6 May 2026 · Vilius Vystartas

Nobody Has AI Agent Standards. We're Changing That.

ISO, IEEE, IETF, NIST, BSI — not one has published a protocol for how AI agents talk to each other, verify identity, or transfer skills. Sixteen specs, six standards bodies. Here's the plan.

There are zero AI agent standards. Anywhere.

I didn't believe it either. I assumed the big standards bodies — ISO, IEEE, the IETF — must have something in the pipeline. Agents are being deployed in production. Companies are building agent infrastructure. Surely someone is working on the protocols.

They're not.

Every major body is focused on AI-for-humans: ethics guidelines, risk management frameworks, data quality standards. Important work. None of it addresses how agents talk to each other.

The Empty Landscape

ISO/IEC 18 published AI standards. Data quality. Lifecycle management. Risk. Zero agent-to-agent protocols. Nothing in the pipeline.

IEEE 7000-series for ethical AI. Transparency, accountability, algorithmic bias. No agent skill format. No cross-platform interoperability standard.

IETF Zero AI agent RFCs. Let that sink in. The body that standardised TCP/IP, HTTP, and TLS has nothing for agent communication. MCP is not an IETF standard — it's a single company's protocol.

NIST AI Risk Management Framework exists. Comprehensive, well-regarded. No agent-specific profile. No agent identity verification standard. US federal agencies deploying agents have no framework to reference.

CEN-CENELEC The EU AI Act is law. Harmonised standards are being drafted. Every AI agent deployed in Europe will need to demonstrate compliance. There is no standard for automated compliance verification. None.

BSI UK's national standards body. AI ethics PAS published. No agent identity framework. No trust protocol. A UK-first opportunity sitting completely unclaimed.

Every body is focused on AI-for-humans. Nobody is doing AI-for-AI.

That's the territory.

Why Now

AI agents are being deployed without standards. Every platform is a walled garden:

Skills built for one agent platform can't transfer to another
Compliance verification is manual, slow, and unrepeatable
Agent identity can't be verified across systems
Tasks can't be handed off between agents from different vendors
There's no way for agents to discover, pay, or rate each other

If we let this layer get built in proprietary silos, we lock in the same fragmentation that took decades to fix in networking. The difference: agents move faster. The window to establish open protocols is now.

The agent-to-agent layer is unclaimed territory. Not a single standards body has published anything in this space. The first credible, practical specifications submitted to these bodies become the reference point for everything that follows.

What We Built

Sixteen open specifications. All practical — we built working implementations alongside the specs. All CC BY 4.0. All on workswithagents.dev/specs/.

🗣 IACP

Agents can't talk across platforms today. Every integration is bespoke.

📦 ASFS

Skills are trapped in each agent's proprietary format. No portability.

✅ Compliance-as-Code

EU AI Act compliance verification can't be automated. Manual, slow, expensive.

🆔 Agent Identity

No cryptographically verifiable agent identity exists. You can't prove which agent did what.

🤝 Handoff Protocol

No standard for transferring tasks between agents. Every handoff is a custom integration.

💰 Agent Economics

No way for agents to discover, price, pay, or rate each other. No agent marketplace mechanics.

⭐ Reputation Ledger

No immutable agent performance history. Trust is anecdotal, not verifiable.

🛡 Trust Score

No multi-factor agent trust scoring. Identity, performance, compliance — all disconnected.

🏗 Fleet Insurance

No observability standard for multi-agent deployments. Health, failover, coverage — ad-hoc.

📡 Agent OSI Model

No layered reference model for agent infrastructure. No shared vocabulary.

📋 Capability Manifest

No machine-readable agent capability declaration. Discovery is manual.

🔗 Coordination Protocol

No standard for multi-agent task decomposition. Parallel workstreams are bespoke.

⚖ SLA Framework

No standardised agent service level agreements. Uptime, accuracy, recourse — undefined.

🚀 Deployment Manifest

No one-file deploy spec for agents. Hardware, model, network — manual setup each time.

👋 Onboarding Protocol

No standard agent registration. Every platform has its own bootstrap.

🔁 Transaction Protocol

No atomic, auditable agent-to-agent transactions. No rollback. No settlement.

The Six Submissions

Six bodies, six specs. Ordered by impact and barrier to submission:

🥇 IETF — IACP Internet-Draft. Inter-Agent Communication Protocol. Standardised messaging, discovery, and handshake between agents. The IETF allows individual submission of Internet-Drafts — lowest barrier, highest signal. If agents are going to talk over the internet, this needs to be an RFC.

🥇 CEN-CENELEC — Compliance-as-Code CWA. CEN Workshop Agreement for automated EU AI Act compliance. Every agent deployed in the EU will need to demonstrate compliance. Currently there is no machine-readable format for this. First-mover advantage in a regulatory gap that will be mandatory within two years.

🥈 BSI — Agent Identity PAS. UK-first standard for cryptographically verifiable agent identity. Then push to ISO globally. No agent identity standard exists anywhere — and regulated industries (NHS, finance, MOD) will require it before procurement.

🥈 IEEE — ASFS Standard. Agent Skill Format Standard. Cross-platform skill portability — write once, run on any agent. IEEE's global procurement reach makes this the enterprise default.

🥉 ISO — Agent Handoff Protocol NWIP. New Work Item Proposal for standardised task transfer between agents. The long game — 3-5 years to adoption, but ISO standards become mandatory in government procurement worldwide.

🥉 NIST — AI RMF Agent Profile. Agent-specific extension to the NIST AI Risk Management Framework. The path to US federal adoption — every government contractor running agent infrastructure will reference this.

Where We Go From Here

These are proposals, not pronouncements. We're submitting them to the bodies that matter. If you're building agent infrastructure — read the specs, file issues, submit improvements.

The agent-to-agent layer is being built right now. It should be open.

Nobody has published AI agent standards yet. That won't last.

Vilius Vystartas — technical founder, Works With Agents

Pelin Kayhan — business & compliance

Read the specs → · Standards overview → · All posts →