Tag: orcid database

  • Do I Have an ORCID iD? How to Merge Duplicates

    Do I have an ORCID iD? Search your name in the ORCID public registry or try the password-reset page with every professional and personal email address you have used. If a record was already created for you — often automatically, through a university, funder, or journal submission system — you already have one, and sometimes two. A duplicate must be merged or deactivated; it should never be left active alongside your main record.

    An ORCID iD is a free, persistent 16-digit identifier — formatted as four blocks of four characters and validated with an ISO 7064 (MOD 11-2) check digit — that uniquely distinguishes a researcher from every other person with the same or a similar name. Because the identifier is designed to be permanent, ORCID does not delete duplicate records outright; it deprecates them, and this article covers exactly how that consolidation process works, distinct from closing an account you no longer want at all.

    How do I check if I already have an ORCID iD?

    ORCID gives three reliable ways to confirm whether a record already exists in your name. Each targets a different reason people lose track of an iD: forgotten registration, a changed email address, or an institution having created one on your behalf.

    • Search the public registry. Type your name into the ORCID search bar. If no plausible match appears, you have not yet registered.
    • Recover by email. Enter every current and former professional or personal email address into the ORCID password-reset page. If a matching account exists, ORCID emails you the 16-digit iD.
    • Attempt to register. ORCID’s own guidance confirms that the sign-up form will flag a likely pre-existing profile with your name before letting you create a new one, according to ORCID’s help article “I am not sure if I already have an ORCID ID.”

    If none of these methods surfaces a record, you do not yet have an ORCID iD and can register directly. If more than one method turns up a plausible match, treat that as the trigger to work through the duplicate-resolution process below rather than creating a third record.

    Why do researchers end up with duplicate ORCID iDs?

    Duplicate ORCID records are a routine, well-documented problem, not a rare edge case. They typically arise because ORCID registration is embedded in several independent systems that do not always check for an existing iD first.

    • Registering separately through a university onboarding portal, a funder’s grant-application system, and a journal’s manuscript-submission form, each of which can silently spin up a new iD if the researcher does not sign in with an existing one.
    • Using a different email address at each career stage — student, postdoc, staff — without linking them to a single account.
    • Name variants (middle names, hyphenation, transliteration) that make it harder to recognise an existing record during sign-up.

    None of these causes are dangerous alone — the risk is that citations, grants, and peer-review credit end up scattered across two identifiers instead of one.

    Should you merge or deactivate a duplicate record?

    These are two different actions with different outcomes, and ORCID’s support documentation is explicit that they are not interchangeable. Merging a duplicate is the correct fix; deactivating an account is for closing ORCID access altogether.

    ORCID’s own account-closure guidance states plainly: “Accidentally registered multiple ORCID iDs? Do not deactivate your account — use the duplicate record removal process to merge the accounts instead,” per ORCID’s support article “Deactivating an ORCID account.”

    Scenario Correct action What happens to the data Reversible?
    You accidentally created a second record and can log into both Remove a duplicate record (self-service merge) Duplicate’s data is deleted; only its email address transfers to the record you keep No — once removed, the duplicate cannot be reinstated
    You want to close your ORCID account entirely and stop using ORCID Deactivate your ORCID account All personal information is deleted; the iD itself is retained (masked) so it can never be reassigned Yes — a deactivated account can be reactivated at any time
    You have lost access to the duplicate record and cannot sign in to either recover or remove it Contact ORCID support directly with both iDs ORCID staff verify ownership and action the merge or deprecation on your behalf No, once ORCID staff complete the merge

    How to remove a duplicate ORCID iD, step by step

    The self-service duplicate-removal process takes only a few minutes if you can sign in to both records. ORCID’s help article “I have more than one ORCID iD” sets out the following steps:

    1. Sign in to the ORCID record you want to keep as your primary iD, and go to Account Settings.
    2. Scroll to “Account actions” and select Remove a duplicate record.
    3. Enter the sign-in details (email address or iD, plus password) for the record you want to remove.
    4. Confirm the removal. The duplicate iD is then deprecated, not deleted outright — it becomes a redirect pointing to your primary record, both in the ORCID interface and via the ORCID API.

    If you cannot remember the duplicate’s login details, use the password-reset page first, or contact ORCID support. Only the duplicate’s email address carries over automatically — works, affiliations, and peer-review records on the deprecated iD are not copied across, so check it for anything worth re-adding manually before you remove it.

    What happens to your record after a merge?

    Because ORCID iDs are built to be permanent, a deprecated iD does not simply vanish. It continues to resolve — for example, a deprecated iD such as 0000-0001-6151-2200 displays as deprecated and points visitors to the surviving record, exactly as documented in ORCID’s own duplicate-removal guidance. This matters for anyone tracking citation trails: a paper or grant that cites the old iD will still lead back to the correct, consolidated profile.

    ORCID also relies on the wider community, not only account holders, to flag duplicates it has not caught. Where a publisher, funder, or institution reports a suspected duplicate, ORCID follows its published dispute procedures to investigate and, where warranted, action a merge itself. That support-mediated route is the one to use when access — not awareness — is the blocker.

    This distinction matters for institutions too. Many funders, including UK Research and Innovation (UKRI), require an ORCID iD to submit a grant application, and journals following ICMJE recommendations increasingly request one from corresponding authors. A researcher with an unresolved duplicate risks having grant history or publication credit split across two identifiers precisely when a funder or publisher checks it.

    Common questions about duplicate ORCID iDs

    How do I check if I have an ORCID iD?

    Search your name on ORCID’s public registry, or enter your current and former email addresses on the password-reset page — a matching account will trigger a recovery email containing your 16-digit iD. Attempting to register also flags an existing profile before a new one is created.

    What if I don’t have an ORCID iD?

    If no search or recovery method returns a match, you can register directly on the ORCID registration page in under a minute, free of charge. Registering early avoids the more common problem: multiple systems each creating a separate iD later because none could find an existing one.

    Is ORCID iD compulsory?

    ORCID iDs are not universally mandatory, but they are increasingly required in practice. Many funders and publishers now require an ORCID iD for corresponding authors or grant applicants, so in those specific workflows it is effectively compulsory even where no single global rule enforces it.

    Should I put my ORCID on my CV?

    Yes — listing your ORCID iD on a CV, grant application, or publication profile helps funders, publishers, and collaborators disambiguate you from researchers with similar names. It also gives reviewers a single, authoritative link to your full, consolidated research and authorship record.

    Duplicate ORCID records will keep recurring as long as registration is distributed across universities, funders, and journals rather than centralised at first sign-up. Checking for an existing iD before registering, and merging — rather than abandoning — any duplicate you discover, keeps your research history intact across research administration systems and authorship records, correctly attributed for the rest of your career.

  • ORCID Registry vs Institutional Repository

    Researcher metadata should live in both systems, but for different reasons: the ORCID registry holds the person-owned identity record a researcher carries between institutions, while the institutional repository or CRIS holds the institution-owned record used for reporting, compliance, and assessment. The two should be kept aligned through automated API feeds, not parallel manual entry.

    The ORCID registry is a global, non-proprietary database of persistent digital identifiers — ORCID iDs — that let a researcher maintain one authoritative, portable record of their affiliations, works, and funding across every system they touch. That single design fact is what determines the division of labour with institutional systems, and it is the source of most of the “where does this data actually live” confusion research offices report.

    What is the ORCID registry, and what is it for?

    The ORCID registry launched in October 2012 as a non-profit, member-supported alternative to the proprietary author-ID systems then run by individual publishers and databases. Its governing principle, stated in ORCID’s own registry documentation, is that individuals own their record: researchers — not institutions or publishers — control what is displayed publicly, what is shared with “trusted organisations,” and who those organisations are.

    This person-centric design means the registry is built to follow a researcher across employers, disciplines, and countries. It is not built to answer institution-level questions such as “which outputs count toward our next research assessment” — that is a different data model entirely, owned by a different actor.

    What do institutional repositories and CRIS platforms manage instead?

    Institutional repositories and Current Research Information Systems (CRIS) — platforms such as Pure, Symplectic Elements, and DSpace-CRIS — exist to serve the institution’s reporting, compliance, and visibility needs, not the researcher’s portable identity. They aggregate outputs, grants, and staff affiliations at the organisational level, typically structured around the CERIF (Common European Research Information Format) data model maintained by euroCRIS.

    This is also where regulatory deadlines bite. Under the UK’s Research Excellence Framework open-access policy, outputs must be deposited in an institutional repository within three months of acceptance to remain eligible for the next assessment exercise — a requirement that will continue to apply under REF 2029. That obligation sits squarely with the institution, not with ORCID.

    Where should each type of researcher metadata actually live?

    In practice, the split is not “ORCID or CRIS” but “which record is authoritative for which fact.” The table below sets out the practical division of labour that most research offices converge on once duplicate entry becomes painful enough to fix.

    Metadata type Authoritative home Why
    Person identity, career history, cross-institution works list ORCID registry Researcher-owned, portable, survives institutional moves
    REF/assessment-eligible outputs, funder compliance records Institutional CRIS/repository Institution is legally accountable for reporting accuracy
    Grant and funder affiliation data Both, synchronised Funders (e.g. UKRI) require an ORCID iD at application, then institutions track spend internally
    Public-facing researcher profile ORCID registry (primary), CRIS-fed institutional page (secondary) One canonical identity, many display surfaces

    UKRI has required an ORCID iD from principal and co-investigators applying for funding across its research councils since 2023, which makes the registry the practical entry point for grant-related identity data even though the institution remains the system of record for compliance reporting.

    How do auto-update feeds eliminate duplicate data entry?

    Manual double-entry — typing the same publication into a CRIS and then again into an ORCID record — is the single biggest source of researcher frustration with metadata systems, and it is entirely avoidable. ORCID’s own registry documentation is explicit about the goal: reduce the burden on researchers and improve how information is shared, rather than asking them to re-key it.

    The mechanism is ORCID’s Member API, which — unlike the read-only Public API — allows an authenticated institutional system to write updates directly to a researcher’s record with their permission. A properly configured integration works in both directions:

    • CRIS-to-ORCID push: when a researcher deposits a new output in the institutional repository, the system automatically writes it to their ORCID record, tagged with the institution as the data source.
    • ORCID-to-CRIS pull: when a researcher joins an institution, the CRIS uses ORCID’s “search-and-link” workflow to pull their existing works and affiliation history into the local profile without re-typing.
    • Provenance tagging: every item on an ORCID record carries a visible source tag, so a reviewer can see whether an entry came from the researcher, an institution, a publisher, or a funder.

    Platforms such as DSpace-CRIS offer this bidirectional synchronisation as a built-in feature rather than a custom build, and ORCID’s “trusted organisation” permission model means the researcher grants and can revoke that write access at any time — the delegation is explicit, not implicit.

    Common questions about the ORCID registry

    What is an ORCID registry?

    An ORCID registry is the central, non-proprietary database that issues and stores ORCID iDs — persistent digital identifiers that disambiguate individual researchers and link them to their affiliations, works, and funding records. It is maintained by ORCID, a member-supported non-profit, and researchers register and control it directly rather than an institution or publisher owning the record.

    Can I look up someone’s ORCID?

    Yes. The public search function on the ORCID registry lets anyone look up a researcher’s public profile by name, affiliation, or ORCID iD, subject to whatever privacy settings that individual has chosen. Fields marked private by the record holder will not appear in public search results, even though the underlying record still exists.

    Who can register for ORCID?

    Anyone engaged in research, scholarship, or innovation can register for an ORCID iD directly and free of charge, regardless of career stage, discipline, institution, or country. This open registration model is what allows the identifier to persist across job changes, unlike institution-issued staff or repository IDs that expire when someone leaves.

    Does ORCID cost money?

    Registering for and using an ORCID iD is always free for individual researchers. Costs only arise for organisations: institutions, publishers, and funders that want Member API write access — the level needed for auto-update integrations with a CRIS or repository — pay ORCID membership dues, while read-only lookups via the Public API remain free.

    Implications for research offices and publishers

    For research administrators, the practical takeaway is not to choose between the ORCID registry and the CRIS but to stop treating them as separate data-entry destinations. Institutions that configure bidirectional API sync report far fewer profile-accuracy complaints from academic staff, because researchers enter a change once and it propagates outward.

    For publishers and funders, the same logic applies to contributor metadata: ORCID records can carry CRediT contributor-role tags alongside a work, so a journal’s manuscript system, the author’s ORCID record, and the institution’s CRIS can all reference the same role assignment rather than three independent descriptions of who did what.

    Outlook: toward a single source of truth

    The direction of travel across research information management is unambiguous: person-level identity consolidates in the ORCID registry, institution-level reporting consolidates in the CRIS, and the connective tissue between them is API-driven synchronisation rather than parallel manual records. As funders such as UKRI extend ORCID requirements further into the grant lifecycle, institutions that have not yet automated their CRIS-to-ORCID feeds will face growing duplicate-entry costs relative to those that have.

    Research offices evaluating a CRIS or repository upgrade should treat native, bidirectional ORCID Member API support as a baseline procurement requirement, not an optional add-on — the alternative is asking researchers to keep doing by hand what the API was built to automate.

  • ORCID Database: Inside the Public Data File

    The ORCID database’s annual public data file is a bulk, machine-readable snapshot of every public record in the ORCID registry, released once a year under a CC0 public-domain dedication. It is not the same thing as ORCID’s live summary statistics page — the data file is a static, downloadable dataset built for large-scale analysis of PID adoption, while the statistics page is a running counter of registrations. Together they answer different questions for anyone studying how persistent identifiers are being taken up across research.

    ORCID (Open Researcher and Contributor ID) is a non-profit registry that issues a free, unique 16-character identifier so that individual researchers and contributors can be distinguished from others with similar or identical names. The ORCID database that underpins this registry is what the annual public data file exports in bulk form — and that export is the subject of this analysis.

    What is the ORCID public data file?

    The ORCID public data file is a full export of every field that ORCID record-holders have marked as publicly visible, packaged as a single downloadable dataset rather than served record-by-record through the API. ORCID has released one of these files annually since 2013, hosting each release on the Figshare repository with a persistent DOI so that the exact version used in a study can always be cited.

    Access requires no ORCID membership and no API credentials. Anyone — a bibliometrician, a funder’s policy team, a university library, or an independent developer — can download the file directly. This “no gatekeeping” design is deliberate: ORCID’s registry exists to resolve author-name ambiguity across the whole scholarly ecosystem, and the organisation has treated bulk openness of public data as part of that public-interest mandate since the file’s first release.

    What does the annual dataset actually contain?

    Since the 2018 release, the public data file has been split into two components rather than one monolithic archive. This structural change reflects the growing size and complexity of individual records as ORCID’s activity metadata schema expanded.

    • Summaries file: one compact record per ORCID iD, covering biography, employment, education and other profile-level fields.
    • Activity files: separate, more granular files carrying the full public detail of works, funding, peer review and other activities linked to each iD.

    Both components are distributed as XML, the format ORCID’s underlying registry schema is built on; community-maintained conversion tools exist for teams that prefer JSON for downstream processing. Because works metadata in the schema can also carry contributor-role tags, the dataset increasingly includes role-level authorship detail as well as bare authorship claims — useful for anyone tracking how granular contribution reporting is spreading, distinct from simple co-authorship lists.

    As of August 2022, ORCID’s own statistics reported 14,727,479 live iDs and 1,258 member organisations, according to figures published on the ORCID Statistics page and reproduced in ORCID’s public reporting. Registration volumes of that scale are exactly what make the annual file a meaningful basis for adoption-trend research rather than a curiosity dataset.

    How does it differ from ORCID’s summary statistics?

    ORCID’s public-facing statistics page shows a live, aggregate count — total registrations, year-on-year growth, member numbers — updated continuously as the registry changes. The public data file is the opposite in every operational sense: a frozen, record-level snapshot taken at a fixed point in time, distributed once a year, and never updated after release.

    Attribute Public data file Summary statistics
    Granularity Every public field of every public record Aggregate totals only
    Update frequency Annual (fixed snapshot) Continuous / real time
    Format Bulk XML archive, downloaded once Web page / lightweight API counters
    Licence CC0 1.0 public domain dedication Published figures, not a dataset
    Typical user Researchers, funders, PID analysts General public, journalists, members

    This distinction matters for anyone citing ORCID in research administration literature: a claim about “how many researchers have ORCID iDs today” belongs to the statistics page, while a claim about “what fraction of ORCID works records carry funder identifiers” or “how affiliation self-reporting has changed by country” can only be answered from the bulk file itself.

    What can researchers do with the open dataset?

    Because the file is CC0-licensed and covers the full registry rather than a sample, it supports analysis no API query against individual records could replicate at scale. Typical uses include:

    • Measuring PID adoption trends by country, discipline or institution type over successive annual releases
    • Cross-linking ORCID iDs to DataCite and Crossref DOI metadata to study identifier coverage across the publication-funding-repository chain
    • Auditing how completely researchers populate employment and affiliation fields, which underpins institutional-attribution accuracy in research information systems
    • Building reproducible, citable PID-landscape studies, since each annual file carries its own Figshare DOI

    Since October 2015, DataCite and Crossref have used ORCID’s auto-update mechanism to write newly registered DOI metadata directly into linked ORCID records, which means the annual file increasingly reflects publication and dataset activity that researchers never manually entered themselves — a provenance detail that matters when interpreting completeness metrics from the dump.

    Answer-first Q&A

    What is the ORCID database?

    The ORCID database is the registry of unique 16-character identifiers, and associated public profile data, that ORCID Inc. maintains to distinguish individual researchers and contributors. It underlies both the live registry website and the annual public data file that exports the registry’s public content in bulk.

    Is ORCID iD public?

    An ORCID iD itself is always public once created, but the surrounding profile data is not automatically so. Record-holders set visibility settings field-by-field, and only fields marked public are exported into the annual data file or returned by the public API.

    Is ORCID free to use?

    Yes. Registering for and using an ORCID iD is free for individual researchers, and the public data file itself is free to download under a CC0 dedication. ORCID’s revenue instead comes from paid membership fees charged to institutions, publishers and funders that integrate with the registry.

    How do you find an ORCID iD?

    Individuals can search the ORCID registry directly by name at the public ORCID website, or look up a specific record via its 16-character identifier. Institutions and developers needing bulk lookups instead query the public API or work from the annual data file rather than searching one iD at a time.

    Implications for institutions and PID researchers

    For research administrators and institutional leaders, the annual public data file is the only reliable way to benchmark ORCID adoption across a whole sector rather than a single institution’s membership dashboard. Funders assessing whether a mandate for ORCID iDs has actually changed researcher behaviour need a full-registry snapshot, not a live counter that only reports totals.

    For developers and PID researchers, the file’s annual cadence and DOI-stamped releases mean every study can specify exactly which snapshot it used — a reproducibility property that live API queries, by their continuously-changing nature, cannot offer. As ORCID’s works metadata increasingly captures structured contributor-role information, future editions of the public data file are likely to become a primary source for studying how granular authorship attribution is spreading across disciplines, alongside identifier adoption itself.

  • ORCID Inc: Governance, Funding and Structure Behind the Registry

    ORCID Inc is an independent, US-incorporated non-profit that operates the ORCID registry, the free persistent identifier used by researchers worldwide. It is not owned by any publisher, university, or government body; it is governed by a Board of Directors elected from its dues-paying member organisations and funded almost entirely by orcid membership fees. For institutions deciding which identifier registries to build workflows around, that governance-and-funding structure is the real due-diligence question — more relevant than the technology itself.

    ORCID (Open Researcher and Contributor ID) is the identifier; ORCID Inc is the legal, non-profit organisation that builds, operates, and governs it. The two are often conflated, but the distinction matters for anyone assessing the registry’s long-term stability.

    What is ORCID Inc?

    ORCID Inc was incorporated as an independent, not-for-profit corporation in Delaware in August 2010, following a 2009 collaborative effort among publishers to resolve the “author name ambiguity” problem in scholarly communication. Its registry services launched on 16 October 2012, issuing the first ORCID iDs.

    The organisation’s own founding principles state that ORCID exists to support “a permanent, clear, and unambiguous record of research and scholarly communication,” that participation is open to any organisation with an interest in research, and that researchers will always be able to create, edit, and maintain their ORCID iD free of charge. Those principles — not a shareholder charter — are what ORCID Inc is legally bound to.

    Who governs ORCID? Board and membership structure

    ORCID Inc is governed by a Board of Directors elected by and from its member organisations — universities, publishers, funders, and professional societies. A founding governance rule requires that the majority of board seats be held by representatives of non-profit organisations, and the board reserves a seat for a non-member researcher, so commercial members cannot outvote the academic community they serve.

    Day-to-day leadership sits with an Executive Director, a role held by Chris Shillum since September 2020, who succeeded founding Executive Director Laurel Haak, appointed in April 2012. The Board itself has been chaired since 2016 by Véronique Kiermer of PLOS, following the organisation’s first chair, Ed Pentz of Crossref.

    • Board summaries and annual financial reports are published, a transparency commitment written into ORCID’s founding principles.
    • All ORCID software is released under an Open Source Initiative-approved licence.
    • Researcher-contributed data is available for bulk download under a CC0 waiver, subject to individual privacy settings.

    How is ORCID funded? The membership model

    ORCID Inc is sustained by orcid membership fees paid by organisations — not by researchers, who register and use their ORCID iD free of charge. Organisational members include research institutions such as Caltech and Cornell, major publishers including Elsevier, Springer, and Wiley, and funders such as the Wellcome Trust, which mandates ORCID iDs for grant applicants. By 2022, ORCID’s published statistics disclosure reported 1,258 member organisations and 14,727,479 live registry accounts, and ORCID states it has been fully self-sustaining on membership revenue since 2019, without reliance on the founding-era grant funding that underwrote its 2010–2012 build phase.

    This fee-for-institutions, free-for-researchers model is a deliberate design choice under ORCID’s founding principles, which require that any fees be set “to ensure the sustainability of ORCID as a not-for-profit, charitable organization” — not to generate surplus for distribution.

    ORCID Inc compared with other research-infrastructure non-profits

    ORCID Inc sits within a small cluster of membership-funded, non-profit organisations that maintain persistent identifiers for scholarly research. Comparing their governance and funding models helps explain why institutions increasingly treat “who runs it” as a trust signal in its own right.

    Organisation Identifier Founded Governance Funding model
    ORCID Inc ORCID iD (person) 2010 Board elected by members; majority non-profit Membership fees
    Crossref DOI (scholarly work) 2000 Membership association; publisher-elected board Membership + DOI registration fees
    DataCite DOI (research data) 2009 Consortium; General Assembly and Board Membership fees
    ROR ROR ID (institution) 2019 Community-governed by founding partners Grant-seeded, moving to community funding

    The pattern across all four is the same: none is a commercial entity, and each ties governance seats to its member community rather than to investors. ORCID’s identifiers are also formally interoperable with the International Standard Name Identifier (ISNI) under ISO 27729, with a reserved identifier block shared between the two systems — one of several technical cross-checks that reduce single-registry dependency risk for institutions.

    Answer-first Q&A: common questions about ORCID Inc

    What is ORCID Inc?

    ORCID Inc is an independent, US-incorporated non-profit organisation that operates the ORCID registry, a free, persistent digital identifier for researchers. Incorporated in Delaware in August 2010, it is not owned by any publisher, university, or government; it is sustained by fees paid by its dues-paying member organisations.

    Is ORCID a company?

    No. ORCID Inc is legally structured as a not-for-profit corporation, not a commercial company. It generates no shareholder profit, and any surplus is reinvested in the registry. Its founding rules require a board majority from non-profit member organisations, a safeguard against commercial capture of the infrastructure.

    Is ORCID legitimate?

    Yes. ORCID is used by over a thousand member organisations, including major publishers, funders such as the Wellcome Trust, and national research agencies in Italy and Australia. Its governance minutes, board composition, and financial reports are published openly, a transparency commitment embedded directly in its founding principles.

    Is ORCID like LinkedIn?

    No. LinkedIn is a commercial, advertising-funded social network; ORCID is a non-profit identifier registry with no social-networking or advertising model. ORCID’s role is narrowly technical — disambiguating researcher identity and linking it to verified contributions — governed by its membership, not by private commercial interests.

    What this means for institutions choosing which registries to trust

    For research administrators and institutional leaders, ORCID Inc’s structure is a useful template for evaluating any piece of shared research infrastructure: check who sits on the board, how funding flows, and whether commercial members can outvote the academic community. ORCID’s rule requiring a non-profit board majority, its published financials, and its CC0 data commitment together reduce the risk of the registry being redirected toward a single stakeholder’s commercial interest.

    The same governance-first lens applies to attribution standards more broadly. CASRAI originated the CRediT contributor role taxonomy in 2014; the standard is now stewarded by NISO as ANSI/NISO Z39.104-2022 — a comparable “originator hands off to a standards body” pattern that, like ORCID’s membership model, is designed to outlast any single founding organisation. Institutions building authorship and contribution-tracking workflows around ORCID iDs and CRediT roles are, in effect, betting on the durability of exactly this kind of community governance.

    Looking ahead, ORCID’s own strategic plan, ORCID 2030: Advancing the Future of Research, sets out a 2026–2029 focus on expanding the registry into a broader verifiable identity and contribution data hub. Whether that expansion strengthens or dilutes the non-profit, membership-governed model that has sustained ORCID since 2019 is the question institutional stakeholders — as both funders and voting members — are best placed to keep watching.

  • How to Link ORCID to Publications: 2 Methods

    Linking a publication to ORCID means associating your 16-digit ORCID iD with a specific work record — either automatically through a Crossref or DataCite metadata feed authorised when you submit a manuscript, or manually by entering a DOI, PubMed ID, or BibTeX file into the Works section of your ORCID record. Auto-updated works carry a materially stronger trust signal than self-asserted entries, because the claim originates from a third-party registration agency rather than the researcher.

    ORCID is a non-proprietary, persistent digital identifier that distinguishes individual researchers from one another and links them to their publications, datasets, funding, and institutional affiliations. Understanding how to link ORCID to publications correctly — and which method to use for which purpose — determines whether that record reads as verified evidence or as an unaudited self-report.

    What Linking a Publication to ORCID Actually Means

    An ORCID “Work” is any research output — a journal article, dataset, preprint, conference paper, or software release — attached to a researcher’s ORCID record. Each record can hold up to 10,000 works, a ceiling ORCID imposes to protect Registry performance, according to ORCID’s own support documentation.

    Every work carries a source: the entity that added it. That source field is the whole point. A work added by the researcher themselves is labelled with the researcher’s own name as source. A work added via an authorised integration — a publisher, Crossref, DataCite, or a research information system — is labelled with that organisation’s name as source. This single metadata field is what separates a verified claim from a self-report.

    How Auto-Update Works via Crossref and DataCite

    Auto-update is a “push” mechanism, not something a researcher does manually after the fact. It runs on trust relationships a researcher grants once and that then apply to every future publication. Publishers who register content with Crossref (for journal articles) or DataCite (for datasets and other outputs) can include an author’s ORCID iD in the deposited metadata.

    • Set-up: the researcher supplies their ORCID iD during manuscript or dataset submission and authorises the publisher as a “trusted organisation” on their ORCID record.
    • Trigger: when the work is registered and its DOI is minted, Crossref or DataCite passes the metadata, including the ORCID iD, back to the ORCID Registry.
    • Result: the work appears on the researcher’s ORCID record automatically, with the publisher or registration agency listed as the source — no manual entry required, then or ever again.

    ORCID’s own guidance favours this route: “Allowing trusted organizations to add information to your record ensures the data connected with your ORCID iD is authoritative and trustworthy,” per ORCID Support’s “Add works to your ORCID record” article. Auto-updated entries are visually flagged in the ORCID interface with a distinct icon next to the work.

    How Manual Import Works via DOI, PubMed ID, and BibTeX

    Manual import is a “pull” process the researcher initiates, typically to backfill a body of existing work that predates any auto-update authorisation. ORCID Support lists four routes, in addition to auto-update, from the Works section’s +Add menu:

    1. Import from other services — searching connected databases such as Web of Science, Scopus, or Crossref Metadata Search and bulk-importing matched records.
    2. Add work with a DOI — pasting a Digital Object Identifier, which pulls the full citation from the DOI registration agency.
    3. Add work with a PubMed ID — the same principle, using PMID for biomedical literature indexed in PubMed.
    4. Import a BibTeX file — exporting a library from Google Scholar, EndNote, or Mendeley to a .bib file and uploading it directly.
    5. Add work manually — typing citation details by hand for works with no identifier at all.

    Each route is initiated by the researcher and populates the record once, rather than on an ongoing basis. Identifier-based and BibTeX import draw on structured external metadata, so they are more reliable than fully manual entry, but the source field still reads as the researcher, not a registration agency, unless the import tool explicitly attributes the deposit.

    Auto-Update vs Manual Import: Which Carries More Trust?

    Both routes populate the same Works section, but they are not equivalent as provenance signals. The distinction that matters to institutions, funders, and research-integrity reviewers is who is asserting the claim, not how the citation data was formatted.

    Factor Auto-Update (Crossref/DataCite) Manual Import (DOI/BibTeX/Manual)
    Who initiates it Publisher, at registration/DOI-minting time Researcher, whenever they choose
    Recorded source Publisher or registration agency The researcher themselves
    Coverage Future works only, from authorisation onward Past and present works, added retrospectively
    Ongoing effort None after initial authorisation Repeated per work or per batch
    Trust signal Third-party verified Self-asserted

    An auto-updated work is corroborated by an external registration agency’s records — the kind of independently verifiable evidence that research assessment exercises and grant compliance checks look for. A manually entered work, even one anchored to a real DOI, still relies on the researcher’s own account linking “this person” to “this ORCID iD.” Institutions running authorship audits should treat the two categories differently, not as interchangeable Works-tab entries.

    The practical recommendation, and the one ORCID itself gives, is to use both: manual import to backfill the existing publication history, and auto-update authorisation with every future submission so new works never need re-entering.

    Frequently Asked Questions

    Can I use my ORCID iD for publications?

    Yes. An ORCID iD can be attached to any publication at submission, and most scholarly publishers now capture it as standard metadata. Once attached, that iD becomes the persistent link between the researcher and the work, regardless of name changes, institutional moves, or common-name ambiguity.

    How do I add an ORCID iD to a manuscript?

    Most journal submission systems prompt for an ORCID iD during author registration, then authenticate it via ORCID’s own sign-in flow. Once authorised, the publisher can include that iD in the metadata deposited with Crossref or DataCite when the article or dataset is registered and assigned a DOI.

    How do I link ORCID to a publisher such as Elsevier?

    Publisher platforms, including Elsevier’s Editorial Manager, typically show a “Use my ORCID” or “Connect ORCID” button during login or registration. Clicking it opens an ORCID authentication window; after signing in and authorising access, the publisher can read and, where permitted, write publication data to the record.

    What This Means for Institutions, Publishers, and Funders

    For research administrators, the auto-update versus manual-import distinction is not a technical footnote — it is a compliance and evidence question. UKRI’s Funding Service requires named investigators to supply an ORCID iD as part of grant applications, and institutions increasingly rely on ORCID’s Works data to populate REF-style outputs lists and funder reports. Data drawn from auto-updated, publisher-sourced Works entries is defensible evidence in that context; data drawn from unaudited manual entries is not, without further checking.

    This “who asserts the claim” logic underpins contributor-level attribution more broadly. CASRAI originated the CRediT contributor role taxonomy in 2014, and the standard is now stewarded by NISO as ANSI/NISO Z39.104-2022. CRediT statements and ORCID auto-updates share one design principle: attribution is more trustworthy when a party other than the researcher is on record as having made the claim. Institutions building publication-verification workflows, for CRediT contributor statements or ORCID Works alike, should apply the same provenance test.

    Publishers that deposit ORCID iDs with Crossref or DataCite at DOI registration are, in effect, running the infrastructure that makes auto-update possible at scale. Where that deposit step is skipped, researchers are pushed back onto manual import by default, regardless of preference.

    Conclusion: Building a Verifiable Publication Record

    Getting works onto an ORCID record is straightforward mechanically: import from a connected database, enter a DOI or PMID, upload a BibTeX file, or authorise auto-update at submission. The strategic choice is which of these to rely on for which purpose. Manual import is the right tool for backfilling a career’s worth of existing publications in one pass. Auto-update via Crossref and DataCite is the right tool for every submission from today onward, because it produces a record institutions, funders, and integrity reviewers can treat as third-party verified rather than self-reported. As research assessment increasingly leans on machine-readable provenance rather than researcher-supplied CVs, that distinction is likely to matter more, not less.

  • ORCID Sandbox: A Developer’s Guide to Testing

    The ORCID sandbox is a free, fully functional copy of the ORCID Registry — at sandbox.orcid.org — that lets developers register test accounts, request API credentials, and run real Public and Member API calls against dummy data before touching production. No ORCID membership is required to test the Member API in the sandbox, and nothing you do there can affect a real researcher’s ORCID record.

    ORCID is a non-profit registry that assigns researchers a free, persistent 16-digit identifier (an ORCID iD) and connects it to their affiliations, works, and funding through a public API and a membership-tier Member API. Building an integration means testing the OAuth handshake and both API tiers in the sandbox before requesting production credentials.

    What is the ORCID sandbox and how does it differ from production?

    The sandbox is a mirror of the production ORCID Registry running on isolated test infrastructure. It behaves the same way as the live registry, with a handful of deliberate exceptions built in for safety.

    • Sandbox accounts only send verification and notification emails to @mailinator.com addresses, so registration mail never leaks to real inboxes.
    • Sandbox data is not backed up and can be wiped without notice — never store anything you need to keep there.
    • Anyone can request sandbox Member API credentials, even without an ORCID membership; production Member API access requires a paid membership tier.
    • Base URLs differ from production, which is the detail most tutorials skip:
    Component Sandbox Production
    Registry / sign-in sandbox.orcid.org orcid.org
    Public API base (v3.0) pub.sandbox.orcid.org/v3.0 pub.orcid.org/v3.0
    Member API base (v3.0) api.sandbox.orcid.org/v3.0 api.orcid.org/v3.0
    OAuth authorize endpoint sandbox.orcid.org/oauth/authorize orcid.org/oauth/authorize
    OAuth token endpoint sandbox.orcid.org/oauth/token orcid.org/oauth/token

    Under ORCID’s published integration guide, every client credential, redirect URI, and access token issued in the sandbox is scoped to sandbox hostnames only — a sandbox client ID will not authenticate against production, and vice versa. This is the single most common cause of “invalid client” errors when developers copy sandbox code straight into a production deployment.

    Public API vs Member API: which scope does your integration need?

    ORCID publishes two distinct APIs, and choosing the wrong one wastes weeks of sandbox testing. The Public API is free for non-commercial use and gives read-only access to publicly visible record data — no ORCID membership required. The Member API requires production membership (though not in the sandbox) and adds write access plus read access to “trusted” limited-access data that a researcher has authorised your organisation to see.

    Capability Public API Member API
    Read public record data Yes Yes
    Read trusted/limited-access data No Yes, with researcher permission
    Write or update a record No Yes, with researcher permission
    Membership required in production No Yes
    Membership required in sandbox No No — open to anyone testing
    Typical use case “Sign in with ORCID”, search, display Populate affiliations, works, funding on a record

    Research information systems, manuscript submission platforms, and repository software (for example, systems built on OJS) most often need Member API scopes because they write affiliation or works data back to a researcher’s record. Discovery tools and simple “sign in with ORCID” buttons typically only need the Public API.

    How do you register a sandbox client and complete the OAuth handshake?

    Every ORCID integration authenticates through OAuth 2.0, and the sandbox forces you to exercise the full handshake before production ever sees a request. The sequence is the same for Public and Member API integrations, only the scopes and base URLs change.

    1. Create a sandbox account. Register at sandbox.orcid.org/register using a made-up @mailinator.com address so you can retrieve the verification email from the public Mailinator inbox.
    2. Register a client application. From the account’s Developer Tools section (or via ORCID’s sandbox Member API request form), obtain a client ID and client secret plus a registered redirect URI.
    3. Send the user to the authorize endpoint. Redirect to the sandbox authorize URL with response_type=code, your client_id, the requested scope, and your redirect_uri.
    4. Capture the authorization code. After the researcher grants permission, ORCID redirects back to your registered URI with a short-lived authorization code.
    5. Exchange the code for a token. POST the code, client ID, and client secret to the sandbox token endpoint to receive an access token bound to that researcher’s ORCID iD.
    6. Call the API. Use the access token as a Bearer credential against the sandbox Public or Member API base URL to read or write record data.

    Because sandbox credentials only work against sandbox hostnames, this whole sequence must be repeated — with new, separately issued production client credentials — once testing is complete. ORCID’s own guidance recommends reviewing its integration checklist, and for Member API integrations, demonstrating the working sandbox flow to the ORCID team, before requesting production access.

    What goes wrong when moving from sandbox to production?

    Most production failures trace back to configuration, not code. Watch for these before cutover:

    • Hard-coded sandbox hostnames. Any string reference to sandbox.orcid.org, pub.sandbox.orcid.org, or api.sandbox.orcid.org left in production config will silently fail authentication.
    • Redirect URI mismatch. The redirect URI used in the OAuth request must exactly match the one registered against that specific client ID — sandbox or production, they are registered separately.
    • Wrong API tier requested. Applying for Member API production access without an active ORCID membership will be rejected; Public API access has no such requirement.
    • Assuming sandbox reliability. ORCID explicitly states the sandbox carries no uptime or data-retention guarantee, so integration tests should not depend on long-lived sandbox test records.

    Institutions building or commissioning a research administration system that writes to ORCID records — a current research information system (CRIS), grants platform, or repository — should budget sandbox testing time separately from production onboarding, since ORCID’s own review step for Member API access is a manual, asynchronous process.

    Sandbox and API questions, answered

    Does ORCID have an API?

    Yes. ORCID offers a Public API for reading publicly visible record data and connecting systems without ORCID membership, and a Member API for member organisations to read trusted data and write affiliations, works, or funding to a record with the researcher’s permission.

    Is ORCID API free?

    The Public API is free for non-commercial use by individuals and organisations under ORCID’s Public API terms of service. The Member API, in production, requires a paid ORCID membership tier — though sandbox Member API testing credentials are free and open to anyone, member or not.

    What is ORCID public API vs member API?

    The Public API allows anyone to read public-access information on ORCID records via machine-to-machine calls. The Member API is restricted to member organisations and additionally supports reading limited-access “trusted” data and writing or updating a researcher’s record with authorisation.

    The ORCID sandbox exists precisely because both API tiers, and the OAuth handshake connecting them, need to be exercised end-to-end — with real credentials and real error responses — before a single production request is made. Treat it as a mandatory rehearsal step, not an optional convenience: budget time for the manual Member API review, hard-code nothing that points at a sandbox hostname, and re-issue every credential fresh for production.

  • ORCID Membership: Consortium vs Direct Guide

    ORCID membership is free only for individual researchers; institutions that want to integrate ORCID into their systems must pay an organisational fee, either directly to ORCID Inc. or, at a discount, through a national or regional consortium. The choice between direct membership and consortium membership determines what an institution pays, which API scopes and integration support it gets, and whether it gains a voice in ORCID’s governance.

    ORCID membership is the paid organisational tier that lets an institution connect its own systems to the ORCID registry — reading and writing data to researcher records with permission — rather than simply relying on researchers’ free, individually held ORCID iDs.

    What is ORCID membership, and how is it different from free registration?

    Individual ORCID registration is, and always will be, free: any researcher can create a 16-digit ORCID iD at orcid.org/register in under a minute and use it for life. ORCID membership is a separate, paid tier for organisations — universities, publishers, funders, and service providers — that want to integrate ORCID data into their own institutional systems rather than rely on manual, researcher-entered information.

    Membership unlocks the ORCID Member API, which allows an institution’s research information system, repository or HR platform to read and, with the researcher’s permission, write data to the ORCID registry — publications, affiliations, grants and peer review activity. Without membership, an organisation can still search the public ORCID database and encourage “Sign in with ORCID” authentication, but it cannot programmatically update records at scale.

    ORCID Inc. reports more than 1,200 member organisations worldwide, made up of both direct members and institutions that joined through a consortium, spanning universities, publishers, funders, facilities and government agencies.

    What does direct institutional membership include?

    Direct membership means an institution contracts and pays ORCID Inc. directly, with no intermediary. Under ORCID’s published 2026 fee schedule, Basic direct membership costs US$4,775 a year for non-profit and government organisations (after a standard 20% non-profit discount) and US$5,975 for commercial organisations. Premium direct membership — which adds priority support, on-demand reporting and a customised onboarding — costs US$9,550 a year for smaller non-profit organisations (under US$200 million in annual revenue or funds) and rises to US$23,880 for larger non-profits above that threshold.

    Direct members manage their own ORCID integration: applying for membership, renewing annually, handling invoicing, and owning their API credentials without a consortium administrator in the loop. This suits institutions with in-house developer capacity that want a direct line to ORCID’s own support team and full control over procurement terms.

    • Standard application, renewal and invoicing handled directly with ORCID Inc.
    • Full Member API access to read and write ORCID record data with permission
    • Ability to negotiate specific procurement or legal requirements within ORCID’s standard framework
    • Additional integrations available at US$3,585 each per year

    What does consortium membership include, and how does it cut costs?

    Consortium membership is open only to non-profit and government organisations. A consortium lead — typically a national research infrastructure body — negotiates a single block agreement with ORCID and then apportions fees across member institutions, all of whom automatically receive Premium-equivalent access. In the UK, Jisc administers the national ORCID consortium, offering reduced membership costs plus UK-based technical and community support through a dedicated support site. Equivalent consortia operate elsewhere: the ORCID US Community is administered by Lyrasis, the Health Research Alliance runs a health-research-focused consortium with five premium API keys per member, and IReL administers the Irish Research eLibrary consortium.

    ORCID’s consortium fee table is tiered by both institutional budget size and the number of organisations in the consortium: a five-member consortium of small non-profits (under US$10 million annual budget) pays US$3,495 per member per year, falling to US$1,750 per member once the consortium reaches 60 or more members. Organisations in countries classified by the World Bank as Lower Income receive an 80% reduction on consortium fees, and Lower-Middle-Income organisations receive a 50% reduction, under ORCID’s Membership Equity Program — which also lowers the minimum consortium size from five to three organisations for a group’s first year.

    Consortium members gain two things direct members do not: a shared “community of practice” with peer institutions solving the same integration problems, and exclusive access to the Affiliation Manager tool, which lets non-technical staff add and update researcher affiliation data without a developer.

    Direct vs consortium: cost, API access and governance compared

    The headline trade-off is straightforward: consortium membership is cheaper and comes bundled with premium access and local support, but it hands administration to a third-party lead organisation; direct membership costs more but keeps the relationship — and the paperwork — entirely in-house.

    Factor Direct membership Consortium membership
    Who administers it ORCID Inc. directly A consortium lead (e.g. Jisc in the UK, Lyrasis for the ORCID US Community)
    2026 indicative cost US$4,775–US$23,880/year (non-profit, Basic to Premium) US$1,750–US$9,340/member/year, scaling down as consortium size grows
    Eligibility Any organisation type Non-profit and government organisations only
    API access level Basic or Premium (self-selected) Premium-equivalent, automatically
    Affiliation Manager tool Not included Included
    Local/community support ORCID’s own global support team Consortium lead’s national/regional support team
    Governance voice Eligible to stand for and vote in ORCID Board elections Eligible to stand for and vote in ORCID Board elections

    Institutional governance participation — nominating a representative for the ORCID Board and voting in annual Board elections — is a benefit of ORCID membership itself, not a differentiator between the two routes; both direct and consortium members hold this governance voice.

    Which route should an institution choose?

    For most universities and non-profit research organisations, joining an existing national or regional consortium is the more cost-effective starting point: it delivers premium API access, local implementation support and peer knowledge-sharing at a fraction of direct-membership pricing. Institutions in a country without an established consortium can use ORCID’s Membership Equity Program to form one with as few as three founding members in year one.

    Direct membership better suits organisations that are commercial (and therefore ineligible for a consortium), that need bespoke procurement or legal terms outside a consortium’s standard agreement, or that already run substantial in-house integration teams and prefer a direct relationship with ORCID’s support desk rather than a national intermediary.

    Research administration teams evaluating either route should confirm three things before signing: which access tier (Basic or Premium) the fee actually buys, whether a local consortium already exists for their jurisdiction, and whether their researcher information system vendor already holds member API credentials that could reduce the need for a separate institutional integration.

    Common questions about ORCID membership

    Does ORCID cost money?

    Individual ORCID registration is always free for researchers. Cost only applies at the organisational level: institutions pay an annual membership fee — starting around US$1,750 per member through a large consortium, or from roughly US$4,775 for direct non-profit membership — to integrate ORCID into their own systems.

    How much does it cost to register with ORCID?

    Registering for a personal ORCID iD costs nothing and takes under a minute at orcid.org/register. Institutional membership fees are separate and depend on the route chosen: direct membership is tiered by revenue, while consortium membership is tiered by both budget size and consortium membership count, per ORCID’s published 2026 fee schedule.

    What are the benefits of having institutional ORCID membership?

    Membership gives an institution Member API access to read and write trusted data — publications, affiliations, funding — directly into researcher ORCID records with permission, streamlining research information management, funder compliance reporting and automated CV generation for researchers.

    Implications for research administration

    As funders increasingly require ORCID iDs in grant applications and publishers embed them in submission workflows, institutional ORCID integration is shifting from optional to expected infrastructure. The consortium model has proven durable precisely because it converts a fixed, individually negotiated cost into a shared, scaling one — the more organisations that join a national consortium, the cheaper membership becomes for every existing member. Institutions weighing the decision should treat it as an infrastructure procurement choice tied to their research administration systems roadmap, not an isolated subscription decision.

  • Researcher Unique Identifiers: How ORCID Links ISNI and VIAF

    A researcher unique identifier such as an ORCID iD resolves name ambiguity by acting as a bridge between the researcher-controlled scholarly record and the library world’s authority-control infrastructure — principally ISNI and VIAF — so that a catalogue entry, a national bibliography record, and a journal byline all point to the same verified person, even when names are shared, transliterated, or changed over time. This matters because author-name collision is a routine, measurable problem in large catalogues and citation databases.

    ORCID (Open Researcher and Contributor ID) is a free, persistent, 16-digit identifier that a researcher registers and controls directly, distinguishing them from every other person with a similar or identical name. ORCID is self-asserted, while ISNI and VIAF are authority-controlled — built by libraries, not by the individuals they describe. Understanding how these three systems interlock explains how name disambiguation actually works in catalogues, not just in publisher submission forms.

    What is a researcher unique identifier, and why does ambiguity matter?

    A researcher unique identifier is a persistent code — separate from a person’s name — that stays fixed even when a name changes, is spelled inconsistently, or is shared by many people. Catalogues holding millions of records inevitably contain multiple contributors named, for example, “J. Kim” or “M. Garcia,” and without a persistent identifier, a cataloguer or search algorithm has no reliable way to tell them apart.

    National bibliographies, institutional repositories, and citation indexes all depend on authority control — the library-science practice of establishing one authoritative name form and linking variants to it — and name collision undermines that practice. A researcher unique identifier gives authority control a machine-actionable anchor that survives name changes, script variation, and homonymy.

    How does ORCID differ from ISNI and VIAF?

    ORCID, ISNI, and VIAF solve overlapping problems under different governance models: ORCID is researcher-asserted, ISNI is registry-assigned and spans all creative and public identities, and VIAF aggregates national library authority files. None replaces the others — each addresses a different point in the identity-verification chain.

    ISNI (International Standard Name Identifier) is an ISO-certified global standard number — ISO 27729 — issued to the public identities of contributors across research, publishing, music, film, and the visual arts. Unlike ORCID, an ISNI is typically assigned by a registration agency drawing on authoritative sources such as library catalogues and rights-management data, not registered by the individual. VIAF (Virtual International Authority File), hosted by OCLC, combines name-authority files from dozens of national libraries into a single clustered record, so German, Japanese, and English catalogue name-forms for one researcher resolve to a single entry.

    System Governing standard / host Who assigns it Primary scope
    ORCID ORCID, Inc. (non-profit) The researcher, by self-registration Active researchers and contributors to scholarly output
    ISNI ISO 27729 Registration agencies, from authoritative source data Public identities across research, publishing, music, film, and visual arts
    VIAF OCLC (aggregation service) Automated clustering of national library authority files Name-authority records held by national and research libraries worldwide

    The Book Industry Study Group summarised the practical distinction in its October 2025 analysis: “ORCID specializes in the active research community, whereas ISNI provides broader coverage of public names across cultural sectors.” That division of labour is precisely why the two systems were designed to interoperate rather than compete.

    How do ORCID and ISNI interoperate?

    ORCID and ISNI interoperate through a formal, documented partnership, not an informal data-sharing arrangement. The two organisations issued a joint statement on interoperation on 22 April 2013, committing to link records and exchange public data so a researcher’s ORCID iD and ISNI can be cross-referenced automatically rather than matched by hand.

    A specific technical mechanism underpins this: ORCID was allocated an exclusive block of numbers within the ISNI numbering range, so ORCID-issued identifiers cannot collide with identifiers issued directly by ISNI registration agencies. Researchers can link an existing ISNI to their ORCID record, which then propagates into library authority files that consume ISNI data — including, per the Library of Congress’s 2013 discussion paper for the Program for Cooperative Cataloging, catalogues maintained through the NACO name-authority cooperative. The British Library was a founding partner in the ISNI project itself, which is why UK legal-deposit and national-bibliography workflows engaged with ISNI/ORCID linkage early.

    How does VIAF feed ISNI and national library catalogues?

    VIAF functions as the foundational aggregation layer that both ISNI and individual library catalogues draw on. Its clustering algorithms — built to match and merge name-authority records describing the same person across dozens of national libraries — were adapted to underpin ISNI’s own matching system when ISNI was established, per the scholarly literature on the two initiatives, including the 2014 IFLA analysis of ISNI and VIAF as tools for “trustfully consolidating identities.”

    In practical cataloguing terms, the chain typically runs as follows:

    • A national library creates or updates an authority record, drawing on VIAF to see how the name is represented across other libraries’ catalogues.
    • If an ISNI exists, or is newly assigned, it is added as a globally unique, persistent cross-reference.
    • If the researcher’s ORCID iD is linked to that ISNI, the library record connects to their self-maintained, current publication and affiliation history.
    • A catalogue user searching by name inherits the benefit automatically: variant name-forms and same-name collisions resolve to one confirmed identity.

    Crossref reinforces the same chain from the publishing side: its metadata schema captures ORCID iDs at deposit and auto-updates newly published works into a researcher’s ORCID record, keeping the researcher-asserted layer synchronised with the bibliographic layer that libraries later harvest into VIAF and ISNI-linked authority data.

    Answer-first Q&A: common questions about researcher identifiers

    Is ResearcherID the same as ORCID?

    No. ResearcherID is a Web of Science-specific identifier generated automatically when a researcher creates a Web of Science profile, tied to that publisher’s indexed content. ORCID is publisher-neutral, self-managed by the researcher, and can be attached to outputs from any publisher, including datasets, patents, and grants — not just Web of Science-indexed articles.

    What is a research identifier?

    A research identifier is a persistent, structured code assigned to a researcher, contributor, or their output to distinguish it unambiguously from similarly named people or works. Unlike a name, it does not change with marriage, transliteration, or spelling variation, which makes it the stable anchor that catalogues, funders, and publishers rely on for accurate attribution.

    Who provides an ORCID iD?

    ORCID, Inc., a non-profit organisation, issues ORCID iDs free of charge directly to individual researchers who self-register. Institutions, publishers, and funders do not assign ORCID iDs on a researcher’s behalf; they can only require or encourage registration and integrate the resulting identifier into their own systems, such as manuscript-submission or grant-application platforms.

    Are ORCID and Scopus ID the same?

    No. The Scopus Author Identifier is generated automatically by Elsevier’s Scopus database for any author with an indexed publication, whereas an ORCID iD is registered directly by the researcher and works across all publishers, not just those indexed in Scopus. Researchers can link the two, but each is maintained by a different organisation under a different assignment model.

    What does this mean for institutions and bibliographies?

    For research administrators and repository managers, the ORCID-ISNI-VIAF chain means catalogue-level disambiguation is no longer solely manual. Embedding an ORCID iD at deposit — in a repository record, thesis submission, or grant report — creates a traceable path into national authority files without extra cataloguer effort, provided the receiving system consumes ISNI or VIAF data.

    For national libraries, workloads increasingly consist of linking existing identifiers rather than establishing new name forms — less labour-intensive, though cataloguer judgement is still required where automated matching is ambiguous, such as with common transliterated names.

    The direction set out in the 2013 ORCID-ISNI joint statement — a shared scheme where one number represents an individual across both systems — remains the long-term goal, not the current default. Institutions building repository or CRIS infrastructure should treat ORCID capture as the entry point, ISNI/VIAF linkage as the library-side consequence, and Crossref metadata as the mechanism keeping the two synchronised as new outputs are published.

    CASRAI’s Dictionary of research administration terms maintains definitions for persistent identifiers and related concepts, and readers working on attribution practices more broadly may also find the CASRAI authorship resource pillar relevant background.

  • Is ORCID Legit? Its Limits Against Paper Mills

    ORCID is legitimate: it is a real, non-profit persistent-identifier registry used by thousands of publishers, funders and institutions worldwide. But “legitimate” is not the same as “fraud-proof.” ORCID’s own documentation confirms that an ORCID iD verifies control of an email address and account — not a researcher’s real-world identity, credentials, or institutional affiliation — which is exactly the gap paper mills exploit.

    An ORCID iD is a free, sixteen-digit persistent identifier that distinguishes one researcher from another and links that person to their publications, grants and affiliations. That single-sentence definition explains why ORCID is trusted — and why, on its own, it was never designed to stop organised authorship fraud.

    This piece is a CASRAI editorial perspective: it argues that identity-layer tools like ORCID and contribution-layer tools like the CRediT taxonomy solve different problems, and that conflating the two leaves a detection gap that paper mills are actively exploiting.

    Contents

    What does an ORCID iD actually verify?

    An ORCID iD confirms that a person controls a given ORCID account and email address, and it links that account to a persistent, disambiguated researcher record. It does not independently confirm a person’s legal identity, employment, qualifications, or that they actually authored the works attached to their profile.

    ORCID’s own guidance is explicit on this point: the organisation states that an ORCID iD is not a form of identity verification in the government-ID sense. Registration requires only a working email address, which is the same low bar that lets a legitimate early-career researcher register in seconds — and lets a paper mill spin up a disposable account just as fast.

    Is ORCID legit? The non-profit case

    Yes. ORCID is a genuine, mission-driven non-profit — ORCID is a global, not-for-profit organisation sustained by member fees from universities, publishers and funders, not by selling researcher data. It is embedded in submission workflows at major publishers and grant systems precisely because it solved a real problem: name ambiguity.

    • Common-surname collisions are severe — a mere hundred surnames account for over 85% of China’s population, with Wang, Li and Zhang alone covering more than a fifth, making name-only attribution unreliable at scale.
    • ORCID lets a researcher control which affiliations, works and peer-review activity are publicly visible, rather than relying on a publisher’s guesswork.
    • Adoption is now effectively mandatory at many funders and journals, which is a trust signal in itself — but mandated use is not the same as verified authenticity.

    So the trust question and the fraud-detection question are separate. ORCID earns trust as infrastructure; it was never marketed, and does not function, as an authorship-fraud filter.

    Can identity verification stop paper-mill authorship rings?

    No — not on its own, and the evidence for that is now substantial. The Committee on Publication Ethics (COPE) and the STM Association jointly defined and characterised the problem in their December 2022 Paper Mills Research Report, describing paper mills as commercial operations that manufacture fabricated or manipulated manuscripts and sell authorship slots, often to researchers under career pressure to publish.

    The scale became undeniable in the retraction data. Publishers retracted more than 10,000 research papers in 2023 — a record documented by Nature’s news team, with a large share traced to paper-mill-linked special issues, concentrated heavily at a single Wiley/Hindawi imprint before its special-issue programme was shut down. An ORCID iD attached to a fabricated paper did not prevent a single one of those retractions; in many cases the fraudulent authors held valid, active ORCID accounts throughout.

    That is the structural weakness: paper mills do not need to defeat ORCID, they only need to open an account, which requires nothing more than an email inbox. Publishers in response formed the STM Integrity Hub, launched in 2022, a shared cross-publisher infrastructure that pools signals — duplicate submissions, manipulated peer-review rings, image and reference manipulation — across member publishers in something ORCID’s single-account model cannot replicate, because ORCID has no mandate or mechanism to police manuscript content.

    Why a contribution taxonomy like CRediT tackles a different problem

    Identity tools answer “who is this person?” Contribution taxonomies answer a different, equally necessary question: “what did this specific person actually do on this specific paper?” CRediT, the contributor role taxonomy, was originated by CASRAI in 2014 and is now stewarded by NISO as ANSI/NISO Z39.104-2022 — CASRAI is the originator, not the current standards steward.

    CRediT requires each listed author to be tagged against a defined set of contributor roles — conceptualisation, data curation, formal analysis, writing, and others — for every submitted manuscript. That disclosure layer creates a different fraud signal than identity ever could: a co-authorship pattern where a name appears solely under “funding acquisition” across dozens of unrelated papers in a short window is implausible in a way that a valid ORCID iD alone will never flag, because ORCID has no visibility into role-level contribution claims.

    Neither tool substitutes for the other. Identity infrastructure and contribution disclosure address separate failure modes, and a detection strategy that leans on only one is structurally incomplete.

    Tool What it verifies or standardises What it does not do
    ORCID iD Persistent identifier; confirms control of an account/email and disambiguates a researcher’s name across works Does not verify legal identity, institutional affiliation or credentials
    CRediT taxonomy (ANSI/NISO Z39.104-2022) Standardises disclosure of which of the defined contributor roles each named author performed Does not verify that the named person exists, consented, or was even contacted
    STM Integrity Hub Shares cross-publisher fraud signals in real time — duplicate submissions, manipulated peer review, image reuse Does not itself confirm any individual author’s identity

    Answer-first Q&A

    Is ORCID legitimate?

    Yes. ORCID is a genuine, non-profit registry that provides persistent researcher identifiers and is integrated into submission systems at most major publishers and funders. Legitimacy as an organisation, however, is separate from its capacity to verify identity — ORCID confirms account control, not real-world credentials.

    Is it safe to share an ORCID iD?

    Yes. An ORCID iD is a public, non-sensitive identifier by design, and researchers control visibility settings for the underlying record. Sharing it on a CV, manuscript, or grant application does not expose private data, since ORCID does not store the kind of personal information used for identity theft.

    Should you use ORCID?

    Yes, for disambiguation and administrative efficiency. An ORCID iD saves time on grant and manuscript forms and reliably links a researcher’s outputs across name changes or institutional moves. It should not, however, be treated by editors or reviewers as evidence that a submission’s authorship is authentic.

    Is ORCID credible?

    Yes, as infrastructure. ORCID is a trusted, community-governed non-profit that cannot be bought by a commercial entity and does not sell researcher data. Credibility as a registry does not, however, extend to guaranteeing the integrity of any individual manuscript that cites an ORCID iD.

    Implications for publishers, institutions and funders

    Editorial offices that treat a valid ORCID iD as a clearance signal are relying on infrastructure built for a different job. A layered approach performs better:

    • Require CRediT contributor-role statements alongside ORCID iDs, so implausible role patterns become visible at submission, not after retraction.
    • Cross-check institutional email domains and affiliations, since paper mills routinely fabricate both.
    • Join or query shared infrastructure such as the STM Integrity Hub, which pools cross-publisher fraud signals ORCID was never designed to hold.
    • Treat ORCID account age and activity history as a weak signal only — a freshly created account attached to a first submission warrants closer editorial scrutiny, not automatic rejection.

    Conclusion: identity plus contribution, not identity alone

    ORCID is legitimate infrastructure doing exactly the job it was built for: disambiguating researcher identity across a fragmented publishing ecosystem. Expecting it to also police fabricated authorship asks a registry to perform forensic work it has no data or mandate to do. COPE and STM’s own analysis, and the 2023 retraction record, both point the same direction: stopping paper mills requires layered defences — identity infrastructure, authorship policy, contribution disclosure, and shared publisher intelligence — working together, because no single layer was designed to catch what the others miss.