Until now, a digital identity has belonged only to people, companies and institutions. Estonia wants to change that. The country's Prime Minister, Kristen Michal, said on Wednesday that he had approved a proposal to issue AI agents their own government identification code. It would be a digital identity entirely separate from the human, company or institution the agent is working for.
Why the idea came up
Michal frames it as a fix for a problem that already exists. Today, when an AI agent books a flight, files taxes or edits a document on your behalf, it usually has to borrow its owner's entire digital identity to get the job done. Estonia, he said, could become the "first country to create an official digital identity for AI agents."
Michal sees the move as preparation for the agentic future that is fast approaching, when machines will handle tasks on people's behalf. “In the future, artificial intelligence will carry out digital actions on behalf of a person, company, or institution: compiling reports, preparing declarations, or communicating with information systems,” he wrote on X.
“But it must be clear who is acting, on whose behalf, with what rights, and who is responsible,” he added.
Every permission will have a limit
Michal argues that handing providers access to all of someone's personal data just to run a working agent is the wrong approach. Instead, AI agents should be given “limited, controllable and auditable authorizations.” Under the council's proposal, an agent's ID would spell out exactly what it is cleared to do. Michal offers examples such as viewing a record, drafting a document, or making a payment up to a fixed amount. In other words, the agent would not automatically inherit blanket access to everything its owner can reach.
Agents are already inside government systems
That distinction matters because agents are already in use across Estonia. Eesti.ai, the national AI program Michal launched in January, has already placed AI chatbots in schools and runs a service called Bürokratt. The government describes it as ‘“a state-created, AI-based digital assistant that helps institutions deliver modern and efficient customer service.”’ These agents are already operating within government systems, and that is precisely the kind of access the new ID is meant to scope down.
Two decades of digital groundwork
Estonia did not build this foundation overnight. The country has spent the past twenty years assembling the digital plumbing this idea would run on. After a major cyberattack in 2007, the government and the Estonian firm Guardtime built the KSI blockchain, a keyless signature system that has secured the integrity of judicial and property records since 2012 and later expanded to healthcare.
Estonia has notched up a string of firsts before this one. Its parliament declared internet access a universal service in 2000, decades before most governments treated broadband as a right. In 2023, its parliamentary election became the first in the world where more votes were cast online than on paper.
By December 2024, Estonia had moved 100% of its government services online, which is also key to properly integrating agentic AI into the state's bureaucracy. That track record is the reason Michal believes Estonia can actually move first on agent IDs rather than just talk about it.
A wider scramble over accountability
The move fits a broader scramble over agent accountability. In March, Sam Altman's blockchain network World rolled out a toolkit that lets an agent prove a human stands behind it before a site grants access. It is aimed at platforms tired of guessing whether a request comes from a person or a bot.
TrendKia has also reported on what happens without that kind of structure. Last month, an unsupervised agent ran up a $6,531 AWS bill in under a day after its owner told it to scan a hobbyist network with no review, and then had to ask the community for crypto donations to cover the damage.
What comes next
Michal believes that if nation states set a framework for what agents can do and how, it becomes harder for these models to go rogue and harm their users' interests. Everyone involved in an interaction, the service provider, the user, infrastructure providers and any man in the middle, would then know their responsibilities, limits and legal protections. Even so, Michal gave no start date and no detail on how liability would work when an agent's own mistake costs someone money.
