An open standard for Canton Network
Companies are deploying AI agents to move money, settle trades, and manage assets. KYA is a simple, open standard that lets anyone verify: who sent this agent, what it's allowed to do, and whether that's still true.
01 — The problem
Right now, an AI agent on Canton can connect to your application and request a transfer, a settlement, or a collateral move. There's no standard way to answer four basic questions before that transaction goes through:
02 — How it works
An identity issuer has confirmed their legal entity. This is existing infrastructure — it's how Canton works today.
The badge says: this agent works for us, it can do transfers and settlements, its limit is $10M per transaction. Both the bank and the agent sign.
When the agent wants to settle a trade with another company, it presents its badge along with the request. The badge travels securely using Canton's built-in disclosure system.
Their app checks the badge: valid signature, authorized capabilities, within limits, not expired, not revoked. Two function calls. Done.
03 — Who needs this
Canton processes $280B in daily repos
A margin call hits at 3am Tokyo time. An AI agent automatically moves collateral between counterparties. The receiving side needs to verify the agent's authority before the collateral moves.
KYA answers: which bank sent this agent, is it authorized for collateral transfers, and is this move within its limit?
DTCC tokenizing US Treasuries on Canton — H1 2026
A dealer's agent settles a tokenized Treasury trade. Both sides need to know: is this agent actually authorized by the dealer, can it settle UST-10Y specifically, and is this $50M trade within limits?
KYA answers: the agent's delegation chain, its instrument restrictions, and its per-transaction value cap.
USD1 stablecoin deploying on Canton
A fund runs an agent that manages stablecoin liquidity — processing redemptions, funding settlement accounts, moving USD1 between apps. The stablecoin issuer needs to verify the agent before processing.
KYA answers: which fund authorized this agent, that it can do transfers (but not mints or burns), and its daily volume cap.
Canton's core differentiator: atomic cross-app settlement
One transaction settles a bond trade across three apps: tokenized bond, stablecoin payment, and collateral adjustment. The agent needs valid credentials verified by all three apps atomically.
KYA answers: one badge, verified by multiple counterparties in the same transaction tree. No other network has this problem.
04 — What we ship
01
A defined format for what goes on an agent's badge: who authorized it, what it can do, its spending limits, and a fingerprint of its code. Uses Canton's existing credential system.
Open standard02
Open-source code that any Canton app can plug in for free. Two functions: one checks a single badge, the other traces the full chain from agent → company → identity verifier.
Open source03
An active Canton application that handles verification and creates on-ledger proof contracts. Apps that route through it earn Featured Application rewards — shared between KYA and the integrator.
Optional04
A formal CIP proposal to Canton's governance process. If adopted by Super Validator vote, every participant speaks the same agent-identity language.
CIP proposal05 — Use it your way
Do it yourself
Import the open-source verifier module into your Daml code. Call the functions directly. Handle credential bundles yourself. Free forever. KYA earns nothing.
This drives adoption of the standard, strengthens the CIP, and ensures no one is locked in.
Route through KYA
Route verification through the KYA application. Get an on-ledger proof contract your settlement can consume. Both you and KYA earn Canton Featured Application rewards.
Unfeatured apps earn zero rewards. Routing through KYA gives you a share you couldn't get on your own.
06 — Under the hood
A KYA credential is just a list of claims stored using Canton's Credential Utility. Each claim has a subject (the agent), a property (what's being stated), and a value.
No new smart contracts. No new tokens. No new protocol features. Just agreed-upon naming conventions on top of what already exists.
-- Who issued this badge and who holds it issuer = org::abc123 holder = agent::def456 -- "I work for this company" kya:principal = "org::abc123" -- "I'm an operator-class agent" kya:agentClass = "operator" -- "I can do these three things" kya:capabilities = "transfer,settle,collateral" -- "Up to $10M per transaction" kya:maxTransactionValue = "10000000" -- "Only these instruments" kya:allowedInstruments = "UST-10Y,UST-2Y,USDC" -- "Here's my code fingerprint" kya:codeHash = "sha256:a1b2c3d4..."
07 — Why now
600+
Financial institutions
$6T
In tokenized assets
30+
Governance validators
Participants include Goldman Sachs, Deutsche Börse, BNP Paribas, Broadridge, Cboe, Paxos, and Moody's. DTCC is partnering to tokenize US Treasury securities.
Mastercard launched Agent Pay in October 2025, requiring AI agents to carry verified credentials before making purchases.
Visa launched its Trusted Agent Protocol the same day, with Microsoft, Shopify, and Stripe as partners. Google and OpenAI followed with their own agent commerce protocols.
The pattern is proven for consumer payments. Nobody has built the equivalent for institutional finance. That's the gap.
08 — The art of the possible
Canton already moves trillions. The question isn't whether agents will handle these transactions — it's how fast the transition happens, and whether the identity infrastructure is ready when it does.
Now
Every trade, every settlement, every collateral move has a human in the loop. Agents assist — pulling data, suggesting optimizations — but a person authorizes every transaction.
Agent identity isn't a problem yet because agents don't act autonomously. That's about to change.
~0%
Autonomous agent transactions
Near horizon — 2026–2027
Collateral optimization agents run 24/7, rebalancing positions across time zones. Settlement agents clear tokenized Treasuries without waiting for a human to approve each leg.
Humans set policies and limits. Agents execute within those boundaries. KYA badges become the control layer — the credential that says what an agent can and cannot do.
10–50
Agents per institution
The horizon beyond
Thousands of agents per institution, each specialized: a liquidity agent negotiating with counterparties' pricing agents, a compliance agent verifying a trading agent's intent before execution, a treasury agent autonomously managing cash positions across stablecoins.
Most transactions on Canton are agent-to-agent. Identity infrastructure is as fundamental as TCP/IP. The question at every node isn't "who is this person" but "who is this agent."
1,000+
Agents per institution
KYA is infrastructure for that future. Not a prediction about when it arrives, but a bet that when it does, the network that has agent identity solved will be the one institutions trust.
09 — No reinventing the wheel
Badge system
Credential Utility
Canton's existing credential issuance and verification. KYA badges are a new type of credential in this system.
Enforcement
Registry Utility
Lets asset issuers require credentials before transfers. KYA badges plug into these existing rules.
Identity
Identity Issuers
Issuer-agnostic. Any trusted identity provider can anchor a delegation chain.
Delivery
Explicit Disclosure
Canton's built-in secure data sharing. How the agent delivers its badge to the counterparty.
Rewards
Featured App API
Canton's application reward system. The KYA service layer uses this to split rewards with integrating apps.
10 — Get involved
Nobody is building agent identity for institutional finance on Canton. All the building blocks exist. KYA is the missing piece. We're building it in the open.