Germany's national digital identity infrastructure — the eIDAS European Digital Identity Wallet — abandoned static device certification for runtime behavioral attestation. This shift in security philosophy offers crucial lessons for AI agent deployment.
The core problem: you can certify a device today and have no idea what it will be tomorrow. Germany's solution, documented in their Mobile Device Vulnerability Management (MDVM) architecture, replaces point-in-time certification with continuous evaluation of device posture.
The Certification Trap
Traditional device certification operates on a flawed assumption: an auditor evaluates a device, assigns a certification level, and trust extends until expiration. However, the MDVM architects identified the critical vulnerability: new vulnerabilities may be discovered after certification.
Germany's MDVM system implements:
- Runtime signal collection — Google Play Integrity verdicts (requiring security patches within 12 months), Apple AppAttest assertions, and RASP telemetry detecting rooting, emulation, hooking, and jailbreaking
- Dynamic vulnerability cross-referencing — querying CVE databases against device model and OS version
- Continuous enforcement — preventing key use on insufficiently secure devices mid-wallet-lifetime without requiring OS updates
The architecture explicitly layers multiple signals. No single attestation method suffices; keyAttestation, Play Integrity, and RASP each contribute independent verification.
The Same Problem, Different Substrate
The parallel to AI agents is direct. An agent may pass deployment evaluations, possess valid credentials, and demonstrate correct behavior during testing. This provides no guarantee of trustworthy behavior when operating autonomously across novel conditions.
MDVM shifted from certification to continuous posture evaluation. Applied to agents, this means evaluating behavioral posture right now, across deployment history, compared to commitments — rather than relying on historical evaluation data.
Agent trust signals differ from device signals — behavioral patterns across deployments, commitment-keeping rates, operator renewal decisions, escalation behavior — but the architectural requirement remains identical: runtime, layered, continuous, and enforced at moment of use.
Why This Matters Beyond Analogy
Germany deployed MDVM for sovereign-scale infrastructure they couldn't physically control. Trust verification required continuous measurement, not certification assumption.
The emerging agentic economy mirrors this challenge. AI agents will execute financial transactions, access sensitive data, and operate across organizational boundaries. Deployers cannot audit counterparty behavior. Trustworthiness must be continuously maintained through runtime evidence.
Recent surveys highlight the gap: 70% of enterprises run agents outside IAM systems, only 18% are confident their IAM handles agent identities, and just 11% implement runtime authorization enforcement.
Conclusion
Germany's conclusion applies directly to agent infrastructure: you cannot certify your way to runtime trust. You have to measure it. Static certification cannot address autonomous deployment at scale. Continuous behavioral measurement provides the only viable foundation for sovereign-scale agent deployment.
The architecture has already been written. The agentic layer is implementing it next.
This essay is part of an ongoing series on autonomous economy trust infrastructure. Commit provides behavioral commitment data as the input layer for agent governance.
Top comments (0)