The KYA Concept: How eIDAS Infrastructures Can Secure Autonomous AI Agents

Introduction & Current Situation: The Evolution of Trust Processes

The unambiguous verification of identities has traditionally been at the heart of digital transaction environments. The regulatory framework for KYC (Know Your Customer) and KYB (Know Your Business) has forced a necessary evolution of verification procedures in recent years. While the resource-intensive VideoIdent process must be considered an operationally obsolete model due to a lack of scalability, an increasing number of state-of-the-art AutoIdent solutions are entering the market. Meanwhile, the European economy is eagerly awaiting the impact of EUDI wallets under eIDAS 2.

These previously linear trust-building processes are currently being transformed by the deep integration of artificial intelligence at the structural level. Systems based on powerful LLMs can now autonomously orchestrate complete user journeys. This ranges from initial data collection to the preparation of highly sensitive workflows, such as opening accounts or initiating asynchronous online transactions. In these scenarios, the machine acts as a proxy intermediary that pre-structures transaction data and prepares it for final completion.

The KYA Concept: A Bridge Between AI Automation and eIDAS Compliance

The concept of “KYA” (Know Your Agent) stems from this technological dynamic. At first glance, from a purely superficial linguistic perspective, the term appears ambiguous: While KYC precisely defines the regulatory obligation to identify the other party (the customer), KYA literally implies the need to validate one’s own agents. Furthermore, in practice, there is a risk of confusion within the established digital identity space, where human verifiers—for example, during the manual follow-up review of AutoIdent results—are traditionally referred to as “agents” within the industry as well.

However, when KYA is understood as a structural framework for the emerging fields of agentic commerce and agentic banking, the concept reveals its true, forward-looking relevance. This is not about the paradoxical endeavor of granting software bots an autonomous legal personality independent of humans.

Rather, KYA describes the technological architecture that ensures that, at every stage of an automated transaction chain, a verified “human in the loop” bears ultimate responsibility. KYA thus bridges the critical gap between autonomous machine processing and legally compliant human authorization.

How KYA Works Technically: The Mechanics of Cryptographic Delegation

The core premise of the architecture is that actions performed by AI agents must be orchestrated within isolated infrastructure layers, and precise telemetry data must be fed into dedicated endpoints. Before an action prepared by the bot—such as triggering a B2B payment or transmitting business-critical data—is finally executed, cryptographically secured safety mechanisms involving the agent’s “creator” must be activated.

Specifically, this means that the AI agent’s action is cryptographically signed, and this signature is inextricably linked to the verified identity of a natural person via discrete session keys. To integrate this human identity component into the workflow in a tamper-proof manner, modern systems rely on a dual foundation. In addition to the upcoming eIDAS 2.0 EUDI wallet, sophisticated AutoIdent procedures play a key role

The combination of real-time biometric liveness detection of the human user and a subsequent token-based binding to the AI agent ensures that the machine does not operate in a vacuum, but rather as a legitimate, cryptographically authorized representative.

Perfectly Prepared for Streamlined KYA Processes: The EUDI Wallet

Thanks to the unique architecture of the EUDI wallet, this technology will become one of the most important anchors of trust in the AI era. In the context of KYA, the EUDI Wallet will be particularly effective at establishing a legally compliant connection between an acting agent and a natural person. First, the agent authenticates themselves to the bank by presenting a specific power of attorney (Representation Attestation) or a qualified electronic attribute attestation (QEAA), which allows the bank to recognize the agent and validate their cryptographically guaranteed link to the natural person via this certificate. To finalize the transaction in the last step, the bank sends a signature request to the wallet, whereupon the natural person confirms the transaction through another round of strong authentication and authorizes it with legal effect using a qualified electronic signature (QES) generated locally or remotely.

Risk Allocation: The Responsibility of the “Trustees”

A critical, often overlooked aspect of the KYA ecosystem is the fundamental responsibility of relying parties (such as banks, insurance companies, or e-commerce platforms) in processing a transaction. At the architectural and procedural levels, it is primarily their responsibility to establish two core checks:

a) Entity Verification (Bot vs. Human Detection): The relying party must be able to determine, through advanced telemetry and API analysis, whether an interaction was initiated and prepared by a human or semi-autonomously by a bot or AI.

b) Transaction-based risk analysis: Relying entities must implement a dynamic risk model that determines the contract value or sensitivity level at which strict KYA verification becomes a mandatory prerequisite for executing a transaction.

While a simple, low-risk transaction may require only minimal cryptographic proof and downstream asynchronous authorization, highly sensitive processes—such as opening an account, entering into loan agreements, or transferring significant assets—absolutely require additional, synchronous security measures. There can be no leeway here: At this threshold, KYA verification must enforce strict, biometric or hardware-based re-authentication of the human principal to rule out identity theft by compromised agents.

The Showdown in Trust Space: AI vs. AI and the Asymmetric Arms Race

The absolute necessity of such robust architectures stems from a highly dynamic threat landscape that manifests as a direct showdown between defensive and offensive AI. The study “Security Risks for Trust Service Providers from AI-Based Threats,” published in 2026 by A-SIT Plus on behalf of Rundfunk und Telekom Regulierungs-GmbH (RTR), analyzes this arms race at the structural level.

In this context, AI is a double-edged sword:

• AI as an Accelerator and Defender: On the defensive side, AI unlocks significant efficiency potential. It enables sophisticated anomaly detection, real-time analysis of complex attack patterns (e.g., within modern Security Operations Centers), and the performance of multimodal, real-time biometric liveness checks as part of modern AutoIdent procedures. Its positive impact on strengthening the trust space is real.
  
• AI as an Attacker: At the same time, generative AI is shifting the risk landscape to an unprecedented extent. It drastically lowers the technological barriers to entry for cybercriminals, automates the generation of malicious code, and enables large-scale fraud scenarios. The RTR study (2026) considers the following to be particularly critical: AI-enabled deceptions such as deepfakes, synthetic identities, and sophisticated presentation and prompt-injection attacks, which aim to specifically manipulate visual identification features and machine learning models (e.g., through data poisoning).

The systemic solution to this algorithmic arms race lies in clear governance and the combination of two deterministic protective pillars. The eIDAS 2.0 EUDI Wallet offers uncompromising, mathematical protection against AI-based spoofing attacks through hardware-based key storage (secure elements).

Complementing this, modern, AI-backed AutoIdent procedures close the remaining gap in the field: They use advanced liveness detection and device-based attestations to verify the human anchor point in the workflow beyond a shadow of a doubt in a matter of seconds. Together, these two approaches enable relying parties to approve agent-based processes in a way that ensures the separation between bot actions and human authentication is robust from both a regulatory and cryptographic standpoint.

Conclusion: KYA as a Valuable Advancement in the Digital Identity Space

In summary, it can be said that KYA is far more than just a fleeting marketing buzzword—it is a valuable evolutionary concept that builds directly on the proven foundations of KYC. KYC remains the indispensable core of trust architectures, but KYA expands this core to include the dimension of secure machine delegation in the age of AI.

It is precisely at this interface that sproof is actively working on innovative concepts. The goal is to establish architectures that enable AI agents to be linked to natural persons and their Qualified Electronic Signatures (QES) in a legally sound, tamper-resistant, and compliance-compliant manner.

Whether and when there will ever be fully autonomous agents capable of legally authorizing transactions with a Level of Assurance (LoA) “High”—is still a long way off. However, the path to achieving this necessarily involves the intelligent integration of humans and machines, as well as risk-based validation by trusted third parties, as KYA is already outlining today.

FAQ on the Topic

Prepare your identity infrastructure for the era of agentic banking. Learn from the experts at sproof how to implement complex AI workflows in a legally compliant manner using transaction-based risk analyses, eIDAS-compliant signatures, and state-of-the-art identification methods. Schedule a call with an expert now →