AI Agent Signing Authority: Can a Non-Human Sign Contracts?
AI agents order, approve, and sign across enterprise systems. But only a legal or natural person can hold signing authority — most companies cannot prove the chain.
No — under every major legal framework, only natural or legal persons can hold signing authority, not AI agents. AI agents act on behalf of an authorised human or company, and the legal weight of their actions depends on a cryptographic delegation chain. Most enterprises cannot prove that chain today.
In the last twelve months, autonomous AI agents have moved from demo to production. Salesforce Agentforce, Microsoft Copilot Studio, AWS Bedrock Agents, and dozens of startups now deploy agents that can order, commit, approve, and sign — with minimal human intervention. Gartner projects that 40% of enterprise applications will be integrated with task-specific AI agents by the end of 2026, up from less than 5% in 2025 (Gartner, August 2025). By 2028, Gartner expects 90% of B2B buying to be AI-agent-intermediated, pushing more than $15 trillion of B2B spend through agent exchanges (Gartner, January 2026).
Every one of those agents raises the same question: when the agent signs something, whose signature is it?
Signing Authority Is a Legal Concept, Not a Technical One
Under EU law — specifically Regulation (EU) 2024/1183 (eIDAS 2.0) — and every major common-law jurisdiction, a valid electronic signature requires two elements: a signatory who is a legal or natural person, and a cryptographic binding of that signatory's intent to a specific document. AI agents fail the first test. They are not legal persons. They cannot own obligations, be sued, or hold bank accounts.
This is not a gap that new regulation is about to fix. The EU AI Act (Regulation (EU) 2024/1689) explicitly treats AI systems as products — regulated objects, not regulated subjects. The agent is closer to a drill press than to an employee. (We covered the broader AI agent identity question in March.)
What the law does recognise is agency: the doctrine that one legal person can act on behalf of another. When a human employee signs a contract "for" their employer, the contract binds the employer because the employee had authority. The same principle extends to software, but with a crucial condition — the chain of authority must be traceable to a natural or legal person.
Four Ways Enterprises Handle This Today — and Why Most Fail Audit
| Approach | How it works | Legal standing | Typical failure mode |
|---|---|---|---|
| Shared service account | Agent uses a team API key | Weak — no individual attached | "Who approved this?" — nobody |
| Pre-signed templates | Human signs a blank template, agent fills it in | Strong if drafted carefully, brittle at scale | Scope creep, signature stale |
| Machine identity (NHI) certificate | Agent has its own X.509 certificate | Valid for authentication, not signing authority | Certificate proves the machine, not the human |
| Verified human principal with scoped delegation | Every agent action cryptographically bound to a verified human, within an explicit scope | Strong — maps directly to agency law | Requires identity infrastructure most companies lack |
The third row is where most enterprises currently sit. The Non-Human Identity (NHI) access management market is worth $12.2 billion in 2026 and is projected to reach $38.8 billion by 2036 (Research Nester via openPR, 2025). It solves a real problem: machines need to authenticate. But NHI does not create signing authority. A certificate that says "this is Agent-7-prod" is not a signature. It is a login.
The fourth row is where the law actually wants you to be.
The Accountable Agent Pattern
A defensible architecture for AI agents signing contracts has four moving parts. The human verifies their identity once. They issue a scoped delegation to an agent. The agent acts within that scope. Every signature carries the delegation on its face.
-
A natural person — employee, authorised signatory — verifies their identity once using a cryptographically strong proof, typically a biometric passport with NFC chip under ICAO 9303. This produces a long-lived reusable identity credential bound to them.
-
That person issues a scoped delegation to an AI agent: "this agent may sign purchase orders up to €10,000 for supplier category X, valid for 90 days." The delegation is itself a cryptographic artefact, signed by the human.
-
When the agent acts, it produces a signature that includes three things: the agent's own credential, the delegation certificate, and a hash of the document being signed. Any verifier can trace the signature back to a specific, named, identified human.
-
The human can revoke the delegation at any time. The audit trail shows, for every agent action, which human authorised it, under what scope, and when.
This is the architecture AI agent identity implements — passport-chip identity proofing at the root of every delegation chain, scoped delegations issued by the verified human, every agent signature traceable back to the named principal.
The result is a signature that survives legal scrutiny. "The agent signed it" becomes "Mairi Kutberg authorised Agent-7-prod to sign purchase orders up to €10,000 on 2026-03-15, and this order was signed by Agent-7-prod within that scope on 2026-04-02."
When Each Approach Is Defensible
Not every agent action needs a qualified signature. The proportionality question is which approach fits which risk tier.
| Scenario | Minimum approach | Why |
|---|---|---|
| Internal workflow actions (status updates, internal approvals) | Shared service account | No contractual obligation created |
| Low-value external transactions under a pre-existing master agreement | Machine identity with logged audit | Master agreement already defines signing authority |
| B2B contracts above transactional thresholds | Verified human principal + scoped delegation | Counterparty can demand proof of authority |
| Regulated transactions (financial services, freight documentation, public sector) | Verified human principal + AdES or QES signature | Regulation explicitly requires identified natural person |
| Cross-border agreements | Verified human principal + AdES + long-term validation | Foreign courts need independent verifiability |
The logistics industry offers a crisp example. From July 2027, eFTI Article 5 requires every electronic freight transport platform to identify, authenticate, and authorise every business user to eIDAS Article 8(2) level. An AI agent that signs an electronic consignment note on behalf of a carrier cannot itself be "the user" — it must act under a scoped delegation from a verified human representative of that carrier. Platforms that deployed agent-signing without that chain will need to retrofit it.
What Changes in 2026–2027
Four developments are compressing the timeline for companies that have not solved this.
EU AI Act Article 50 enforcement. From 2 August 2026, transparency obligations under Article 50 of Regulation (EU) 2024/1689 become fully enforceable (Artificial Intelligence Act – Article 50). When an AI agent signs a document, the signature metadata has to disclose AI involvement — and the deployer must be able to prove the signature chain to demonstrate that a human authorised the agent's action.
EU Product Liability Directive. Member states must implement the revised Product Liability Directive (Directive (EU) 2024/2853) by 9 December 2026 (EUR-Lex). For the first time, software and AI systems are explicitly classified as "products" under strict liability. If an AI agent causes harm through a "defective" action, the deploying company can be held strictly liable without needing to prove negligence. A documented delegation chain is the practical defence.
Regulatory convergence on human accountability. NIS2 (cybersecurity), DORA (financial services), and the AI Act all converge on the same requirement: for every automated action that creates obligation or risk, an identified natural person must be accountable. Regulators are not impressed by "the model decided."
Case law already exists. The landmark precedent is Quoine Pte Ltd v B2C2 Ltd [2020] SGCA(I) 02 (judgment), where the Singapore Court of Appeal analysed contracts formed by algorithmic trading software that executed trades at roughly 250 times the going market rate after an operational failure at the exchange. The court held that the knowledge and intention of the human programmer at the time of writing the algorithm was decisive in determining contract formation and mistake. The implication for 2026 is direct: where an agent's action is disputed, courts will look at what the authorising human intended and how that intent was encoded into the agent's scope. Companies without a cryptographic delegation artefact have nothing to show.
Meanwhile, Gartner predicts that more than 40% of agentic AI projects will be cancelled by the end of 2027 — largely due to unclear risk controls and governance (Gartner, June 2025). The signing-authority problem is one of the governance problems killing those projects.
Frequently Asked Questions
Can an AI agent legally sign a contract? No. Only legal or natural persons can be parties to a contract. An AI agent can execute a signature on behalf of an authorised human or company, but the signature's legal weight depends on a provable chain of delegation from a verified human.
What is the difference between non-human identity and signing authority? Non-human identity (NHI) is about authentication — proving a machine is the machine it claims to be. Signing authority is about contract law — proving a human or company consented to be bound. An NHI certificate is necessary but not sufficient for agent signatures on contracts.
Can a company hold signing authority for its AI agents? Yes, under the doctrine of agency. The company must demonstrate that a specific authorised representative issued a scoped delegation to the agent, and that the agent acted within that scope. Without the delegation artefact, the company cannot prove authority in a dispute.
How does eIDAS apply to agent signatures? eIDAS recognises three levels — simple, advanced, and qualified. For any of them, the signatory must be a legal or natural person. An advanced electronic signature produced by an AI agent must cryptographically bind to the human principal to qualify. Signatures produced by a machine identity alone are at best simple electronic signatures.
What infrastructure do we need to make this work? Three pieces: cryptographically strong identity proofing for the human principals (biometric passport with NFC is the current gold standard, available in around 180 countries (Signicat, 2025)); scoped delegation primitives so humans can issue and revoke agent authority; and signature formats that include the delegation chain in every signed artefact.
The Bottom Line
AI agents will sign more and more of the documents that run businesses. The question is not whether they will — it is whether each signature is defensible when challenged. Enterprises building agent platforms on shared credentials and machine-only identity are accumulating a liability that grows with every agent action. Those treating every agent signature as a human delegation — cryptographically proven and scoped — are building on the correct legal foundation.
Sources
Regulation and legal frameworks
- Regulation (EU) 2024/1183 (eIDAS 2.0) — consolidated overview
- Regulation (EU) 2024/1689 — AI Act, Article 50 transparency obligations
- Directive (EU) 2024/2853 — revised Product Liability Directive (strict liability for software and AI, member-state deadline 9 December 2026)
- European Commission — EU regulatory framework for AI
Case law
- Quoine Pte Ltd v B2C2 Ltd [2020] SGCA(I) 02 — Singapore Court of Appeal decision on contract formation by algorithmic software
Market forecasts and analysis
- Gartner: 40% of enterprise apps will feature task-specific AI agents by 2026 (August 2025)
- Gartner: 90% of B2B buying AI-agent-intermediated by 2028 (January 2026)
- Gartner: Over 40% of agentic AI projects to be cancelled by end of 2027 (June 2025)
- Research Nester — Global Non-Human Identity Access Management market size and forecast 2026–2036
- Business Research Insights — Machine Identity Management market forecast to 2035
Industry commentary
- Clifford Chance — Agentic AI: the liability gap your contracts may not cover (February 2026)
- Proskauer Rose — Contract Law in the Age of Agentic AI: Who's Really Clicking "Accept"?
- Squire Patton Boggs — The Agentic AI Revolution: Managing Legal Risks
- Yousign — AI Act and E-Signatures: EU Compliance Requirements 2026
IdentiGate's cross-border digital identity infrastructure is designed for exactly this chain: verify humans once from any of the ~180 countries issuing biometric passports, issue scoped delegations to AI agents, and produce eIDAS-grade signatures that trace back to an identified person for every agent action. Learn more at identigate.com.
About the author
Gustav Poola is co-founder of IdentiGate. He focuses on the technical architecture of passport-chip identity verification, advanced electronic signature production under eIDAS, and the engineering of identity flows that survive regulator and auditor walk-back.