Categories
Featured-Post-IA-EN IA (EN)

Agent-to-Human Protocol: Why AI Agents Must Request Human Permission

Auteur n°3 – Benjamin

By Benjamin Massa

Digital expert

Views: 2
Artificial intelligence

Summary – Facing the growing autonomy of AI agents linked to CRM, ERP, and e-commerce, operational failures and non-compliance risks become critical. The open-source Agent-to-Human (A2H) protocol formalizes interactions through five core intents (INFORM, COLLECT, AUTHORIZE, ESCALATE, RESULT), delivering strong authentication, immutable traceability, and secure, gateway-agnostic routing. Result: critical approvals are tracked, decisions flow smoothly, and validation times are drastically reduced.
Solution: integrate A2H to govern AI autonomy while ensuring compliance and performance.

Organizations are increasingly integrating AI agents with their CRM, ERP, document repositories, and e-commerce platforms. These assistants no longer just make suggestions: they collect data, initiate transactions, update records, and trigger workflows.

Without a control mechanism, an autonomous agent can become an operational single point of failure. That is why Twilio’s Agent-to-Human Protocol (A2H) is a crucial component. Instead of merely sending a message, A2H specifies how and when an agent should engage a human to inform, collect data, authorize, escalate, or deliver a result, all while ensuring traceability and accountability.

Understanding the Agent-to-Human (A2H) Protocol and Its Ecosystem

The A2H protocol standardizes interactions between AI agents and humans to request validation or intervention. It establishes a channel-agnostic communication layer, ensuring reliability and traceability.

Origin and Definition of A2H

The Agent-to-Human Protocol is an open-source project initiated by Twilio to formalize interactions between an AI agent and a human user. Instead of manually implementing SMS, email, or push notifications, agents generate structured requests based on five predefined intents. Each intent includes a code, parameters, and an expected response format.

This protocol offers a minimal API: the agent submits a JSON-formatted message detailing its intent, content, and a unique interaction identifier. The A2H gateway handles routing, retry logic, cryptographic signing of the response, and state tracking. The agent then receives a signed response, ready to be validated or enriched.

A2H goes beyond mere notification: it structures the agent-human dialogue, secures authorization processes, and records every interaction in an immutable audit trail. The protocol ensures that no critical validation occurs outside the defined business scope. See our guide on Augmented Software Development Lifecycle (SDLC) to integrate AI into your development cycle.

Positioning A2H Among Agent Protocols

In the agent protocol ecosystem, each serves a specific need: MCP (Model Context Protocol) allows agents to access external tools and data, A2A (Agent-to-Agent) facilitates agent collaboration, and UCP (Universal Commerce Protocol) structures automated commerce journeys. A2H complements this suite by managing the intersection between automated decisions and human intervention.

By combining MCP for data, A2A for coordination, and A2H for validation, you achieve a complete workflow where the agent operates autonomously up to a threshold, then switches to human oversight at the right moment. This clear division of responsibilities reduces risk while preserving the productivity gains of automation.

Companies that have already adopted MCP or A2A view A2H as a natural component to structure their decision chains. They avoid costly, scattered ad hoc developments while benefiting from a modular and scalable implementation.

Example of Adoption in a Swiss Company

A financial services firm connected an AI agent to its ERP system to automatically propose payment rescheduling. Before confirmation, the agent generated an A2H AUTHORIZE request to the account manager. The gateway then selected between a secure email or a Teams message, depending on availability.

This approach showed that, without a protocol, scattered notifications could lead to validation delays of several days. With A2H, approvals are tracked and signed, reducing disputes and improving case processing times.

The example highlights the value of A2H in governing sensitive decisions while maintaining a high level of compliance and transparency between agents and business users.

Key Intents of the A2H Protocol

Five intents structure the interactions: INFORM, COLLECT, AUTHORIZE, ESCALATE, and RESULT. Each request specifies the objective, expected format, and metadata required for a verifiable response.

INFORM and COLLECT

The INFORM intent is used for notifications that do not require a response: the agent reports a status or event, such as “refund initiated” or “low stock alert.” The gateway handles routing it to the most appropriate channel.

COLLECT is used to request structured information, such as a delivery address, desired date, or missing document. The agent defines a JSON schema for the response format, ensuring the validity of the data received.

By separating notification and collection, A2H ensures the agent can proceed with its process once the information is received, without ambiguity about content type or expected structure.

AUTHORIZE and ESCALATE

The AUTHORIZE intent is used to obtain explicit approval before any critical action, such as processing a payment, confirming a high-stakes order, or modifying a contract. The request includes the nature of the action and its implications. To secure your APIs, see our guide on Modern Authentication.

ESCALATE applies when an agent lacks the necessary permissions or cannot resolve a complex situation. The request forwards the full context (conversation history, key data) to a human operator.

These two intents provide granular control: only the rightful decision-maker can authorize a sensitive step, and any unresolved incident is escalated through a transparent workflow.

RESULT and the Role of the Gateway

Once the response is received, the agent invokes the RESULT intent to conclude the interaction by informing the user of the final outcome. This step confirms that the human decision has been integrated into the workflow.

The A2H gateway manages authentication, retry logic on failure, multi-channel routing, and buffering of signed responses. The agent receives a single, encrypted response that it can verify before proceeding.

Thanks to this delegation, AI agents remain focused on business logic and do not need to handle the complexities of each communication channel.

Edana: strategic digital partner in Switzerland

We support companies and organizations in their digital transformation

Let's talk about you

Traceability and Security: Foundations of the A2H Protocol

In a business context, it’s not enough to know if a human responded: you must track who, what, when, and how. A2H introduces signed responses, expirations, and unique identifiers for every interaction.

The Importance of Traceability in Business Processes

Traceability is essential for demonstrating compliance with internal or regulatory rules, such as financial audits, contract approvals, and sensitive workflow validations. Each response must carry a timestamp and an associated user.

With A2H, every human response includes a signature object containing the approver’s identity, the channel address, and a hash of the authorized action. All of this is stored in an immutable log.

This level of detail allows for reconstructing the decision chain during disputes, internal audits, or external investigations without resorting to tedious manual searches.

Security Mechanisms of A2H

A2H specifies strong authentication: each channel must validate the user’s identity before submitting a response. The gateway uses OAuth or certificates depending on the context.

Responses are digitally signed and include an expiration date. Any attempt at reuse or tampering is detected and rejected by the gateway.

Interaction identifiers (UUIDs) tie the response to a specific request. This way, a simple “OK” becomes a formal, contextualized, and non-repudiable approval.

Example of a Secured Application in a Swiss Organization

A logistics operator automated the dispatch of delivery notes via an AI agent. Before sending, the customer service manager had to authorize the shipment of goods exceeding a certain value. The agent generated an A2H AUTHORIZE request sent via encrypted email.

The gateway verified the manager’s identity with 2FA and signed each approval. The logs detailed the issuers, recipients, and approved amounts.

This example demonstrates how A2H secures financial and logistical operations while simplifying user adoption of business processes.

Use Cases and Integration for Medium and Large Enterprises

AI agents deliver their full value in scenarios where autonomy requires human oversight. A2H streamlines integration with ERP systems, CRMs, or e-commerce platforms without duplicating communication developments.

E-commerce, Travel, and Customer Support Scenarios

In e-commerce, an agent can prepare a large order and request a budget confirmation via AUTHORIZE before finalizing the cart. This step prevents anomalies and boosts customer satisfaction. Learn how to turn a simple payment method into a strategic lever with Stripe.

In travel, the agent suggests an itinerary and collects the final date via COLLECT, then triggers the booking after AUTHORIZE. The customer receives a RESULT once the flight is confirmed.

In customer support, if the bot cannot resolve an issue, it escalates with ESCALATE, passing the complete history to the agent. This reduces handoff time and improves first-contact resolution.

Integration with ERP, CRM, and Internal Workflows

Quotations approvals, purchase authorizations, or quality checks in an ERP can be managed by an AI agent. A2H handles sending requests to the relevant managers, regardless of their primary channel (Slack, Teams, or email).

Outlook and Framework for Controlled Adoption

Before launching an AI project, it is crucial to define which actions the agent can perform autonomously, which require validation, and which are prohibited. This mapping limits risk.

Next, identify approvers based on amount, data type, or risk level, and plan for revocation or delegation logic if necessary. Multi-party authorizations and scoped actions ensure granular control.

Finally, integrating A2H from the design phase paves the way for future enhancements (pre-approvals, observability integration, compatibility with LangGraph, CrewAI, etc.) and ensures a sustainable AI architecture.

Framing Your AI Agents’ Autonomy with Human Validation

The future of AI agents will not be about greater autonomy alone, but about guided autonomy. With the Agent-to-Human Protocol, organizations can structure validation points, secure sensitive decisions, and trace every interaction. INFORM, COLLECT, AUTHORIZE, ESCALATE, and RESULT form a clear framework, while the A2H gateway simplifies multi-channel integration.

Amid the growing complexity of business environments, our experts can guide you through use-case definition, risk analysis, validation workflow design, and implementation of secure audit trails. Together, let’s build AI agents that are both powerful, safe, and compliant with your processes.

Discuss your challenges with an Edana expert

By Benjamin

Digital expert

PUBLISHED BY

Benjamin Massa

Benjamin is an senior strategy consultant with 360° skills and a strong mastery of the digital markets across various industries. He advises our clients on strategic and operational matters and elaborates powerful tailor made solutions allowing enterprises and organizations to achieve their goals. Building the digital leaders of tomorrow is his day-to-day job.

FAQ

Frequently Asked Questions about A2H

What is the Agent-to-Human Protocol (A2H) and what is it used for?

The Agent-to-Human Protocol (A2H) is an open-source standard initiated by Twilio to formalize interactions between AI agents and human users. It specifies five structured intents and a minimal API for generating JSON requests, all managed by a gateway responsible for routing, traceability, and response signing.

How does A2H ensure traceability and security of human validations?

A2H uses unique identifiers (UUIDs), digitally signed responses, and expiration timestamps for every interaction. The gateway enforces strong authentication (OAuth, certificates, or 2FA), manages retries, and stores exchanges in an immutable log, ensuring a complete and tamper-proof audit trail.

What are the key intents in the A2H protocol?

The A2H protocol is built around five intents: INFORM (event notification), COLLECT (structured data request), AUTHORIZE (explicit approval for critical actions), ESCALATE (escalating complex cases), and RESULT (closing the interaction with the human-provided outcome).

How do you integrate A2H into an existing ERP or CRM?

You integrate A2H through its open-source API and dedicated gateway. Simply define your use cases, map approvers to their channels (e.g., Slack, Teams, email), and build contextual connectors. A2H's modular design eliminates the need for ad hoc development and streamlines maintenance.

What are the benefits of combining MCP, A2A, and A2H in an AI workflow?

By pairing MCP for data access, A2A for inter-agent coordination, and A2H for human validation, you establish a comprehensive, reliable, and secure AI workflow. This clear division minimizes operational risks while enhancing agent autonomy and productivity.

What risks does A2H help avoid in AI automation?

A2H prevents failures from uncontrolled decisions, transaction errors, or processing outside defined business boundaries. It also helps avoid disputes and regulatory non-compliance by ensuring every critical approval goes through an authorized human.

What role does the A2H gateway play in the protocol?

The A2H gateway orchestrates multi-channel delivery, manages retries, enforces strong authentication, and cryptographically signs each response. It frees AI agents from communication complexities and guarantees a reliable audit of all interactions.

What common mistakes should be avoided when implementing A2H?

Common pitfalls include overlooking use-case mapping, skipping strong authentication, misidentifying approvers, not defining expiration periods, or overcomplicating request structures. Staying agile and context-aware is essential.

Similar content

Client Portals and Agentic AI: The New Hybrid Architecture of the Digital Experience
Enterprise MCP: Connecting AI Agents to Business Systems Without Creating Integration Debt
AI Agents: What They Really Are, Their Uses and Limits
Trends in AI 2026: Choosing the Right Use Cases to Drive Business Value
Conversational AI in Customer Support: From Simple Chatbots to a Measurable Value Engine
Building Useful AI Agents: A Practical Guide to Moving from Prototype to Production
MCP Servers: How to Connect AI Agents to Development Tools Without Overengineering
From Demo to Production: The Agentic AI Sprint That Turns Ambition into a Reliable System
AI Agents with MCP: Transformative Enterprise AI Within Reach
From Call Center to AI Hub: How Intelligent Agents Are Transforming Customer Service
CONTACT US

They trust us

Let’s talk about you

Describe your project to us, and one of our experts will get back to you.

Edana
Eaux-Vives, Genève

SUBSCRIBE

Don’t miss our strategists’ advice

Get our insights, the latest digital strategies and best practices in digital transformation, innovation, technology and cybersecurity.

Let’s turn your challenges into opportunities

Based in Geneva, Edana designs tailor-made digital solutions for companies and organizations seeking greater competitiveness.

We combine strategy, consulting, and technological excellence to transform your business processes, customer experience, and performance.

Let’s discuss your strategic challenges.

022 596 73 70

ABOUT US
Agence Digitale Edana sur LinkedInAgence Digitale Edana sur InstagramAgence Digitale Edana sur Facebook