Estonia launches digital passports for AI agents: a revolution in access rights management
The Estonian government has given the green light to an ambitious project to create an official digital identity for artificial intelligence — AI-isikukood. The initiative, approved by the Eesti.ai council under Prime Minister Kristen Michal, marks the world's first step toward the legal recognition of AI agents as independent subjects of digital operations.
The essence of the concept is simple but revolutionary: instead of granting AI assistants unlimited access to systems and data, Estonia proposes issuing them "limited, controlled, and auditable permissions." This means each AI agent will receive a clearly defined set of rights — from viewing data and preparing reports to processing payments — all within strictly specified boundaries.
Prime Minister Michal emphasized that in the near future, artificial intelligence will increasingly perform routine digital tasks for users — from compiling reports to filing tax returns. Without a clear identification system, it is impossible to determine who is acting, on whose behalf, and, most importantly, who bears responsibility in the event of an error or loss.
Infrastructure of the Future
The AI-isikukood project does not exist in a vacuum — it relies on Estonia's already mature digital ecosystem. Starting in 2026, each government agency will be able to deploy its own personalized AI agent within a unified cooperative network called Bürokratt. In parallel, the Aruait project is being developed — a sovereign management layer for AI in the public sector that will define the technical architecture and collaboration models for systems acting on behalf of individuals, companies, and government bodies.
Estonia already has experience in digital identification: the electronic ID for citizens and the e-Residency program for foreigners have become global benchmarks. AI-isikukood logically continues this trajectory, extending the principles of digital sovereignty to non-human agents.
Of the 15 projects approved by the Eesti.ai council in April, the fastest progress is being made in AI skills training. The other areas — healthcare, entrepreneurship, education, and infrastructure — are in the stages of analysis, market consultations, and partnership preparation. By June, some of them had already moved into the practical phase.
My view: This is not just a technological experiment — it is a breakthrough in AI risk management. If Estonia successfully implements AI-isikukood, we will witness the birth of a new security standard for autonomous systems. However, the key question — the mechanism of liability for losses — remains unanswered for now. It is this that will determine whether the initiative becomes a global benchmark or remains a bold but unfinished experiment.