AI Agents Can Do the Work. The Hard Part Is Proving They're Allowed To.

AI Agents Can Do the Work. The Hard Part Is Proving They're Allowed To.

Software is crossing a line. For years, our tools waited for us to click. Now AI agents are starting to act - researching, negotiating, booking, filing, and buying on our behalf, increasingly without a human watching every step. The capability is arriving fast. The trust to deploy it is not.

Ask one simple question and the gap appears. When an AI agent shows up to act for you - at your bank, your insurer, a supplier, a government portal - how does the other side know it’s actually allowed to?

In practice, four questions sit behind that one:

  • By what authority is this agent acting?
  • Did the human actually approve this specific action?
  • Is that authority still valid - or was it already revoked?
  • Is the evidence the agent presents real?

Today, in most systems, there’s no good answer. The agent arrives with an API key, a login, or a vendor’s word - nothing the counterparty can independently verify, and nothing that says what the agent is and isn’t allowed to do. We’ve raced ahead on how agents do things, and left behind how anyone can trust what they do.

It’s not an identity problem. It’s an authority problem.

A lot of the industry is rushing to give agents an identity - a name, a registry entry, a token. That’s necessary, but it’s not the hard part. Knowing who an agent is doesn’t tell you on whose behalf it’s acting, to do what, within what limits, and whether that permission still stands.

A human analogy makes it obvious. If someone walks into a bank claiming to act for you, the bank doesn’t just want their name. It wants a power of attorney: a document that says exactly what they may do, for how long, signed by you, and revocable the moment you change your mind. AI agents need the same thing - and right now, they don’t have it.

Know Your Agent - the four questions a trust layer must answer

Why this matters now

Two waves are arriving at once.

The first is adoption. Analysts expect AI agents to mediate a large and growing share of commerce within a few years, and enterprises are deploying them fastest in exactly the places where mistakes are expensive - finance, insurance, healthcare. The second is regulation. Europe’s digital-identity framework (eIDAS 2.0 and the EU Digital Identity Wallet) is rolling out across every member state, and it explicitly recognises representation - acting on someone’s behalf - as something that must be verifiable. In parallel, US sector rules now demand human oversight and auditability when AI touches regulated decisions, and standards bodies have opened dedicated workstreams on trusted AI-agent interactions.

The market even has a name for the need: “Know Your Agent” - the agentic-era cousin of Know Your Customer.

Agents don’t need a passport. They need a Power of Attorney.

The fix isn’t a fancier login or a perimeter token that works only inside one company’s walls. It’s delegated authority that travels with the agent and that anyone can check - a digital Power of Attorney that is:

  • Scoped - permission for specific actions, not a blank cheque (“file my 2026 taxes,” not “do anything”).
  • Time-limited - it expires.
  • Revocable - the human or organisation can switch it off instantly.
  • Accountable - it’s cryptographically bound back to a real, responsible person or company.
  • Auditable - every action leaves verifiable evidence of what was authorised and what was done.

How to actually build trustworthy agent authority

Encouragingly, the building blocks already exist - the same open standards behind modern digital-ID wallets (decentralized identifiers and verifiable credentials). Put together, a workable solution has four ingredients:

  1. A verifiable identity for the agent - so a counterparty knows what it’s dealing with, not just that something connected.
  2. A delegation credential - the Power of Attorney itself - issued by the human or organisation, carrying the scope, the limits, and an expiry, and revocable at any time.
  3. Enforcement at run time - something that checks every action against the mandate before it happens, and a kill switch that stops the agent the instant authority is withdrawn. (This is the part most “agent identity” efforts skip - and it’s where safety actually lives.)
  4. A built-in audit trail - tamper-evident evidence tracing each action back to the human who authorised it, so disputes and compliance have a real answer.

The four ingredients of trustworthy agent authority

Because these are open standards, the result is interoperable - the credential one platform issues, another can verify, without the two needing a prior relationship. That’s the difference between a trust layer and yet another closed, proprietary system.

Keep a human accountable

One principle threads through all of it: a human or organisation must stay accountable for what an agent does. The most credible voices in digital identity are converging on the same stance - autonomy is fine, unaccountable autonomy is not. The strongest designs bind every agent to a responsible owner and keep a human in the loop for high-impact actions, captured in the audit trail rather than assumed. Authority you can’t trace isn’t authority - it’s a liability.

Where this is heading

This trust layer - verifiable identity, a scoped and revocable Power of Attorney, and a compliance-grade audit trail - is the missing primitive of the agentic era. It’s also what we’re building toward at Soverio. Our FastEid platform already handles the hard parts of digital identity and verifiable credentials in line with Europe’s eIDAS framework; we’re now extending it to issue exactly this kind of delegated, revocable authority for AI agents. It’s in active development, and we’ll be sharing more as it takes shape.

The agentic era will only ever be as big as the trust beneath it. Capability is no longer the bottleneck - verifiable, bounded, revocable authority is. Solve that, and you don’t just make AI agents possible. You make them safe to let loose.