The OpenID Foundation calls for coordinated standards as digital estates create growing challenges for families, platforms, and legal systems.

What happens to your Gmail account when you die? Your cryptocurrency? Your family photos in the cloud?

If you don't have a clear answer, you're not alone. Despite our increasingly digital lives, there are no consistent global standards for managing digital assets after death. The result is that families are locked out of irreplaceable memories, executors face legal grey areas, and platforms build solutions that don't work together.

Today, the OpenID Foundation released The Unfinished Digital Estate - the first comprehensive framework addressing this universal challenge. Developed by the foundation’s Death and the Digital Estate (DADE) Community Group, the report doesn't just document the problem. It calls for coordinated action across governments, technology platforms, and industries to build the infrastructure we need.

Alongside it, the DADE Community Group has published a practical Digital Estate Planning Guide, a useful resource for individuals and the organizations that serve them, from estate lawyers to financial advisers. But as the report makes clear, even the best individual planning can fail without the right infrastructure behind it.

Even perfect planning fails

Email accounts, cryptocurrency, cloud photos, social media profiles, and connected devices routinely outlive their owners. Yet the systems meant to manage inheritance weren't designed for them.

Comprehensive estate planning can't solve this alone. You can document every password, designate a legacy contact, and write detailed instructions, but if platforms don't have interoperable systems to transfer access, if inheritance law doesn't recognize digital property, if there's no standardized way to verify death across borders, then any kind of planning still fails.

Death certificates take 10-12 business days to issue, a long time in digital terms, and during this time accounts remain vulnerable. Only 36% of Americans use password managers. And platform approaches vary wildly. Some offer limited legacy tools with low adoption, others direct families to use deceased passwords (often illegally), and most provide no process at all.

Government responses are equally fragmented. The US Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) model provides partial fiduciary access, but defaults to platform terms of service. This means that the policies of major tech giants can override executor legal authority. Japan encourages credential documentation. Europe explores harmonization. No jurisdiction has solved this comprehensively.

Cultural differences add complexity. Some societies emphasize privacy (delete data after death), others prioritize property rights (transfer assets). Digital estates blur traditional boundaries between property, identity, and personal data, and solutions must respect this diversity while enabling interoperability.

AI deepfakes add an urgent new dimension

Artificial intelligence can now create avatars and deepfakes of deceased individuals without consent frameworks. These unauthorized recreations have generated legal disputes, yet no mechanisms exist for people to specify whether, or how, their likeness should be used after death.

Using social media data, AI can recreate how someone looked, sounded, and acted. Research shows these AI recreations can harm grieving families psychologically. Yet laws controlling posthumous use of someone's likeness vary by location. Many jurisdictions have none.

Adding new complications to an already broken system makes coordinated action urgent.

What's needed from each sector

The report proposes specific actions:

Policymakers should:

• Formally recognize digital assets in inheritance law
• Clarify identity rights and privacy protections after death
• Create frameworks addressing cross border digital property.

Technology platforms should:

• Develop proper on-behalf-of delegation (beyond credential sharing)
• Implement verifiable processes for death and incapacitation
• Provide users with posthumous data controls
• Build systems with clear consent and auditability.

Standards bodies should:

• Design interoperable delegation protocols
• Create verifiable triggers for incapacity or death
• Develop trust frameworks respecting cultural diversity.

While promising technical approaches exist, including guardianship credentials from Sovrin, delegation frameworks from Kantara Initiative, and death registration integrations within MOSIP, these efforts remain isolated and don't interoperate.

Perspectives from the co-authors of the report

Dean H. Saxe, founder of the DADE Community Group, and co-author of the whitepaper, said: “This affects every internet user eventually, yet platforms treat death as an edge case. We have standards for authentication, authorization, and digital consent. We need the same coordinated approach for what happens when users die, before AI deepfakes make this even more complicated.”

Eve Maler, co-chair of the DADE Community Group and founder of paper sponsor Venn Factory, said: “Each of us has a sizable digital estate in addition to physical and financial assets. These online artifacts get caught up in the death of their owner, causing anguish for family members who need to access bank accounts and share news with social connections in the middle of many other trying tasks. Standard protocols have eased the way for safe and secure online interactions over the last couple of decades. It’s now time for standards to ease and secure the difficult transitions that everyone in the connected world will experience eventually.”

Co-author of the whitepaper, Heather Flanagan, said: “This isn’t just about memorial pages or sentimental data. Digital accounts now control financial assets, health information, intellectual property, and even AI-generated representations of a person. Treating death as an edge case in identity systems is ignoring a very real problem. Incapacity and death need to be handled as standard lifecycle events, with clear delegation, consent, and revocation models, not left to inconsistent platform policies that ultimately harm people.”

Mike Kiser, co-chair of the DADE Community Group and co-author of the whitepaper, said: “Most people do not enjoy talking about death and the end of life, and yet it is a reality that everyone must face. In a world in which most people spend upwards of eighteen years online, it is time for us to reckon with the idea that digital estates linger on: financial resources, creative works, and the like. Safeguarding these against exploitation and providing technological and legal pathways for their proper handling is no longer optional—particularly in the era of AI surrogacy. Ultimately, safeguarding human identity, authenticity, and dignity through standards and protocols is a concrete expression of the value we place on human authenticity and dignity. It's time for us to have a conversation about death and the digital estate.”

What to do next? 

The Death and Digital Estate Community Group -  led by Dean H. Saxe, Mike Kiser, and Eve Maler - is seeking contributors from:

• Government agencies
• Legal services (estate planning, privacy law)
• Insurance and financial services
• Healthcare systems
• Technology platforms
• Death care professionals

Each sector brings critical expertise. Legal professionals understand jurisdiction challenges. Financial services deal with fiduciary duty. Healthcare confronts incapacitation scenarios. Platforms understand technical constraints. Governments can harmonize policy frameworks. Death care professionals understand cultural practices.

Together, these perspectives can build comprehensive, interoperable, culturally sensitive standards that actually work. 

The Digital Estate Planning Guide is a practical starting point for individuals and the professionals who advise them. But individual preparation can only go so far, which is why building the underlying standards matters.

For those already contributing to the community group, the need is clear. Richard Zack, DADE community group member and CEO of the digital estate and legacy management platform, Eternal Me, said: “Digital estates are often treated as an afterthought in traditional planning. Yet our lives now live online, and families deserve clarity, security, and access when it matters most. DADE’s leadership in elevating standards and focusing attention on this issue is both timely and essential. Digital legacy is not a footnote. It is foundational.”

Come and talk to us in 2026

Representatives from the DADE Community Group will be available for informal discussions at identity and technology events throughout 2026, providing opportunities to ask questions, discuss sector specific challenges, and explore how experts could contribute.

Check the events schedule here to connect with the representatives, or get in touch by email: help@oidf.org

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 - the FAPI standard for interoperable, high security - has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.