Cryptographic Attestation for AI Agent Governance under the EU AI Act: A Survey of Approaches and Standards

Version 2.1 (17 May 2026) is a revision of v1.0 (14 May 2026, archived under the same concept DOI). v2.1 preserves the analytical claims and argument structure of v1.0 while applying the following revisions: Switches conventional spelling to American English; quoted passages from the AI Act, eIDAS, GDPR and NIS2 remain in their verbatim British form. Reorders §7 to lead with the methodological caveat. Splits AI-gateway and AI-guard layers in §5.6 (Lakera Guard reclassified as a guard layer with policy verdicts output, distinct from the gateway layer's flow controls). Restores §2.10 (W3C Verifiable Credentials and selective disclosure), missing from the v1.0 PDF rendering. Disambiguates the Linux Foundation AAIF artifact stack in §6.1 into protocol (MCP), framework (goose) and convention (AGENTS.md) layers. Adds nine numbered tables (regulatory baseline, adversary classes, requirements, defensive primitives, OVERT design principles, GIPAMR domains, AAL ladder, taxonomy overview, open research problems). Adds clickable cross-references, bracket-numbered citations, a two-level Table of Contents and a PDF outline sidebar tree. Tightens twelve specific passages for precision and brevity. The competing-interest disclosure remains as in v1.0; see §7 and the front-matter disclosure on p. 1. The European Union Artificial Intelligence Act (Regulation (EU) 2024/1689) imposes obligations on providers and deployers of high-risk AI systems that, on close reading of Articles 12, 14, 50 and 72 together with Annex IV and the Article 43 conformity assessment regime, presume the existence of independently verifiable evidence about agent behaviour. Conventional governance, risk and compliance (GRC) tooling, AI observability platforms, and policy documentation regimes do not, as a matter of architecture, produce such evidence: they aggregate operator-side assertions rather than cryptographically attested claims that a third party can validate without operator cooperation. A new category of systems has emerged in 2025–2026 that aims to close this gap by binding AI agent actions to signed, time-stamped, often hardware-rooted attestations. This paper presents the first comprehensive survey of cryptographic attestation approaches for AI agent governance. We motivate the problem by analysing the AI Act's record-keeping and conformity-assessment requirements alongside adjacent regulation (eIDAS 2.0, NIS2, GDPR) and horizontal management-system standards (ISO/IEC 42001:2023, the NIST AI RMF). We derive a threat model and operational requirements, survey the recently published OVERT 1.0 open standard as the first horizontal specification targeting this category, and propose a six-axis taxonomy covering hardware-rooted (TEE-based) attestation, software-only cryptographic attestation, identity-focused attestation, payment- and commerce-specific attestation, and two adjacent (non-attestation) categories: compliance automation platforms and AI gateway / runtime layers. We map each category to representative systems, identify standards bodies relevant to the trajectory (ETSI, CEN-CENELEC JTC 21, FIDO, Linux Foundation AAIF), articulate seven open research problems including reproducibility of non-deterministic outputs in conformity assessment and statistical safety attestation, and observe a structural geographic gap: as of mid-2026, no major attestation provider operates from an EU-anchored, eIDAS-qualified trust services base.