Skip to content

Digital legacy

A modern UK estate is no longer just a house, a car, and a few bank accounts. It is also several email addresses, dozens of subscriptions, photos held on three different cloud services, social-media profiles, and — for a growing minority — meaningful sums in cryptocurrency or non-fungible tokens. The administrative work of dying has acquired a digital layer that did not exist a decade ago, and the practical mechanics of dealing with it are unfamiliar to almost everyone doing it for the first time.

This guide is in two halves. The first half is for executors and family already dealing with a death — what to do with the phone, how to handle the major platforms, what cryptocurrency requires, and how to find assets that have no physical paper trail. The second half is for people planning ahead, where the time invested today saves the family weeks of administrative work later.

The companion guide Managing a deceased person's social media covers the platform-by-platform processes for memorialising or removing accounts in more depth.

If you can only do one thing today: secure the deceased's phone, keep it charged, and do not factory-reset it or cancel the SIM. The phone is normally the single most important key to the entire digital estate — it holds the multi-factor-authentication codes that unlock everything else. Losing it means rebuilding access to every account through formal recovery processes that take weeks.

The phone, and why it matters more than the platforms

Most guides to digital legacy start with the platforms. This one starts with the device, because in practice the device is where families get stuck.

The reason is multi-factor authentication (MFA, sometimes called two-step or two-factor verification). Even where the executor knows the deceased's password, most modern accounts require a second proof: a code by SMS, a push notification, or a code from an authenticator app on the phone. The second factor almost always lives on the device. If the device is wiped, returned to a network provider, or the SIM is cancelled, the second factor is gone — and so is access to every account that uses it. Recovery without the second factor requires a formal request to each provider with legal documents, taking weeks per account.

Practical steps in the first 48 hours:

  • Keep the phone charged. Plug it in. Set it down somewhere safe.
  • Do not factory-reset. Once a device is reset, the link to the cloud account and the stored credentials are gone.
  • Do not guess the passcode repeatedly. Most devices lock permanently after enough wrong attempts (Apple devices disable after 10 incorrect tries). If a partner's biometric is already enrolled on the device, use that to unlock now while it still works — a passcode is required after a period of inactivity.
  • Look for a password manager on the device — 1Password, Bitwarden, LastPass, or the built-in iCloud Keychain or Google Password Manager. A single biometric unlock to a manager can solve most of the digital estate in one step.
  • Look for an authenticator app — Google Authenticator, Microsoft Authenticator, Authy, or a built-in code generator. Codes change every 30 seconds; once the device is locked, those codes are unrecoverable.

The SIM card matters separately from the device:

  • Contact the mobile provider, explain the death, and ask them to keep the number active on the cheapest available tariff while the digital estate is being wound up. The number receives SMS verification codes that the family will need.
  • Most providers will, with a death certificate, transfer the number onto a new SIM in a family member's name. Useful when the device itself is locked and the SMS codes are needed for unrelated accounts.
  • Do not port the number away or cancel the contract until the digital estate is wound up. This typically takes several weeks.

What the law says: the 2025 Act

In England, Wales, and Northern Ireland, the legal position on digital assets changed materially in December 2025 when the Property (Digital Assets etc) Act 2025 received Royal Assent. The Act formally recognises certain digital assets — including crypto-tokens, non-fungible tokens, and other digital things — as a category of personal property under UK law, ending a long period in which their legal status was determined case-by-case. [source: legislation-gov-uk/property-digital-assets-act-2025-2026-05-02.html]

In practical terms for an executor:

  • Qualifying digital assets are part of the estate, included in the grant of probate application, and distributed under the will or intestacy rules like any other asset.
  • A request to a platform can now be framed as a property claim by the legal personal representative, not as a request for "account access" — a stronger legal footing, particularly when dealing with US-headquartered platforms whose default is to refuse access.
  • Cryptocurrency on a custodial exchange (Coinbase, Binance, Kraken) is treated as a debt owed by the exchange to the estate, similar to a bank balance.

What the Act does not do: override the terms of service of any platform; force a provider to hand over login credentials; recover a lost cryptocurrency private key; or apply in Scotland (where separate consultation is in train but no equivalent statute is yet in force — Scottish executors continue under the existing common-law and confirmation route).

The Computer Misuse Act 1990 continues to apply across the UK and is the reason that logging in to a deceased person's account using their password carries real risk, even where the intent is purely to administer the estate. Prosecutions are rare in this context, but the Act covers unauthorised access to a computer regardless of motive, and a dispute between family members or an allegation of mismanagement can make the question relevant. The safer route in almost every case is the platform's official bereavement process — slower, but legally clean. [source: legislation-gov-uk/computer-misuse-act-1990-2026-05-02.html]

The Data Protection Act 2018 and UK GDPR do not protect a deceased person's data — both apply only to living individuals. This means platforms are not legally required to disclose a deceased user's data to family but are also not prohibited from doing so. Each provider sets its own bereavement policy. [source: ico/deceased-persons-2026-05-02.html]

Platform-by-platform: the major routes

Each large platform handles bereavement differently. The common thread: none will share the deceased's password. They will provide data as a download, close the account, or memorialise it — and every option needs a death certificate and proof of the requester's identity. The detailed per-platform processes (including for X, LinkedIn, TikTok, Snapchat, WhatsApp) are in the companion guide Managing a deceased person's social media; this section covers the four platforms that hold the most consequential data.

Apple (iCloud, Photos, Messages, App Store)

With a Legacy Contact pre-arranged (see the Legacy Contact entity): the nominated person uses their access key plus a death certificate to request a download of the deceased's iCloud data through Apple's Digital Legacy portal. Photos, notes, messages stored in iCloud, and files are included. The Apple ID itself is then closed. Typical turnaround: 1 to 4 weeks. [source: apple/digital-legacy-2026-05-02.html]

Without a Legacy Contact: requires a court order naming the requester as the rightful person to access the data, plus the death certificate and ID. Under the 2025 Act the application can be framed as a property claim of the estate, which strengthens the legal basis. Apple does not unlock the device itself or provide passwords; the output is an archive of cloud data. [source: apple/digital-legacy-2026-05-02.html]

Activation Lock: Apple devices with Activation Lock cannot be reset and reused without the original Apple ID credentials or proof of ownership submitted to Apple Support with the death certificate.

Google (Gmail, Drive, Photos, YouTube)

Three routes:

  • Inactive Account Manager set up in advance (see the Legacy Contact entity): Google automatically shares data with the nominated contact (or deletes the account) after a period of inactivity chosen by the user, between 3 and 18 months. [source: google/inactive-account-manager-2026-05-02.html]
  • Request access to data without prior planning: a formal request to Google with a death certificate, government ID, proof of relationship, and the Gmail address. Reviewed individually; typical turnaround 2 to 6 weeks.
  • Request account deletion without data download: same documentation, faster turnaround.

YouTube channels with revenue are a separate case: a monetised channel is a financial asset. Contact the YouTube Partner Programme support team — the channel may continue to generate advertising income that belongs to the estate.

Meta (Facebook, Instagram, WhatsApp)

Two options for Facebook and Instagram:

  • Memorialise — adds a "Remembering" label above the profile name; nobody can log in; existing posts remain visible; a pre-arranged Legacy Contact can manage limited aspects (pin a tribute post, respond to friend requests, update the profile photo) but cannot read private messages.
  • Remove permanently — submit a request with proof of death and the profile URL. Typical turnaround 1 to 2 weeks. Permanent and irreversible. [source: meta/memorialised-accounts-2026-05-02.html]

Instagram has its own equivalent process under the same Meta umbrella. WhatsApp has neither memorialisation nor a remote bereavement process — it can only be deleted from within the app on the device itself, which means an unlocked phone is needed.

Microsoft (Outlook, OneDrive, Xbox)

Formal request with death certificate, court order, ID, and the Microsoft account email. Microsoft will provide a download of data from Outlook, OneDrive, and associated services. Typical turnaround 4 to 8 weeks. The 2025 Act characterisation of OneDrive files as estate property may strengthen the application. Xbox accounts may hold non-trivial value in purchased games and in-game items; mention this specifically in the request.

LinkedIn

One option: permanent removal of the profile by the executor or another authorised representative. Requires the profile URL, proof of death, and details of the requester's relationship. Typical turnaround 1 to 2 weeks. LinkedIn does not provide data downloads to family; if employment history is needed for probate, screenshot the profile before requesting removal.

Cryptocurrency and other digital financial assets

The area where most money can be lost permanently. The handling depends entirely on how the deceased held the assets:

On a custodial exchange (Coinbase, Binance, Kraken, etc.) — the exchange is a custodian, similar to a bank. Under the 2025 Act the balances are property of the estate and the exchange owes the estate the value of the assets. Each exchange has its own bereavement process; all require a death certificate, the grant of probate (or letters of administration), and the executor's ID. The legal position is straightforward: these are estate assets and the exchange must release them to the legal personal representative.

Look for evidence of exchange use in the deceased's bank statements (recurring payments to Coinbase, Revolut, Wise) and email inbox (search for "Coinbase," "Binance," "KYC," "verification," "wallet").

In a personal (non-custodial) wallet — a hardware device (Ledger, Trezor) or a software wallet on a phone or computer — there is no company to contact. The assets are controlled by a private key or recovery phrase (typically 12 or 24 words). Without the recovery phrase, the assets are permanently inaccessible. No court order, no Act of Parliament, and no technology company can recover them. This is how cryptocurrency works by design.

Where to look for recovery phrases: the deceased's safe or filing cabinet, sealed envelopes kept with the will, password managers, encrypted notes apps. Some people store seed phrases in metal plates intended to survive fire; others on plain paper labelled "seed phrase" or "recovery words."

Critical safety warning: never enter a recovery phrase into any website found via a search engine. Scam websites specifically target bereaved families searching for "crypto recovery" or "wallet recovery service" and will drain whatever is in the wallet within seconds. Legitimate recovery means entering the phrase directly into the official wallet software (Ledger Live, Trezor Suite) on a secure device the executor controls. If the executor is not confident doing this, a solicitor specialising in digital assets is the right route — not an online "recovery service."

NFTs and other tokens follow the same pattern: on a marketplace the marketplace is the contact point; in a personal wallet the private key is required. The 2025 Act strengthens the legal characterisation as property of the estate but does not solve the access problem.

Finding assets that have no physical paper trail

Many digital assets generate no letter, no card, no statement. The only evidence is a transaction line in an email inbox or a small recurring debit on a bank statement. Where the executor has access to the deceased's email (via a legacy contact or a specific data request), a few targeted searches surface most of what would otherwise be missed:

Payment and revenue keywords: "royalty", "payout", "earnings", "payment received", "withdrawal", "deposit", "Stripe", "PayPal", "Wise", "Revolut".

Subscription and asset keywords: "renewal", "subscription", "domain", "hosting", "your account", "annual fee", "storage plan".

Crypto and investment keywords: "wallet", "exchange", "KYC", "verification", "Coinbase", "Binance", "Ledger", "eToro", "trading".

Content / IP keywords: "ad revenue", "monetisation", "affiliate", "royalty statement", "Kindle Direct Publishing", "Shutterstock", "YouTube Partner".

Bank and credit-card statements are the second source — recurring debits to web hosting, domain registrars, app subscriptions, or unfamiliar names often point to assets the family did not know existed. A monetised blog, a domain name, a stock-photo library, or a long-running Patreon page can have value.

Specific places families miss:

  • YouTube channels with regular views may earn ongoing advertising revenue.
  • Gaming accounts (Steam, PlayStation, Xbox) may contain hundreds of pounds in purchased games — though most platform terms treat these as non-transferable licences rather than owned property.
  • Domain names at GoDaddy, Namecheap, 123 Reg may have commercial value.
  • Online marketplaces (eBay, Etsy, Amazon Seller, Vinted) may have open orders, pending payments, or stock.
  • Cloud storage (Drive, Dropbox, iCloud) may contain unpublished manuscripts, photography archives, or business records relevant to the estate.

Cross-border friction

Most major platforms are headquartered in the United States. The general position is that they accept a UK grant of probate or Scottish confirmation, but Apple and Microsoft in particular have been known to query whether a UK probate document gives sufficient authority over data held on US servers. This does not happen in every case but it can delay larger or more complex estates.

Practical steps where a US-based platform pushes back:

  • Apostille the grant of probate. An apostille is an international authentication certificate issued by the Foreign, Commonwealth and Development Office in the UK; it certifies a UK legal document for use abroad and makes acceptance by US legal teams more straightforward.
  • A Letter of Authority from the solicitor addressed specifically to the platform's legal department, referencing the grant, the deceased's account details, and (where in scope) the 2025 Act basis for the property claim.
  • Expect separate processes by region. Some platforms route UK requests through a UK or European office; others send everything to the US headquarters. Response times vary accordingly.

For most estates the standard bereavement process at each platform works without any of this. The above matters when the estate involves significant digital assets, multiple platforms, or any platform pushback.

Planning ahead — the half-hour version

The single highest-value piece of estate planning anyone can do for their family is to set up legacy contacts on the major platforms while alive. The mechanics take a few minutes per platform; the saving for the family is weeks of administrative work later.

  • Apple: Settings → [Your Name] → Sign-In & Security → Legacy Contact. Generate the access key. Share it with the chosen contact (or print it and store with the will).
  • Google: myaccount.google.com → Data and Privacy → Make a plan for your digital legacy. Configure the inactivity period (3 to 18 months) and the trusted contacts.
  • Meta (Facebook): Settings → Memorialisation Settings. Choose the legacy contact who will manage the memorialised profile.
  • List the accounts the family will need to know about — without passwords, which often violate platform terms of service. The list goes in a sealed envelope with the will, or in a password manager whose master password and emergency-access feature the executor knows about.
  • Cryptocurrency: write down recovery phrases and store them physically separate from the devices. Tell the executor (or the most-trusted family member) where to find them. If the recovery phrase is lost the asset is lost — there is no recovery process for non-custodial wallets.
  • Add a digital-legacy paragraph to the will or the letter of wishes. Not legally binding on the platforms but practically influential, and now sitting under the 2025 Act framework.

A half-hour today removes weeks of friction from the family's worst month.

A few things worth knowing

  • Don't rush to close the email account. Important correspondence, password-reset emails for other accounts, and financial statements arrive for months. Keep the primary email open until the estate is fully wound up.
  • Social-media grief is real. Profiles appearing in "Memories" or "People you may know" can be acutely painful. Memorialise or remove when the family is ready, not because someone says it should be done.
  • Terms of service are not the final word. Platform bereavement specialists usually have more flexibility than the published policy suggests. Be patient, be clear about what is needed, and escalate where the first responder cannot help.
  • Small subscriptions add up. A streaming bundle, a cloud-storage plan, three apps, and a gym subscription can easily reach £50 a month against the deceased's accounts as part of the digital estate. Bank statements surface most of them; cancel what is no longer needed.

What this guide doesn't cover

  • The per-platform memorialisation and removal mechanics in detail — see Managing a deceased person's social media.
  • The legal framework of probate in England and Wales / Northern Ireland — see How to apply for probate and Do I need probate?.
  • Specialist cryptocurrency advice — outside the scope of a wiki; instruct a solicitor with digital-assets experience for any meaningful holding.
  • Data recovery from physically-damaged devices — specialist forensic-recovery firms operate in this space; success and cost vary widely.

If you're struggling, you don't have to do this alone. Samaritans (116 123, 24/7) | Cruse Bereavement Care (0808 808 1677) | Mind (0300 123 3393)

Next: Managing a deceased person's social media

Last verified: 2 May 2026 against the Property (Digital Assets etc) Act 2025, the Computer Misuse Act 1990, and the published bereavement guidance of Apple, Google, and Meta.