Why AI Needs Crypto, Now More Than Ever

a16z Crypto recently published a concise yet content-rich carousel titled "AI needs crypto — now more than ever". Six slides, six theses.

The convergence between artificial intelligence and blockchain is no longer a speculative scenario. It's a reality being structured in layers — infrastructural, identity-based, financial — and it requires a legal framework to match. Let's try to build one, starting from a16z's six theses.

1. The Trust Problem in the Age of Agents

The carousel's starting point is simple and clear: AI agents operate at machine speed. But who guarantees that the output is reliable? Who is responsible if an autonomous agent makes an error, executes a distorted instruction, or is manipulated by a malicious actor?

In the European AI Act, high-risk systems — including those operating in financial, credit, or decision-relevant domains — are subject to strict transparency, human oversight, and technical documentation obligations. But the AI Act doesn't yet comprehensively address autonomous "agents" in the fullest sense: systems that make multi-step decisions, manage resources, and interact with other agents.

In a16z's vision, crypto-assets aren't just financial technology: they're a verifiable trust infrastructure for systems that operate without human intermediaries in real time.

From a regulatory standpoint, this opens a crucial question: who is the "deployer" of an AI agent operating autonomously? Who is the "provider"? The answer matters because it determines who bears responsibility.

2. The Cost of AI Impersonation: Onchain Identity as Deterrent

a16z's second thesis is clear in its linearity: AI can impersonate humans at zero cost. Verifiable onchain identity makes this operation harder — and above all, more expensive.

In the GDPR context, the AI impersonation problem has already found a partial answer in the eIDAS 2.0 regulation, which introduces the European Digital Identity Wallet. But eIDAS 2.0 doesn't solve the authenticity problem in decentralized environments, nor selective anonymity.

3. Privacy by Design Onchain: The Promise of Zero-Knowledge Proofs

The third slide touches a theme central to the blockchain-GDPR debate: privacy. a16z's answer is elegant — zero-knowledge proofs (ZKP). ZKP-based systems allow verifying that something is true without revealing the underlying data.

This is exactly the data minimization principle enshrined in Art. 5 of the GDPR, applied to a cryptographic architecture. In practice:

• •I can prove I'm over 18 without revealing my date of birth
• •I can prove I'm an EU resident without revealing my address
• •I can prove I'm not on a sanctions list without exposing my identity

From a DPO's perspective, ZKP architectures don't eliminate the personal data problem — they shift it. The data still exists, it's just managed off-chain. A DPIA assessment remains necessary.

For CASPs and fintech platforms operating under MiCAR, integrating ZKP into onboarding and KYC verification flows represents a technical and regulatory frontier to monitor. Onchain privacy protocols aren't yet standardized at the European regulatory level, but the European Data Protection Board guidelines are evolving in this direction.

4. Decentralized Identity: The User Returns to Center Stage

"Decentralized identity lets people — not platforms — own and control their data."

This slide condenses in one line the principle of informational self-determination that the German school of law has elaborated over decades.

In the European context, decentralized identity connects to Verifiable Credentials (VC) — a W3C standard that the European Digital Identity Wallet will adopt. The difference from the current model is structural: today platforms custody users' identity data (and often monetize it); with a DID + VC architecture, users carry their verified credentials and share them selectively.

5. Money Moving at AI Speed: Micropayments and Crypto Rails

AI agents need resources to act. Booking a service, purchasing data, compensating another agent for computational work: all operations requiring the ability to move value in real time, in small fractions, without the friction of traditional banking systems.

Here crypto isn't just "useful": it's structurally necessary. Traditional payment systems aren't designed for sub-cent transactions executed thousands of times per second by autonomous software.

From a regulatory standpoint, this is one of the most sensitive nodes of the entire AI+crypto ecosystem. Who is the AML obligated entity when an agent executes the payment? How does the Travel Rule apply to transactions autonomously generated by software?

MiCAR, in its current formulation, doesn't explicitly contemplate payments executed by autonomous AI agents. DORA imposes operational resilience requirements applying to financial intermediaries' IT systems, but not yet to multi-agent architectures. The regulatory perimeter is under construction, and those entering the market now must do so with a proactive, documented compliance approach.

6. More Human Networks: Proof of Personhood Against AI Spam

The sixth thesis addresses digital pollution: automation can flood networks with noise and spam. Proof of personhood — mechanisms that cryptographically prove an account is controlled by a human — is the proposed infrastructural answer.

In the regulatory context, this connects directly to the Digital Services Act (DSA), which imposes transparency obligations on very large platforms regarding automated accounts and disinformation prevention. Onchain proof of personhood could become a DSA compliance tool as well as a trust infrastructure.

For crypto-asset marketplaces and DeFi platforms, the topic is particularly relevant: wash trading, undisclosed arbitrage bots, market manipulation via autonomous agents are already on ESMA's and national competent authorities' radar. Verifiable identity of market operators — human or agent — is a requirement that MiCAR and upcoming ESMA guidelines will tend to strengthen.

7. Agents Serving Humans: Portable Cross-App Identity

The carousel's final slide introduces a concept that shifts the frame: it's not just about security or payments, it's about agent identity architecture. If an agent carries a portable identity across apps, it maintains context, interaction history, preferences.

From a data rights perspective, this raises the portability question — Art. 20 GDPR — applied not to the human user, but to the agent acting on their behalf. Who owns the contextual training data of a personal agent? Is it the user's personal data? Is it the model provider's data?

The topic is open and will have very concrete practical implications over the next 18-24 months, as AI agents move from the experimental phase to large-scale deployment.

What to Do Now

a16z's carousel is, in its brevity, a map of the territory ahead. Six problems, six infrastructural solutions. But between the technical solution and its implementation compliant with the European regulatory framework — AI Act, MiCAR, GDPR, DSA, DORA — there's a gap requiring specialized legal and technical expertise.

For companies already operating in the crypto-asset ecosystem (CASPs, exchanges, DeFi platforms), convergence with AI isn't a future option: it's already underway. The first agents managing portfolios, optimizing trading strategies, or executing automated compliance functions are already in production.

Compliance can't chase technology. It must anticipate it. And anticipating means building today the legal frameworks, DPIAs, agent governance policies, and AML safeguards that will be required tomorrow.