Legal Suvidha is a registered trademark. Unauthorized use of our brand name or logo is strictly prohibited. All rights to this trademark are protected under Indian intellectual property laws.
Legal Suvidha
Income Tax

Aadhar Authentication for taxpayers

Aadhaar authentication is mandatory for GST registration applicants and authorised signatories under Section 25(6A) to (6D) of the CGST Act and Rule 8 of the CGST Rules. During registration, the applicant authenticates via OTP sent to the Aadhaar-linked mobile, and in flagged jurisdictions through biometric capture at a GST Suvidha Kendra. Without Aadhaar authentication, physical verification of the place of business is mandatory, refund applications can be delayed, and revocation of cancelled registration becomes harder. Existing taxpayers can authenticate from the GST portal profile.

Priyanka WadheraPriyanka Wadhera
Published: 16 Apr 2022
Updated: 23 May 2026
13 min read
Aadhar Authentication for taxpayers
1
2
3
4
5
6
7
8
9
10
11
12
13

Complete 2026 guide to Aadhaar authentication for GST taxpayers: process, who needs it, biometric trigger jurisdictions and impact on refunds and revocation.

Aadhar Authentication for Taxpayers: Complete GST Guide for FY 2026-27

Aadhaar authentication is now a mandatory gateway to GST registration, refund claims, revocation of cancellation, and core-field amendments. Under Section 25(6A) of the CGST Act 2017 and Rule 8 of the CGST Rules, every applicant filing Form GST REG-01 must authenticate Aadhaar before the application reaches an officer's queue. In biometric-flagged jurisdictions, this extends to an in-person visit at a notified facilitation centre. Done correctly, Aadhaar authentication collapses your registration window from 30 days to 3 working days, unlocks 90% provisional refund within days of acknowledgement, and keeps your GSTIN clear of CBIC's fraud-risk analytics flag.

Why CBIC Introduced Aadhaar Authentication: The Fraud Problem It Solves

The GST system haemorrhaged revenue in its first few years from two interrelated frauds: fake GSTIN issuance and circular-trading ITC chains. Syndicates would register shell entities using stolen PAN data, generate fraudulent invoices, and vanish after claiming input tax credit worth hundreds of crores. Physical address verification alone proved insufficient — inspectors would visit addresses that were genuine at the time of inspection but emptied immediately after.

CBIC, working jointly with GSTN and UIDAI, introduced Aadhaar authentication to bind every GSTIN to a living, identifiable natural person. The legal foundation is Sections 25(6A) to 25(6D) of the CGST Act, inserted through the Finance Act 2019 and made operational through subsequent notifications. Rule 8 of the CGST Rules operationalises the process: it mandates authentication of Aadhaar for the specified persons in every class of taxable person and prescribes what happens — physical verification — when authentication is not completed.

The results are measurable. States that moved to biometric authentication reported significant drops in new fraudulent GSTIN registrations within months of rollout. The cost to you, as a legitimate taxpayer, is 10–15 minutes of a one-time process. The benefit is faster registration, faster refunds, and a demonstrably cleaner compliance profile.

Who Must Authenticate Aadhaar Under Section 25(6A): The Complete List

Authentication is not per-entity — it is per person representing that entity. The following individuals are required to authenticate:

  • Sole proprietorship: The proprietor
  • Partnership firm: Every partner
  • Limited Liability Partnership (LLP): Every designated partner
  • Hindu Undivided Family (HUF): The Karta
  • Company (private, public, Section 8): The Managing Director or, where MD is absent, the whole-time director; plus every authorised signatory named in the registration application
  • Trust: The managing trustee or any trustee authorised under the trust deed
  • Association of Persons / Body of Individuals: The member nominated as authorised signatory by the governing resolution or constitution document
  • Government department / Local authority: The officer authorised by the head of the department

If your company appoints an employee as an additional authorised signatory under a board resolution, that employee must also authenticate. The board resolution alone is insufficient — GSTIN Aadhaar linking must be completed through the portal for each signatory independently.

One important nuance: a foreign national who is a director or partner but does not hold an Aadhaar number is exempt from Aadhaar authentication. The registration application must carry a declaration to this effect along with their passport details.

Step-by-Step: Aadhaar OTP Authentication During Fresh Registration (Form GST REG-01)

This is the smoothest point at which to authenticate, because you control the entire process from your screen. Here is the exact sequence:

  1. Go to the GST portal (www.gst.gov.in) and generate a Temporary Reference Number (TRN) under Services → Registration → New Registration.
  2. Log in with the TRN and fill Part B of Form GST REG-01.
  3. On the Aadhaar Authentication tab, the portal presents two options: Yes, I want to authenticate Aadhaar or No, I will proceed without authentication. Select Yes.
  4. Enter the Aadhaar number of the first promoter/partner. The portal validates the number format instantly.
  5. The system sends a 6-digit OTP to the Aadhaar-linked mobile number registered with UIDAI. This OTP is valid for 10 minutes. Enter it on the GST portal Aadhaar OTP screen.
  6. Repeat for each promoter, partner, or designated partner listed in the application.
  7. Submit the completed REG-01. The application enters the officer's queue immediately.

Timeline: With successful authentication, the registration authority must either approve or raise a deficiency notice within 3 working days from the date of submission (as notified under Rule 9 of the CGST Rules, as amended). Without authentication, the authority has 30 working days — and physical premises verification is mandatory before that clock even starts.

Practically, this means an authenticated application filed on a Monday can have a GSTIN in hand by Thursday. An unauthenticated application filed the same day could take six weeks.

Step-by-Step: Aadhaar Authentication for Existing Registered Taxpayers

If you are already registered but have not authenticated — common for taxpayers registered pre-2020 or those who opted out — here is how to complete it:

  1. Log in to the GST portal with your existing GSTIN credentials.
  2. Navigate to My Profile (top-right corner after login) → Aadhaar Authentication Status.
  3. The screen shows each promoter and authorised signatory listed on the registration. Against each name, click Send Authentication Link.
  4. An authentication link is dispatched to the email and mobile number registered against that person's profile in the REG-01. The link remains valid for 15 days.
  5. The recipient clicks the link, enters their Aadhaar number, and submits the OTP received on their Aadhaar-linked mobile.
  6. The portal updates the authentication status in real time. Refresh the page to confirm.

Practical check: Before sending the link, verify that the mobile number in the GST portal profile matches the number linked to UIDAI. A mismatch here is the single most common reason authentication fails silently — the OTP lands on a phone the person no longer has.

Biometric Authentication: Which States Are Flagged and What to Expect On-Ground

CBIC has rolled out biometric-based Aadhaar authentication in phases, prioritising states with higher GST fraud incidence. As of FY 2026-27, biometric authentication is active across a significant number of states including Gujarat, Andhra Pradesh, Telangana, Himachal Pradesh, Tamil Nadu, Karnataka, and several others notified progressively through CBIC circulars. The list is updated on the GST portal's Aadhaar Authentication Facilitation Centre locator — always check the portal rather than relying on third-party lists, because states are added without advance public notice.

What biometric authentication involves at the facilitation centre:

  • Bring your original Aadhaar card (or Aadhaar letter) and one additional photo ID
  • The centre operator captures your live fingerprint biometric against the Aadhaar database
  • A live photograph is also taken at the time of visit and linked to your registration application
  • For proprietors and partners, original proof of the principal place of business (electricity bill, rental deed, or own-property document) is inspected and a photograph of the premises may be taken

Appointment and timing: Most facilitation centres operate on a walk-in basis for GST registrations, though some states have moved to appointments. Check the centre's status on the GST portal. Arrive with originals and self-attested photocopies; incomplete documentation means a wasted trip.

Timeline impact: Biometric authentication does add 1–5 working days to the registration timeline compared to OTP-only authentication, but it is still faster than physical inspection under the non-authentication path. Plan your registration window: if you need a GSTIN by a specific date (for example, before raising your first export invoice), allow 10 working days after biometric authentication.

How Aadhaar Authentication Affects Your GST Refund Under Rule 89

This is the section where authentication has the most direct rupee impact for active businesses.

Refund applications under Rule 89 of the CGST Rules — covering export of goods or services with payment of IGST, zero-rated supplies to SEZ units, inverted duty structure, and excess balance in the electronic cash ledger — are processed through a risk-scoring engine on GSTN. Aadhaar-authenticated taxpayers receive a lower risk score, which translates into two concrete benefits:

Benefit 1 — Provisional refund at 90% within days of acknowledgement. Under Section 54(5) of the CGST Act, the proper officer can sanction 90% of the claimed refund amount on a provisional basis. For authenticated taxpayers classified as low-risk, this provisional order is generated quickly after Form RFD-01 is filed and the ARN (Acknowledgement Reference Number) is generated. The remaining 10% is released after the final order, which must be passed within 60 days of the complete application under Section 54(7).

Benefit 2 — Fewer pre-refund document requests. Non-authenticated or high-risk-flagged taxpayers regularly receive notices under Rule 92 asking for additional documents before the provisional refund is released. Each such notice resets parts of the timeline and requires a response within 15 days. Authenticated taxpayers face this friction far less frequently in practice.

Non-authenticated taxpayers are not denied refunds — but their applications sit in a higher-scrutiny queue. Combined with the document requests described above, refund turnaround for a non-authenticated exporter can stretch to 90–120 days, tying up working capital unnecessarily.

Worked Example: The Real Rupee Cost of Skipping Authentication

Consider a mid-sized textile exporter — call them Sunrise Fabrics — that exports Rs. 80 lakh of goods in a quarter with IGST paid of Rs. 14.4 lakh (at 18%). They file their GSTR-1 and GSTR-3B on time. However, neither the proprietor nor the authorised signatory has completed Aadhaar authentication on the GST portal.

Sunrise Fabrics files Form RFD-01 for Rs. 14.4 lakh. Because the GSTIN is flagged as non-authenticated, the application enters the high-scrutiny queue. The officer raises a notice under Rule 92 on Day 20 seeking:

  • Shipping bills
  • Bank realisation certificates
  • Reconciliation of GSTR-1 with ICEGATE data

Sunrise Fabrics responds on Day 35. The officer reviews and passes the provisional refund order on Day 55. Final order comes on Day 75.

Working capital cost:

  • Refund of Rs. 14.4 lakh tied up for approximately 75 days
  • Sunrise Fabrics' bank OD rate: 12% per annum
  • Cost: Rs. 14,40,000 × 12% × 75/365 = Rs. 35,507

An Aadhaar-authenticated equivalent exporter — same turnover, same refund amount — would typically receive the provisional refund (Rs. 12.96 lakh = 90% of Rs. 14.4 lakh) within approximately 15–20 days of filing, with the final 10% following the formal order. Working capital freed up 55+ days earlier, saving Rs. 26,000+ in interest cost.

Authentication takes 15 minutes. The saving above is annual and recurring.

Aadhaar Mismatch: Why It Happens and Exactly How to Resolve It

Authentication failure due to mismatch is the second most common reason registrations stall, after wrong mobile number. The UIDAI database and PAN database do not always agree on name spelling, date of birth, or address because they were built from different source documents over different timelines.

Common mismatch scenarios:

  • Name in Aadhaar: "Rajesh Kumar Gupta" vs. name in PAN: "R K Gupta" — abbreviation mismatch
  • Date of birth differs by one day or year (data entry error at Aadhaar enrolment)
  • Father's name included in one database but not the other

Resolution sequence:

  1. First, determine which database is wrong by comparing Aadhaar with your original birth certificate or passport
  2. If Aadhaar is wrong: Update via UIDAI's self-service portal (myaadhaar.uidai.gov.in) for address; for name or date of birth updates, visit an Aadhaar Seva Kendra with supporting documents (passport, birth certificate, school leaving certificate)
  3. UIDAI typically processes corrections in 7–10 working days. You will receive an SMS confirmation
  4. After confirmation, re-attempt authentication on the GST portal
  5. If authentication continues to fail despite a correct Aadhaar, visit the notified GST Suvidha Kendra with original documents for manual verification and biometric capture

Critical warning: Do not abandon a stalled TRN and start a new registration. Incomplete TRNs remain in GSTN's system and can trigger queries when you eventually register — officers see the prior incomplete applications and may flag the new one for scrutiny. Resolve the mismatch and use the same TRN.

Authentication for HUFs, Trusts, Partnerships, and Companies: Entity-Specific Guidance

Hindu Undivided Families

The Karta authenticates — not any co-parcener. If the Karta does not hold an Aadhaar (rare but possible for elderly Kartas), a copy of the application for Aadhaar enrolment along with alternate ID proof must accompany the registration. The HUF's constitution document (partition deed or family settlement, if any) must be uploaded along with the Karta's proof of relationship.

Trusts and Societies

The managing trustee, or the person specifically authorised in the trust deed to operate bank accounts and execute agreements, authenticates. The trust deed must be uploaded as the constitution document. If the trust deed authorises multiple trustees jointly, the authorised signatory for GST purposes must be specifically identified through a trustee resolution.

Partnership Firms

Every partner must authenticate. If a firm has 12 partners, all 12 must complete the process. One partner's successful authentication does not cover the rest. This is a common mistake in large firms registering for the first time.

Companies

The Managing Director and each authorised signatory named in the board resolution must authenticate individually. If a company secretary is appointed as an additional authorised signatory, the CS must also authenticate. The registration application should list only those signatories who can practically authenticate — do not list a director who is non-resident or Aadhaar-ineligible unless you have a plan for their exemption documentation.

Pitfalls to Avoid: Common Mistakes That Stall Registrations and Refunds

1. Using a mobile number not linked to Aadhaar. The OTP goes to the UIDAI-registered mobile — not your GST profile mobile, not your email. Verify the linked number at myaadhaar.uidai.gov.in before starting. Updating the mobile number with UIDAI takes 30 days from the request date.

2. Selecting "No" on authentication during REG-01 thinking you can authenticate later. You can authenticate later, but only through the existing-taxpayer flow, which is slower and delays refund eligibility. Always authenticate during REG-01 submission.

3. Sending the authentication link to a partner's old email. The link is time-limited (15 days). If the email is wrong, you lose two weeks before you can re-send. Confirm each person's current email and mobile before sending the link.

4. Starting a new registration when authentication fails. As noted above, stale TRNs create compliance noise. Resolve the root cause — mismatch, wrong mobile, or system error — and use the existing TRN.

5. Assuming authentication is a one-time, permanent event. CBIC's evolving risk framework includes provisions for periodic re-authentication. If a promoter updates their Aadhaar particulars (new address, biometric re-enrollment after an injury), re-authenticate on the GST portal promptly. A desynchronised authentication status can silently flag your GSTIN in future refund processing cycles.

6. Confusing GST authentication with GSTIN-PAN linking on the Income-tax portal. These are separate processes with separate portals. Both are required; one does not substitute for the other.

What Happens After Authentication: Revocation, Amendments, and Ongoing Compliance

Beyond registration and refunds, Aadhaar authentication is a threshold requirement for two other high-stakes GST actions:

Revocation of cancellation (Form GST REG-21): Where a registration has been cancelled suo motu by the officer, the taxpayer can apply for revocation. The application will be scrutinised more leniently, and the order must be passed within 30 days, where the GSTIN is Aadhaar-authenticated. Non-authenticated GST revocation applications face longer processing and a higher likelihood of rejection.

Core-field amendments: Changes to the legal name, principal place of business, or addition of partners/directors are core-field amendments requiring officer approval. An authenticated GSTIN signals a verified identity, which typically results in the amendment being approved on the basis of documents alone, without a fresh inspection.

Re-authentication is also now part of CBIC's post-2024 risk-management architecture. Taxpayers in high-turnover brackets or those in historically fraud-prone sectors may receive re-authentication nudges through the GSTN dashboard. Treat these as compliance requirements, not as optional notifications.

Key Takeaways

  • Section 25(6A) of the CGST Act and Rule 8 of the CGST Rules make Aadhaar authentication mandatory for new registrations; skipping it triggers mandatory physical verification and a 30-working-day timeline instead of 3
  • Authentication is per person, not per entity — every partner, designated partner, MD, and authorised signatory must authenticate individually through the GST portal
  • Biometric authentication is live across multiple states in FY 2026-27; check the GST portal's facilitation centre locator before assuming OTP authentication is sufficient in your state
  • Rule 89 refund processing is materially faster for authenticated taxpayers — the 90% provisional refund under Section 54(5) is released with fewer document requests; the Rs. 35,000+ working capital cost shown in the worked example above recurs every quarter for active exporters
  • Aadhaar mismatch must be resolved at UIDAI before retrying on the GST portal; do not abandon a stalled TRN and start over
  • The most avoidable mistake is entering an OTP authentication attempt with a mobile number not linked to UIDAI — verify at myaadhaar.uidai.gov.in before you start
  • Post-authentication obligations persist: update authentication status whenever a promoter's Aadhaar details change, and treat CBIC re-authentication nudges as hard compliance requirements, not suggestions

Frequently Asked Questions

Is Aadhaar authentication mandatory for GST registration?
Yes. Under Section 25(6A) to (6D) of the CGST Act and Rule 8 of the CGST Rules, all individuals taking new GST registration must authenticate Aadhaar. If authentication is not completed, registration is granted only after physical verification of the principal place of business by a proper officer.
Who needs to authenticate Aadhaar in a company?
At least one authorised signatory along with the Managing Director or a director must complete Aadhaar authentication. For LLPs, designated partners; for proprietorships, the proprietor; for HUFs, the karta; and for trusts and associations, the authorised governing-body member must authenticate.
What if Aadhaar authentication fails on the GST portal?
If OTP fails or mobile is not linked to Aadhaar, the applicant must update mobile linkage with UIDAI and retry, or visit a notified GST Suvidha Kendra for biometric authentication. The GST registration application can still proceed but only after physical verification of the place of business.
Does Aadhaar authentication speed up GST refunds?
Yes. CBIC's 2026 framework gives faster processing to refund applications under Rule 89 from Aadhaar-authenticated taxpayers, with lower risk-flag triggers. Authentication is now a near-mandatory prerequisite for revocation of cancelled registration and core-field amendments in most jurisdictions.
Priyanka Wadhera
Content Reviewed By

Priyanka Wadhera

CA | POSH Consultant | Financial Advisor

"I help startups and mid-sized businesses scale by streamlining their tax advisory, POSH compliances, and virtual CFO systems with 100% precision."

View Profile
Share this article:
Previous
Form 11 vs Form 8 LLP: 12 Differences Every Partner Must Know (2026 Verified Guide)

Related Posts

View All