What GAuth+ is

Autonomously acting AI evaluates, makes decisions, enters transactions and acts. Therefore, a comprehensive power-of-attorney mechanism must cover these rights, i.e., answer the questions (not limited to it):

  • “from whom has this AI received the power of attorney to make certain decisions or take certain actions (individual versus general power of attorney, registered office of the company, authorized representative/authorizing party, etc.),
  • which decisions it is allowed to make and how,
  • what kind of transactions it is permitted to enter and
  • which actions it is allowed to perform with which kind of a specific resource, human or other agent (e.g., signing authority, authority to issue instructions, “need-to-do” or “do-unless” obligations)?”

This also raises the aspect of the “authority of the authorized representative or authorizing party,” i.e., a kind of second-level approval that ensures a dual control principle when using AI. A more comprehensive standard is therefore needed that contains the basic powers from which authorization can be derived in individual cases. This enables the relying party in terms of any subject or even object of an AI decision to exercise transparent control and verify the authorization of the client. Agents must work within the limits and powers defined by the authorizing party (and, if applicable, their principal). Even if one agent authorizes another agent, a human being must be at the top of such authorization cascade and thus ultimately be accountable. This is important to reduce the risks of organizational fault and avoid damage to trust.

GAuth+ integrates the specific aspects of comprehensively authorizing an AI, i.e., it takes all necessary elements and roles into account in an appropriate manner. In this respect, it complements the current governance framework. The verification of the identity of the authorizing parties, their secure authentication, transparent authorization of AI (beyond system access), and its legitimation (proof of authority by the AI to act compliantly) are closely related, as it is not sufficient to prove certain powers if the authorizing identity is not clearly verified. The authorized AI must be able to reliably prove the fact and scope of its authorization to act legitimately.

The GAuth+ protocol can be compared with the procedures of a commercial register for companies, which records the powers of a managing directors and authorized signatories. GAuth+ uses an authorization server to record the powers of action and decision-making of an AI on a blockchain. In this sense, GAuth+ represents a “commercial register for AI systems” that globally discloses the powers of attorney of AI, i.e. what a digital agent is supposed to sign, decide and do. It can be verified by any relying party having access to the blockchain, assuring the decisions or action of the respective AI has been authorized, thus behaving in compliance with its legitimized powers.

Back to Home page
Back to For partners
Scroll to Top