In an economy where agents act on behalf of other agents, the missing layer is not identity. It is the human-accountable receipt of who authorized what, for which scope, with what right of refusal. This page extends PLENA's existing single-human-to-single-agent work into agent-to-agent and multi-agent territory.
2026 industry reporting documents a significant accountability gap in agentic AI. Surveys indicate the majority of organizations have experienced AI-agent security incidents in the past year, and a minority of teams treat agents as independent identity-bearing entities. Standards bodies including NIST (AI Agent Standards Initiative, February 2026), CoSAI (Workstream 4, March 2026 — Agentic Identity and Access Management), the W3C (AI Agent Protocol Community Group), and OWASP (Top 10 for Agentic Applications, December 2025) are actively developing identity and protocol standards. PLENA's contribution is downstream: the human-accountable receipt layer that sits above identity (CoSAI / NIST / OAuth) and protocol (MCP / A2A / AP2), recording which named human authorized which agent for which scope, with refusal, revocation, and audit trail.
PLENA's receipt grammar is designed to support the documentation, logging, post-market monitoring, and human-oversight evidence obligations typical of EU AI Act Article 16 (provider obligations for high-risk AI systems, including quality management system and technical documentation requirements) and ISO/IEC 42001 AI management system implementations. PlenaProof does not provide regulatory conformity assessment, CE marking, or ISO certification, which are performed by accredited bodies.
PlenaProof does not compete with agentic identity standards (OAuth-for-Agents, SPIFFE, OpenID Connect extensions, CoSAI Agentic IAM), protocols (MCP, A2A, AP2, AG-UI, A2UI, X42, ACP), or governance toolkits. PLENA's receipt grammar is designed to layer on top of whichever identity and protocol standards an organization adopts.
Existing PLENA receipt formats applied to agent-to-agent and multi-agent action — not a new platform.
Declares which named human authorized agent X to act on behalf of organization Y, within scope Z, for time window W, with permitted handoff conditions.
When agent X delegates to agent X′, a receipt recording the original human authorizer, delegation scope (must be a subset of X's scope), expiration, and revocation channel.
For swarms of agents acting together, a receipt recording each agent's role, mandate, and the named human responsible for that mandate.
When a named human reviewer declines to authorize an agent action, the existing Refusal Receipt format applies — scope, reason, and date, without exposing private evidence.
A third party — regulator, counterparty, journalist, customer — can check whether an A2A action was authorized via PLENA's existing Public Verify, without trusting the AI vendor's logs.
For enterprises deploying multi-agent systems, AI platforms designing agent governance, and institutions preparing for the EU AI Act high-risk obligations effective August 2026, subject to ongoing EU "AI Omnibus" simplification discussions that may extend specific deadlines: PlenaProof welcomes pilot conversations.