OpenID Foundation warns ‘death verification’ is identity’s biggest unsolved problem

A new report from the OpenID Foundation is urging governments and technology providers to address what it calls a major blind spot in digital identity systems: what happens to online identities when their owners die.

The standards body says governments and technology providers urgently need to develop interoperable standards for managing digital identities and assets after death.

In its whitepaper, The Unfinished Digital Estate, the foundation argues that identity infrastructure has solved authentication, authorisation and multi-factor authentication – but completely lacks mechanisms for death verification, posthumous delegation, and incapacitation handling.

The report warns that this gap leaves families, executors, and platforms navigating fragmented processes with little legal or technical consistency.

“This issue affects every internet user eventually, yet platforms treat death as an edge case,” said Dean H. Saxe, co-author of the report and founder of the organisation’s Death and Digital Estate Community Group. “We have standards for authentication, authorisation, and digital consent. We need the same coordinated approach for what happens when users die.”

Identity systems built for life – not death

Citizens increasingly rely on digital accounts to access public services, financial systems, healthcare records, property information and benefits. Yet once a user dies, most digital platforms lack reliable mechanisms for confirming death or transferring authority to executors or family members. Instead, processes remain inconsistent across jurisdictions and providers.

The report notes that some platforms provide “legacy contact” tools. Others instruct families to log in using the deceased person’s credentials — a practice that may violate platform terms of service or local law. Many services provide no formal process at all.

A major technical barrier is that death itself has no consistent digital verification framework.

Death certificates differ significantly between countries, often take 10-12 days to issue, and can be forged. Critically, there is no global digital standard for verifying them within online systems.

For identity systems built around strong authentication, including passkeys and device-bound credentials, this can make account access effectively impossible after death.

The report raises further challenges for identity architects, including how to:

• Verify incapacitation when the user cannot authenticate
• Delegate authority when the delegator is deceased
• Manage passkeys and credential managers that die with their owner
• Provide auditable “on-behalf-of” access for executors.

AI deepfakes raise the stakes

The report also warns that emerging artificial intelligence (AI) technologies are creating new identity risks after death. Gen AI tools can now recreate realistic avatars or voice clones of deceased individuals, raising questions about consent and identity rights.

Without clear governance frameworks, the authors argue, individuals may have little control over how their likeness or data is used posthumously.

The OpenID Foundation is now calling for collaboration across governments, technology providers and standards bodies to develop interoperable solutions.

The report recommends that policymakers formally recognise digital assets in inheritance law, clarify identity and privacy rights after death, and establish frameworks capable of handling cross-border digital property.

The organisation also wants tech firms to build systems that move beyond credential sharing and support verifiable delegation models with clear consent, revocation and audit mechanisms.

Standards organisations should develop interoperable protocols for delegation, verifiable death or incapacity triggers, and trust frameworks for fiduciary credentials, the report says.

Some initiatives exist, including delegation work from the Kantara Initiative and digital public infrastructure efforts such as MOSIP, but these remain fragmented, it adds.