Imagine an artificial intelligence assistant that, instead of operating in a legal vacuum, possesses an official government-issued identity document with clearly defined and auditable permissions. This is exactly what Estonia, a pioneer in government digitalization, is planning for AI agents. The Baltic country's AI Council has proposed the creation of state-backed digital identities that specify what actions an agent can perform, on whose behalf, and under what responsibilities.

The Problem of Uncontrolled Agents

Currently, agentic AI tools promise to automate online tasks but require access to passwords and sensitive data. The risk is that these agents have no clear boundaries: they can overstep their actions or be stopped by third parties without knowing it. Estonia seeks to solve this with a digital identity that functions like a driver's license for AI, indicating whether the agent can only read data, create documents, edit files, or make payments, and up to what amount.

Estonian Prime Minister Kristen Michal stated: “In the future, AI will increasingly perform digital operations on behalf of a person, company, or institution. For this, it must be clear who is acting, on whose behalf, with what rights, and who is responsible.” This vision aligns with Europe's efforts to build technological sovereignty that places security and transparency at the center.

First-Mover Advantage

Estonia is already a benchmark in digital identity: its citizens use national digital cards to vote, sign documents, and access health services. It even offers e-residency to foreigners to manage companies online. Now, with the proposal from the AI Council, created in January 2025, the country aims to be the first to grant an official identity to AI agents. Michal stated: “If we act quickly and wisely, Estonia will become the first country in the world to create an official digital identity for AI agents.”

Until now, AI providers have proposed digital identities for agents, but only for internal business use or to interconnect corporate platforms, without government backing. The Estonian initiative changes the game by adding a layer of legal and auditable authorization, similar to what is sought with MCP and its missing enterprise authorization layer.

Implications for Businesses and IT Professionals

For businesses, having AI agents with official identity means being able to delegate critical tasks (such as payments or data management) with full traceability. IT professionals will need to adapt their systems to integrate these identities, possibly using standards already applied in Microsoft Azure for the enterprise cloud. Additionally, security is reinforced: an unauthorized agent cannot act, and any action will be logged, facilitating audits and ethical penetration testing.

The proposal also opens the door to new business models, such as AI agents for HR that, like Gusto with its 'co-founder', automate payroll without waiting for instructions, but now with a clear legal framework.

A Model for the World

Although there is no concrete date for implementation, Estonia could lay the groundwork for global regulation of agentic AI. By combining its expertise in digital identity with a pragmatic approach, the country demonstrates that it is possible to grant rights and responsibilities to machines without sacrificing security. As Michal notes, the goal is for AI to act in a verifiable and auditable manner, a principle that should inspire other governments and companies.

Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.