ITU Opens a Workstream on Trust and Identity for AI Agents | TLY

AI Regulation Tracker  /  Standards signal

ITU opens an international workstream on trust and identity for AI agents

On July 9, 2026, at the AI for Good Global Summit in Geneva, the ITU launched a new Focus Group, FG-TIDA, to study how to verify identity and preserve human authority as autonomous AI agents start acting across financial and infrastructure systems. This is early-stage standards work, not a rule.

Agentic AI has moved faster than the plumbing that is supposed to identify who, or what, is taking an action. When a software agent can log in, move money, or reconfigure a system on a person's behalf, the old question of identity gets harder. Is the actor the human, an authorized agent, or something impersonating both. On July 9, 2026, at the AI for Good Global Summit in Geneva, the ITU convened a new Focus Group to start working on that question in the open, before the gaps turn into incidents.

What the ITU actually launched

The new body is called FG-TIDA, short for Trust and Identity for Humans and Agentic AI. It reports to ITU-T Study Group 17, the standards group responsible for security. The important thing to understand is what a Focus Group is and is not. A Focus Group is a pre-standardization vehicle. It gathers experts quickly, produces early deliverables such as use cases, requirements, and draft technical reports, and then hands that material to the parent study group. Recommendations, the formal ITU-T standards, come later and through a separate process. So the ITU did not adopt a standard here. It opened a workstream that could shape one.

The mandate is specific. FG-TIDA will look at autonomous agents impersonating people or organizations, at agents taking unauthorized actions across interconnected systems, and at how to preserve human authority over consequential decisions. In the ITU's own framing, the goal includes frameworks that "preserve meaningful human control for tasks such as executing financial transactions and operating critical infrastructure." Those two examples, payments and infrastructure, tell you where the group thinks the stakes are highest.

Signal, not rule

This is the distinction that matters for anyone reading headlines. Nothing here requires a firm to do anything. The ITU did not issue a rule, and it did not set a compliance deadline. What it did is start an international conversation among technical, policy, legal, and regulatory experts about how agent identity and human control should work. Membership is open to any interested expert, and the calendar is set. The first meeting is in Paris in November 2026, the second in Geneva in January 2027. Treat this as an early read on where global standards may head, not as something that binds your organization today.

Why a US professional should track this

Agentic AI is already showing up in US financial workflows, at registered investment advisers and broker-dealers, and in the operational systems behind critical infrastructure. Those are exactly the use cases FG-TIDA names. Standards that begin at the ITU tend to travel. They inform vendor design choices, procurement language, and later the expectations that domestic regulators reach for when they write their own rules. Getting an early look at how a UN body frames agent identity and human oversight is useful even though the work is non-binding.

The practical move now is light. Note who from your sector is participating, since membership is open. Track the early deliverables as they publish. And when you evaluate agentic tools that touch money or infrastructure, start asking vendors how they handle agent authentication and how a human stays in the loop on consequential actions. None of that is required. It is how you avoid being surprised if this workstream matures into something that is.

Questions professionals are asking

Did the ITU issue a rule or standard on AI agents?

No. The ITU launched a Focus Group, which is a pre-standardization body. It will develop early deliverables that could feed later ITU-T Recommendations, but it does not issue binding rules and it sets no compliance deadline.

What is FG-TIDA meant to address?

It studies trust and identity for humans and agentic AI, including autonomous agents impersonating people or organizations, agents taking unauthorized actions across connected systems, and how to preserve human authority over high-stakes decisions like financial transactions and operating critical infrastructure.

Does this affect a US firm today?

Not as an obligation. The work is non-binding and international. It is worth tracking because the named use cases, fintech and critical infrastructure, are where US firms already deploy agents, and ITU standards often shape later vendor design and domestic rules.

RELATED BRIEFINGS

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel in the relevant jurisdiction.