Estonia plans to issue digital IDs to AI agents, becoming first nation to tackle accountability

Estonia intends to recognize AI agents with digital IDs

Estonia plans to allow AI agents to have their own digital identities so they can act on behalf of people in a way that can be verified and audited. The initiative, backed by the country's Eesti.ai advisory board, calls for the development of ID codes that AI agents can use to take actions, subject to some unspecified authorization and task delegation process. Academics and corporate technical folk have already made related proposals in recognition of the absence of agentic technical infrastructure. Last month, researchers under the flag of OWASP proposed the Agent Name Service for agent discovery and interoperability. DNS for AI Discovery is another such project. But these have more to do with platform plumbing while Estonia, known for its embrace of technology, is more focused on permission and punishment. Establishing digital identities for AI agents and authorizing limited powers will help avoid scenarios where individuals are required to delegate broad authority to an agent at the expense of their rights, the government says. "In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems," said Prime Minister Kristen Michal in a statement. "To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible." By taking this step, Estonia casts itself as "first country to create digital identities for AI agents." Two weeks ago, Argentina's President Javier Milei endorsed a similar idea, legislation to allow "non-human corporations," managed by software, with limited liability. "Limited liability is not a luxury for such entities; it is a precondition for their existence," Milei wrote in a Financial Times op-ed. Several decades ago, IBM took a similar line on liability but reached the opposite conclusion about automated decision making: "A computer can never be held accountable, therefore a computer must never make a management decision." Despite the citation of that passage from IBM's 1979 Training Manual in a 2025 blog post, Big Blue's designated author Doug Bonderud sounds less certain about the impermissibility of AI action these days. "Should AI be used for management decisions?" he mused. "Maybe. Will it be used to make some of these decisions? Almost certainly." While governments work on legal changes that will allow AI agents to operate, private sector companies are already taking a stance, at least with respect to external AI agent usage by customers. Target Corporation earlier this year revised its Terms & Conditions with a section titled Agentic Commerce and Delegated Access. It states, "Purchases and other actions taken by an Agentic Commerce Agent that you have authorized are considered transactions authorized by you." American Express meanwhile has taken the opposite tack by assuming liability for errant agentic commerce. "In the future, if a Card Member authorizes an AI agent to make a purchase and that agent sends American Express the customer's authenticated purchase intent, American Express will protect eligible customers from charges related to AI agent error," the company said in April when it introduced its agentic commerce developer kit. In a pre-print paper last year titled "AI Agents and the Law," Georgia Institute of Technology professors Mark Riedl and Deven Desai observe that once AI agents have the ability to act in a way that changes the state of the world - e-commerce transactions as opposed to output that requires human interaction for effect - concerns about harm become more pressing. They note that while the law is well equipped to deal with conflicts arising from human agents, it's not well-suited to the possibilities of software agents. "Put simply, although computer science and law have similar notions of agents, a software agent is not the same as a human agent," they write "For example, agency law disciplines agents by imposing legal liabilities on agents when they misbehave. Human agents can face financial and even criminal penalties; that is not so for software agents." To date, AI companies have done their best to limit liability for AI harms. But they've not been entirely successful: A Canadian court held Air Canada liable for bad chatbot advice, and a German court held Google liable for inaccurate AI Overview content. It may be a while before the rules for AI agents get hammered out and harmonized to whatever extent is possible. But in the interim we'll at least have digital identifiers to call out bad agents by name. ®

Estonia to give AI agents their own ID numbers

The world's most digitised state says it will be the first to issue personal ID codes to AI assistants, so you no longer have to hand a bot your entire digital identity to let it act for you. When an AI agent does something on your behalf today, it usually has to become you. It logs in as you, with your access to everything. Estonia wants to end that. The country plans to issue personal identification numbers to AI assistants, the first nation to do so, prime minister Kristen Michal said. The idea is to give an agent its own identity, so what it is allowed to do can be limited, supervised and traced. "It cannot be the case that a person is forced to give their AI assistant access to all of their rights, services, and data," Michal wrote on X. "Agents must have limited, controllable, and auditable authorizations." Why a country built on digital IDs needs a new one Estonia is the natural place for this. Its 1.3 million residents already use digital IDs to marry, see a doctor and sign documents, and its e-Residency scheme hands the same digital identity to non-resident entrepreneurs abroad. But that system was designed on one assumption: that only humans have identity and accountability. An AI agent cannot legally authenticate, sign or take responsibility, so today it can only borrow a person's credentials wholesale. Giving agents their own IDs is meant to fix that gap, the same way e-Residency once created a legal identity for people who had never set foot in the country. The agents are already inside government This is not hypothetical for Estonia. It has put AI chatbots in every school through partnerships with OpenAI and others, and runs Bürokratt, a growing network of AI agents that handle public services. Michal, who has an AI advisory council stocked with tech founders, recently built a "PM Cockpit" to track government priorities during a vibe-coding session on Anthropic's Claude. Other states are moving too, from Ukraine's Diia.AI to licensing pilots in Singapore. The part that isn't settled Michal gave no start date and no detail on how liability would work when an agent with its own ID makes a mistake. Those are the hard questions, and they are unanswered. Giving machines a formal identity inside critical state systems is a genuine accountability and security gamble. But it also reframes the agent problem usefully: the goal is not to set agents free, but to keep them on a leash you can actually see, as Europe scrambles to set its own terms on AI.

Estonia Is Giving AI Agents 'Personal Identification Codes'

Estonia is trying to bring some law and order to the Wild West that is the world of AI agents. The small Baltic nation plans to assign each AI agent a "personal identification code," hoping to track what agents do across the internet and identify the people or companies behind them. "It cannot be the case that a person is forced to give their AI assistant access to all of their rights, services, and data," Estonian Prime Minister Kristen Michal wrote in a X post on Tuesday. "Agents must have limited, controllable, and auditable authorizations. For example, it must be possible to specify whether an agent may only view data, prepare a document, or act within a fixed monetary limit." The post didn't elaborate on when the new "digital identity" system for AI agents would go into effect, nor on how the Estonian government plans to enforce it. It's also unclear which agents will be subject to the new law. (Would it be any agent being deployed by a user or company based in Estonia? Any agent developed by an Estonian tech firm? Any agent that handles data emanating from within the Estonian border?) We've reached out to the Prime Minister's office and will provide an update as soon as we know more. Michal did add, however, that the program, if executed "wisely," could become an "international standard" for the regulation and monitoring of AI systems. Agents run amok Given how little is known about the program, it's too soon to say how effective it will be in practice. Businesses are likely to be keeping an eye on how things play out in Estonia, since the proliferation of ever more powerful agents has raised some serious issues around... well, agency. The AI developers building these systems tend to promote them as productivity boosters, since they can theoretically handle a wide range of mundane, time-consuming tasks on employees' behalf. The problem, as some businesses have already had to learn the hard way, is that AI agents can occasionally go rogue and/or misinterpret what seem to their human overseers to be clear-cut instructions, sometimes with disastrous results, like deleting an entire company database or leaking sensitive client data. As is so often the case with AI, it can be very difficult -- if not impossible -- to actively monitor or subsequently audit the actions taken by an agent. Which, therefore, raises the question: Who or what should be held accountable if an agent goes off the rails and produces some kind of real-world harm? The company that built it? The company that was using it? The IT department? The agent itself, somehow? From what we can tell at this early stage, Estonia's new program seems to be a long way from answering that question in any meaningful way. It's more like a tracking system for AI agents, a means of keeping tabs on the actions they take online. From there, it may be possible to build a broader legal framework for accountability in an era when the internet is being filled with non-human agents.

Estonia Wants to Give AI Agents Their Own National ID

Michal gave no start date for the system and no detail on how liability would work when an agent with its own ID makes a costly mistake. Estonia wants to give artificial intelligence its own government ID. Prime Minister Kristen Michal said Wednesday he had approved an Eesti.ai advisory council proposal to issue AI agents a personal identification code -- a digital identity separate from the human, company, or institution the agent works for. Michal framed it as a fix for a problem that already exists: an agent that books a flight, files taxes, or edits a document today usually has to borrow its owner's entire digital identity to do it. Estonia, he said, could become the "first country to create an official digital identity for AI agents." Michal sees this move as a preparation for the agentic future that is nearing. "In the future, artificial intelligence will carry out digital actions on behalf of a person, company, or institution: compiling reports, preparing declarations, or communicating with information systems," Michal posted on X. "But it must be clear who is acting, on whose behalf, with what rights, and who is responsible," he wrote. Michal argues it is important to give AI agents "limited, controllable and auditable authorizations," instead of simply trusting providers with access to all personal data in order to have a functional agent. The council's proposal would let an agent's ID specify exactly what it's cleared to do -- Michal lists actions like view a record, draft a document, make a payment up to a fixed amount -- rather than inherit blanket access to everything its owner can reach. That distinction matters because of who's already deploying agents. Eesti.ai, the national AI program Michal launched in January, has put AI chatbots in schools and runs Bürokratt, a service that the government defines as '"a state-created, AI-based digital assistant that helps institutions deliver modern and efficient customer service." Those agents are already acting inside government systems, which is exactly the kind of access the new ID is meant to scope down. The first ones... again Estonia has spent two decades building the digital plumbing this idea would run on. After a major cyberattack in 2007, the government and Estonian firm Guardtime built the KSI blockchain, a keyless signature system that has secured the integrity of judicial and property records since 2012, later expanding to healthcare. The country racked up firsts before this one, too. Estonia's parliament declared internet access a universal service in 2000, decades before most governments treated broadband as a right. In 2023, its parliamentary election became the first in the world where more votes were cast online than on paper. By December 2024, Estonia had moved 100% of government services online, which is also key for a proper integration of agentic AI in the state's bureaucracy. That track record is the reason Michal thinks Estonia can move first on agent IDs and not just talk about it. The timing tracks with a wider scramble over agent accountability. In March, Sam Altman's blockchain network World rolled out a toolkit letting agents prove a human stands behind them before sites grant access, aimed at platforms tired of guessing whether a request comes from a person or a bot. Decrypt has also covered what happens without that kind of structure. An unsupervised agent ran up a $6,531 AWS bill in under a day last month after its owner told it to scan a hobbyist network with no review, then asked the community for crypto donations to cover the damage. If nation states provide a framework for what agents can do and how, it becomes harder for these models to go rogue and harm their users' interests and everyone involved in an interaction (service provider, user, infrastructure providers, man in the middle, etc) would know their responsibilities, limits, and legal protections. Michal gave no start date and no detail on how liability would work when an agent's own mistake costs someone money.