Digital Identity in the Age of AI Agents

‍AI is moving from systems that generate content to systems that can act. A new class of systems, often referred to as agentic AI, can plan tasks, make decisions and execute actions. Instead of simply producing text or images, these agents can perform tasks such as ordering services, interacting with platforms or managing workflows. ‍

This shift raises an important question: If an AI agent performs an action, who is actually acting?

What digital identity is designed for

In EU law, digital identity is linked to legal actors. Identity credentials are issued to entities that can hold rights and obligations. Traditionally, this means three categories (i) natural persons, (ii) legal persons or (iii) authorised representatives acting on their behalf.

This logic is reflected in the Article 3(1) of eIDAS Regulation: ‘electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing another natural person or a legal person;[1]

Importantly, the eIDAS Regulation specifies that Member States shall make European Digital Identity Wallets available to natural persons. At the same time, the proposed Business Wallet is intended for legal persons (economic operators). ‍

This means that within the EU digital identity ecosystem, identity instruments are being structured around two main types of actors: natural persons that will be using the European Digital Identity Wallet and legal persons (economic operators) that will be using the European Business Wallet.

AI agents, however, do not naturally fall into either of these categories. AI agents are not legal actors.

At present, AI agents do not constitute a separate legal category. From a regulatory perspective, they are most likely to be treated simply as AI systems within the meaning of the AI Act. Article 3(1) of Regulation (EU) 2024/1689: ‘AI system’ means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. [2]

In other words, even highly autonomous AI agents remain technical systems rather than legal actors capable of holding rights or obligations.

‍Why this matters: ‍

Digital identity systems were designed for people and organisations.

AI agents do not naturally fit into this traditional identity model. ‍

Acting on behalf of someone: a legal perspective

IA agents are often described as acting “on behalf of a user.” From a legal perspective, however, acting on behalf of someone is not merely a technical capability. It is a legal relationship of representation that requires several elements (e.g. a clear mandate or authorisation). But mainly, this concept assumes that the actors involved are again legal actors capable of holding rights and obligations. As explained above, AI agents do not fall into this category. This creates a legal challenge.

‍Why this matters:

Acting “on behalf of someone” is a legal concept of representation, not merely a technical function.

Representation normally requires legal actors capable of holding rights and obligations.

Since AI agents are not legal subjects, new mechanisms are needed.

The missing layer: could wallets help?

In my view, it appears unlikely that AI agents will be granted their own digital identity wallets (or other electronic identification means) in the near future. The EU digital identity framework is built around natural persons and organisations, and extending full digital identity to software systems would raise complex legal and conceptual questions.

Rather it may be more realistic to enable them to act in a trustworthy way on behalf of a user or organisation. In this context, the wallets could play an important role.[3] ‍

The European Digital Identity Wallet already allows users to store electronic attestations of attributes that can be presented to relying parties in a trusted and verifiable way. One possible development could therefore be the use of specific attributes indicating representation.[4]

For example, a user could hold in their wallet a credential confirming that a particular automated system may perform certain actions on their behalf within defined limits.

When an AI-assisted interaction takes place, the relying party could verify this credential and understand:

• who the principal behind the interaction is

• whether the AI agent is authorised to act

• what the scope of the authorisation is.

However, even this model raises an important legal question. As explained above, mandates or powers of representation are normally granted only to legal actors with rights and obligations. Since AI agents do not qualify as such subjects, further regulatory clarification may be needed on whether and how mandates could be formally granted to automated systems. ‍

Recent research on the European agentic AI ecosystem also highlights the need for trusted identity infrastructure and even calls for accelerated deployment of digital identity wallets as a potential trust layer for emerging AI-driven services.[5]

Why this matters:

Digital wallets could provide technical infrastructure to prove delegation and authorisation.

However, under current legal frameworks, mandates can normally only be granted to legal actors (natural or legal persons).

Final takeaway ‍

1. Agentic AI systems are likely to become an important part of the digital economy. They will increasingly interact with digital services, platforms and transactions “on behalf of” users and organisations.

2. However, today’s legal and identity frameworks were designed for human and organisational actors, not for autonomous software systems. AI agents do not hold legal personality and therefore cannot receive mandates or powers of representation in the same way as natural or legal persons. ‍

3. The wallets may help introduce an important trust layer by enabling verifiable attributes that clarify who stand behind an AI-assisted interaction and within which limits it operates.

4. In this sense, the future challenge may not be granting the wallets to AI agents themselves but ensuring that their actions remain anchored in trusted human or organisational identity. ‍

[1] Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation).

[2] Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act).

[3] Trusted Identities for AI Agents – An Opportunity for Europe”, We Build Consortium, available at: https://www.webuildconsortium.eu/trusted-identities-for-ai-agents-an-opportunity-for-europe.

[4] Agentic AI Landscape”, research paper discussing the architecture and capabilities of agentic AI systems, available at: https://arxiv.org/pdf/2511.02841

[5] European Agentic AI Landscape, research report analysing the development of agentic AI ecosystems in Europe and highlighting the importance of trusted identity infrastructures for AI-driven interactions: https://digital-strategy.ec.europa.eu/en/library/agentic-ai-leveraging-european-ai-talent-and-regulatory-assets-scale-adoption

‍