Emerging concept
Delegation Receipt
A verifiable record of what authority a person or system gave an autonomous agent.
An emerging concept in agent identity and authorization.
- Status
- Emerging
- Field
- Agent identity · Authorization · Auditability
- First tracked
- July 2026
- Related
- delegated authority · mandates · verifiable credentials · non-repudiation · agent identity
A note on status: the problem this term describes is real and already being worked on across the industry. The terminology is not settled — this term is one candidate among several possible framings. This site exists to define it precisely and to track whether the term, or the category it names, gains adoption.
§ What it means
When a person or system hands work to an autonomous agent, a grant of authority takes place: this agent may spend up to this amount, access these systems, act until this time, on my behalf. Today that grant usually exists only as configuration, a session token, or an unlogged instruction — invisible to the merchants, counterparties and auditors who later have to trust that the agent was acting within bounds.
A Delegation Receipt is the artifact that makes the grant verifiable. It records who delegated, to which agent, with what scope and limits, when, under what conditions it expires or can be revoked — and it is cryptographically signed, so a third party can verify who issued it, to whom, and with what scope.
The idea generalizes a pattern already appearing in payments, where signed mandates now travel with agent-initiated transactions. A delegation receipt is the same object made general-purpose: the receipt a counterparty checks before honoring an agent's request, the record an auditor pulls when reconstructing what an agent was authorized to do, and a key piece of evidence when the question arises whether an agent exceeded its brief.
§ Why it matters now
Agents are beginning to act with real consequences — spending money, signing up for services, modifying production systems, communicating on someone's behalf. Every one of those actions raises the same question for the party on the other side: who authorized this, and to what extent? Without a verifiable answer, counterparties must either trust blindly or refuse agent traffic altogether.
The payments industry moved first because the liability is sharpest there. Google's AP2 defines signed Intent and Cart Mandates; Mastercard's Verifiable Intent turns authorization into portable cryptographic evidence; Visa's Trusted Agent Protocol binds a verified agent identity to consumer consent. In 2026 this work began consolidating under the FIDO Alliance — the body that standardized passkeys.
But delegation is not only a payments problem. Access to data, infrastructure, communications and legal commitments all need the same primitive. The building blocks exist — W3C Verifiable Credentials, OAuth's delegation model, decentralized identifiers — and the open question is whether a general-purpose receipt format emerges, or every domain reinvents its own.
§ What it could include
-
Identity binding
Tying the receipt to a specific, verifiable agent identity and a specific delegator — person, organization or another system.
-
Scope and limits
A machine-readable statement of what the agent may do: amounts, resources, actions, counterparties, categories.
-
Cryptographic proof
Signatures that let a third party verify the grant without contacting the delegator, and that make the record tamper-evident.
-
Expiry and revocation
Time bounds and a mechanism to withdraw authority — with a way for verifiers to check that a receipt is still live.
-
Audit trail
Linking each agent action back to the receipt it was performed under, so authority chains can be reconstructed after the fact.
-
Portability
A common format that works across vendors and domains, so one delegation can be verified by payment networks, APIs and enterprises alike.
§ Emerging signals
A running log of research, products and standards work relevant to this concept. Curated by hand; newest first. Each entry separates the factual record from our interpretation.
-
AP2 and Verifiable Intent are contributed to the FIDO Alliance
Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent, co-developed with Google, were contributed to the FIDO Alliance. AP2's mandates are verifiable digital credentials — structured, cryptographically signed objects that capture what a user has authorized an agent to do.
Our read — Verifiable delegation records are moving from vendor projects to community governance — the strongest signal yet that a shared receipt format is forming, at least for payments.
FIDO Alliance
-
Visa unveils the Trusted Agent Protocol
Visa unveiled the Trusted Agent Protocol, developed with Cloudflare, enabling secure communication between AI agents and merchants and helping merchants verify legitimate agents. Published to the Visa Developer Center and GitHub.
Our read — Agent identity verification is one half of a delegation receipt. TAP standardizes it at the merchant boundary; the authority record is the other half.
Visa
-
Google's AP2 defines signed Intent and Cart Mandates
Google announced AP2 with more than 60 organizations. Its Intent and Cart Mandates are cryptographically signed verifiable credentials recording what a user authorized an agent to buy, and under what conditions.
Our read — Delegation receipts in production form — scoped to payments. The open question is whether the pattern generalizes to data access, infrastructure and communications.
Google Cloud
-
W3C Verifiable Credentials Data Model 2.0 becomes a Recommendation
The W3C Verifiable Credentials Data Model 2.0 became a W3C Recommendation — the tamper-evident, cryptographically signed credential format that AP2's mandates build on.
Our read — The most likely substrate for a general-purpose delegation receipt already exists as a web standard.
W3C
-
Mastercard unveils Agent Pay
Mastercard unveiled Agent Pay, introducing Agentic Tokens that extend its network tokenization to payments initiated by AI agents on a consumer's behalf.
Our read — Delegation limits enforced at the network level: the credential itself carries the scope of authority.
Mastercard
§ Track the term
Tracking how this concept develops. Get occasional updates when the term — or the standards work behind it — starts moving.