Estonia plans digital IDs for AI agents to prove who acted, with what rights

Estonia wants to make AI agents look more like accountable actors than unpredictable scripts. The country plans to allow AI agents to have their own digital identities so their actions can be verified and audited, with ID codes used to take actions on behalf of people. The core idea is simple but consequential: it should be clear who is acting on whose behalf, with what rights, and who is ultimately responsible.

In a statement, Estonia's Prime Minister Kristen Michal said, “In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems. To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible.” That is the line executives should care about, because it targets the messiest part of agentic systems today: authorization and accountability. Estonia is backing this initiative through its Eesti.ai advisory board, and the plan calls for development of ID codes for AI agents, subject to an authorization and task delegation process.

Zoom out and you see why this matters. AI agents are not just generating outputs anymore. They can execute tasks that have real-world effects, like initiating transactions or interacting with information systems. When agents do that, the risk profile changes from “bad answer” to “bad action.” Academics and corporate technical teams have already proposed related plumbing, including projects for agent discovery and interoperability. For example, last month researchers under the flag of OWASP proposed the Agent Name Service for agent discovery and interoperability, and there is also “DNS for AI Discovery.” Estonia is taking a different emphasis. It is “more focused on permission and punishment,” as the source frames it, meaning the policy center of gravity is authorization rules and auditability rather than discovery alone.

The government’s motivation is specifically about preventing a rights squeeze. Estonia’s stated goal is to avoid scenarios where individuals are forced to delegate broad authority to an agent, at the expense of their rights. In other words, the digital identity is not just a feature for technical convenience. It is designed as a guardrail so delegation can be limited, tracked, and checked, instead of becoming a blank check that no one can later unwind.

This is where the regulatory and market incentives start to rhyme. Estonia is positioning itself as the “first country to create digital identities for AI agents.” But it is not the only government exploring how to treat non-human software entities in law. Two weeks ago, Argentina’s President Javier Milei endorsed similar thinking in support of legislation that would allow “non-human corporations,” managed by software, with limited liability. Milei wrote in a Financial Times op-ed that “Limited liability is not a luxury for such entities; it is a precondition for their existence.” The underlying tension is the same one executives wrestle with whenever they enable agents: if software acts, who pays when it goes wrong?

The legal philosophy debate is not new. The source notes that decades ago IBM took a similar line on liability, but reached the opposite conclusion about automated decision-making, citing a 1979 IBM Training Manual passage: “A computer can never be held accountable, therefore a computer must never make a management decision.” Later, a 2025 blog post quoted that IBM passage and included commentary from IBM’s designated author Doug Bonderud musing, “Should AI be used for management decisions? Maybe. Will it be used to make some of these decisions? Almost certainly.” The point for boards is not to settle philosophy. It is to recognize that agencies and liability are colliding, and the collision is moving from theory into systems customers actually use.

Meanwhile, private sector companies are already taking stances that show how messy “authorization” becomes when agents transact. Target Corporation revised its Terms & Conditions earlier this year to include a section titled Agentic Commerce and Delegated Access. It states, “Purchases and other actions taken by an Agentic Commerce Agent that you have authorized are considered transactions authorized by you.” American Express, by contrast, described a different risk posture when it introduced its agentic commerce developer kit in April. It said, “In the future, if a Card Member authorizes an AI agent to make a purchase and that agent sends American Express the customer’s authenticated purchase intent, American Express will protect eligible customers from charges related to AI agent error.” Those two approaches highlight different ways companies manage uncertainty: shift assumed responsibility back to the customer, or offer protection when a system’s error causes harm.

Legal scholars are also converging on the gap between human agency law and software agency. In a pre-print paper last year titled “AI Agents and the Law,” Georgia Institute of Technology professors Mark Riedl and Deven Desai observe that concerns about harm become more pressing once agents can act in ways that change the state of the world, such as e-commerce transactions, instead of merely producing output requiring human interaction for effect. They note that law handles conflicts arising from human agents but is not well-equipped for software agents. As they write, “Put simply, although computer science and law have similar notions of agents, a software agent is not the same as a human agent.” They add that agency law disciplines agents by imposing legal liabilities on agents when they misbehave, and while human agents can face financial and even criminal penalties, “that is not so for software agents.”

Even with new policies like Estonia’s digital IDs, harmonizing the rules will not be instant. The source points to real-world court examples where companies were held liable for AI outputs: a Canadian court held Air Canada liable for bad chatbot advice, and a German court held Google liable for inaccurate AI Overview content. Those cases suggest that the legal system is already finding ways to apply accountability even before everything is standardized for agentic autonomy. Estonia’s bet is that digital identifiers can help at least on the attribution side, making it easier to “call out bad agents by name” while the bigger rules are still being hammered out.