The UN wants an ID card for AI agents: the ITU turns trust into critical infrastructure

🕒 Published on Zendoric: July 12, 2026 · 00:14
The International Telecommunication Union is launching a working group to create standards that verify who an autonomous AI agent is—and who answers for it. This is not a technical detail: it is the missing piece for these systems to handle money and infrastructure without anyone knowing who to blame if something goes wrong.
We'll send you a confirmation email (double opt-in). Privacy.
By DPL News · July 11, 2026.
The ITU, the United Nations agency for telecommunications, has launched an international working group focused on a very specific problem: today there is no standardized way to verify the identity and reliability of an autonomous AI agent. According to the agency, the goal is that, when these agents carry out sensitive tasks —financial transactions, management of critical infrastructure—, their behavior is traceable, accountable and subject to human oversight. Secretary-General Doreen Bogdan-Martin summed it up by citing trust as the underlying condition for AI autonomy to be viable. The work is co-led by Debora Comparin and Amir Banifatemi, and will be structured as a Focus Group open to regulators, legal experts and technicians, with the aim of setting common definitions, security benchmarks and a shared roadmap. The first formal meetings are scheduled for November 2026 in Paris and January 2027 in Geneva, so this is an institutional kickoff, not an already operational standard.
It is worth framing the problem: over the past year we have moved from talking about chatbots to talking about agents that book flights, move money between accounts, negotiate with suppliers or touch industrial systems without a human reviewing each step. That leap from "a tool that suggests" to "a system that acts" is exactly what makes urgent something that until now was secondary: knowing with certainty who the agent on the other side of a request is, on whose behalf it acts and what limits it has. Without that, a malicious agent —or a legitimate but misconfigured one— can impersonate another, escalate permissions or carry out fraud on a scale no human could achieve alone. It is no coincidence that the ITU itself links this initiative to the management of critical infrastructure: it is precisely the scenario where an identity failure stops being a nuisance and becomes a national security incident.
The interesting thing, as we read it, is that this move replicates on a global scale something that is already happening inside the companies deploying agents: the emergence of a governance layer between the agent, the model and the tools it can touch —granular permissions, auditing, control over what an agent can do and on whose behalf. Organizations are solving it internally with protocols like MCP and access policies; the ITU now proposes the equivalent for the open ecosystem: a verifiable passport for agents that cross borders between companies, platforms and countries. It is the same thesis applied at a different scale, and it confirms that agent governance —not the model's eloquence— is becoming the real bottleneck of agentic adoption.
In the short term, let's be honest: this arrives late relative to the speed of actual deployment. There are already agents operating in production without any interoperable identity standard, and the window between "today" and this group's first formal meetings —November in Paris, January in Geneva— is enough time for automated fraud and agent impersonation to remain, as we have pointed out before, the most immediate security risk of agentic AI, far ahead of distant superintelligence scenarios. Moreover, an intergovernmental body like the ITU advances by consensus: there is no guarantee that the result will be a nimble standard nor that the major platforms will adopt it without friction, and there is a real risk that different geopolitical blocs will end up with mutually incompatible trust frameworks.
In the long term, however, this is exactly the kind of invisible infrastructure that makes possible the abundance our underlying thesis speaks of. A world where agents autonomously manage payments, logistics, health or energy only works if there is a verifiable basis of trust; without it, every efficiency gain brings with it an equivalent risk of fraud. That the UN treats agent identity as a matter of critical infrastructure —on the same level as telecommunications or the digital certificates that today underpin commerce on the internet— is a mature signal: the plumbing is being built before the house floods, not after. If this effort crystallizes into a real interoperable standard, in five years registering an AI agent will be as routine as issuing an SSL certificate, and that regulatory boredom will be, paradoxically, the best possible news.
🔗 Related on Zendoric
- Containing the agent: why governance of autonomous AI should live on your own computer · 2026-07-11
- The race for the 'plumbing' of the agent economy: BNB Chain bets on a blockchain without a mempool · 2026-07-09
- Healthcare AI in the Pacific: when missing data creates the inequality it promised to eliminate · 2026-06-29
Sources & references
Get the analysis by email · free
One email a day analysing the AI essentials. Free, no spam, unsubscribe anytime.
We'll send you a confirmation email (double opt-in). Privacy.


