Estonia intends to recognize AI agents with digital IDs

Estonia plans to allow AI agents to have their own digital identities so they can act on behalf of people in a way that can be verified and audited. The initiative, backed by the country’s Eesti.ai advisory board, calls for the development of ID codes that AI agents can use to take actions, subject to some unspecified authorization and task delegation process. Academics and corporate technical folk have already made related proposals in recognition of the absence of agentic technical infrastructure. Last month, researchers under the flag of OWASP proposed the Agent Name Service for agent discovery and interoperability. DNS for AI Discovery is another such project. But these have more to do with platform plumbing while Estonia, known for its embrace of technology, is more focused on permission and punishment. Establishing digital identities for AI agents and authorizing limited powers will help avoid scenarios where individuals are required to delegate broad authority to an agent at the expense of their rights, the government says. “In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems,” said Prime Minister Kristen Michal in a statement. “To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible.” By taking this step, Estonia casts itself as “first country to create digital identities for AI agents.” Two weeks ago, Argentina’s President Javier Milei endorsed a similar idea, legislation to allow “non-human corporations,” managed by software, with limited liability. “Limited liability is not a luxury for such entities; it is a precondition for their existence,” Milei wrote in a Financial Times op-ed. Several decades ago, IBM took a similar line on liability but reached the opposite conclusion about automated decision making: “A computer can never be held accountable, therefore a computer must never make a management decision.” Despite the citation of that passage from IBM’s 1979 Training Manual in a 2025 blog post, Big Blue’s designated author Doug Bonderud sounds less certain about the impermissibility of AI action these days. “Should AI be used for management decisions?” he mused. “Maybe. Will it be used to make some of these decisions? Almost certainly.” While governments work on legal changes that will allow AI agents to operate, private sector companies are already taking a stance, at least with respect to external AI agent usage by customers. Target Corporation earlier this year revised its Terms & Conditions with a section titled Agentic Commerce and Delegated Access. It states, “Purchases and other actions taken by an Agentic Commerce Agent that you have authorized are considered transactions authorized by you.” American Express meanwhile has taken the opposite tack by assuming liability for errant agentic commerce. “In the future, if a Card Member authorizes an AI agent to make a purchase and that agent sends American Express the customer’s authenticated purchase intent, American Express will protect eligible customers from charges related to AI agent error,” the company said in April when it introduced its agentic commerce developer kit. In a pre-print paper last year titled “AI Agents and the Law,” Georgia Institute of Technology professors Mark Riedl and Deven Desai observe that once AI agents have the ability to act in a way that changes the state of the world – e-commerce transactions as opposed to output that requires human interaction for effect – concerns about harm become more pressing. They note that while the law is well equipped to deal with conflicts arising from human agents, it’s not well-suited to the possibilities of software agents. “Put simply, although computer science and law have similar notions of agents, a software agent is not the same as a human agent,” they write “For example, agency law disciplines agents by imposing legal liabilities on agents when they misbehave. Human agents can face financial and even criminal penalties; that is not so for software agents.” To date, AI companies have done their best to limit liability for AI harms. But they’ve not been entirely successful: A Canadian court held Air Canada liable for bad chatbot advice, and a German court held Google liable for inaccurate AI Overview content. It may be a while before the rules for AI agents get hammered out and harmonized to whatever extent is possible. But in the interim we’ll at least have digital identifiers to call out bad agents by name. ®