Estonia’s PM Kristen Michal wants AI agents to get their own ID numbers

Right now, when an AI agent acts on your behalf, it usually has to impersonate you. It logs in as you, with your access to everything. That’s convenient, but it also stacks risk on top of risk: every AI action is tied to a human identity, human privileges, and often unclear audit trails.

Estonia is trying to break that link. Prime minister Kristen Michal says Estonia plans to issue personal identification numbers to AI assistants, describing it as the first nation to do so. In other words, an AI agent would not need to become “you” to do “your” tasks. It would have its own identifier.

Why this matters is simple: identity is access. In many systems, the identity used for authentication determines what a system will allow an agent to read, write, approve, and transact. If an AI assistant uses your credentials, it inherits your permissions with no inherent separation between “person” and “agent.” Even if the agent is well-behaved, the blast radius of a mistake is still your blast radius.

Estonia is not alone in grappling with agent governance, but it is making a bold move on the one lever governments can pull quickly: standardized identity. The country’s approach reframes the problem from “how do we trust this model” to “how do we control and attribute actions.” When an AI agent has an ID of its own, the system has a different unit of accountability. It becomes easier, at least in principle, to map actions to an agent identity rather than forcing every action into the human mailbox.

This is also a product and security design shift. Today, many workflows are built around human login because that’s what legacy systems and enterprise controls expect. Introducing agent-specific IDs changes the integration pattern. Instead of granting AI agents access by treating them like users, organizations can grant access directly to an agent identity, then apply rules based on that identity. That can alter everything from monitoring and anomaly detection to permissions scoping. If it is implemented well, it helps boards and compliance teams answer questions like: “Who did what?” without needing to infer the “agent inside the user” layer.

There is also a regulatory framing here, even if the source only states the plan and the claim about being first. Governments and regulators across Europe increasingly care about traceability, auditability, and responsibility in digital systems. Estonia’s move fits into a broader direction: digital identity systems, previously focused on humans, are being considered for machines and services. The strategic bet is that identity-based controls can be a foundation for other governance mechanisms, from policy enforcement to incident response.

The second-order implication is board-level. If Estonia can make agent identity a first-class concept, then enterprises will eventually feel pressure to match. When a regulator or a national identity framework recognizes AI assistants as identifiable participants, customers, auditors, and enterprise risk teams will expect similarly structured access controls. That can affect platform roadmaps, internal tooling, and vendor requirements. Companies that build AI experiences may have to decide whether they are comfortable continuing to rely on “AI acting as user” as their default model, or whether they will build out the ability to separate agent identity from human identity.

Finally, the human factor. AI agents acting as you is not only a technical risk. It is also a control and consent issue. If access and actions are bound to your identity, then every governance layer tied to you, from approvals to notifications, can become muddled. Agent IDs offer a pathway to clearer consent boundaries, where users can authorize what the agent may do, and systems can log what the agent actually did. Estonia’s plan, as stated by Michal, is a move toward disentangling those layers.

For executives, the stakes are straightforward: the way you authenticate AI today can determine how you audit AI tomorrow. Estonia’s proposed IDs for AI assistants signal a potential shift from “agents as users in disguise” to “agents as governed actors with their own identifiers.” The moment a real nation builds that into the identity conversation, the rest of the market has less room to treat it as theoretical.