Summary
- On June 17, Estonian Prime Minister Kristen Michal endorsed a proposal from the Eesti.ai advisory council to establish an "AI personal identification code."
- This ID would limit an AI agent's authority to specific tasks rather than granting unrestricted access to a user's accounts and services.
- No timeline for implementation or details on liability for errors made by agents with their own IDs were provided by Michal.
Estonia is set to introduce a government identification system for artificial intelligence. Prime Minister Kristen Michal announced on Wednesday that he has approved an initiative from the Eesti.ai advisory council to create a personal identification code for AI agents, which would function as a digital identity distinct from the human, organization, or institution they represent.
According to Michal, this initiative addresses an existing challenge: currently, when an AI agent books a flight, files taxes, or edits a document, it must rely on its owner’s full digital identity. He emphasized that Estonia could be the "first country to establish an official digital identity for AI agents."
Today at the https://t.co/y0m6kr6QX3 advisory council.
I approved the council’s proposal for Estonia to become the first nation globally to create a digital identity for AI agents — an AI personal identification code.
This may sound technical, but the idea is… pic.twitter.com/ibI1FHK4mc
— Kristen Michal (@KristenMichalPM) June 16, 2026
Michal views this step as preparation for a future where AI will perform digital tasks on behalf of individuals, companies, or institutions, such as compiling reports, preparing declarations, or interacting with information systems. He noted on X, "But it must be clear who is acting, on whose behalf, with what rights, and who is responsible."
He believes that providing AI agents with “limited, controllable and auditable authorizations” is crucial, rather than allowing providers unrestricted access to personal data, to ensure effective functioning of the agents.
The proposal would enable an agent's ID to define its specific permissions—such as viewing a record, drafting a document, or making a payment up to a predetermined limit—rather than granting it blanket access to everything its owner can access.
This distinction is essential, particularly as agents are already being utilized. The national AI initiative, Eesti.ai, has implemented AI chatbots in educational institutions and operates Bürokratt, a service described by the government as "a state-created, AI-driven digital assistant that aids institutions in providing modern and efficient customer service."
These agents are currently functioning within government systems, which is the type of access that the new ID aims to regulate more narrowly.
Again, Leading the Way
Estonia has invested two decades into building the digital infrastructure necessary for this concept. Following a significant cyberattack in 2007, the government collaborated with Estonian company Guardtime to develop the KSI blockchain, a keyless signature system that has safeguarded the integrity of judicial and property records since 2012, later extending to healthcare.
The nation has achieved several pioneering milestones, including declaring internet access a universal service in 2000—years before many governments recognized broadband as a right. In 2023, Estonia conducted the world’s first parliamentary election where online votes surpassed paper ballots.
By December 2024, Estonia had transitioned 100% of its government services online, a crucial step for the effective incorporation of agentic AI within the state’s administrative framework. This history of innovation supports Michal's belief that Estonia can take the lead on agent IDs rather than just discussing the concept.
This initiative coincides with increasing global efforts to address agent accountability. In March, Sam Altman's blockchain network World introduced a toolkit allowing agents to verify a human stands behind them before access is granted by platforms, catering to those weary of distinguishing between human and bot requests.
Decrypt has also reported on the consequences of lacking such frameworks. An unsupervised agent racked up a $6,531 AWS bill in just one day after its owner instructed it to scan a hobbyist network without any oversight, subsequently seeking crypto donations to cover the costs.
Establishing a regulatory framework for what agents can do and how they operate could help prevent these models from acting erratically and protect the interests of users, service providers, and all others involved in the interactions (including infrastructure providers and intermediaries) by clarifying responsibilities, limitations, and legal protections.
However, Michal did not provide a timeline for implementation or clarify how liability would be determined when an agent's mistake results in financial repercussions.