Follow Us:

This is a policy article examining the Directorate General of Foreign Trade’s (DGFT) mandatory annual Importer-Exporter Code (IEC) updation exercise introduced under Notification No. 58/2015-2020. The author questions the legal basis, necessity and effectiveness of the annual compliance requirement, stating that the DGFT has not answered representations seeking the statutory authority for mandatory annual updation, justification for collecting information already available in other government databases, or authority to delete previously validated records from its portal. The article also raises concerns regarding mandatory disclosure of bank account details, data integrity, automated IEC deactivation notices that allegedly omitted IEC numbers and entity names, and the handling of formal representations made to the DGFT, PMO, Cabinet Secretary, CAG and CVC. It refers to the DGFT’s response describing the process as a simple online self-certification mechanism and sets out the author’s proposed reforms, including event-triggered updates, real-time integration with other government databases, protection against deletion of validated data, publication of updation outcomes, and issuance of notices identifying the relevant IEC and business entity. The article concludes that these issues have been placed in the public domain as the first part of a policy series.

A POLICY ARTICLE — DGFT ACCOUNTABILITY SERIES
The Great IEC Updation Charade: How the DGFT Harvests Exporter Time, Erases Public Records, and Answers to No One
Article 1 of a Series: The DGFT Accountability Deficit

Every year, between April and June, over one million Indian exporters holding an Importer-Exporter Code (IEC) are compelled by the Directorate General of Foreign Trade, presently headed by Shri Lav Agarwal as Addl. Secretary & DGFT, to update their IEC particulars on the DGFT portal. The message is unambiguous: update your IEC details on the DGFT portal, or your IEC will be deactivated. No IEC, no export. For a business that lives on shipments, deactivation is existential.

The exercise, introduced under Notification No. 58/2015-2020, has now completed five annual cycles. In those five years, it has consumed hundreds of millions of man-hours of the trading community’s time, generated a thriving consultancy industry that extracts rent from a process that should cost nothing, and — by its own internal evidence — failed its stated objective. As I will demonstrate, the DGFT portal today carries IECs that lack even the PAN numbers of the firm’s partners, despite five consecutive years of mandatory annual updation. If weeding of inactive IEC was the objective then how this prevails?

I have raised these issues formally — with the DGFT, with the Prime Minister’s Office, with the Cabinet Secretary, with the Comptroller & Auditor General of India, and with the Central Vigilance Commissioner. The response has been a masterclass in bureaucratic evasion. This article is the public record.

What the DGFT Says the Exercise Is

Joint DGFT Shri Raman Kumar, in disposing of my PMO grievance (Registration No. PMOPG/E/2026/0094391) on 15.06.2026, described the annual IEC updation as a

“a simple online self-certification mechanism” under which, if no changes exist in the IEC holder’s details, the holder can confirm particulars “without submission of fresh supporting documents.”

This description is a half-truth that conceals the operational reality. It deserves to be examined word by word.

The Four Questions the DGFT Has Not Answered

Question 1: Why Annual Compulsion When There Is No Material Change?

The DGFT’s stated rationale is the maintenance of “an updated and authentic database” for policy formulation, risk assessment, and regulatory compliance. This rationale dissolves under the simplest scrutiny.

If an exporter’s firm name, address, directors, bank accounts, and business category have not changed since last April — and for most IEC holders, they have not — what precisely is being “updated”? The answer is: nothing. The exercise is a click-through self-certification that changes no data, verifies no risk, and improves no policy.

The DGFT has not provided — and in response to my formal representations, has refused to provide — any empirical evidence of what percentage of annual updations result in actual data changes, what regulatory actions have been triggered by those changes, or what policy formulations have been improved by the exercise. Five years of mandatory compliance, and not a single published outcome metric.

The core legal question, posed to the DGFT in my Rejoinder dated 03.07.2026, remains unanswered:

Under which precise provision of the Foreign Trade (Development and Regulation) Act, 1992, or the Foreign Trade (Regulation) Rules, 1993, is the DGFT authorised to impose a mandatory annual compliance cycle on IEC holders on pain of deactivation?

Mere existence of a notification does not make a provision reasonable or immune from scrutiny. A notification that imposes a blanket annual compliance burden on 1.1 million entities requires demonstrable justification. None has been offered.

Question 2: What Does the Annual Updation Add That Five Existing Databases Do Not?

This is the redundancy argument, and it is decisive.

PAN databases (CBDT) carry the identities, PAN numbers, and addresses of every proprietor, partner, and director linked to a business entity. MCA21 carries the complete incorporation details, directorship history, and registered address of every company and LLP in India, updated in real time on every regulatory filing. GST databases carry the GSTIN-linked business address, authorised signatories, bank accounts, and return history of every registered taxpayer. Customs EDI carries the complete shipment, licensing, and compliance history of every IEC holder. BIN (Bank Identification Number) systems carry verified bank account details linked to business identities. Bank databases certify the bank account details on the DGFT portal. When all these databases are online & accessible to the DGFT at the click of a mouse then what is the essentiality of the annual updation?

These databases, taken together, provide a more comprehensive, more current, and more verifiable picture of any IEC holder than any self-certification exercise can produce. They are maintained by sovereign regulatory authorities with statutory audit obligations. They are updated on every transaction, not once a year. It is pertinent to point out that import & exports & domestic trade transactions in the Customs & the GST respectively give the real time updated IEC information in respect of each & every IEC. Not only this, the updated utilization of any FTP/HBP measures recorded on the DGFT portal itself is the most credible evidence of the IEC being actively used.

The DGFT’s position — that its own annual self-certification exercise produces something these five databases do not — is not merely implausible. It is the kind of claim that collapses on contact with evidence. The DGFT has refused to engage with this argument in any of its responses.

Question 3: Under What Law Does the DGFT Delete Validated Corporate Records Without Consent?

This is the most serious question, and it goes well beyond administrative inconvenience into potential statutory violation.

Upon closing a previous application session or entering the annual renewal window on the DGFT portal, the system erases previously validated data, including:

  • Proofs for place of business (submitted and validated in prior cycles)
  • Legal status documents of the business entity
  • Cancelled bank cheques uploaded on the portal
  • Cellphone numbers and metadata of business entity officials

The DGFT, in its 15.06.2026 response, described the updation as an exercise where holders confirm particulars “without submission of fresh supporting documents.” This is directly contradicted by what the portal actually does: it deletes the previously submitted documents and requires fresh uploads. This forces exporters through what I have called “donkey labour” — re-feeding data that the system itself destroyed, cycle after cycle.

The legal question is precise:

Under which provision of the Foreign Trade (Development and Regulation) Act, 1992, or the Foreign Trade (Regulation) Rules, 1993, or the Information Technology Act, 2000, is the DGFT authorised to unilaterally erase from a government portal legally validated business entity records that were submitted by IEC holders in compliance with a statutory obligation?

I posed this question in my Rejoinder dated 03.07.2026 addressed to the Addl. Secretary & DGFT and the Joint DGFT Shri Raman Kumar, with copies to the Cabinet Secretary, the CAG, and the CVC. No answer has been received as of the date of this article.

The implications extend beyond inconvenience. First, if the DGFT can delete any document unilaterally and without legal authority, the sanctity of the DGFT database is destroyed. Data submitted by exporters in compliance with a statutory requirement is a public record. Deletion of public records without statutory authority is a breach of the government’s data custody obligation. Second, and more gravely: the unilateral deletion of historical filings and electronic audit trails creates a direct risk of erasing evidence of non-compliance or financial irregularities. I have formally brought this to the attention of the CVC for immediate oversight under vigilance guidelines.

Question 4: Why Does the DGFT Demand Bank Account Details That Revenue Authorities Do Not?

The annual updation process requires IEC holders to provide complete details of all bank accounts linked to the business. Neither the Customs authority nor the GST authority — both of which are revenue collection agencies with direct enforcement powers over the trading community — make this demand.

The security implication is self-evident. A database of 1.1 million business entities with their complete banking details is a high-value target. If the DGFT database, which has demonstrated an inability to maintain basic data integrity (as evidenced by IECs without partner PAN numbers after five years of updation), were breached, the financial exposure of the entire Indian export community would be direct and immediate.

The DGFT has provided no legal basis for this demand, no risk assessment justifying it, and no security audit confirming the adequacy of its data protection measures.

The Broken Database: The Self-Indictment

The DGFT’s justification for the annual updation is the maintenance of an “updated and authentic database.” Here is the test of that claim.

After five consecutive years of mandatory annual updation, enforceable under pain of IEC deactivation, I can cite specific IECs in the DGFT database that do not carry even the PAN numbers of the firm’s partners.

Read that again. Five years. Mandatory compliance. Deactivation threat. And IECs without partner PAN numbers. The point is that if the IEC holder does not update the database then what is the consequence?

The exercise has failed its own stated objective by its own internal evidence. The database is not updated. It is not authentic. The annual updation exercise does not fix it because the exercise is not designed to fix it — it is designed to be repeated.

The Notices That Are Void Ab Initio

On 14.07.2026, I received multiple automated emails from noreply-dgftbo@gov.in threatening IEC deactivation for non-compliance with the annual updation. These notices share a common defect that makes each of them legally void: not one notice specifies the IEC number or the name & address of the business entity to which it pertains.

A statutory notice that fails to identify its own subject is a nullity. It is non-est and void ab initio. This is not a technicality. It is the most basic requirement of a notice under the principles of natural justice as settled by the Supreme Court of India — the authority against whom action is proposed must know precisely what action is proposed against precisely what subject.

The DGFT sent these notices to the professional email address of the undersigned, knowing that the same address is linked to multiple IEC-holding entities. By omitting the IEC number and entity name, the DGFT has made it impossible for the recipient to identify which entity’s IEC is at risk of deactivation, or to take corrective action even if compliance were intended.

This is not incompetence. The IEC number is available on the DGFT’s own portal against the registered email address. Omitting it from the notice is a calculated administrative act. In my formal reply dated 15.07.2026, I have characterised it as such and demanded that any future communication of whatsoever nature explicitly specify the IEC number and entity name. I have also placed on record that any deactivation effected under these defective notices will be treated as arbitrary, ultra vires, and illegal state action.

The Accountability Deficit

I have pursued this matter through every available channel:

  • PMO Grievance (PMOPG/E/2026/0094391 dated 01.06.2026): Disposed of by Joint DGFT Shri Raman Kumar on 15.06.2026 with an evasive response that ignored every substantive point raised.
  • Strong Protest to Cabinet Secretary (RG:PEC:11, 29.06.2026): Addressed to the Cabinet Secretary— demanding immediate intervention and policy reform. No response received.
  • Rejoinder to DGFT (03.07.2026): Addressed to Addl. Secretary & DGFT and Joint DGFT Shri Raman Kumar, copied to Cabinet Secretary, CAG, and CVC. No response received.
  • Formal Reply to Defective Notices (15.07.2026): Addressed to Addl. Secretary & DGFT, copied to Cabinet Secretary, CAG, CVC, and DoPT Secretary. Demanding a reasoned speaking order before any further engagement.

The pattern is consistent: formal representations are either met with evasive disposal or simply ignored. The Supreme Court has settled, in Asst. Commissioner (Commercial Tax) v. Shukla & Brothers (2011) 4 SCC 484, that a reasoned speaking order is mandatory and its absence is independently actionable as a violation of the principles of natural justice. The DGFT has received this demand in writing, in multiple representations. Its continued silence is not a procedural oversight. It is a choice.

Who Bears the Cost — and Who Benefits?

The annual IEC updation is not a costless exercise for the trading community. Every IEC holder must:

  • Access the DGFT portal (which has documented technical glitches, including the data deletion described above)
  • Re-upload documents that the portal deleted from the previous cycle
  • Link the IEC using DSC or Aadhaar, creating a dependency on third-party token vendors
  • Navigate a process that generates sufficient complexity to sustain a consultancy industry charging fees for what should be a zero-cost annual affirmation

For a small exporter operating on thin margins — and the overwhelming majority of India’s 1.1 million IEC holders are precisely such operators — this annual exercise represents a material compliance cost that has no corresponding regulatory benefit.

The beneficiaries of the current design are identifiable. Consultants and service providers who make a living facilitating a process that the DGFT has designed to be complex enough to require facilitation. If the annual updation were genuinely a “simple online self-certification” — as the DGFT itself described it — nobody would pay a professional to do it. The complexity is the product, not an accident of implementation.

There is a second, more troubling possibility that I raise formally and on record: an “updated and authentic” database of over one million business entities, with their identities, addresses, directors, and bank accounts, has significant commercial value. I have reasons to believe — and I am placing this belief on public record to invite regulatory scrutiny — that the DGFT’s insistence on maintaining this exercise, and the specific data it captures (including banking details that no revenue authority demands), warrants a CAG audit of the DGFT portal’s data management practices, including any third-party data-sharing arrangements.

What Should Be Done

The reforms required are neither complex nor expensive:

  • Abolish the mandatory annual updation and replace it with an event-triggered update obligation — IEC holders update their details when a material change occurs, exactly as they do with MCA, CBDT, and GST within a specified time limit.
  • Integrate the DGFT portal in real time with MCA21, CBDT-PAN, GST, and Customs EDI, Banks via API. The DGFT’s verification function is then discharged automatically, without burdening the trading community with a separate annual cycle.
  • Enact a statutory prohibition on the deletion of validated data from the DGFT portal without the explicit written consent of the IEC holder. Any deletion without consent must generate an automatic audit trail and a compliance report to the CVC.
  • Require the DGFT to publish, in its Annual Report, the outcomes of the annual updation exercise — what percentage of IEC holders submitted updates with actual data changes, what regulatory actions resulted, and what policy formulations were informed by the exercise. If no such outcomes can be reported, the exercise must be discontinued.
  • Issue defect-free, legally valid notices that specify the IEC number and entity name — the most elementary requirement of natural justice. Not only this, each & every communication with the IEC holder from the DGFT office should comply with this basic requirement.

None of these reforms requires new legislation. Each requires only administrative will — the one commodity that the DGFT appears unwilling to deploy.

Conclusion: This Is Not a Minor Issue

The DGFT’s mandatory annual IEC updation is not a minor procedural irritant. It is a case study in precisely the kind of regulatory conduct that the Government of India’s “Minimum Government, Maximum Governance” and Atmanirbhar Bharat frameworks were designed to eliminate. It imposes a mandatory compliance cost on over one million businesses, with no demonstrable regulatory benefit. It deletes public records without statutory authority. It issues void notices. It refuses to answer pointed legal questions with reasoned responses. And it has, after five years of operation, produced a database that still lacks basic identifiers for many of the entities it purports to track.

I have given the DGFT every opportunity to justify this exercise in law and evidence. It has not done so. I am therefore placing the complete record in the public domain, where it belongs, in the hope that the trading community, the CAG, the CVC, and ultimately the legislature will take the interest in this matter that the administration has declined to show.

This is Article 1 of a series. Forthcoming articles will address: the excessive TRQ application fee of Rs. 1,00,000 under CEPA (representing approximately 25% of the savings generated by the allotment itself); the DGFT’s refusal to permit post-shipment HS code amendment in Advance Authorisation licences, notwithstanding that the Customs authority permits such amendment under Sections 149 and 154 of the Customs Act, 1962; and other instances of administrative conduct by the DGFT that impose irrational burdens on the export community while serving no demonstrable policy purpose.

The trading community did not become Atmanirbhar by being managed like this. It became competitive despite it.

******

The author is an EXIM Policy Analyst with over four decades of experience in Indian export trade and writes on law, policy, and macroeconomics.

Correspondence: rajiv.pec@gmail.com

Join Taxguru’s Network for Latest updates on Income Tax, GST, Company Law, Corporate Laws and other related subjects.

Leave a Comment

Your email address will not be published. Required fields are marked *

Search Post by Date
July 2026
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031