for a bank manager, an ROC official or an income tax officer to confirm that a certificate was genuinely issued by the CA whose name and membership number appeared on it. UDIN gives every relying party a single, free, no-login lookup — enter the 18-digit number on the UDIN portal and see the member's name, membership number and the document details, or a "not found" if the number doesn't check out.

For the profession, it also creates a clean audit trail: once generated, a UDIN is tied to that specific document and can be revoked by the member only through a defined process — it can't be silently rewritten later without a trace.

Which documents require UDIN

ICAI has expanded UDIN's mandatory scope in phases since its introduction, and it now covers most reports, certificates and attest functions a practising member signs. The categories below are the broad buckets — always confirm current applicability on udin.icai.org before treating a specific document as exempt, since ICAI updates the list by announcement.

Category Typical examples
Audit reports Statutory audit, tax audit (Form 3CA/3CB-3CD), GST audit-related certifications, internal audit reports issued in a signing capacity
Certificates Net worth certificates, turnover certificates, certificates for banks/NBFCs, foreign remittance certificates (15CB), stock audit certificates
GST-related attestations Certifications and reconciliation-type attestations issued under GST law where the practitioner signs in a professional capacity
Other attest functions Any document, report or certificate signed by a practising CA that is meant to be relied upon by a third party (banks, regulators, government departments, other stakeholders)

As a working rule: if you're signing something in your capacity as a practising CA that a third party will rely on — a bank, NBFC, government authority, or another professional — assume UDIN applies unless the portal's document-type list says otherwise. Purely internal working papers or management reports not meant for external reliance are generally outside scope, but when in doubt, check the current list rather than assume.

How to generate UDIN — step by step

The process is the same for every document type; only the "particulars" you fill in change.

  1. Log in to the UDIN portal (udin.icai.org) using your membership number and password. First-time users register with their ICAI membership details.
  2. Choose the correct category — Certificate, GST & Tax Audit, or Assurance Function — matching the document you're issuing.
  3. Enter the document particulars — client/entity name, document type, financial year or period, and other fields the form asks for. These should match the actual document exactly, since the UDIN is tied to these details.
  4. Submit and generate the UDIN. The portal returns an 18-digit number immediately.
  5. Print or write the UDIN on the document before it is issued — typically alongside your signature, membership number and firm registration number (where applicable).
  6. Generate it within the prescribed time window of signing — do this before or at the time of signing, not after the document has already gone out and a query has come back.

If details on the document change after the UDIN is generated (say, a figure is corrected), the correct approach is to revoke the original UDIN with reasons on the portal and generate a fresh one for the corrected document — not to edit the document while leaving the old UDIN in place.

How to verify someone else's UDIN

Verification needs no login. Go to udin.icai.org, select "Verify UDIN," enter the 18-digit number exactly as it appears on the document, and submit. A valid, active UDIN returns the member's name, membership number, the document type and the date it was generated — enough to confirm the document is genuine and matches who claims to have signed it. If the number doesn't resolve, or the details don't match what's printed on the document, that's a red flag worth raising before relying on the certificate.

Common mistakes practising CAs make with UDIN

  • Generating it late. UDIN issued days or weeks after the document was signed — often only when a bank or authority asks for it — is treated as non-compliance even if the number is eventually generated. Build UDIN generation into your sign-off checklist, not into your "fix later" pile.
  • Wrong document category. Picking "Certificate" when the document is actually a GST-related attestation (or vice versa) means the UDIN record doesn't match the document type — this surfaces as a mismatch on verification.
  • Mismatched particulars. Entering a different client name, period or figure on the portal than what's actually printed on the document. The UDIN is only as reliable as the data behind it.
  • Not revoking superseded UDINs. Reissuing a corrected certificate without formally revoking the original UDIN leaves two "valid-looking" numbers in circulation for what should be one document.
  • Assuming a document is exempt without checking. The mandatory list has grown since UDIN was introduced — a document type you treated as out of scope two years ago may be in scope today.
  • Sharing portal login credentials with articled staff. UDIN generation is a personal act of the signing member — delegating the login itself (as opposed to preparing the data) undermines the entire control.

Where TatvaBooks fits

UDIN generation itself happens only on ICAI's own portal — we don't replicate that. Where TatvaBooks helps a practice is upstream: the Practice plan gives a CA firm a shared compliance calendar across clients, so audit sign-off dates, certificate issue dates and other deadlines that feed into your UDIN discipline don't get missed in the first place. If you're managing UDIN timelines across a multi-client practice on spreadsheets today, that's worth a look — see TatvaBooks for Chartered Accountants or our pricing page.

Frequently asked questions

What is UDIN in simple terms?
UDIN (Unique Document Identification Number) is an 18-digit number generated by a practising Chartered Accountant on the UDIN portal for every audit report, certificate or attestation they sign. It's a system-generated, timestamped identifier that lets anyone relying on the document — a bank, a regulator, an income tax officer — verify on the ICAI UDIN portal that the document was actually issued by that member and hasn't been tampered with or backdated.
Is UDIN mandatory for all CA certificates?
ICAI has progressively expanded UDIN's mandatory scope to cover most audit reports, certificates and attest functions signed by a practising member — including tax audit reports, GST-related certifications and a wide range of certificates issued to third parties. Some internal or non-attest work may fall outside the requirement. Because the scope has been extended in phases, check the current applicability list on the ICAI/UDIN portal before deciding a specific document is exempt.
What happens if UDIN is not generated on a certificate?
A certificate or report issued without a mandatory UDIN can be treated by ICAI as invalid or unauthenticated, and the member can face disciplinary action. Practically, several regulators, banks and government departments now reject certificates that don't carry a valid UDIN, so the immediate business consequence is often the document simply not being accepted — before ICAI ever needs to act.
Can UDIN be generated after the document date?
ICAI's rule is to generate UDIN within a defined window of signing the document — commonly understood to be within about 60 days, but treat this as indicative and confirm the current time limit on the UDIN portal, since ICAI has revised timelines before. Generating UDIN well after the fact, or only when a query is raised, defeats the purpose of the control and is itself flagged as a compliance lapse.
How can a bank or third party verify a UDIN?
Anyone — no login required — can go to udin.icai.org, use the 'Verify UDIN' option, enter the 18-digit UDIN shown on the document, and see the member's name, membership number, document type and date it was generated. If the UDIN doesn't resolve to a matching, unrevoked entry, the document should not be relied upon at face value.

Built for CA practices

Run your practice's compliance calendar in one place.

Client-wise deadlines, document tracking and a shared workspace for your team — so nothing slips past the date you needed to act on it.