The progression of artificial intelligence is moving beyond the era of passive chatbots and text-generation tools. We are entering a new phase of automation driven by “agentic AI”—autonomous software systems capable of planning, making decisions, and executing tasks across services, infrastructures, and organizational boundaries.
Unlike early systems that required step-by-step human prompts, these advanced agents can independently manage personal portfolios, coordinate logistics, and operate critical physical systems.
While these autonomous features promise major gains in economic productivity, they also introduce significant security and governance risks.
In a major global response to these emerging challenges, the International Telecommunication Union, the United Nations’ specialized agency for digital technologies, announced a new global initiative at its AI for Good Global Summit in Geneva.
The agency is establishing the “ITU Focus Group on Trust and Identity for Humans and Agentic AI” to address the lack of standardization in autonomous systems.
The core objective of this UN-led initiative is to build the digital identity and trust frameworks required to ensure that the behavior of autonomous AI agents remains trustworthy, accountable, and under human control throughout their entire lifecycle.
As software agents begin executing real-world financial transactions, accessing confidential databases, and interacting with human-centric services daily, establishing who these agents are and whether they should be trusted to act has become one of the most critical cybersecurity challenges of the decade.
The High-Stakes Shift to Agentic AI and Digital Identity
To understand the urgency of this regulatory push, one must look at how agentic AI is transforming the concept of digital identity. Historically, digital security frameworks were designed to verify two distinct categories of actors: human users and static computer systems.
A human proved their identity using credentials like passwords or biometric data, while a machine verified its location and access permissions using fixed security certificates.
Agentic AI completely shatters this traditional classification. An AI agent is not a static machine, nor is it a human; it is a dynamic, goal-oriented software entity that acts on behalf of a human user or an organization.
When a person delegates a task to an agent—such as authorizing it to scour the web, purchase the cheapest airline ticket, and book a hotel room using a personal credit card—the agent must prove to third-party APIs that it possesses the legal authority to execute that financial transaction.
This capability introduces severe security vulnerabilities that legacy systems are not equipped to handle:
- Identity Spoofing and Impersonation: Malicious actors can construct rogue AI agents designed to impersonate real individuals or official organizations, allowing them to gain unauthorized access to private corporate networks or execute fraudulent transfers.
- Prompt-Injection and Hijacking: An agent tasked with searching a public database can encounter hidden, malicious instructions on a webpage, triggering an exploit that commands the agent to delete local files or exfiltrate sensitive user data.
- Cascading System Failures: As companies begin utilizing multi-agent systems that interact with one another, a logic error in one agent can trigger automated, cascading failures across integrated global networks, potentially disrupting financial services or critical infrastructure.
These risks demonstrate that identity systems alone are no longer sufficient. The core question for modern digital systems has shifted from verifying what an entity is to proving whether, and under what specific conditions, an autonomous software agent should be trusted to execute an action.
Decoding the ITU Focus Group Mandate: Building the “OSI Model” of AI
The newly formed UN Focus Group, officially designated as FG-TIDA, will report directly to the ITU’s expert group for security standards, Study Group 17.
Arnaud Taddei, the Chair of Study Group 17, compared the scale of this agentic AI challenge to the development of the Open Systems Interconnection (OSI) model forty years ago.
Just as the OSI model provided the foundational framework that allowed different computer hardware and software systems to communicate globally over the internet, the new focus group aims to build the universal standard for AI agent interaction.
Taddei pointed out that the industry is on the verge of deploying billions of autonomous AI agents, yet there is currently no neutral, interoperable model to secure these interactions.
Most software companies are currently building bespoke, proprietary trust systems that do not work with competitors’ platforms.
To prevent a highly fragmented and insecure digital ecosystem, the FG-TIDA Focus Group is tasked with developing five core deliverables:
- Reference Architectures: Establishing universal blueprints defining how AI agents are discovered, authenticated, and authorized to interact across diverse cloud and enterprise environments.
- Trust Lifecycle Frameworks: Creating standardized assurance models that outline how an agent’s trustworthiness is established, monitored, maintained, and revoked as its underlying code updates.
- Interoperability Standards: Standardizing the cryptographic credentials and digital identity schemas required for agents to prove who they are and who they act for across different international borders.
- Security Benchmarks: Developing continuous, automated testing criteria to assess the behavior of active AI agents, ensuring they do not deviate from their intended operational boundaries.
- A Standardization Roadmap: Mapping out a coordinated path forward to align standards bodies, telecom regulators, and technology vendors under a single security framework.
The Core Primitives of Trust: Identity, Consent, and Verifiability
The need for neutral trust frameworks was a central theme among enterprise decision-makers at the Geneva summit.
During the roundtable discussions, representatives from Korea Telecom (KT), a leading telecommunications provider, presented a framework for securing what they termed “trust primitives” in the agentic era.
According to KT’s AX Future Technology Institute, a reliable trust system must guarantee three fundamental properties.
First is identity, which establishes the exact origin of the agent, proving whose instructions the software is carrying out.
Second is consent, which defines the strict, legally binding scope of permissions the human user has granted to the agent.
Third is verifiability, which provides cryptographic proof that the agent’s decisions and actions comply with established security rules and human rights principles.
The operator emphasized that as the majority of internet traffic shifts from human-to-human communication to agent-to-agent negotiation, these three primitives must be baked directly into the underlying communication networks.
By building these trust features into open, interoperable network standards, the international community can prevent massive tech conglomerates from establishing monopolistic control over AI identities, ensuring a more competitive and inclusive digital economy.
Decentralized Leadership: Bridging Geopolitical Lines
For a global technology standard to succeed, it must achieve buy-in from multiple, competing economic regions.
To ensure broad international support, the ITU has established a decentralized, multi-stakeholder leadership structure for the new Focus Group.
The agency appointed Debora Comparin, a standardization expert from French cybersecurity and digital identity provider Thales, as the Chair of the Focus Group.
To bridge Western and Eastern technology ecosystems, Liangliang Zhang, a senior standards lead from Chinese telecommunications giant Huawei Technologies, will serve as a Vice-Chair.
This collaborative leadership structure is a significant strategic choice.
By bringing together senior cybersecurity engineers from both Europe and China, the UN is attempting to build a unified trust architecture that can transcend geopolitical tensions.
Whether managing data privacy under the European Union’s GDPR, navigating the Markets in Crypto-Assets (MiCA) guidelines, or aligning with industrial policies in Asia, a globally coordinated identity framework ensures that multinational corporations can deploy AI agents without running into a fragmented patchwork of regional laws.
The Human-in-the-Loop Safeguard and Preserving Control
A primary challenge in governing autonomous systems is the question of ultimate liability.
If an AI financial advisor agent executes a series of unauthorized trades that result in massive financial losses, or if an automated logistics agent mistakenly orders millions of dollars of excess raw materials, who is legally responsible?
The FG-TIDA terms of reference place a heavy emphasis on preserving “meaningful human control” as a core architectural requirement.
The proposed trust models are designed to ensure that human oversight is integrated into every stage of the agent’s lifecycle.
This means that while an agent can plan and coordinate complex actions in the background, high-stakes decisions—such as executing large financial transfers, modifying sensitive health records, or changing power plant operations—must require explicit human approval before execution.
To support this oversight, the focus group will explore the development of “agentic AI trust control planes.”
These control planes will function as automated dashboards, giving human supervisors a real-time, visual log of what actions their digital agents are planning, which external networks they are interacting with, and what credentials they are presenting.
By keeping the human firmly in the loop, the UN framework aims to harness the massive productivity gains of automated agents while mitigating the risk of runaway algorithms.
Securing the Infrastructure of the Autonomous Web
The launch of the ITU Focus Group on Trust and Identity for Humans and Agentic AI is a critical milestone for the digital economy.
By taking a proactive, standardization-first approach to agentic security, the United Nations is addressing a technical vacuum that could otherwise lead to systemic global cyber risks.
The transition to an agentic web is arriving rapidly, with more than 60 countries already treating digital identity as critical public infrastructure.
By extending today’s identity frameworks to autonomous software agents, the FG-TIDA initiative will provide the safety, trust, and predictability that enterprises need to deploy AI systems at scale.
The coming quarters will test how effectively this global coalition can translate these security principles into hard technical standards, but the objective remains clear: to build a secure, inclusive digital ecosystem where humans and intelligent agents can safely collaborate on a global scale.





