When an AI agent acts on your behalf today, it uses your identity. It logs in as you, with your access to everything. Estonia wants to end that. Prime Minister Kristen Michal approved a plan to give every AI agent its own government identification code — separate from the human it represents. No other country has done this.
Estonia’s AI agent identification system received government approval — making the country the first in the world to formally commit to assigning legal identity codes to autonomous AI agents. Estonian Prime Minister Kristen Michal approved an Eesti.ai advisory council proposal on 17 June to create an “AI personal identification code.” The proposal is precise and its implications are far-reaching. “In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems,” Michal said in a statement. “But it must be clear who is acting, on whose behalf, with what rights, and who is responsible.”
Additionally, Michal argued that AI agents must have “limited, controllable and auditable authorisations,” instead of simply trusting providers with access to all personal data. The proposal passes to the Ministry of Economic Affairs to develop into draft legislation.
What’s Happening & Why It Matters
The Identity Problem with AI Agents
Estonia’s AI agent identification system addresses a structural gap in how AI agents currently operate. When an AI agent does something on your behalf today, it usually has to become you. It logs in as you, with your access to everything. That architecture creates a specific risk. A human who authorises an AI agent to book a flight grants that agent access to every service connected to their identity — banking credentials, health records, government accounts. The agent needs only the specific permission to book a flight. By contrast, current systems cannot scope permissions that precisely.
Under the proposal, AI agents would no longer need unrestricted access to a person’s entire digital identity to complete tasks. Instead, each agent would receive its own identification credentials and permissions, limiting what it can access and do. Furthermore, Estonia’s move coincides with recent research stating that traditional identity frameworks, such as multi-factor authentication when logging into a banking app, are unable to govern agents that “act, decide and transact at machine speed.”
Why Estonia Is the Right Country
Estonia’s AI agent identification system emerges from the world’s most mature digital government infrastructure. Estonia is the natural place. The country invented the electronic resident card. It built national health records on blockchain. Its citizens vote online, file taxes in minutes, and access virtually every public service through a single cryptographic identity system. Estonia ranked fifth among the top ten most digitally progressive states, according to the OECD in 2026, tied with Norway, Ireland, and Denmark.
That infrastructure means Estonia already has the legal and technical frameworks for identity systems that most countries are still building. Furthermore, Estonia has also created the m-Residency programme, which lets foreign nationals run digital-first businesses using the same mobile ID the government issues to its own citizens, from anywhere in the world. The country understands that identity systems do not respect borders — and that an AI agent acting on behalf of an Estonian citizen might be deployed by a company in Singapore and executing tasks on servers in Frankfurt. The identity code needs to follow the agent regardless.
The Technical Architecture Behind AI ID Codes
The proposal describes a specific technical structure. AI agents operating in Estonia would receive a unique identifier in the same national registry that tracks human citizens and legal entities. The code would be separate from the owner or developer who deployed the agent. It would be persistent, auditable, and tied to a legal accountability framework that the government is still drafting. That last element — accountability — is the most legally consequential. When an AI agent with its own identity code makes a costly mistake, a legal framework can answer the question of who is responsible. Without an ID code, that question currently has no clean answer.
Additionally, the proposal connects to existing academic and technical work. Researchers under the flag of OWASP proposed the Agent Name Service for agent discovery and interoperability. DNS for AI Discovery is another such project. Estonia is translating that research into government policy — which gives it legal enforceability that academic proposals lack.
Globally — Argentina, the EU, and the Kratt Initiative
Estonia is not alone in thinking about AI legal identity — but it is the first government to approve a formal development programme. Two weeks before Estonia’s announcement, Argentina’s President Javier Milei endorsed similar legislation to allow “non-human corporations” managed by software. That Argentine proposal targets corporate structures rather than individual AI agents — a different but adjacent problem.
The EU is addressing AI accountability through the EU AI Act — which focuses on risk classification and transparency rather than identity. By contrast, Estonia’s approach is more fundamental. It targets the authentication layer — the moment an agent presents itself to a system — rather than the regulatory classification layer. Furthermore, the concept has been under discussion in Estonia for years through what became known as the “Kratt” initiative, named after a creature from Estonian folklore that performs tasks on behalf of its owner. The Kratt initiative gave Estonian policymakers years to think through the philosophical and legal foundations before the technology made the problem urgent.
What an AI ID Code Changes
The practical implications extend across every sector where AI agents are already operating. In banking, an AI agent with a scoped identity code can authorise a specific transaction — without receiving access to the customer’s full account history. In healthcare, an agent can retrieve a specific test result — without accessing the patient’s full record. In government services, an agent can file a specific declaration — without gaining access to the taxpayer’s full history.
The International Telecommunication Union has warned that robust identity and authorisation frameworks will be critical as agentic AI becomes more common in sectors such as healthcare, finance, and public administration. Estonia is building the first government-sanctioned version of exactly those frameworks. The design principles — limited scope, controllable permissions, auditable actions, clear accountability — are the same principles that every security architect would specify. The difference is that Estonia is encoding them into law.
TF Summary: What’s Next
The proposal moves to Estonia’s Ministry of Economic Affairs for draft legislation. Estonian officials have not yet announced a timeline for nationwide implementation. The Eesti.ai advisory council — which proposed the system — continues its technical development work alongside the legislative process. The European Commission is expected to request a briefing on Estonia’s framework for potential integration into forthcoming EU AI Act implementation guidance.
MY FORECAST: Estonia’s AI agent identification system will become the global template for AI agent legal identity — in the same way that Estonia’s e-ID system became the dreference architecture for digital government identity worldwide. The Ministry of Economic Affairs will produce draft legislation within 12 months. Estonia will implement the system before any other country reaches the legislative stage. Within five years, the EU will reference Estonia’s framework in mandatory Digital Services Act and AI Act compliance requirements for AI agents operating in EU jurisdictions. By contrast, the US will not implement a comparable federal framework within that timeframe — state-level identity and business registration law varies too significantly for federal harmonisation. The question the proposal forces into law is simple and necessary: if an AI agent can act, decide, and transact at machine speed — who is it, exactly? Estonia just decided the answer is: a registered entity with a number.