Digital Assets in Estate Planning: Legal Authority and RUFADAA

Digital assets — ranging from cryptocurrency wallets and online brokerage accounts to email archives and social media profiles — present a distinct challenge within estate planning legal frameworks because traditional property law was not drafted to address access credentials, platform terms of service, or blockchain-based ownership. The Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), adopted by the Uniform Law Commission in 2015, established the primary statutory structure governing fiduciary access to these assets across the United States. This page covers RUFADAA's scope and authority, how the disclosure framework operates in practice, the asset categories it touches, and the legal boundaries that separate fiduciary access from unauthorized computer access under federal law.

Definition and scope

Digital assets in the estate planning context are broadly defined as electronic records in which an individual holds a right or interest (Uniform Law Commission, RUFADAA §2(10)). That definition captures:

• Cryptocurrency and digital tokens — private keys, wallet addresses, and exchange accounts
• Online financial accounts — brokerage, banking, and PayPal-style payment platforms
• Email and communications — Gmail, iCloud Mail, and equivalent messaging services
• Social media accounts — Facebook, Instagram, LinkedIn profiles
• Intellectual property stored digitally — domain names, self-published content, royalty streams
• Loyalty and rewards programs — airline miles, hotel points, and retailer credit balances
• Cloud-stored files — documents, photographs, and media libraries

The scope deliberately excludes underlying assets accessed through a digital platform — a brokerage account's securities are governed by securities law; the digital account enabling access is what RUFADAA controls.

As of 2024, 47 states, the District of Columbia, and the U.S. Virgin Islands had enacted RUFADAA or a close variant (Uniform Law Commission, RUFADAA Legislative Fact Sheet). Three states retained earlier, pre-RUFADAA statutes with narrower access provisions. The distinctions across those jurisdictions matter when an estate spans multiple states — a cross-jurisdictional problem addressed more fully on federal vs. state estate law.

RUFADAA intersects with two federal statutes: the Stored Communications Act (SCA), 18 U.S.C. §§ 2701–2712, which restricts disclosure of electronic communications, and the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, which criminalizes unauthorized computer access. RUFADAA was drafted expressly to permit fiduciary access without triggering CFAA liability when the decedent or account holder has authorized access through proper legal instruments.

How it works

RUFADAA establishes a three-tier hierarchy of user intent that custodians (platforms and service providers) must follow when evaluating a fiduciary's access request:

1. Tier 1 — Online tool designation. If the account holder used the custodian's own built-in legacy-planning tool (Google's Inactive Account Manager, Facebook's Legacy Contact) to designate a fiduciary or specify disclosure preferences, that designation controls above all other instruments.

2. Tier 2 — Estate planning document. If no online tool designation exists, the account holder's will, trust, power of attorney, or advance directive governs — provided the document expressly addresses digital asset access. Silence in the instrument is treated as no affirmative grant. This is a critical drafting point: a will that does not specifically authorize digital asset disclosure grants the executor no greater right than the general public under Tier 2.

3. Tier 3 — Platform terms of service. Where neither a tool designation nor an estate planning document addresses access, the custodian's own terms of service default apply. Most major platforms default to non-disclosure or account deletion in the absence of contrary instructions.

The fiduciary requesting access must submit a written request accompanied by:
- A certified copy of the letters testamentary, letters of administration, or trust certification establishing fiduciary authority
- A copy of the relevant estate planning instrument (if relying on Tier 2)
- Government-issued identification

Custodians may respond by providing a catalogue (a list of what an account contains) without disclosing full content, particularly for electronic communications — the SCA imposes additional consent requirements before the substance of private communications may be released even to authorized fiduciaries.

The fiduciary duty in estate planning does not expand automatically upon death to cover digital asset access; fiduciaries must actively establish authority under each applicable tier.

Common scenarios

Cryptocurrency without documented private keys. A decedent holds Bitcoin in a self-custodied hardware wallet. RUFADAA grants the executor authority to access the account if it exists on an exchange, but private keys stored offline are treated as physical property. Recovery depends entirely on whether the decedent documented seed phrases in a secure estate planning instrument. RUFADAA provides no mechanism to compel a blockchain network to restore access.

Executor versus platform terms of service conflict. A decedent's email account is governed by a platform whose terms of service designate all content as non-transferable. Under RUFADAA's three-tier structure, if the decedent left no online tool designation and the will is silent on digital assets, the platform terms control — and the executor may receive only a catalogue, not content. This outcome is resolved only if the will expressly grants digital asset access under Tier 2.

Agent under power of attorney during incapacity. RUFADAA applies not only at death but also during lifetime incapacity. An agent holding a durable power of attorney may request access to a principal's digital assets if the power of attorney expressly grants that authority. A general "all assets" clause drafted before RUFADAA's enactment in the applicable state may be insufficient without explicit digital language, depending on state-specific adoption language.

Social media memorialization. Facebook, Instagram, and similar platforms maintain formal memorialization request procedures separate from RUFADAA. The platforms treat the memorialized state as a Tier 1 online-tool outcome, superseding estate planning documents that seek account deletion or content transfer. Families seeking deletion rather than memorialization must specifically designate that preference through the platform's native tool.

Trust administration and digital business assets. A revocable living trust that becomes irrevocable at death may hold domain names, online storefronts, or subscription-based content businesses. The trustee's access rights under RUFADAA parallel executor rights — but only if the trust instrument names digital assets or uses sufficiently broad asset language. Trust law foundations and the non-probate asset law framework both bear on whether digital business assets flow through the trust or require separate probate.

Decision boundaries

RUFADAA defines the outer boundary of fiduciary authority over digital assets, but four distinct legal constraints limit or shape how that authority operates in practice:

1. Federal preemption via the Stored Communications Act. The SCA creates a content/catalogue distinction that RUFADAA cannot override. Custodians may disclose the existence and metadata of electronic communications to authorized fiduciaries, but disclosure of communication content requires either the account holder's prior consent (documented in a Tier 1 or Tier 2 instrument) or a court order. A will that says "executor may access all digital assets" may still not satisfy the SCA's consent requirement for email content absent more specific language.

2. CFAA liability boundaries. Accessing a digital account without authorization — even by a fiduciary who believes they have authority — may constitute a CFAA violation if the fiduciary uses the decedent's own credentials without the custodian's authorization. RUFADAA's protective structure requires the fiduciary to go through the custodian rather than bypass the platform using stored passwords.

3. Jurisdictional gaps in non-adopting states. Estates administered in the 3 states without RUFADAA have no uniform statutory framework. Fiduciaries in those states typically rely on probate court orders for access, which may or may not compel custodian compliance given SCA preemption arguments. The probate court system and uniform laws in estate planning pages provide additional context on how jurisdictional gaps affect administration.

4. Asset classification versus account access. RUFADAA grants access to digital accounts; it does not resolve ownership of the underlying digital property. Cryptocurrency ownership turns on blockchain record and private key possession, not fiduciary paperwork. NFTs, tokenized real estate, and similar blockchain-native instruments may require separate legal instruments — including assignment documents and smart contract interaction — to complete a lawful transfer to beneficiaries. The distinction between accessing an account and transferring the asset held inside it is not resolved by RUFADAA alone.

Comparison: RUFADAA Tier 2 (Will Language) vs. Tier 1 (Online Tool)

The practical implication of this comparison is that an online tool designation made years before an estate plan revision may override the revised will — a coordination failure that represents one of the most common digital asset administration errors identified by the Uniform Law Commission in its post-enactment guidance.