delegationreceipt.com concept tracker

Emerging concept

Delegation Receipt

A verifiable record of what authority a person or system gave an autonomous agent.

An emerging concept in agent identity and authorization.

Status
Emerging
Field
Agent identity · Authorization · Auditability
First tracked
July 2026
Related
delegated authority · mandates · verifiable credentials · non-repudiation · agent identity

A note on status: the problem this term describes is real and already being worked on across the industry. The terminology is not settled — this term is one candidate among several possible framings. This site exists to define it precisely and to track whether the term, or the category it names, gains adoption.

§ What it means

When a person or system hands work to an autonomous agent, a grant of authority takes place: this agent may spend up to this amount, access these systems, act until this time, on my behalf. Today that grant usually exists only as configuration, a session token, or an unlogged instruction — invisible to the merchants, counterparties and auditors who later have to trust that the agent was acting within bounds.

A Delegation Receipt is the artifact that makes the grant verifiable. It records who delegated, to which agent, with what scope and limits, when, under what conditions it expires or can be revoked — and it is cryptographically signed, so a third party can verify who issued it, to whom, and with what scope.

The idea generalizes a pattern already appearing in payments, where signed mandates now travel with agent-initiated transactions. A delegation receipt is the same object made general-purpose: the receipt a counterparty checks before honoring an agent's request, the record an auditor pulls when reconstructing what an agent was authorized to do, and a key piece of evidence when the question arises whether an agent exceeded its brief.

§ Why it matters now

Agents are beginning to act with real consequences — spending money, signing up for services, modifying production systems, communicating on someone's behalf. Every one of those actions raises the same question for the party on the other side: who authorized this, and to what extent? Without a verifiable answer, counterparties must either trust blindly or refuse agent traffic altogether.

The payments industry moved first because the liability is sharpest there. Google's AP2 defines signed Intent and Cart Mandates; Mastercard's Verifiable Intent turns authorization into portable cryptographic evidence; Visa's Trusted Agent Protocol binds a verified agent identity to consumer consent. In 2026 this work began consolidating under the FIDO Alliance — the body that standardized passkeys.

But delegation is not only a payments problem. Access to data, infrastructure, communications and legal commitments all need the same primitive. The building blocks exist — W3C Verifiable Credentials, OAuth's delegation model, decentralized identifiers — and the open question is whether a general-purpose receipt format emerges, or every domain reinvents its own.

§ What it could include

§ Emerging signals

A running log of research, products and standards work relevant to this concept. Curated by hand; newest first. Each entry separates the factual record from our interpretation.

  1. Standards

    AP2 and Verifiable Intent are contributed to the FIDO Alliance

    Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent, co-developed with Google, were contributed to the FIDO Alliance. AP2's mandates are verifiable digital credentials — structured, cryptographically signed objects that capture what a user has authorized an agent to do.

    Our read — Verifiable delegation records are moving from vendor projects to community governance — the strongest signal yet that a shared receipt format is forming, at least for payments.

    FIDO Alliance

  2. Standards

    Visa unveils the Trusted Agent Protocol

    Visa unveiled the Trusted Agent Protocol, developed with Cloudflare, enabling secure communication between AI agents and merchants and helping merchants verify legitimate agents. Published to the Visa Developer Center and GitHub.

    Our read — Agent identity verification is one half of a delegation receipt. TAP standardizes it at the merchant boundary; the authority record is the other half.

    Visa

  3. Standards

    Google's AP2 defines signed Intent and Cart Mandates

    Google announced AP2 with more than 60 organizations. Its Intent and Cart Mandates are cryptographically signed verifiable credentials recording what a user authorized an agent to buy, and under what conditions.

    Our read — Delegation receipts in production form — scoped to payments. The open question is whether the pattern generalizes to data access, infrastructure and communications.

    Google Cloud

  4. Standards

    W3C Verifiable Credentials Data Model 2.0 becomes a Recommendation

    The W3C Verifiable Credentials Data Model 2.0 became a W3C Recommendation — the tamper-evident, cryptographically signed credential format that AP2's mandates build on.

    Our read — The most likely substrate for a general-purpose delegation receipt already exists as a web standard.

    W3C

  5. Product

    Mastercard unveils Agent Pay

    Mastercard unveiled Agent Pay, introducing Agentic Tokens that extend its network tokenization to payments initiated by AI agents on a consumer's behalf.

    Our read — Delegation limits enforced at the network level: the credential itself carries the scope of authority.

    Mastercard

§ Track the term

Tracking how this concept develops. Get occasional updates when the term — or the standards work behind it — starts moving.