Estonia plans to give AI agents their own government-issued digital IDs

Estonia is going to give AI agents their own government-issued digital identities. On June 18, 2026, the office of Prime Minister Kristen Michal announced the country intends to be the first in the world to issue AI ID codes, a separate identifier for any software acting on a human's behalf, so an agent can be distinguished from the human and held to a defined scope of authority.

The press release frames the plan as a question of accountability, not capability. "In the future, AI will increasingly carry out digital tasks on our behalf. To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible," the Prime Minister's office wrote, according to a Biometric Update writeup of the announcement. The technical and policy work is being run out of the Ministry of Economic Affairs and Communications, with the Estonian Information System Authority (RIA) as the operational owner, and a private sector advisory group convened under the eesti.ai initiative. The project has no firm deployment date, but the working timeline points to a sandbox pilot by late 2027.

The plan lands as a swarm of agentic payment, identity, and infrastructure products reaches the market. Alchemy and Visa announced AgentCard on June 18, bringing Visa's payment rail to AI agents through an API. Stripe and AWS shipped a similar capability for content publishers the same day. AppViewX launched Agent Identity Security on June 18. Cisco announced its intent to acquire WideField Security for AI agent identity on June 18. The day before, Beyond Identity shipped Ceros, an identity platform purpose-built for AI agents., with Cisco announcing an intent to acquire WideField Security for AI agent identity the same day. Each of these products assumes some sort of agent-level identifier will be issued, and that downstream systems will know how to verify it. Estonia is the first government to actually plan to issue those identifiers itself.

The Estonian plan in detail

The Estonian plan is not a finished law. It is a policy direction, a working definition, and a roadmap. The working definition describes an AI Agent Identity as a unique code bound to a single autonomous software agent, with cryptographic keys, scoped permissions, and an audit log tied to the identifier. The plan is explicit that the identifier follows the agent, not the human who deployed it. If the same human has five different agents acting on their behalf in five different services, the system should see five different agents with five different scopes, not one human with one blanket grant.

The policy direction also says the identifier should be portable. Estonian advisers describe the technical scaffolding as compatible with the W3C Decentralized Identifier (DID) standard, which would let an agent carry its identity across service providers the same way a passport carries identity across borders. The plan leans on the country's existing digital identity rails, including the X-Road data exchange platform and the ID-card certificate system, rather than building a parallel identity stack from scratch.

The roadmap has three named phases. The first is a consultation period, run by the eesti.ai advisory board, that opens to Estonian and European industry in the third quarter of 2026. The second is a draft of technical requirements for pilot tenders, owned by RIA, due in the fourth quarter of 2026. The third is a sandbox pilot, expected to begin by late 2027, focused on a small set of government-facing use cases where an agent acts on a citizen's behalf against public services.

The plan has a notable silence. It does not yet name a draft statute, does not assign liability for the consequences of an agent acting within its granted scope, and does not commit to a funding line beyond existing ministry budgets. Those are the questions the consultation is meant to surface. The plan is also explicit that the agent ID is not the same thing as a personal identification code, the country's long-standing national ID number. The agent ID is a separate, additional identifier layered on top of the existing human identity infrastructure.

The choice of Estonia is not a surprise to anyone who follows the country's digital government program. The technical prerequisites for an agent identity scheme have been in place for years. X-Road, the data exchange platform that connects Estonian public and private sector systems, moves more than 99% of state data securely and has been hardened against both accidental leakage and deliberate attack. The ID-card system, in production since 2002, issues a legally binding cryptographic identity to every Estonian and to every e-resident, more than 100,000 of them in more than 180 countries. The e-Residency program, launched in 2014, is a partial template for the kind of portable digital identity an agent would need.

The political timing is not accidental either. The plan lands as the European Union AI Act begins to bite. The Act's high-risk provisions become enforceable across the union in 2026 and 2027, and the bloc's revised eIDAS framework is moving toward a harmonized model for cross-border digital identity. Estonia's announcement gives the country an opportunity to write the first concrete schema for an EU-wide agent identity, and to be the country whose infrastructure other member states connect to. The policy framing also matters. The Prime Minister's office is careful to position the plan as making life easier without losing control, not as a new surveillance apparatus. The release emphasizes that the identifier is for the agent, not for the human behind the agent, and that the audit log is for accountability, not for marketing. That distinction is going to matter when the consultation period opens and the privacy and civil liberties questions get their first public airing.

What the plan changes for the rest of the world

The practical effect of Estonia's plan is to make agent identity a regulated category, not just a vendor convenience. Today, the de facto agent identity layer is whatever a particular platform decides to issue. ChatGPT agents have ChatGPT tokens. Salesforce agents have Salesforce identities. Visa AgentCard has its own credential. AppViewX has its own. Beyond Identity's Ceros has its own. The market is fragmenting fast, and the most likely outcome without some form of government-level intervention is a series of walled gardens that don't talk to each other.

A government-issued identifier that is portable across providers, anchored in a recognized identity infrastructure, and compliant with the EU AI Act, would change the calculus for every agent platform. The platforms would still issue their own credentials for their own services, but they would also need to recognize and trust the government-issued identifier as a higher level of proof. The platform credential becomes a cache of the underlying agent identity rather than the identity itself.

The other practical effect is on enterprise governance programs. Most enterprise AI agent governance is built around cataloging agents and restricting what they can do, the model the Cloud Security Alliance and Token Security described in a recent report on shadow AI. A government-issued agent ID, even one that enterprises adopt voluntarily for cross-border use, would let enterprises map every agent in their environment to a known identifier and a known scope, and would let them terminate an agent's access at the identity layer rather than at the application layer. The cleanup story for shadow AI gets significantly better when there is a real identity to clean up.

Estonia is the first mover, but it is unlikely to be the only mover. The same Biometric Update writeup that covered the Estonian announcement noted that Australia, Singapore, and Canada are already studying the model, and that multilateral bodies are exploring verifiable agent credentials for cross-border trade. The Estonian schema, if it ships in the working timeline, will influence the procurement rules of every government that wants to buy AI agent services and needs a way to tell which agent is which. Vendors that integrate the Estonian schema early will win a structural advantage in those government markets, the same way vendors that integrated Estonia's X-Road early in the 2000s picked up durable public sector relationships in the Nordics and the Baltics.

Three questions the plan does not solve

The Estonian plan is a policy direction, not a finished system, and it leaves three big questions for the consultation period to resolve. The first is liability. If an agent is acting within its granted scope and causes harm, who is responsible: the developer, the deployer, or the principal the agent is acting for. The plan says this is for lawmakers to decide, and the consultation will produce draft language. Until that language exists, the audit log is the only durable record of what an agent actually did, and the only durable record of who authorized it.

The second is recognition. An agent ID issued by Estonia is a valid credential inside Estonia's infrastructure, and potentially inside the EU's eIDAS-aligned systems once those systems accept agent credentials. Whether a US, UK, or Singapore-issued agent ID would be recognized as equivalent in an EU system is an open question, and the answer is going to shape the cross-border agent economy the same way passport recognition shaped the cross-border human economy.

The third is abuse. A government-issued agent ID is a credential, and a credential can be stolen, sold, or spoofed. The plan acknowledges this in passing and says RIA will design key issuance, rotation, and revocation processes for code, not flesh, with cryptographic agility to resist quantum threats. The technical design work has not started in earnest, and the threat model for stolen agent credentials is much less mature than the threat model for stolen human credentials. The consultation is going to need input from the security and cryptography community to get this right.

The plan also does not solve the underlying problem that the EU AI Act and the Estonian plan are trying to make tractable: the speed at which agents are being built, deployed, and interconnected inside enterprises is faster than the speed at which the identity and governance layer is catching up. A government-issued ID is necessary infrastructure for an agent economy, but it is not sufficient. The platform vendors still need to do the work to recognize, trust, and audit the new identity. The enterprises still need to do the work to catalog their agents, grant them scoped permissions, and revoke them when they are no longer needed. The Estonian plan gives the identity layer a place to land. The governance layer is the harder problem, and the enterprise AI governance playbook is where most of the day-to-day work will happen for the next several years.

Estonia has shipped audacious digital government projects before, and the country's execution on this one will tell the rest of the world how much of the agent economy is going to be built on top of government-issued identity and how much of it is going to be built on top of private platform credentials. The country that taught the rest of the world how to put a national ID on the internet is now trying to teach it how to put an agent ID on top of that. The first mover advantage, if the plan lands, is substantial. The implementation risk, if it does not, is the kind of risk that gets remembered for a decade.