KYA regulation converges from five jurisdictions and six private-sector frameworks. NIST, EU AI Act, FCA, the SCA paradox, and four gaps..
| Dimension | Traditional UX | Agentic Experience Design (AXD) |
|---|---|---|
| Primary material | Attention and affordance | Trust and delegation |
| User state | Present, navigating | Absent, delegating |
| Design output | Screens and interfaces | Outcomes and constraints |
| Temporal model | Session-based | Relationship-based |
| Success metric | Task completion | Trust calibration |
Know Your Agent (KYA) is a proposed regulatory framework that extends Know Your Customer (KYC) principles to autonomous AI agents. It requires that any agent conducting transactions or acting on behalf of a human must be identifiable, its authority verifiable, and its actions auditable. KYA establishes the regulatory foundation for accountable agentic commerce.
Without KYA regulation, agentic commerce operates in a trust vacuum. There is no standardised way to verify that an agent is authorised to transact, no mechanism to audit agent behaviour, and no framework for liability when agents cause harm. KYA provides the regulatory infrastructure that makes agentic commerce trustworthy, accountable, and legally viable at scale.
Know Your Agent (KYA) is a proposed regulatory framework that extends Know Your Customer (KYC) principles to autonomous AI agents. It requires that any agent conducting transactions or acting on behalf of a human must be identifiable, its authority verifiable, and its actions auditable. KYA establishes the regulatory foundation for accountable agentic commerce.
Without KYA regulation, agentic commerce operates in a trust vacuum. There is no standardised way to verify that an agent is authorised to transact, no mechanism to audit agent behaviour, and no framework for liability when agents cause harm. KYA provides the regulatory infrastructure that makes agentic commerce trustworthy, accountable, and legally viable at scale.
Both predictions were late. Not early. Late. Between the publication of that essay and the writing of this one, the regulatory landscape shifted faster than any reasonable forecast anticipated. On February 5, 2026, the National Institute of Standards and Technology published its concept paper on "Accelerating the Adoption of Software and AI Agent Identity and Authorization" - the first formal US government initiative to address how autonomous software agents should be identified, authorised, and audited. On February 17, NIST's Center for AI Standards and Innovation launched the AI Agent Standards Initiative, explicitly focused on ensuring the next generation of AI agents can be "adopted with confidence, functioning securely on behalf of users." On January 20, the UK Treasury Committee published a report criticising the Financial Conduct Authority for its "wait and see" approach to AI governance, demanding published guidance by the end of 2026. On January 27, the FCA responded by launching the Mills Review - a strategic examination of AI's long-term impact on retail financial services. Meanwhile, the private sector did not wait. Sumsub launched AI Agent Verification on January 28 - the first commercial This essay examines that reckoning. It maps the regulatory landscape across five jurisdictions, analyses the NIST concept paper as a watershed moment, dissects the EU AI Act's classification problem, confronts the Strong Customer Authentication paradox that threatens to stall agentic payments in Europe, surveys the six private-sector organisations racing to build KYA before regulators do, identifies four fundamental gaps that no framework addresses, and closes with five predictions and specific design guidance for The first thing to understand about KYA regulation is that it does not exist as a single framework. It is emerging simultaneously from five major regulatory jurisdictions, each approaching agent identity from fundamentally different starting points, with fund