A Responsible Party is the KYC-verified human or legal entity that an AI agent is bound to. They are the answer to “who is accountable for what this agent did?”
This binding is what makes Regent credible to regulators, auditors, and counterparties. Identity without accountability is just a name; identity with a responsible party is legally meaningful.
Who can be a responsible party
- An individual who has completed Regent’s KYC flow (email verification + identity verification)
- An organization, represented through its KYC-verified administrator
In the protocol, both are represented as a responsible_party_id — a UUID assigned at signup.
How the binding is created
When an agent is registered, the request includes the responsible party’s UUID. The protocol does three things:
Verifies KYC
The request is rejected unless the responsible party has both email_verified=true and kyc_status='verified'.
Records the binding
The agent record carries responsible_party_id. Every API response surfaces this; every audit event implicitly inherits it.
Anchors the binding on-chain
The agent’s identity payload (signed by Regent’s KMS, hashed, and submitted to AgentRegistry) includes the responsible party hash. The binding is tamper-evident.
What the responsible party can do
| Action | API | When |
|---|---|---|
| Register an agent | POST /v1/agents | After KYC verification |
| Create a mandate | POST /v1/mandates | Bounded to one of their agents |
| Suspend or revoke an agent | PATCH /v1/agents/{id}/revoke | Anytime — the kill switch |
| Revoke a mandate | PATCH /v1/mandates/{id}/revoke | Anytime |
| Acknowledge a Guardian alert | POST /v1/guardian/agents/{id}/alerts/{alert_id}/acknowledge | When an anomaly fires |
| Read the full audit trail for their agents | GET /v1/audit/agents/{id}/events | Anytime |
The responsible party cannot, by design:
- Modify a past audit event (immutable once hashed)
- Modify on-chain anchors (non-upgradeable Solana programs)
- Transfer accountability to another party retroactively (the binding is fixed at registration)
Why this design
Without an accountable party, an AI agent is a black box. Regulators and counterparties cannot route legal liability, dispute resolution, or enforcement action to anyone.
By making the responsible party a first-class field — KYC-gated, on-chain anchored, immutable after registration — Regent gives every agent a verifiable trail back to a human or legal entity. The agent is autonomous in its actions but not autonomous in its accountability.
This satisfies:
- EU AI Act Article 14 (human oversight)
- GDPR Article 22 (right to know who’s behind automated decisions)
- AIFC/DIFC governance documentation requirements
- SOC 2 Trust Services Criteria for access control
Multi-party organizations
A single organization can have multiple members (Owner, Admin, Developer, Viewer) — but agents are bound to one responsible party. Members of the same org can collaborate on managing agents through the dashboard or API, but the cryptographic accountability binding remains 1:1.