David Magård, SIROS Foundation: The key gap is trusted identity and delegation for AI agents, ensuring accountability, authentication, and auditability.
Can you please tell us more about your role and professional background?
I currently serve as Director of Regulatory and Government Affairs at SIROS Foundation. I have an extensive background across different organisations within the Swedish Government. I hold a legal background and have primarily been working in the intersection of law, policy, and digitalisation, especially AI and digital identity.
A 2025 Accenture study predicts that by 2030 AI agents will be the primary users of most enterprises’ internal digital systems. What is the most critical infrastructure gap today (e.g., identity verification, fraud detection)?
To be fair, much of this is still quite immature, even though we already see significant value. There is a clear need to address identity & authentication for AI agents, which connect to audit trails, delegation, and interoperability across platforms and ecosystems.
How can AI agents prove their identity, demonstrating consumer authorisation, corporate affiliation, and delegated decision rights?
In several ways, but what I would like to see is the EU making use of the existing framework for digital identity and the upcoming business wallet. This would provide a trusted infrastructure for digital identity and delegation, enabling the connection of AI agents to both natural and legal persons.
Let’s take an example. A company wants to buy goods from another company. They use an AI agent that operates outside their internal platform to make the purchase. Both the seller and the buyer want to ensure that they are interacting with a legitimate company, that there is a human in the loop, and that the AI agent has the appropriate delegation.
In the EU, we can use the business wallet to identify the businesses, the EU Digital Identity Wallet to identify the natural person, and verifiable credentials to prove intent and delegation. Using these wallets, transactions and credentials are digitally signed. This creates a secure and traceable chain of trust.
With zero-knowledge proofs, we can ensure the integrity of the parties involved. No other region has this foundation, and it is an advantage that should be leveraged.
Which European initiatives are leading on AI agent identity frameworks?
At this point, there is really none. The EU large-scale pilot WE BUILD is the initiative closest to addressing this topic, and it is no surprise that we wrote the article Non-paper: Trusted Identities for AI agents: An Opportunity for Europe. In this non-paper, we encourage EU regulators and standardisation organisations not to rush into new regulations, but instead to develop a strategy for the use of agentic AI. This strategy should be based on making use of existing frameworks, particularly the digital identity infrastructure.
Could agentic commerce exacerbate inequality (e.g., if only large firms can afford advanced identity and trust layers)?
Done right, I think it has the potential to democratise IT, including AI agents.
Does the EU AI Act adequately address agentic commerce, or are additional agent-specific rules needed to clarify liability in autonomous transactions?
I was involved in negotiating the EU AI Act, and it is important to understand that it is fundamentally a documentation and demonstration regulation: the riskier the use of AI, as defined in the regulation, the greater the requirement to document and demonstrate compliance, up to the point of outright prohibitions.
I am not convinced that additional regulation is needed specifically in this area; if anything, it likely belongs within commercial law and delegation rights. Ultimately, someone is always responsible, and regulators will find a person to hold accountable when things go wrong.
What is likely needed instead are frameworks that ensure reasonable audit trails, clear liability responsibilities, and a shared understanding of what merchants and other actors can and cannot be expected to accept. Once again, the EU should develop a strategy for this, grounded in the digital identity infrastructure.
About David
David Magård has extensive experience from the Swedish government, specialising in new technologies and digital identity. He has served as an expert for leading international organisations, including the European Commission, the OECD, and the ITU, and has led two large-scale EU pilots. He currently serves as Director at the SIROS Foundation.
About Siros:
SIROS Foundation's mission is to enable the next phase of the Internet, focusing primarily on building the infrastructure for trusted digital identity. We provide open-source solutions to fill the gaps in the ecosystem and empower people to control their own digital identity.
