When governments begin proposing legislation for a technology that barely existed a year ago, it’s usually a sign that something important is happening. Senator Mark Warner’s recently released discussion draft, the Artificial Intelligence Access, Gatekeeper Exchange, and Nondiscriminatory Transfer Act, or the AI AGENT Act, is one of the first serious attempts to establish a regulatory framework for AI agents that make purchases on behalf of consumers.
After reading through the discussion draft, I came away thinking less about the proposed rules than about the assumptions behind them. The proposal seems to envision a fairly specific future where consumers obtain AI shopping agents from commercial providers, those providers operate the underlying infrastructure, and government regulates the providers rather than the agents themselves.
That’s certainly one plausible future, but I’m not convinced it’s the only one.
The Architecture Envisioned by the AI AGENT Act
The legislation introduces the concept of a Custodial User Agent (CUA), an AI agent that’s entrusted with acting on behalf of a consumer. Under the proposal, the Federal Trade Commission would be tasked with establishing a registration process for CUA providers, defining security and privacy requirements, overseeing compliance, and revoking the authority of providers that fail to meet those standards.
The draft also places significant responsibilities on CUA providers. They must act in the consumer’s interest, safeguard personal information, maintain records of an agent’s activities, and avoid transferring delegated authority without the user’s consent. Large online platforms would be required to provide registered third-party agents with fair and non-discriminatory access, while protecting their platforms from malicious or abusive agents.
When you put those pieces together, a fairly clear picture emerges. Consumers subscribe to AI shopping services. Providers host and operate those agents. The FTC registers and oversees the providers. Large online platforms trust the agents because they’re operated by registered providers.
It’s a coherent model, but as I alluded to earlier, it’s only one model.
What If the Market Evolves Differently?
Some consumers may choose the convenience of subscribing to an AI agent hosted by Google, Apple, OpenAI, Anthropic, or another provider. Others may run an open source agent on their own hardware or assemble one from interoperable components. Enterprises may deploy agents for employees, while banks or other trusted organizations may offer agents tailored to financial services.
It’s easy to imagine all of these models existing side by side.
If millions of consumers eventually build, customize, or self-host their own AI representatives, does it still make sense to require every one of those agents to register with the FTC before they can interact with Amazon, Walmart, or another large online platform?
That begins to feel less like consumer protection and more like a barrier to innovation.
A Different Way to Build Trust
The real issue isn’t who hosts the agent. It’s how everyone else decides whether they can trust it.
To be fair to the draft, it doesn’t rely purely on organizational vetting. Section 4(c) directs NIST to identify or develop open technical standards for how CUAs access online services, and Section 3(d) lets the FTC authorize independent certification bodies to vet providers against common standards rather than doing it all in-house.
But access to a large platform still runs through FTC registration. An agent that conforms to NIST’s technical standards doesn’t get platform access on that basis alone, it gets access because its provider is registered, whether directly with the FTC or through one of these certification bodies. The standards exist, but they inform who gets to vet you, not whether platforms have to recognize conformance on its own terms.
There’s another way to think about this. Instead of certifying the organizations that host AI agents, policymakers could lean further into open technical standards, letting platforms recognize any agent that can prove conformance directly, regardless of who built or hosted it.
Under that approach, an online merchant wouldn’t need to know whether an AI agent was developed by Google, OpenAI, a startup, an enterprise IT department, or an individual consumer. Merchants should be able to trust any agent that can securely prove who it represents and the authority it’s been granted. The mechanisms used to establish that trust should evolve through open standards rather than being tied to a particular provisioning model.
Trust wouldn’t come from affiliation with a particular provider. It would come from conformance to common standards, verified directly rather than through the accident of who registered you. That’s a meaningfully different architecture, even if the current draft has already laid some of the groundwork for it.
Preserve Consumer Control
This approach also accommodates both commercially hosted and personally hosted AI representatives.
Many consumers will probably subscribe to an AI agent service, just as most people rely on hosted email today. Others will want the flexibility to host or customize their own agents. The legislation doesn’t need to decide which model wins.
What it should do is preserve consumer control regardless of where an agent is hosted.
If I decide to move my AI representative from one provider to another, I shouldn’t have to start over. Its identity, accumulated knowledge, and delegated permissions should move with it. I should be able to export its memories, audit the actions it’s taken, revoke permissions, and authorize another provider to take over.
Those rights matter whether my AI representative is self-hosted or operated by a commercial provider.
There are good precedents for this. Most of us don’t own the infrastructure behind our email accounts or mobile phone service, yet we still expect meaningful control over our digital identities. Phone number portability lets consumers switch carriers without changing numbers. Domain names remain under a customer’s control even though the hosting provider may change. Competition works better when consumers can move between providers without losing the digital assets that matter most.
AI representatives may ultimately need similar protections.
Looking Beyond Agentic Shopping
Stepping back, I think the more interesting policy question isn’t who owns or even hosts an AI agent. It’s what rights consumers should have with respect to the AI systems that increasingly represent them.
Senator Warner’s discussion draft is an important and thoughtful first step. It recognizes that autonomous AI agents acting on behalf of consumers raise entirely new questions around trust, consumer protection, competition, and platform access.
At the same time, the proposal reflects one particular vision of how this market may evolve. If the future includes commercially hosted agents, self-hosted agents, enterprise agents, and open source agents operating side by side, then requiring every trusted AI representative to exist behind an FTC registered provider may prove unnecessarily restrictive.
An alternative would be to push the standards work already underway at NIST further, letting conformance to open standards for identity, delegated authority, authentication, interoperability, and auditability serve as the basis for platform access on its own, rather than as an input into a registration process.
That shifts the emphasis from regulating providers to verifying capabilities.
I suspect that’s a more durable foundation for an open ecosystem where consumers remain free to choose who builds, hosts, and operates the AI representatives that increasingly act on their behalf.
Categories: Articles
Claude Tag Offers a Glimpse Into the Next Generation of Human AI Collaboration
AI Agents Enter the Workforce: Takeaways from NiCE World 2026
Microsoft Build 2026 Highlights a New Phase for Conversational AI
Opus Research Report: Why Customer Experience Needs an AI Agent Control Plane