Agent governance / Jun 19, 2026 / 7 min
Estonia Plans Government-Backed Digital IDs for AI Agents
Estonia is preparing to issue government-backed digital identities to AI agents — a move that reframes agent governance from enterprise policy theater into state infrastructure, and forces a question most organizations have been dodging.
When an AI agent files a form, checks a balance, or drafts a payment today, it usually does so by becoming you. It logs in with your credentials, inherits your permissions, and operates inside identity systems designed on one assumption: the principal is human. That workaround is now the central security failure of the agent era — and Estonia just became the first government to say so out loud.
On June 17, Prime Minister Kristen Michal and the Eesti.ai advisory board agreed that Estonia will move forward with "AI ID codes" — official digital identities for AI agents that can act on behalf of people, companies, or organizations within defined, verifiable limits. "In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems," Michal said in a government statement. "To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible." On X, he sharpened the point: "It cannot be the case that a person is forced to give their AI assistant access to all of their rights, services, and data. Agents must have limited, controllable, and auditable authorizations."
Estonia is not a random laboratory for this experiment. Its 1.3 million residents already marry, sign contracts, and access healthcare through state-issued digital IDs. Its e-Residency program gave legal identity to entrepreneurs who never set foot in the country. X-Road, digital signatures, and audit footprints turned trust into infrastructure. Michal is explicitly framing AI ID codes as the next layer in that stack — not a chatbot policy, but a continuation of how Estonia turned bureaucracy into software. If the plan succeeds, an agent could be authorized to view data, prepare a document, or initiate a payment up to a specific financial limit — without inheriting the full credential surface of its owner.
The timing is not accidental. Agent deployments are accelerating across OpenAI, Anthropic, Google, Microsoft, and Salesforce, but identity architecture has not kept pace. NIST's National Cybersecurity Center of Excellence is now treating agent identity as a first-order IAM problem, noting that existing frameworks were built for humans who log in and hold sessions — not for systems that query databases, execute code, and chain actions across applications at machine speed. Euronews cited recent research finding that traditional identity frameworks, including multi-factor authentication at login, cannot govern agents that "act, decide and transact at machine speed." Estonia's answer is blunt: stop lending human passports to software.
The hard parts remain unsettled — and Michal has not pretended otherwise. The government has announced no implementation timeline and no liability framework for when an agent with its own ID misfiles a tax declaration, overpays a vendor, or leaks restricted data. Giving machines formal identity inside state systems is a genuine accountability gamble. But the gamble is already underway in a worse form: agents operating as credential clones, with no auditable boundary between human intent and machine action. Estonia's Bürokratt public-service agents, ChatGPT Edu in schools, and Michal's own "PM Cockpit" built during a vibe-coding session on Claude all sit inside a government that is betting on agents while admitting the identity layer is broken.
The global stakes are larger than a Baltic pilot. Ukraine is building Diia.AI. Singapore is testing licensing regimes. IETF drafts for agent identity protocols are circulating. Enterprise vendors are shipping permission layers inside workflows. None of that replaces the political question Estonia is forcing: who gets to define what an agent is allowed to be? A company can write policy-as-code for its own stack. A government can issue an ID with legal standing. The race is over which layer becomes the default trust infrastructure as agents move from demos into payments, procurement, and public services. Estonia ranked fifth among the OECD's most digitally progressive states in 2026 — tied with Norway, Ireland, and Denmark — and it is trying to set the standard before larger economies default to borrowed passwords at national scale.
Convina's view: Estonia is right about the diagnosis and early about the prescription. The agent governance debate has been trapped inside enterprise security teams arguing over log retention while the real failure mode is architectural — machines impersonating humans because the internet never built identity for non-human principals. AI ID codes will not work until liability, revocation, and cross-border recognition are as concrete as the permissions they grant. But the direction is correct. The goal is not to free agents. It is to put them on a leash the state, the company, and the citizen can actually see. Every organization deploying agents should assume that leash is coming — and that the password-sharing era is already a compliance incident waiting to be named.