AI agents are increasingly moving beyond simply answering questions and are starting to carry out actions on behalf of users. The International Telecommunication Union wants to establish the technical framework that will make it possible to verify who is behind such an agent, what its authorisations are, and when a human can halt its actions.
The ITU, the UN agency for digital technologies, has established the Focus Group on Trust and Identity for Humans and Agentic AI, or FG-TIDA for short. Its task will be to develop a framework for digital identity, trustworthiness and accountability of autonomous systems. The initiative was announced on 9 July during the AI for Good summit in Geneva.
“AI agents will soon be negotiating, conducting transactions and making decisions on our behalf” said Debora Comparin, co-chair of the focus group, adding that common international frameworks are needed to establish who these agents are, and how and when they can be trusted.
The issue is becoming urgent, as agents can already utilise external tools, APIs and corporate systems. In practice, this means they can authorise purchases, initiate payments or trigger processes without human intervention each time. The ITU also highlights the risk of impersonating individuals or organisations and carrying out actions beyond the scope of their authorised powers.
The group is to develop common definitions, identity architectures, agent detection mechanisms and criteria for assessing security, resilience and accountability. Another key element will be agent lifecycle management, including the ability to grant, restrict and revoke an agent’s authorisations.
These are not yet binding standards or new regulations. FG-TIDA is carrying out preparatory work for standardisation, the results of which may, however, influence future requirements placed on suppliers of AI agents and companies implementing them in business processes. The group’s first meeting will take place in Paris in November 2026, with the next one in Geneva in January 2027.
As AI becomes more autonomous, simply testing the quality of the model will no longer be sufficient. Access control, decision logging, clear rules on accountability and the ability for a human to quickly take over control will become equally important.
