The future of government in an agent-driven world

Looking at what people are writing about agent-driven government this year, the conversation has two halves, and most of the published thinking lives on one side of it.

The first half: what should government build inside itself once agents are operative? The Agentic State paper out of Berlin asks this. So does the Tony Blair Institute. They describe a reimagined state with agents in the casework, agents at the citizen-facing tier, agents inside the policy machinery. Ambitious framings, well-argued, both worth reading.

The second half: what arrives at government's front door from outside it, whether the inside is ready or not? Most of the writing on this is much quieter. The clearest voice I have read on it is Tom Loosemore at Public Digital. His recent piece in Computer Weekly is titled, plainly, Flood warning.

Loosemore's argument, in a sentence: citizens are starting to show up to public services with their own AI agents already in the loop, and the friction that used to throttle demand on those services has just lost its main lever. The agent does not get tired. The agent does not get put off. The agent does not give up after the fourth identical form. The phrase Loosemore carries into the piece, crediting Chris Schmitz with coining it, is agentic flooding: legitimate applications, appeals, and by implication fraudulent requests, at volumes the deterministic portal layer was never built to handle.

That second half is the one I want to write about. In a world where citizens and businesses already run their daily life through their own agents, what interfaces and services does government have to expose so the transactions land cleanly when they arrive? That is a different question from "what should government build inside itself?", and it is the more urgent one. The agents at the door are arriving on their own timetable.

What's on the other side, briefly

I want to spend most of this post on what arrives at the door. But the inside-the-state conversation is what most readers will have encountered first, so it is worth naming the two ambitious framings before moving past them.

The Agentic State (Global Government Technology Centre, Berlin; lead author Luukas Ilves, May 2025). Argues that agentic AI rewires the core functions of the state, that the resulting government is outcomes-driven rather than process-driven, real-time rather than predictable, and orchestrates public goods without acting itself. It proposes a tech stack with named building blocks (a compute substrate, an "Identity 2.0" layer, service orchestration, and a sovereign governance layer at the top), and separately maps the functional domains those building blocks have to serve, including governance and decision-making and public services and crisis management.

Governing in the Age of AI (Tony Blair Institute and Faculty; Benedict Macon-Cooney, Jeegar Kakkad and others, 20 May 2024). Describes a "Reimagined State" with three pillars: a Digital Public Assistant facing citizens, a Multidisciplinary AI Support Team facing the civil service, and a National Policy Twin facing policy modelling. It carries the PEARS accountability principles: predictability, explainability, accountability, reversibility, sensitivity.

They agree on direction. They differ on what they emphasise. The Agentic State is thicker on architecture, naming building blocks. The Tony Blair Institute is thicker on accountability, naming principles. Both assume that the state itself is the unit being reimagined, and both assume preference will follow capability: once the agentic interface exists, citizens will want it.

The empirical anchor against that assumption is the OECD's Governing with Artificial Intelligence (2025). The first comprehensive cross-country review, two hundred real-world AI use cases across eleven core government functions. Almost half, ninety-nine of the two hundred, cluster in just three areas: public service design and delivery, justice administration, and civic participation. What is conspicuously absent across the two hundred is production-grade agentic deployment at the citizen-interface tier. Most of what is catalogued is analytics, classification, and human-assist. The OECD case-base does not yet evidence agentic deployment at the citizen-interface tier.

The two ambitious framings and the cautious empirical frame are not in opposition. They are sitting at different points of the maturity curve, and both are useful. But neither, as far as I can tell, is fully reckoning with the agentic flooding question.

The architecture this sits in

At Boost we have been thinking about agentic government as a 5-layer model: layer 1 the substrate (identity, registers, data exchange, compute; not agentic, the precondition); layer 2 internal coordination across agencies; layer 3 the citizen-interface; layer 4 work-performance (eligibility, drafting, casework, modelling); layer 5 oversight (audit, registries, rules-as-code, human-in-the-loop, appeal). Architectural, not maturity. Needs all five. The model's load-bearing claim is that layers 2 to 4 become agent-operated within three to five years, and that layers 1 and 5 decide whether they land safely.

That model is the spine of the matrix blog I'm publishing alongside this one, which works through where every agentic deployment in production lives in the architecture. The matrix is the mechanics. This post is the landscape. The two sit on the same canon and look at different questions.

What 'agentic flooding' actually changes

Loosemore's framing reframes the question. The reimagined-state writers (Agentic State, Tony Blair Institute) ask what should government look like once we put agents inside it? Loosemore asks what does government look like once agents arrive at it from the outside, whether the inside is ready or not? The second question is the one the brief was actually asking, and it has answers that are visible in the matrix.

Most of what arrives lands at layer 3 (the citizen-interface tier) plus layer 4 underneath (the work-performance that has to evaluate whatever the agent has filed). The new questions, the ones the deterministic-era never had to ask:

• At layer 1, what does identity look like for a citizen's own agent? Not just the citizen's identity. The agent's identity, traceable to the citizen, scoped to what authority the citizen granted, auditable. The Agentic State's "Identity 2.0" gestures at this. X-Road in Estonia is the existing baseline for the deterministic case, twenty-five years of every inter-agency exchange authenticated, encrypted, logged, attributable. As best I can tell, no production-grade agentic equivalent at that scale is in service yet in 2026.
• At layer 5, what does audit look like for agent-mediated decisions at volume? The Tony Blair Institute's PEARS principles are the most-developed naming of this. The Agentic State has a Sovereign Governance Layer. Both are framework. Neither is production-grade. The OECD's findings keep the conversation honest about how immature the implementations are.
• At layer 3, what does a real citizen-facing service that expects agents to show up look like? Not a chatbot on a portal. Not an RPA inside a legacy stack. A bounded, audited service where the layer-1 identity for the citizen's agent is real, the layer-4 evaluation underneath is instrumented, and the layer-5 audit covers the conversation as well as the decision.

The closest existing analogues I can find are Singapore's GovTech agentic-AI portal for benefits, grants and social services, and Abu Dhabi's TAMM platform, which connects roughly a thousand services. Both are useful as anchors. I would not call either a full agentic-flooding-ready architecture; the agentic versus automated characterisation in both deserves more careful reading than the trade press has given it. (Confidence: moderate on each, single-source for parts of the picture.)

The point is not that any of these are finished. The point is that the question has shifted shape. The architecture conversation used to be "what would we build if we wanted to be ambitious?" It is now "what do we have to build to handle what is arriving?"

Where this leaves a public-service leader on Monday morning

If you are running digital strategy in a department this week, the defensive horizon has the shorter clock. Agentic flooding is arriving at layer 3, and layers 1 and 5 are the binding constraints on whether it lands safely. That is the architecture you have to plan against first.

Three first edges where I would start blueprinting, in roughly this order:

1. Identity for the citizen's agent, at layer 1. Who is acting, on whose behalf, with what authority, traceably. The Agentic State's Identity 2.0 is the most-explicit naming of this. The existing X-Road baseline in Estonia is the standard the deterministic case meets. As best I can tell, no agentic implementation has met that bar in production yet. This is the non-negotiable that everything else depends on.
2. Audit and registries at layer 5, before layer-4 deployments scale. Same audit-and-appeal apparatus has to cover citizens, businesses, and the agencies coordinating with each other, or it covers none of them properly. PEARS and the Sovereign Governance Layer are the named frames. The production-grade implementations are not there yet. The OECD findings are the honest measure of how far we have to go.
3. One or two layer-3 beachhead services, narrow and bounded. A benefits-matching layer, a tax-and-rates layer, a regulatory-licence layer. Real citizen-facing assistant on one well-bounded service, with audited eligibility-classification at layer 4 underneath, sitting on existing layer-1 identity and registers, with all five layers actually instrumented. Singapore and Abu Dhabi are the closest analogues. Neither is the full pattern yet.

These three are not arbitrary. They are the layers that have to be ready before the agentic flooding becomes a service-design problem rather than a strategy one. Each of them sits on the model. Each of them can be sized as real work.

The open questions

A few things that are open, and that I'd value people arguing about.

Does citizen demand follow capability at high stakes? The reimagined-state framings assume yes. The OECD case-base does not yet evidence it. My guess is that uptake will split by stakes: people will route a fishing-licence renewal through an agent on day one, and will hold out for a long time on welfare, immigration, and justice until the audit story is solid. That's a guess, not a thesis.

Can layer-5 oversight keep up with layer-4 deployment at scale? Probably the single biggest open question in this whole area. Audit logs and agent registries exist as proposals. As best I can tell from the checked literature, production-grade audit at the scale of X-Road's deterministic audit trail is not yet in service for agentic systems. The risk is a gap of years between deployment and audit maturity.

What does the defensive architecture look like for a small or mid-size country? The Berlin paper and the Tony Blair paper are written for nation-states with large reform capacity. Most of the public-service organisations I know are smaller than that. The reimagined-state vocabulary will not transfer cleanly. The matrix-canon language might. That's a question I do not have a finished answer to.

Three questions

If you have thought about agent-driven government from the side of what arrives at the door, three things I'd value an answer on.

1. If you have shipped anything at any layer that handled agent-mediated traffic at non-trivial volume, where did it land in the architecture, and what surprised you?
2. If you think Loosemore is overstated, or understated, what is the evidence I should be reading?
3. What does the defensive architecture look like in a department smaller than a nation-state? The reimagined-state frames are written for big-reform contexts; most of the public-service organisations I know are smaller than that.

Sources and further reading

• Tom Loosemore, Flood warning: How citizens' AI agents will swamp public services, Computer Weekly, 14 April 2026: https://www.computerweekly.com/opinion/Flood-warning-How-citizens-AI-agents-will-swamp-public-services
• Global Government Technology Centre, Berlin, The Agentic State (Ilves, Kilian, Peixoto, Velsberg; May 2025): https://agenticstate.org/ and https://www.globalgovtechcentre.org/tech-stack
• Tony Blair Institute and Faculty, Governing in the Age of AI (Macon-Cooney, Kakkad et al., 20 May 2024): https://institute.global/insights/politics-and-governance/governing-in-the-age-of-ai-a-new-model-to-transform-the-state
• OECD, Governing with Artificial Intelligence: The State of Play and Way Forward in Core Government Functions (2025): https://www.oecd.org/en/publications/governing-with-artificial-intelligence_795de142-en.html
• Andrew Chrismer, AI agents will transform government services, Route Fifty, 3 June 2026: https://www.route-fifty.com/artificial-intelligence/2026/06/ai-agents-will-transform-government-services-will-we-build-future-prosperity-together/413936/
• Microsoft Source EMEA, Consider it done: How TAMM is transforming government services in Abu Dhabi with AI: https://news.microsoft.com/source/emea/features/tamm-app-abu-dhabi-government-services/
• X-Road (Nordic Institute for Interoperability Solutions): https://x-road.global