Lifetime Scope Journal · Field Note · Updated April 2026

Establishing the KYA Standard
for Autonomous Control Rooms

Originally March 2026 · Last metadata revision 5 April 2026 · Risto Anton Päärni, CEO Lifetime Oy

Current: KYA Standard v1.7 · eIDAS 2.0 Native · 21 EU-regulated industries

Verify the Human.
Sandbox the Agent.
Govern the Self-Optimization.
Label Every Target from Orbit.

Version clarification · read this before the field note

  • Public standard name: KYA Standard v1.5 (title line of Legal/KYA_STANDARD_v1.md).
  • Internal document metadata: Version 1.7 — latest revision 5 April 2026 (Article 99(4) citation sweep).
  • Split standards: Know Your Agent (KYA-S v1.5, CISO focus) and Know Your Architecture (KYA-O v1.7, CFO focus).
  • What you are reading: the original field note from 9 March 2026 — the architectural case for hardware-level agent governance. Still the right starting document; v1.4 and v1.5 extend it, they do not replace it.
  • What changed since: four upgrades — Pillar 4 (Autoresearch, v1.4), Pillar 5 (KYA Vision / orbital target labeling, v1.5), the Agentic Efficiency Law, and the financial value layer across 20 industries. Read the summary: KYA Standard v1.5 — what changed since the v1 field note.

At Lifetime Oy, we are moving beyond the limitations of 2020-era identity verification. As we scale the DWS10 Control Room, we've identified a critical security gap: KYC identifies the person, but it cannot govern the autonomous agents they bring into the workspace.

To solve this, we are formalizing the KYA (Know Your Agent) protocol within DWS IQ.

The Technical Core

Hardware Isolation

Every agent — whether it's Microsoft CoWork, Tencent Workbuddy, or Clawbot — is encapsulated in a dedicated Firecracker MicroVM.

Zero Shared Kernel

By ensuring no shared kernel access, we eliminate the "breakout" risks inherent in traditional containerization.

Forensic Accountability

Every syscall is logged via the Lifetime Firehorse audit trail, anchoring autonomous actions to verified human identities.

eIDAS 2.0 Native Identity v1.7

In v1.7, KYA becomes the first AI agent governance standard to natively support the EU Digital Identity (EUDI) Wallet as a Layer 1 identity source. From December 2026, all EU27 member states must provide EUDI Wallets to citizens. KYA accepts the resulting W3C Verifiable Credential directly — no third-party IDV provider required.

L1: EUDI Wallet VC (Human Identity)

The EUDI Wallet presents a cryptographically signed identity credential using Zero-Knowledge Proofs — the user proves they are a verified EU citizen without sharing document data. KYA verifies the VC against the eIDAS Trust Anchor and initializes the Agent Trust Score. GDPR data minimisation is satisfied by design.

L2: EU Business Wallet (Agent Provenance)

When an organisation deploys a third-party agent into DWS IQ, the EU Business Wallet (available Q4/2025) provides a signed organisational Verifiable Credential — VAT ID, jurisdiction, beneficial ownership — anchored to an eIDAS-verified legal entity. No third-party KYB provider required for EU27 organisations.

Traditional IDV providers remain valid globally and for pre-December 2026 deployments. The eIDAS 2.0 path is additive — KYA is the first standard that accepts both, giving enterprises a compliance-future-proof identity layer regardless of whether their users carry EUDI Wallets yet.

Subagent Registry v1.1

In v1.1, we introduce the Subagent Registry — every subagent initialized for testing must sign a local Capability Manifest declaring its permitted resource paths. The manifest is immutable for the session duration.

Capability Manifest

Permitted: /mock-api/ and /temp-db/. Denied: /prod-secrets/ — access triggers KYA Violation and immediate session termination.

KYA Violation Enforcement

If a subagent accesses /prod-secrets/: intercepted in < 1 ms, logged to Firehorse, session terminated in < 50 ms, KYA Trust Score reduced by 40 points, operator notified via webhook.

Fault Attribution (Supabase)

When a subagent fails, the system classifies the fault: LOGIC_FAULT (agent reasoning), INTEGRATION_FAULT (mock/API), MANIFEST_FAULT (config), or OPERATOR_FAULT (human). Stored separately in Supabase — not Firehorse — because faults need mutable state and real-time dashboard queries.

This is the new requirement for heterogeneous AI orchestration. We are currently integrating pluggable identity providers to serve as the real-time "Risk Triggers" for this hardware-level gating.

16 Industrial Models. One Control Room.

Power & Heat
Iron & Steel
Cement & Lime
Chemicals
Aviation
Maritime
Road Transport
Construction
Agriculture
Waste Mgmt
Aluminium
Pulp & Paper
Petroleum
Food & Bev
Glass & Ceramics
Mining

Lifetime Oy · Helsinki, Finland

The KYA Standard is part of DWS IQ 6 — the industrial AI platform for EU-regulated industries.

Contact Us

Read Also

Buyer's Note

What You Should Know About Harness Engineering

Three questions to ask any AI vendor before signing. The August 2026 compliance deadline explained.

Harness Engineering EU AI Act

Technical Deep Dive

EU Regulation Makes Better AI — Not Slower AI

Full harness index breakdown. Six-layer architecture. KYA + harness integration.

Harness Engineering KYA Standard

Business Case

Industrial AI for EU-Regulated Logistics

Compliance automation across 20 industries with measurable ROI.

Compliance ROI
Share

From the Store

Flagship

DWS IQ Platform

€4,999

18+ AI agents for EU compliance automation

 Best Value

Climate Reporting Bundle

€6,500

DWS IQ + Firehorse Report + Workshop

 Start Here

Firehorse Omnichannel

€499

AI marketing engine, Green Claims compliant