For practising CAs · ICAI compliance
UDIN, explained for the CA who has to actually generate one.
What UDIN is, why ICAI made it mandatory, the exact steps to generate one on the UDIN portal, which documents need it, and how anyone can verify a UDIN you've issued.
- Reviewed July 2026
- 7 min read
- CA Anil Agarwal & the TatvaBooks team
What is UDIN?
UDIN — Unique Document Identification Number — is an 18-digit number that a practising Chartered Accountant generates on ICAI's UDIN portal for every audit report, certificate or attestation they sign. It's stamped with the member's registration number, the document type and the date, and once generated it can be verified independently by anyone who receives the document — a bank, a regulator, the income tax department, or any third party relying on it.
ICAI introduced UDIN to address a real problem: certificates and reports being forged or issued under a CA's name without their knowledge, and non-CAs signing as "Chartered Accountants" on documents submitted to banks and government departments. UDIN closes that gap — a document without a valid, verifiable UDIN (where UDIN is mandatory for that document type) shouldn't be accepted at face value.
Why ICAI made UDIN mandatory
Before UDIN, there was no independent, real-time way for a bank manager, an ROC official or an income tax officer to confirm that a certificate was genuinely issued by the CA whose name and membership number appeared on it. UDIN gives every relying party a single, free, no-login lookup — enter the 18-digit number on the UDIN portal and see the member's name, membership number and the document details, or a "not found" if the number doesn't check out.
For the profession, it also creates a clean audit trail: once generated, a UDIN is tied to that specific document and can be revoked by the member only through a defined process — it can't be silently rewritten later without a trace.
Which documents require UDIN
ICAI has expanded UDIN's mandatory scope in phases since its introduction, and it now covers most reports, certificates and attest functions a practising member signs. The categories below are the broad buckets — always confirm current applicability on udin.icai.org before treating a specific document as exempt, since ICAI updates the list by announcement.
| Category | Typical examples |
|---|---|
| Audit reports | Statutory audit, tax audit (Form 3CA/3CB-3CD), GST audit-related certifications, internal audit reports issued in a signing capacity |
| Certificates | Net worth certificates, turnover certificates, certificates for banks/NBFCs, foreign remittance certificates (15CB), stock audit certificates |
| GST-related attestations | Certifications and reconciliation-type attestations issued under GST law where the practitioner signs in a professional capacity |
| Other attest functions | Any document, report or certificate signed by a practising CA that is meant to be relied upon by a third party (banks, regulators, government departments, other stakeholders) |
As a working rule: if you're signing something in your capacity as a practising CA that a third party will rely on — a bank, NBFC, government authority, or another professional — assume UDIN applies unless the portal's document-type list says otherwise. Purely internal working papers or management reports not meant for external reliance are generally outside scope, but when in doubt, check the current list rather than assume.
How to generate UDIN — step by step
The process is the same for every document type; only the "particulars" you fill in change.
- Log in to the UDIN portal (udin.icai.org) using your membership number and password. First-time users register with their ICAI membership details.
- Choose the correct category — Certificate, GST & Tax Audit, or Assurance Function — matching the document you're issuing.
- Enter the document particulars — client/entity name, document type, financial year or period, and other fields the form asks for. These should match the actual document exactly, since the UDIN is tied to these details.
- Submit and generate the UDIN. The portal returns an 18-digit number immediately.
- Print or write the UDIN on the document before it is issued — typically alongside your signature, membership number and firm registration number (where applicable).
- Generate it within the prescribed time window of signing — do this before or at the time of signing, not after the document has already gone out and a query has come back.
If details on the document change after the UDIN is generated (say, a figure is corrected), the correct approach is to revoke the original UDIN with reasons on the portal and generate a fresh one for the corrected document — not to edit the document while leaving the old UDIN in place.
How to verify someone else's UDIN
Verification needs no login. Go to udin.icai.org, select "Verify UDIN," enter the 18-digit number exactly as it appears on the document, and submit. A valid, active UDIN returns the member's name, membership number, the document type and the date it was generated — enough to confirm the document is genuine and matches who claims to have signed it. If the number doesn't resolve, or the details don't match what's printed on the document, that's a red flag worth raising before relying on the certificate.
Common mistakes practising CAs make with UDIN
- Generating it late. UDIN issued days or weeks after the document was signed — often only when a bank or authority asks for it — is treated as non-compliance even if the number is eventually generated. Build UDIN generation into your sign-off checklist, not into your "fix later" pile.
- Wrong document category. Picking "Certificate" when the document is actually a GST-related attestation (or vice versa) means the UDIN record doesn't match the document type — this surfaces as a mismatch on verification.
- Mismatched particulars. Entering a different client name, period or figure on the portal than what's actually printed on the document. The UDIN is only as reliable as the data behind it.
- Not revoking superseded UDINs. Reissuing a corrected certificate without formally revoking the original UDIN leaves two "valid-looking" numbers in circulation for what should be one document.
- Assuming a document is exempt without checking. The mandatory list has grown since UDIN was introduced — a document type you treated as out of scope two years ago may be in scope today.
- Sharing portal login credentials with articled staff. UDIN generation is a personal act of the signing member — delegating the login itself (as opposed to preparing the data) undermines the entire control.
Where TatvaBooks fits
UDIN generation itself happens only on ICAI's own portal — we don't replicate that. Where TatvaBooks helps a practice is upstream: the Practice plan gives a CA firm a shared compliance calendar across clients, so audit sign-off dates, certificate issue dates and other deadlines that feed into your UDIN discipline don't get missed in the first place. If you're managing UDIN timelines across a multi-client practice on spreadsheets today, that's worth a look — see TatvaBooks for Chartered Accountants or our pricing page.
Frequently asked questions
What is UDIN in simple terms?
Is UDIN mandatory for all CA certificates?
What happens if UDIN is not generated on a certificate?
Can UDIN be generated after the document date?
How can a bank or third party verify a UDIN?
Read next
Keep going.
Compliance guides
For practising CAs
Pricing
Built for CA practices
Run your practice's compliance calendar in one place.
Client-wise deadlines, document tracking and a shared workspace for your team — so nothing slips past the date you needed to act on it.