Imagine handing your will to a stranger and asking them to keep it safe for thirty years. Then imagine trusting that, when the time comes, they'll give it only to the right person and only after proving who that person is.

That is the job a digital estate planning platform signs up for the moment you create an account. And the tool that makes the whole thing possible is something most people only know as a sign-up annoyance: KYC.

This guide is for anyone curious about how KYC in digital estate planning actually works whether you're a user about to write a digital will, a founder building in this space, or just someone who wants to understand why a website is asking for your passport. We'll walk through three pieces that do the heavy lifting  Sumsub, OPAQUE, and a compliance stack built on HIPAA, SOC 2, ISO 27001, GDPR, and AML  in plain language. No jargon dumps. Promise.

First, what does KYC even mean?

KYC stands for Know Your Customer. It is exactly what it sounds like: the platform needs to know who you are before it trusts you with something important.

You've done KYC before, even if you didn't call it that. Opening a bank account, signing up for a crypto exchange, getting a new phone number each one asked for ID, maybe a selfie, maybe a utility bill. That's KYC. It started as an anti money laundering rule for banks, and it has since spread to any service that handles money, identity, or legal documents.

KYC for digital estate planning takes those same basic ideas and adapts them to something a regular bank never has to worry about: the person being checked will one day die, and the document being stored has to survive decades, multiple family members, lawyers, and possibly a court.

So in this world, KYC is not a sign-up hurdle. It's the first thread in a long chain of trust.

Why estate planning is a different kind of KYC problem

A bank only needs to know who you are *today*. An estate planning platform needs to know who you were *then*, who you are *now*, who your executor is, who your beneficiaries are and has to stand behind all of that years after you're gone.

Four things make digital estate planning harder than regular identity verification:

- The main person eventually isn't around. You can't log back in to re-confirm your identity after you've passed away. Whatever the platform captures at sign-up has to hold up in front of a probate court decades later.

- There are many people involved. A single digital will might include you, an executor, witnesses, beneficiaries, guardians for children, and a legal partner. Every one of them needs to be identified, and each gets a different level of access.

- Access is time-locked. Beneficiaries aren't supposed to read your will while you're alive. The system has to keep the document sealed and only release it when the right trigger happens usually a verified death certificate.

- The data is deeply personal. Wills often include health records, financial details, government IDs, and private wishes. If any of that leaks, it's not just embarrassing it's a legal event under HIPAA, SOC 2, or ISO 27001.

This is why digital will security can't rest on any single tool. It needs a stack.

The compliance stack, explained like you're a normal human

Before the tech, here are the big rulebooks any serious estate platform has to play by. If you've ever seen a long "trust and security" page with a bunch of acronyms, this is what's behind it.

- HIPAA  a US law that protects health information. Your advance directive or living will might include medical wishes, so anything PHI (Protected Health Information) has to be encrypted and access-logged.

- SOC 2 Type II  a yearly audit, done by an independent firm, that checks security, availability, and privacy controls. It's how enterprises decide whether to trust a vendor.

- ISO 27001  an international standard for information security management. Think of it as the hygiene checklist for a security-first company.

- GDPR (especially Article 17)  the "right to be forgotten" in the EU. Estate platforms have to balance erasure requests with the need to retain legally required records.

- AML / FATF guidance  Anti-Money-Laundering rules set by the Financial Action Task Force. The good news: FATF now explicitly allows digital identity verification and biometric checks, which is what makes fully online KYC legal.

Getting one of these right is a project. Getting all five right at the same time only works if the platform was designed that way from day one. Now let's look at the three layers that actually do the work.

Layer 1 Sumsub: the bouncer at the door

Every secure building has a bouncer. Sumsub is that for digital estate planning.

Sumsub KYC is a verification platform used by fintechs, crypto exchanges, and marketplaces worldwide. When you sign up for a platform like BlockWill, the verification flow you go through is powered by Sumsub behind the scenes. Here's what it actually does:

- Document check. You photograph a passport, national ID, or driver's licence. Sumsub reads the machine-readable zone, examines holograms and fonts, and flags any sign of tampering or forgery.

- Selfie + liveness. A short video selfie confirms a real, living person is holding the document not a printout, a photo of a photo, or a deepfake.

- Face match. The selfie is compared to the photo on the ID. A high match passes; a borderline case gets escalated to a human reviewer.

- Sanctions and AML screening. Your name and date of birth are checked against global sanctions lists, politically-exposed-person (PEP) databases, and adverse media.

- Optional video KYC. For unusual documents or higher-risk regions, a trained Sumsub agent can verify you live over video.

The magic trick for estate planning is verified identity history. Sumsub doesn't just say "this person is verified today." It records *that* a specific person, holding a specific document, was verified on a specific date. Years later, when your executor presents a death certificate and asks to activate your will, that old verification becomes part of the legal chain.

It's the online equivalent of the lawyer who remembers you from the day you signed the paper version.

Layer 2 OPAQUE: the password your platform can't read

Sumsub proves you're a real human. The next layer protects your secret: your password.

Here's a problem most people never think about. In a normal login system, you type your password into a form. It travels across the internet (encrypted, hopefully) to a server. The server hashes it and stores the hash. For a brief moment, the raw password exists outside your device. If the server is compromised during that moment, or if the hashing is weak, everything leaks.

That is where the OPAQUE protocol comes in.

OPAQUE stands for Oblivious Pseudo-random function Asymmetric PAKE. Don't panic here's what it actually means in one sentence: OPAQUE lets the server verify your password without ever seeing it. Not at sign-up. Not at login. Not ever.

  • Your password stays on your device. A piece of math is sent instead.
  • The server stores a scrambled envelope that's useless on its own.
  • The server can still confirm you typed the right password, kind of like a zero-knowledge proof.
  • Even if hackers steal the whole database, they can't brute-force the envelopes with rainbow tables, because every user has a unique salt only *their* password can unlock.

OPAQUE was standardised by the IETF in 2022. Facebook Messenger and WhatsApp already use it to secure encrypted chat backups. Serious estate planning platforms use it because your password is what unlocks the master key to your encrypted vault. If the server ever saw it, one bad log line could expose everything. With OPAQUE, that attack simply doesn't exist.

The difference matters. It's the gap between "we promise we don't read your password" and "we mathematically *can't* read your password." Only one of those holds up in court and under a real breach.

Layer 3 Field-level encryption and audit trails: the vault

Sumsub is the bouncer. OPAQUE is the lock. The third layer is the vault where your data actually lives.

Field-level encryption (AES-256-GCM). Most apps encrypt the whole disk and call it a day. Estate platforms go further. Every sensitive field your ID number, your address, your health notes, your will contents is encrypted individually before it hits the database. If a hacker steals a full database dump, they get rows of unreadable ciphertext and no master key.

Searchable hashing. But some fields need to be looked up for example, "does this email already exist?" The platform solves this with deterministic hashing. The system can confirm a match without decrypting anything. Useful, private, and fast.

Encrypted audit logs. Every time someone reads, writes, or updates a piece of data, the system writes a line to an append-only audit log. That log is *itself* encrypted with a separate key. This gives you and any court a tamper-evident history of who touched what and when which is exactly what estate planning compliance under SOC 2, HIPAA, and ISO 27001 requires.

Role-based access control (RBAC). A beneficiary only sees what they're supposed to see, and only after the trigger event. An executor gets broader access, but only after a verified death certificate. A legal partner sees only what you shared with them. Even platform staff cannot read will contents not your tech support, not the CEO.

How the three layers work together: a walk-through

Here's what actually happens when you create a digital will on a well-built platform:

- You sign up. You enter name, email, and a password. OPAQUE runs right in your browser, so your password never leaves your device.

- You verify your identity. You're sent into a Sumsub flow document, selfie, liveness, AML check. A minute later you're KYC-verified.

- Your vault is created. Your password derives a master key. The master key wraps a will-specific key. That key encrypts every field of your will.

- You add the cast. Executors, and beneficiaries are invited. Each one completes their own KYC with Sumsub before they can be attached to your will.

- Everything is stored encrypted. The database holds only AES-256-GCM ciphertext. Every access is written to the encrypted audit log.

- The trigger event. When you pass away, a verified death certificate plus executor authentication unlocks the release workflow. Beneficiaries see only the fields meant for them.

At no point does the platform see your password. At no point does an unverified person get access. At every point, there's a receipt.

A simple checklist: is your digital estate platform actually safe?

If you're comparing platforms, ask these questions. Good ones answer yes to most.

  • Is identity verification done by a FATF-aligned provider with biometric liveness not just a document upload?
  • Is the password protocol PAKE-based (OPAQUE or similar)? Does the server *ever* see your plaintext password?
  • Is data encrypted at the field level, not just at the disk level?
  • Are audit logs immutable, encrypted, and retained for at least seven years?
  • Is the platform SOC 2 Type II audited? ISO 27001 certified?
  • Is HIPAA considered for health-related fields like advance directives?
  • Does RBAC enforce time-locked and event-triggered release to executors and beneficiaries?
  • Can you exercise GDPR erasure rights without wrecking the audit trail?

The takeaway

A paper will sits in a drawer. A digital will has a harder job: stay safe, stay verifiable, and stay accessible for decades often without the person who created it around to vouch for it.

That is only possible when three independent layers cooperate. Sumsub proves who you are. OPAQUE keeps your password out of the server's hands. Field-level encryption and immutable audit logs guard the data and every access to it. Underneath them, HIPAA, SOC 2, ISO 27001, GDPR, and AML frameworks keep the whole system honest.

Get this stack right and a digital will isn't a weaker version of a paper one. It's a stronger one because every signature, every access, and every handoff is cryptographically provable.

That's the real promise of KYC in digital estate planning: not friction at sign-up, but trust that outlives you.