
Estonia wants to give artificial intelligence agents a state-recognized digital identity, a step that Prime Minister Kristen Michal says would make his country the first to do it. The idea is to let software act for a person or a company without borrowing that human’s entire set of credentials, rights and data.
AI agents would get their own ID code
On June 17, Michal backed a proposal from the country’s Eesti.ai advisory board to build what officials call an “AI ID code.” The board, meeting for the second time at Stenbock House in Tallinn, agreed Estonia would move ahead with the design, according to a statement from the Government Office.
“In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems,” Michal said. “To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible.”
The problem the plan targets is concrete. Today, when an AI assistant books a flight, files a tax return or edits a record, it often has to act as the user, which can mean inheriting that person’s passwords, accounts and full reach across services. Estonia’s answer is delegated authority that is limited, controllable, revocable and auditable. An AI ID code would spell out exactly what an agent may do — whether it can only view a record, draft a document, authorize a payment, or operate within a preset spending cap.
Related: Delayed payments become a growing concern
That scoping is the heart of the idea. Rather than granting blanket access, an owner would assign narrow permissions tied to a verifiable identity, leaving a trail that can be inspected after the fact. For cybersecurity and information governance teams, the concept maps onto a problem they already track under the heading of machine or non-human identity: a growing population of automated actors that hold credentials but answer to no clear owner.
Built on Estonia’s digital foundation
Estonia is extending a model it has run for decades. The country assigned personal identification codes — the isikukood — to residents years ago, launched its e-ID program in 2002, and built X-Road, the data-exchange backbone that lets state systems talk to one another. Estonians use digital IDs to vote, sign documents and reach medical and tax records, and the country offers e-residency to foreigners who want to run an Estonian company online.
“The success of Estonia’s digital state was built on trust,” Michal said. “Digital identities, the X-Road, digital signatures and footprints have made our country faster, simpler and more secure.” He said that if Estonia acts quickly and smartly, it will become the first country in the world to create official digital identities for AI agents.
Michal created the Eesti.ai initiative in January, setting goals that include doubling the value of work in Estonia by 2035. The advisory board behind the AI ID proposal is chaired by Markus Villig, founder and chief executive of the ride-hailing company Bolt, and includes Jaan Tallinn, a Skype co-founder, and Risto Uuk of the Future of Life Institute, alongside other entrepreneurs and researchers.
Related: Governments back African College of Pharmacists with international, national support
The liability question nobody has settled
What the announcement did not resolve is who pays when an agent carrying its own ID gets something wrong. Michal gave no start date for the system and no detail on how responsibility would be assigned, leaving the hardest question for later. In most jurisdictions today, responsibility for a software tool’s actions falls on the entity that deploys it, the company or person behind it, rather than on the software. So the open issue is how an agent’s own identity would change that default, not whether a legal vacuum exists.
That gap is familiar to legal scholars. In a 2025 paper titled AI Agents and the Law, Georgia Institute of Technology professors Mark Riedl and Deven Desai wrote that software agents differ fundamentally from human ones in the eyes of the law. Human agents who act improperly can be sued or even prosecuted, they wrote; software has no equivalent exposure, which leaves a hole in how accountability attaches.
Courts are already testing the edges. A Canadian tribunal held Air Canada liable for bad advice from its chatbot, and a Munich Regional Court issued a preliminary injunction in late May, holding Google responsible for inaccurate AI Overview content, a decision the company has said it would appeal.
Other governments and companies are circling similar ground
Estonia is not working in isolation. Researchers under the OWASP banner floated an early-stage Agent Name Service proposal in 2025 to help agents find and verify one another, and separate efforts have suggested DNS-style directories for AI. Enterprise vendors are also developing agent-management and registry-style tools, though those remain private-sector systems rather than government-backed identity infrastructure.
Related: Apotex secures exclusive Canadian rights to Nebido
Argentina’s President Javier Milei has proposed legislation for “non-human corporations” operated by software with limited liability. In the private sector, Target revised its terms to cover “agentic commerce and delegated access,” treating purchases by an authorized agent as authorized by the customer, while American Express said in April it would shield eligible customers from charges tied to AI agent error. The split captures the open question: assign responsibility to the human, the deployer, the developer or the platform.
The debate has a long memory. A line from an IBM training manual in 1979 still circulates: “A computer can never be held accountable, therefore a computer must never make a management decision.” Estonia’s wager is that an auditable identity can supply the accountability the 1979 warning said machines lacked.
What practitioners should watch
For professionals in cybersecurity, information governance and eDiscovery, the design choices ahead matter as much as the headline. An agent identity that produces durable, tamper-evident logs would give compliance teams a chain of custody for automated actions, support legal holds that reach an agent’s conduct, and make audit trails legible to regulators. A poorly scoped version could do the opposite, multiplying credentials and clouding who did what.
When an AI agent files a declaration, triggers a procurement workflow or moves money, the record will need to show who was acting and who is answerable. Estonia is betting that identity comes first. If your organization had to register every agent it runs tomorrow, could you say, with confidence, exactly what each one is allowed to do?