Michal framed it as a fix for a problem that already exists: an agent that books a flight, files taxes, or edits a document today usually has to borrow its owner's entire digital identity to do it. Estonia, he said, could become the "first country to create an official digital identity for AI agents."
I gave my approval to the council’s proposal that Estonia become the first country in the world to create a digital identity for AI agents — an AI personal identification code.
Michal sees this move as a preparation for the agentic future that is nearing. “In the future, artificial intelligence will carry out digital actions on behalf of a person, company, or institution: compiling reports, preparing declarations, or communicating with information systems,” Michal posted on X.
“But it must be clear who is acting, on whose behalf, with what rights, and who is responsible,” he wrote.
Michal argues it is important to give AI agents “limited, controllable and auditable authorizations,” instead of simply trusting providers with access to all personal data in order to have a functional agent.
The council's proposal would let an agent's ID specify exactly what it's cleared to do—Michal lists actions like view a record, draft a document, make a payment up to a fixed amount—rather than inherit blanket access to everything its owner can reach.
Those agents are already acting inside government systems, which is exactly the kind of access the new ID is meant to scope down.
The first ones… againIf nation states provide a framework for what agents can do and how, it becomes harder for these models to go rogue and harm their users’ interests and everyone involved in an interaction (service provider, user, infrastructure providers, man in the middle, etc) would know their responsibilities, limits, and legal protections.
Michal gave no start date and no detail on how liability would work when an agent's own mistake costs someone money.
