WHITEPAPER · DRAFT · 2026

AI Agency Under Civil Code 1868 + DPA 2012

The legal substrate for AI agents acting on a human's behalf.

Authority: FIDNT Protocol · Layer 0 chartered Provider Jurisdiction: Republic of the Philippines (default) · cross-jurisdictional by design Status: Doctrine v1.1 · refreshed June 2026 · open for comment

§ 0 · Summary

The thesis in one paragraph.

Every AI agent shipping in 2026 acts on a human's behalf without a signed mandate. Terms of service is not consent. A checkbox is not authority. When the first agent drains a real account, sends a fraudulent message, or releases regulated data, every agent maker, every platform that runs them, and every regulator investigating them will need a single artifact: a verifiable, scoped, revocable mandate, signed by the principal, anchored in law. Civil Code Article 1868 was written for exactly this purpose. It is silent about the agent being human. The FIDNT protocol operationalizes it.

§ 1 · The unsolved problem

Agents are everywhere. Authority is nowhere.

Throughout 2025 and into 2026, AI agents transitioned from research demos to production systems. They draft messages, execute purchases, navigate browsers, file forms, schedule meetings, manage funds, read regulated records, and increasingly take consequential actions on behalf of human principals. The infrastructure for what they can do has matured rapidly. The infrastructure for whether they may do it has not been built.

The current state of agent authorization across the major platforms:

An end user accepts a Terms of Service that grants the platform broad rights.
The platform issues an access token to its own agent.
The agent acts. The user is told later, or not at all.
If something goes wrong, the platform's defense is the ToS clickthrough.

This is not legally durable. A clickthrough is evidence of an offer accepted on a take-it-or-leave-it basis. It is not a mandate; it is not scoped to a specific agent, a specific purpose, or a specific time window; it cannot be revoked with effect; it does not produce a per-action audit record; and in any privacy-rights jurisdiction (DPA 2012, GDPR, DPDPA, LGPD, PIPL, CCPA), it does not satisfy the "specific, informed, freely given, unambiguous" consent standard.

The first time an AI agent causes a material loss, the gap between capability and authority will close in court. Whoever has the legal substrate ready will continue to operate. Whoever does not will be enjoined.

§ 2 · Agency law applies to non-human agents

What Civil Code Article 1868 actually says.

"By the contract of agency a person binds himself to render some service or to do something in representation or on behalf of another, with the consent or authority of the latter." Civil Code of the Philippines · Book IV · Title X · Article 1868

The provision is silent on what kind of person the agent is. The doctrine has historically been applied to:

Natural persons (employees, attorneys-in-fact)
Juridical persons (corporations, partnerships, trusts)
Agents-by-estoppel (parties whose authority is presumed by conduct)

Article 1868 establishes the relationship; subsequent articles set the requirements. Art. 1874 requires writing for sale of land. Art. 1878 enumerates fourteen acts that require a Special Power of Attorney — the highest tier of mandate. Art. 1881 binds the agent to act within scope. Art. 1920 permits revocation at the principal's will.

Nothing in the agency chapter requires the agent to be human. The chapter requires:

A principal with capacity to be bound.
An agent capable of carrying out the act.
Consent from the principal, expressed or implied.
An object within the agent's authority.
Cause — a lawful purpose.

An AI agent satisfies element (2) — capability — by demonstrated function. The remaining four elements are precisely the gap modern AI agents leave open. They are also precisely what the FIDNT protocol issues.

§ 3 · DPA 2012 + ISO 27560 — the audit primitive

Consent receipts make agency provable.

The Data Privacy Act of 2012 (RA 10173) requires consent for the processing of personal information to be "freely given, specific, informed, and unambiguous." RA 10173 § 3(b) The National Privacy Commission's guidance on consent NPC Advisory 2023-01 further requires consent to be demonstrable on demand.

ISO/IEC 27560:2023 — Privacy technologies · Consent record information structure — is the international standard for what a consent record must contain to be machine-verifiable. It defines the fields, the lifecycle events, and the cryptographic anchoring required. FIDNT signs each receipt with ML-DSA-65 (NIST FIPS 204) and anchors it in a SHA3-512 hash-chained, court-admissible ledger.

The fields, paraphrased:

Who consented (principal identifier)
To whom consent was granted (agent / processor identifier)
For what purpose (specific scope)
Under what legal basis (cited statute)
For how long (expiry / sunset)
How to revoke (revocation endpoint)
What evidence (cryptographic signature)
What lifecycle (granted · modified · revoked · expired)

A consent receipt that carries these fields is not a record of an event — it is the event. It is independently verifiable, time-stamped, and survives the failure or hostility of any party. It is what a judge will admit and what a regulator will accept.

An AI agent acting under a FIDNT mandate produces, for every consequential action, a triple: mandate signature (ML-DSA-65, what the principal authorized), action receipt (what the agent did), ledger entry (the SHA3-512 hash-chained audit record). Together, they reconstruct authority, action, and attribution from any point in time, by any party, without trust in the agent or the platform that runs it.

§ 4 · The protocol primitives

Six endpoints, four pillars, one ledger.

FIDNT exposes the agency rail as six idempotent endpoints that any AI agent platform may call. They reuse the same identity, consent, and audit primitives that FIDNT already provides for human-to-human and human-to-platform agency. Nothing about an AI agent requires a different protocol — only a different declaration of who the agent is.

                      PRINCIPAL (human)
                            │
                            │  signs mandate (Civil Code 1868)
                            ▼
           ┌────────────────────────────────────────┐
           │  FIDNT Mandate Engine                  │
           │  · scope · expiry · revocation URL     │
           │  · ML-DSA-65 (FIPS 204) signature      │
           │  · ISO 27560 consent receipt issued    │
           └────────────────────────────────────────┘
                            │
                            │  mandate token
                            ▼
                       AGENT (AI)
                            │
                            │  acts within scope · attaches mandate proof
                            ▼
           ┌────────────────────────────────────────┐
           │  THIRD PARTY (bank · platform · org)   │
           │  · verifies mandate is live + in-scope │
           │  · acts only if verified               │
           │  · logs action with mandate hash       │
           └────────────────────────────────────────┘
                            │
                            ▼
              ┌──────────────────────────┐
              │  RECEIPTS LEDGER          │
              │  hash-chained · per-user │
              │  exportable on demand    │
              └──────────────────────────┘

Figure 1 — The agency rail. Authority flows downward; receipts flow upward.

The six endpoints

Method	Path	Purpose
POST	/api/agent/register	Agent registers; receives an agent DID.
POST	/api/agent/mandate	Principal signs mandate granting agent scoped authority.
GET	/api/agent/verify	Third party verifies mandate is live + in-scope at action time.
POST	/api/agent/action	Agent logs an action with mandate proof attached.
POST	/api/agent/revoke	Principal revokes agent's authority; webhook fires.
GET	/api/agent/audit	Per-principal audit trail of every agent action.

These primitives are deliberately small. They do not prescribe what the agent does, what model it runs, what platform hosts it, or what jurisdiction it operates in. They prescribe only the shape of authority: scoped, signed, time-bounded, revocable, and accompanied by receipts that survive the parties involved.

§ 5 · Why this matters in 2026

The enforcement era has begun.

Three forces converge in 2026 that make the agency rail unavoidable:

Privacy enforcement reaches AI. The EU AI Act enters its first enforcement window in 2026. India's DPDPA, Brazil's LGPD, China's PIPL, and the Philippines' DPA 2012 are all active. Every jurisdiction has reached the same conclusion: AI processing of personal data must be lawful, scoped, and demonstrable. Clickthrough consent does not satisfy any of them.
Agent failure modes hit the headlines. The first agent-caused material loss — financial, medical, reputational — will trigger a class action. The defense will require artifacts that current platforms cannot produce. The platforms that can will continue to operate.
Sovereign tech stacks demand jurisdictional clarity. Governments funding sovereign AI rails (PH, ID, BR, IN, EU, GCC) require an identity and authorization layer that is not dependent on any foreign platform. Layer 0 protocols, chartered locally, are the only credible answer.

The window for establishing the canonical protocol for AI agency closes during this enforcement cycle. Whoever owns the doctrine, the citations, and the protocol shape during this window owns the category.

§ 6 · Implications

What follows if this is correct.

If the foregoing argument holds, then the following implications follow:

Every regulated platform that interacts with users via an AI agent should be issuing scoped mandates and consent receipts before action, not after.
Every AI agent maker should expose a mandate-receipt field in its action API. The cost of doing so post-hoc, after a first material incident, is many orders of magnitude higher than doing it now.
Every government building a sovereign AI stack should require the agency rail as a procurement condition.
Every privacy regulator should be capable of accepting consent receipts as evidence of compliance.
Every audit firm advising on AI risk should treat the absence of a mandate ledger as a material control gap.

None of these implications depend on FIDNT specifically. They depend only on the doctrine. FIDNT is the first protocol to operationalize it — chartered, jurisdictionally clear, and ready to integrate.

Wire the agency rail into your platform.

The six endpoints are documented. The doctrine is published. The mandate engine is wired and running sandbox-grade — real ML-DSA-65 (FIPS 204) signing the moment the production key is set.

Read the platform spec Contact us Honest v1 status

§ 7 · Citations & further reading

The legal scaffolding.

Civil Code of the Philippines · Book IV · Title X (Agency) · Articles 1868–1932 — the substantive law of principal-agent relationships.
RA 10173 · Data Privacy Act of 2012 · §§ 3, 12, 16, 25–32, 34 — consent, lawful basis, data subject rights, penalties.
NPC Advisory 2023-01 · Guidelines on consent in the processing of personal information — demonstrability requirement.
ISO/IEC 27560:2023 · Privacy technologies · Consent record information structure — the international consent receipt standard.
RA 9510 · Credit Information System Act · § 8 — credit bureau dispute primitive.
RA 11055 · Philippine Identification System Act (2018) — the verifiable identity foundation a principal is bound to before an agent acts.
RA 12010 · Anti-Financial Account Scamming Act (AFASA, 2024) — statutory weight behind verified authority and the deprecation of SMS-OTP authorization.
RA 11057 · Personal Property Security Act — security interest filings.
RA 11765 · Financial Products and Services Consumer Protection Act — fiduciary care standard.
EU AI Act · Regulation (EU) 2024/1689 — high-risk AI obligations, transparency, human oversight.
EU GDPR · Regulation 2016/679 · Articles 6, 7, 13–22 — lawful basis, consent, data subject rights.
DPDPA 2023 · Digital Personal Data Protection Act, India — consent + data fiduciary obligations.