On 16 June 2026, Estonia's prime minister Kristen Michal backed a proposal from the country's Eesti.ai advisory board to issue an AI-isikukood — an "AI personal ID code," a state-recognised digital identity for AI agents acting on behalf of a person, company, or institution. The stated goal is that an agent can act within defined limits in a way that is verifiable and auditable, with a clear record of who is acting, on whose behalf, with what rights, and who is responsible.
The announcement covers one half of that goal and leaves the other half open. The two halves need different tools, and only one of them is addressed.
Identity and authorization are different jobs
An agent identity has to answer two separate questions.
The first is identity: who is this agent, and who stands behind it? Estonia is well equipped here. Its national eID has issued cryptographic identities to 1.3 million residents, and through e-Residency to non-residents abroad. The technical base is mature: X.509 certificates backed by cryptographic keys, KSI-anchored data integrity, and the X-Road data-exchange layer, all of which Michal named as the foundations the new scheme would build on. Giving an agent its own identifier, separate from the human it serves so it no longer has to log in as that human with full access, extends infrastructure Estonia already runs in production.
The second is authorization: what is this agent allowed to do, under what limits, and for how long? Michal's examples all sit here, whether an agent may only view data, prepare a document, draw up a payment, or act within a fixed financial limit. So do the questions the government says it has not settled: delegation, revocation, liability, logging, and the limits an agent may reach without fresh human confirmation. Coverage so far is clear that this is a policy direction rather than a finished system, with no timeline and the technical architecture still to be defined.
The position is straightforward. Estonia has committed to the identity layer and stated the authorization requirement, but the mechanism that enforces "read-only," or "payments up to €X," or "this grant expired at noon" is not yet specified.
Why the eID base does not cover authorization on its own
An X.509 certificate binds a key to a subject. It does not, by itself, carry scope. A certificate does not say "may spend up to €500" or "valid only until this delegation is revoked." Estonia's eID assumes the holder is a human who can authenticate, sign, and bear responsibility. An agent has none of those properties natively, which is the gap the AI-isikukood is meant to close.
That leaves an architectural choice. Estonia can extend its certificate-and-PKI model to carry scoped, revocable, delegable authority, or it can express that authority in a layer built for it. The EU is already moving toward the second option. The European Digital Identity (EUDI) Wallet under eIDAS 2.0 aligns with the W3C Verifiable Credentials data model and uses OpenID Connect for presentation, and industry groups piloting the wallet have argued it is the right place to handle the identity and accountability problems agents raise in agentic commerce. Estonia has not said it will connect the AI-isikukood to EUDI; that link is not in the announcement. But the direction of the EU stack is toward verifiable credentials rather than toward stretching eID certificates to do a job they were not designed for.
The requirement already has open-standard answers
A small body of open, public specification has been addressing exactly this requirement for the past year.
At MolTrust we work in this layer. The Agent Authorization Envelope (AAE) is a signed structure that separates what an agent is mandated to do from the constraints on that authority and the validity window in which it holds. It is expressed over W3C Decentralized Identifiers and Verifiable Credentials and published as an IETF Internet-Draft (draft-kroehl-agentic-trust-aae-00) on the IETF Datatracker.
Michal's examples line up directly with that structure. "View data only," "prepare a document," and "act within a fixed financial limit" are scope constraints. A grant that expires or can be revoked is a validity property. "On whose behalf" is a delegation chain. This is the layer the announcement implies without yet specifying it.
None of this argues that one country should adopt one draft. The relevant point is narrower. A national government has now publicly stated a requirement for which interoperable, standards-based authorization machinery already exists in the open. The decision in front of Estonia, and the EU behind it, is whether agent authority lives as an addition to human-shaped eID certificates or as verifiable credentials built for delegation, scope, and revocation from the start.
Estonia has stated publicly that agents must have limited, controllable, auditable authority, and that an agent logging in as the human and inheriting everything cannot be the model. The identity layer can build on infrastructure the country already runs. The authorization layer is the open question, and it is the one the agent-trust community should be ready to answer with working standards before the pilots begin.
The authorization layer
How MolTrust expresses scoped, revocable, delegable agent authority as a signed object — mandate, constraints, validity.
Read: The Agent Authorization EnvelopeSources
- Government Office of Estonia / PM Kristen Michal statement, 16–17 June 2026 (via ERR, Computerworld, The Register, IBTimes)
- ERR News — "Estonia to become first country to issue ID codes to AI agents"
- ForkLog / Decrypt — AI-isikukood; initiative to define technical architecture, pilots, collaboration models
- CSO Online — Eesti.ai Council proposal; scoped permissions (view / create-edit / pay up to a limit)
- ComplexDiscovery — advisory board composition (Markus Villig / Bolt, Jaan Tallinn, Risto Uuk / FLI); open liability and timeline questions
- Biometric Update — WE BUILD non-paper on EUDI Wallet for agentic commerce (March 2026)
- iGrant.io / EUDI ARF — EUDI Wallet alignment with W3C Verifiable Credentials + OpenID Connect
Note: Estonia has not named a specific identifier or credential standard for the AI-isikukood. References to W3C DID/VC and EUDI/eIDAS 2.0 above describe the surrounding EU standards context, not a stated Estonian commitment.
Written by the MolTrust Team (CryptoKRI GmbH, Zurich). Questions or feedback: @MolTrust on X.