An executor in England and Wales has a legal duty to gather digital assets. A separate criminal statute makes accessing them without prior authorisation an offence punishable by up to two years in prison.
What follows is a briefing on the law as it stands for solicitors, IFAs, and executors handling estates with digital components. It is written for professionals who already know the territory and want a precise statement of where the law currently sits, what the 2025 Property (Digital Assets etc) Act has and has not changed, and why pre-arranged authorisation remains the only reliable way to keep an executor's actions inside the law. The shape of the gap is structural, not technical, and a recent Act of Parliament has not closed it.
ALL FIGURES PINNED TO PRIMARY OR NEAR-PRIMARY SOURCES.
SEE [1]–[5] AT THE FOOT OF THIS BRIEFING.
Two statutes sit in tension at the moment an executor in England and Wales is asked to administer an estate with digital components.
The first is the Administration of Estates Act 1925. Under that Act, a personal representative has a positive duty to collect, value, and administer the deceased's assets. This includes, by any sensible reading, digital assets: photographs, documents, cryptocurrency holdings, online accounts of monetary or sentimental value, and the records of those holdings stored on personal devices. The duty is not optional. An executor who fails to gather assets they reasonably knew or should have known about may be in breach of trust.[2]
The second is the Computer Misuse Act 1990. Section 1 of that Act creates the offence of unauthorised access to computer material. The offence is committed when a person causes a computer to perform any function with intent to secure access to a program or data, the access is unauthorised, and the person knows it is unauthorised at the time. The maximum penalty on indictment is two years' imprisonment, a fine, or both.[1]
The Crown Prosecution Service's published guidance on the Act is explicit on what counts as unauthorised access. It includes "using another person's username or identifier (ID) and password without proper authority to access data or a program."[1] An executor who logs into a deceased account holder's iCloud, Google, or banking application with a passphrase the deceased never explicitly delegated, however well-meaning the purpose, is performing an act the statute defines as a criminal offence.
The two duties do not contradict each other on paper. The Administration of Estates Act tells the executor what they must do. The Computer Misuse Act tells them what they cannot do without authorisation. The gap between the two is the deceased's missing authorisation. In practice, this means an executor's lawful position depends entirely on whether the deceased put something in writing.
The Bill that did not pass
This gap is well known to the profession. The Society of Trust and Estate Practitioners and Queen Mary University of London surveyed estate practitioners in 2021. Roughly a quarter reported having encountered client cases where digital access was the obstacle.[5] In January 2022, Ian Paisley Jr, MP for North Antrim, brought the Digital Devices (Access for Next of Kin) Bill before the House of Commons under the Ten Minute Rule procedure. Its purpose was to grant next of kin an automatic right of access to a deceased or incapacitated person's digital devices and to place a corresponding duty on technology companies to assist.[3]
Even a grant of probate may not be sufficient to enable the executors to obtain legal title to a deceased person's digital content.
From Paisley's address to the House on 18 January 2022. The Bill received its second reading on 6 May 2022. The 2021–22 Parliamentary session was prorogued before further progress could be made. The Bill made no further progress and has not been reintroduced.[3]
The Act that did pass
On 2 December 2025, the Property (Digital Assets etc) Act 2025 received Royal Assent and entered into force the same day.[4] The Act is brief. Its operative clause confirms that a thing, including a thing that is digital or electronic in nature, is not prevented from being the object of personal property rights merely because it falls outside the two traditional categories of English law: things in possession (physical objects) and things in action (rights enforceable through litigation). The Act establishes, in statute, a "third category" of personal property capable of including cryptocurrencies, NFTs, and similar digital holdings.[4]
This is a meaningful clarification. Before the Act, the question of whether a Bitcoin wallet or an NFT was capable of being inherited at all rested on common law that several judgments had moved in the right direction without resolving definitively. The Act removes that uncertainty.
The Act does not address the Computer Misuse Act. It does not grant executors a right of access to a deceased person's devices. It does not impose any duty on technology platforms. It addresses the prior question of what is and is not capable of being property, which is a different question to who can lawfully access it.
For the executor in England and Wales in 2026, the practical position after the Act is the same as the practical position before the Act, in one respect that matters: holding lawful title to a digital asset is not the same as holding the credentials to reach it.
The practical reality
The platforms have, in the years since the Bush case (Holdfast Case Dossier Nº 04, 2016), developed their own legacy mechanisms. Apple's Digital Legacy programme, Google's Inactive Account Manager, Facebook's Legacy Contact, and similar tools at Microsoft and elsewhere allow an account holder to nominate, in advance, a person who can request access to defined data after the holder's death. Each programme has its own scope, its own evidentiary requirements, and its own exclusions. None of them is integrated with the others. None of them is statutorily mandated.[6]
For the practitioner, three observations follow:
First, the safest position for an executor is one in which the deceased has, in their lifetime, given written authorisation for a named person to access specified accounts. This authorisation can be embedded in a will, in a separate letter of wishes, or in a digital estate manager that delivers credentials and instructions to a nominated recipient on a defined trigger. Where such authorisation exists, the unauthorised-access element of the Computer Misuse Act offence is absent.
Second, where no such authorisation exists, a grant of probate does not, on its own, cure the problem. The Hansard quote above captures the position precisely. Probate establishes the executor's authority over the estate. It does not, by itself, override the unauthorised-access offence under the CMA, nor does it override the contractual terms each platform imposes on account access. The executor is left to negotiate with each platform individually under each platform's own bereavement procedures.
Third, the next legislative reform on this question is not yet on the order paper. The Property (Digital Assets etc) Act 2025 has settled the property question. The access question, last meaningfully addressed by Paisley's 2022 Bill, has not been picked up. There is no announced government Bill addressing executor access to digital devices. The gap is not going to close on its own.
Property and access are different problems. The Property (Digital Assets etc) Act 2025 has resolved who can own a digital asset. It has not resolved who can lawfully reach one. An executor whose probate establishes title still needs the credentials, and obtaining them is governed by a different statute.
Pre-arranged authorisation is not a nice-to-have. It is the element that takes an executor's actions outside the scope of the Computer Misuse Act. Where a deceased client has explicitly authorised a named person, in writing, to access specified accounts after death, the unauthorised-access offence is not made out. Where no such authorisation exists, the executor is operating in a grey area at best and a criminal offence at worst.
Platform legacy mechanisms are useful but partial. Apple's Digital Legacy, Google's Inactive Account Manager, and similar programmes work only for the platforms that offer them, only for the data those platforms choose to release, and only when the deceased set them up in advance. They do not compose across providers and they do not displace the underlying legal position. Pre-arranged delegation by the account holder is what they require, in different forms.
The reform agenda has stalled on the access question. The Digital Devices (Access for Next of Kin) Bill of 2022 is no longer before Parliament and has not been reintroduced. There is no announced timetable for further legislation specifically addressing executor access. Practitioners should plan their advice around the law as it currently stands rather than around legislation that may or may not arrive.
- [1] Computer Misuse Act 1990, Section 1 (Unauthorised Access to Computer Material). Maximum penalty on indictment: two years imprisonment, a fine, or both. Source: legislation.gov.uk, ukpga/1990/18/section/1. CPS legal guidance on the Act: cps.gov.uk/legal-guidance/computer-misuse-act.
- [2] Administration of Estates Act 1925. Establishes the personal representative's duty to collect, value, and administer the deceased's assets. Source: legislation.gov.uk, ukpga/Geo5/15-16/23.
- [3] Digital Devices (Access for Next of Kin) Bill 2021–22, sponsored by Ian Paisley MP. Hansard record of the House of Commons sitting on 18 January 2022. Second reading: 6 May 2022. Source: bills.parliament.uk/bills/3097; hansard.parliament.uk. The Bill was prorogued without further progress at the end of the 2021–22 Session.
- [4] Property (Digital Assets etc) Act 2025 (c. 29). Royal Assent: 2 December 2025. Source: bills.parliament.uk/bills/3766; commentary by the Law Commission (lawcom.gov.uk) and STEP (step.org).
- [5] Society of Trust and Estate Practitioners (STEP) and Queen Mary University of London, professional survey on digital-asset access in estate practice, 2021. Cited in subsequent professional commentary including The Gazette and AJ Wills.
- [6] Platform legacy programmes: Apple Digital Legacy (apple.com/legal/internet-services/icloud, Section IV.L); Google Inactive Account Manager; Facebook Legacy Contact. Each programme's terms are set unilaterally by the operator and are not statutorily mandated.
THIS BRIEFING IS NOT LEGAL ADVICE.
IT IS A SUMMARY OF THE PUBLISHED LAW AS AT APRIL 2026,
INTENDED FOR PRACTITIONERS WHO WILL APPLY IT TO
SPECIFIC CIRCUMSTANCES WITH PROPER PROFESSIONAL JUDGMENT.