Connecting the world and beyond

Terms of Reference

​​1. Rationale

Digital ecosystems are undergoing a structural transformation driven by the emergence of agentic Artificial Intelligence (AI) systems. An Agentic AI or AI Agent or Agent is an autonomous software entity that interprets goals, formulates intent, and executes actions, often by invoking external tools, APIs, or other agents to achieve outcomes on behalf of users. Its behavior is driven by model-based reasoning, typically relying on Large Language Models (LLMs) or other Foundation Models (FMs) to analyze context, generate plans, and adapt its actions dynamically. 

These systems are no longer limited to passive computation; they now act as autonomous entities capable of reasoning, planning, and executing tasks across services, infrastructures, and organizational boundaries. As a result, they are increasingly integrated into critical digital workflows and interact directly with existing identity and trust infrastructures. 

This evolution fundamentally changes the nature of identity in digital systems. Identity is no longer limited to human users and static machine instances but must also encompass autonomous, dynamic, and goal-oriented agents. Industry and research communities increasingly recognize that such agents must be treated as first-class entities within identity and access management systems, requiring dedicated identity models, lifecycle management, and governance mechanisms. 

At the same time, separating human and agentic identity into distinct domains is neither practical nor desirable. Agentic AI systems act on behalf of humans, interact with human-centric services, and must remain ultimately accountable to human stakeholders. Identity relationships therefore span human-to-human, human-to-agent, and agent-to-agent interactions, requiring a unified and coherent approach to identity and trust management. 

However, identity alone is insufficient. In agentic environments, the core question extends beyond "what an entity is" to "whether, and under what conditions, that entity should be trusted to act". Trust becomes a dynamic property that must be continuously evaluated, taking into account behaviour, context, delegation, and technical-policy compliance. This is particularly critical where agentic systems operate across organizational and jurisdictional boundaries, in which trust cannot be established or enforced by a single authority. 

Existing digital identity and trust frameworks, including those developed within ITU-T and other standards development organizations (SDOs), have been designed primarily for human users or static services. While they provide a strong foundation, they do not fully address the requirements introduced by autonomous agents, such as dynamic delegation, continuous trust evaluation, and multi-agent interaction at scale. This results in fragmentation, inconsistent trust decisions, and limited interoperability across ecosystems. 

These limitations are increasingly affecting the deployment of agentic AI systems. Despite significant investment and rapid innovation, organizations face challenges in scaling such systems owing to gaps in trust, governance, and interoperability. The absence of common frameworks for identity, trust evaluation, and accountability remains a key barrier to the transition from experimental deployments to reliable, large-scale adoption. 

In this context, there is a clear need for a coordinated pre-standardization effort to establish common terminology, reference architectures, trust models, and interoperability mechanisms for digital identity and trust management in environments involving both humans and agentic AI. 

The establishment of this Focus Group provides a platform to bring together stakeholders from industry, academia, and standardization communities to build a shared understanding of these challenges, identify gaps in existing approaches, and define the foundations for future standardization. This work will support the development of interoperable, secure, and trustworthy digital ecosystems in which humans and agentic AI can safely interact and collaborate. 

In particular, the Focus Group will foster collaboration with external stakeholders and relevant standardization fora to ensure coherence and avoid duplication of effort. When potential deliverables are identified, early consideration shall be given to the most appropriate organizations or fora for their further development, facilitating an effective transition from pre-standardization activities to formal standardization work.

2. Scope

The Focus Group studies trust management and interoperable digital identity infrastructure for humans and for agentic AI including when leveraged by embodied AI. The Focus Group will explore transforming into a Collaboration platform on Trust Management (e.g. similar to CITS). 

The Focus Group examines existing and emerging technologies, standards, and implementation approaches, with the aim of identifying gaps and supporting pre-standardization activities. It considers both human-centric and agentic AI systems, including their interaction, and explores how identity management and trust can be operationalized in multi-actor ecosystems involving users, agents, service providers, and relying parties. 

​The Focus Group will identify stakeholders with whom ITU-T could collaborate and will enable the inclusion of non-members to contribute to the technical pre-standardization work. Potential collaboration may be developed across academia, industry, regulatory bodies, and standards development organizations (SDOs), to ensure inclusive and interoperable technical foundations.

The following topics are out of scope for the Focus Group:

3. Objectives

According to its scope (clause 2), the Focus Group aims to achieve the following objectives:

3.1       Terminology and definitions

To study and harmonize concepts, terminology and working definitions relevant to interoperable trust management and digital identity for humans and agentic AI.

3.2       (Pre-)standardization roadmap

To identify and study enabling technologies, trends and standardization gaps relevant to trust management, digital identity and interoperability for humans and agentic AI, in order to develop a pre-standardization roadmap.

3.3       Use cases

To identify use cases to guide future development of interoperable trust and identity solutions for humans and agentic AI across various service domains, with a view to facilitating industrial adoption.

3.4       Security assessment criteria and benchmarks

To identify criteria and benchmarks for assessing interoperability, trustworthiness, and other design characteristics (e.g. security, privacy, safety, resilience, accountability, human oversight and traceability) of human and agentic AI trust and digital identity systems.

3.5       Global collaboration platform

To provide a platform for facilitating community engagement and collaboration among relevant ITU-T Study Groups (SGs), external SDOs, industrial entities, open-source communities and academic institutions. The goal is to share best practices and disseminate knowledge for dialogue on technical-policy and potential regulatory implications of trust management and digital identity, in order to accelerate consensus on technical approaches.

4. Specific tasks and deliverables

According to its scope (clause 2), the Focus Group aims to develop the following deliverables:

4.1       Use cases and requirements analysis

Reports analysing selected use cases across sectors, identifying associated technical requirements (and references to policy, regulatory and business requirements where strictly needed for technical decisions) for interoperable digital identity and trust management for humans and agentic AI.

4.2       Architectures for identity, trust, agent discovery and interoperability

A set of architectural approaches covering identity stacks for agentic AI, cross-border trust management for human digital identity, and runtime trust control mechanisms, including agent discovery, trust establishment and interoperability across heterogeneous environments.

4.3       Trust framework(s) and lifecycle management

Framework(s) defining how trust is established, evaluated, maintained and revoked in human and agentic AI ecosystems, including trust models, lifecycle considerations, human oversight and behavioural trust signals.

4.4       Technical-policy and machine-readable trust metadata

A comparative analysis of trust frameworks and digital identity policies, including methods and specifications to represent and exchange technical-policy and trust-related information in machine-readable formats, in order to enable automated trust decisions.

4.5       Guidelines, metrics and standardization recommendations

A set of guidelines, assessment criteria and metrics for evaluating trustworthiness and interoperability, together with recommendations for future standardization activities and alignment with existing initiatives.

4.6       Coordination activities

Tasks to support liaison with relevant ITU-T SGs and FGs, industrial entities and external SDOs, in particular: collaborate with related ITU-T study groups and other standards bodies working on agentic AI, digital identity and trust management; collaborate with academia and industry to promote interoperability and accelerate the adoption of standardized approaches; organize webinars and workshops in coordination with major ITU events to collect knowledge and experience and to foster innovation. Upon completion of its lifetime, the Focus Group shall provide a final report, including the complete set of deliverables, to its parent group SG17. Annex A provides examples of expanded and specific deliverables that could be proposed as contributions to the Focus Group.

5. Relationships

The Focus Group will work through appropriate representations at meetings with ITU-T SG17. Its pre-standardization work serves to support, complement and inform the standardization activities of SG17, without duplicating ongoing efforts. Furthermore, it will liaise with other relevant ITU-T SGs and FGs as necessary to ensure coherence, promote synergies and avoid duplication. The Focus Group will collaborate with other relevant entities and groups in accordance with Recommendation ITU-T A.7. These include governments, inter-governmental entities (in particular the ITU GCC), non-governmental organizations (NGOs), policy makers, SDOs, industry forums and consortia, companies, academic institutions, research institutions and other relevant organizations dealing with aspects of trust management and digital identity for agentic AI from their own perspectives. The Focus Group will organize webinars and workshops to promote the FG activities, encouraging both ITU members and non-ITU members to jointly contribute to this Focus Group and its objectives.

 6. Structure
The Focus Group may establish a sub-group structure if needed.

 7. Parent group
The parent group of the Focus Group is ITU-T SG17 (Security) and relevant Questions.

 8. Leadership
See clause 2.3 of Recommendation ITU-T A.7.

 9. Participation
See clause 3.1 of Recommendation ITU-T A.7. A list of participants will be maintained for reference purposes and reported to the parent group.

 ​​10. Administrative support
See clause 5 of Recommendation ITU-T A.7.

11. FG financing

See clause 4 of Recommendation ITU-T A.7.

 12. Meetings
The Focus Group will conduct regular meetings. The frequency and locations of meetings will be determined by the Focus Group management. The Focus Group will use remote collaboration tools to the maximum extent possible. Meeting dates will be announced by electronic means (e.g. e-mail and website) at least four weeks in advance.

13. Deliverables

See clause 8 of Recommendation ITU-T A.7.

14. Working language

The working language is English.

 15. Approval of deliverables
Approval shall be obtained by consensus, in accordance with clause 8.2 of Recommendation ITU-T A.7.

16. Working guidelines

Working procedures shall follow the procedures of Rapporteur meetings (Recommendation ITU-T A.1). No additional working guidelines are defined.

 17. Progress reports
See clause 3.6 of Recommendation ITU-T A.7.

 18. Announcement of Focus Group formation
The formation of the Focus Group will be announced via TSB Circular to all ITU membership, via the ITU-T newslog, press releases and other means, including communication with the other organizations involved.

19. Milestones and duration of the Focus Group

The Focus Group lifetime is aligned with clause 2.2 of A.7.

 20. ​​​​Intellectual Property Rights
See clause 7 of Recommendation ITU-T A.7.​