AI Agents & the Trust Stack

Overview

Executive Summary

AI agents, autonomous software systems that can plan, reason, and execute multi-step tasks on behalf of humans, are moving from research demonstrations to commercial deployment in 2026. The infrastructure to verify, authenticate, and govern these agents does not yet exist at scale.
The "trust stack" for AI agents requires three layers: identity (who or what is acting), authority (what permissions does it have), and accountability (who is liable when things go wrong). Each layer represents a distinct infrastructure opportunity.
The convergence with verifiable credentials (eIDAS 2.0, EU Digital Identity Wallet) and decentralised identity creates the foundation for machine-to-machine trust, extending digital identity from humans to their AI representatives.
The decentralised identity market is projected to reach $7.4 billion by 2028, but the addition of AI agent authentication could multiply this addressable market by 5-10x as every AI agent requires verifiable credentials.
This is the "where human intelligence meets artificial intelligence" infrastructure challenge. The companies that solve agent authentication and governance will occupy a position analogous to certificate authorities in the early web.

Context

From Chatbots to Autonomous Agents

The evolution from conversational AI to autonomous agents represents a fundamental shift in how software interacts with the world. A chatbot responds to prompts. An agent takes initiative: it books flights, negotiates prices, signs contracts, moves money, and makes decisions within defined parameters. This autonomy creates unprecedented trust and verification challenges.

$7.4B

Decentralised identity market (2028)

Before agent authentication multiplier

2026

eIDAS 2.0 wallet deadline

EU member states must offer digital identity wallets

5-10x

Potential market multiplier

When agent credentials are added to identity infrastructure

Architecture

The Three Layers of the Trust Stack

Identity

Who or what is this agent? Verifiable credentials linking an AI agent to its human principal, its deploying organisation, and its capabilities.

→

Authority

What can this agent do? Delegated permissions with cryptographic attestation, spending limits, scope constraints, and revocation mechanisms.

→

Accountability

Who is liable? Audit trails, decision logs, and liability frameworks that connect agent actions to responsible human or corporate entities.

eIDAS

From Human Identity to Agent Identity

The EU's eIDAS 2.0 regulation, requiring all member states to offer digital identity wallets by 2026, creates the foundational infrastructure for agent trust. Verifiable credentials issued through the EU Digital Identity Wallet can be extended to cover AI agents acting on behalf of verified humans or organisations.

What eIDAS 2.0 Provides

Pan-European digital identity wallets with cryptographic credential issuance
Verifiable credentials for identity attributes (age, qualifications, organisational roles)
Qualified electronic signatures and seals with legal equivalence to handwritten signatures
Cross-border interoperability across all 27 EU member states

The Agent Extension

Agent credentials derived from human wallet credentials, creating a chain of trust
Delegated authority attestations specifying what an agent can do on behalf of its principal
Machine-readable policy constraints (spending limits, counterparty restrictions, time bounds)
Revocation infrastructure allowing principals to instantly disable agent authority

Use Cases

Agent-to-Agent Commerce

The most transformative application of agent trust infrastructure is not human-to-agent interaction, but agent-to-agent commerce. When a procurement agent negotiates with a supplier agent, both need verifiable identity, delegated authority, and auditable decision trails. This creates entirely new infrastructure requirements.

Procurement: A company's AI purchasing agent negotiates with supplier agents, verifying credentials, comparing offers, and executing contracts within pre-authorised parameters.

↓

Financial Services: AI agents executing trades, managing portfolios, or processing insurance claims need authenticated identity and auditable authority chains to meet regulatory requirements.

↓

Healthcare: AI agents accessing patient records, scheduling referrals, or processing prescriptions require the highest levels of identity verification and authority delegation.

↓

Travel & Logistics: AI agents booking flights, arranging transport, and managing supply chains on behalf of verified principals, interacting with other agents representing airlines, hotels, and carriers.

Value Chain

Infrastructure Layers and Emerging Players

Layer	Function	Emerging Players	Investment Signal
Credential Issuance	Creating verifiable agent credentials	Spruce ID, Walt.id, Dock.io	Infrastructure, early-stage
Agent Authentication	Verifying agent identity in real-time	Emerging (greenfield)	Highest-value opportunity
Authority Delegation	Managing and constraining agent permissions	OpenAI (built-in), Anthropic, custom	Platform play
Audit & Compliance	Logging agent actions for accountability	Arize AI, Weights & Biases, emerging	RegTech crossover
Policy Engines	Enforcing organisational rules on agent behaviour	OPA/Styra, emerging agent-specific	Enterprise infrastructure

Monitoring

What to Watch

eIDAS 2.0 Wallet Rollout

The pace and quality of EU member state digital identity wallet deployments will determine how quickly the foundational credential infrastructure reaches critical mass.

Agent Protocol Standards

Emerging standards for agent-to-agent communication (including Anthropic's MCP, OpenAI's function calling, and W3C verifiable credentials) will determine interoperability.

First Agent Liability Cases

The first legal cases involving AI agents acting autonomously (incorrect purchases, contract disputes, financial losses) will force rapid development of liability frameworks.

Conclusion

Strategic Takeaways

AI agents are coming. The trust infrastructure they require is not. This gap represents one of the most significant greenfield infrastructure opportunities in technology.
Europe is uniquely positioned through eIDAS 2.0. The EU's digital identity wallet infrastructure provides the credential foundation that agent authentication requires, giving European companies a platform advantage.
The parallel to the early web is instructive. Certificate authorities (Verisign, later DigiCert) became critical infrastructure for web trust. The equivalent layer for AI agent trust does not yet exist, and will be worth multiples of the current decentralised identity market.
Agent-to-agent commerce will create more infrastructure demand than human-to-agent interaction. When software negotiates with software, the volume of credential verification, authority checks, and audit logging scales by orders of magnitude.
This is the defining infrastructure challenge at the intersection of human intelligence and artificial intelligence. humAIne's thesis, that the most transformative innovations emerge where human creativity meets technological capability, applies directly to the trust stack.