I will be giving a keynote speech at EIC 5 in Berlin on May 19th, titled "When Software Becomes Staff: Governance, Security, and Safety for Agentic AI."

Well, it's time for the annual European Identity and Cloud Conference. This year, I'll be giving the keynote speech on the first day. The title is...

When Software Becomes Staff: Governance, Security & Safety for Agentic AI
Tuesday, May 19, 2026 15:10 – 15:30, Location: C01 (LINK)

Abstract (subject to change)

AI agents are becoming digital employees. They plan, invoke tools, coordinate sub-agents, and deliver results in the real world. But unlike employees, the boundaries of their identity remain unstable. Can they still be considered the same agent when the model changes? When multiple models share memory and policies, is it one actor or multiple? As the number of agents around each worker grows to tens or hundreds, this is no longer just an AI problem, but an identity governance problem—registration, ownership, authorization, review, and deprovisioning.

This keynote address argues that agent-based AI is fundamentally a matter of "delegated authority." It examines the identification of remote agents, the chain of trust downstream, non-deterministic supply chain risks, principal oversight, and the need for evidence regarding intentions, actions, and consequences. The address concludes that the actuarial foundation for agent-based AI risks is still immature and urges for the urgent need to build an evidence infrastructure that enables accountability, responsibility, and insurance.

Agenda for the day

The first day of EIC starts in the afternoon. (The morning is filled with various workshops.) Following "Welcome to EIC 2026" the main agenda kicks off with Martin Kuppinger's talk titled

• From Workforce to Everything: The Next Chapter of Identity Security & Governance

Next up is a dialogue on "consent" between Max Schrems, who won the European Court of Justice (CJEU) ruling in 2015 that invalidated the EU-US Safe Harbor framework, and then again in 2020 that invalidated the EU-US Privacy Shield and imposed additional obligations on cross-border data transfers by SCCs, and Eve Maler, the leader of UMA (User Managed Access):

• PANEL: Consent's Journey from Annoying to Meaningful: Can Tech Actually Eliminate Cookie Consent Boxes?

Next is Luukas Iives, who was the CIO of the Estonian government until 2024.

• The Agentic State: What's Next for Digital Government?

And next is mine.

• When Software Becomes Staff: Governance, Security & Safety for Agentic AI (When Software Becomes Staff: Governance, Security, and Safety for Agentic AI)

Following me is Kai Zenner, Senior Advisor and Digital Policy Advisor to Axel Voss, Member of the European Parliament.

• Will AI in Europe succeed without changing GDPR?

The lecture was titled "From Consent Confusion to Predictable Enforcement and Less Frictionous Data Use." MP Axel Voss views "consent" as the "death of privacy" and seems to strongly support new technological approaches that enable simplified data processing, accelerated data sharing across Europe, and the use of emerging technologies such as AI.

Next up is a presentation by Florin Coptil of Bosch about the EU Business Wallet.

• EU Business Wallets – Shaping the Future of Digital Identity in Europe

But,My honest impression is that they've placed me in a rather "interesting" spot.Oh well, I still have some time, so I'll think what I can do.

See you in Berlin!