Consumer data rights consent flows
A bank-hosted consent screen reached by redirect that lists the requested scopes in plain language and feeds a standing consent dashboard for review and revocation.
When a citizen authorizes an AI agent to reach a government service on their behalf, the agency needs that authorization to be specific and inspectable: which data or actions are covered, for how long, and revocable afterward, with the citizen authenticating to the government rather than handing credentials to the agent.
The challenge is to make that consent clear enough to be informed and standing enough to manage, without re-prompting the citizen at every step.
An agency needs the citizen's authorization to be specific, standing, and revocable, with the citizen authenticating to the government rather than to the agent, so that what the agent may do is informed and remains manageable over time.
Open-banking flows assume smartphone access and comfort with redirect patterns: redirect flows break screen-reader context, time-limited SCA challenges disadvantage users with motor or cognitive impairments, and SMS OTP excludes users without mobile phones. Keep the path open with extended SCA time windows, non-SMS authentication (hardware tokens, email), and consent confirmation via an alternative channel (a phone call with automated readback of permissions).
Delegations that only view data are separated from those that act, with a higher-ceremony confirmation step required to authorize an action and a separate dashboard toggle the citizen can use to manage each permission.
No surface has been built yet; the approach above is the brief for one.
Established
PSD2 / Open Banking UK. The consent journey follows a redirect pattern: the customer initiates in the third-party provider (TPP) application; the TPP specifies the scope of data or payment access; the customer is redirected to their bank (ASPSP) for Strong Customer Authentication (SCA); the customer reviews and confirms the specific permissions; and is redirected back to the TPP. Open Banking UK's Customer Experience Guidelines (v4.0, updated March 2026) mandate consent and access dashboards for ongoing management, minimal information presentation, platform-agnostic wireframes, and design principles of "control, speed, transparency, security and trust."
Australia's Consumer Data Right (CDR). Both data holders (banks) and accredited data recipients must provide consumer dashboards that are "simple and straightforward to use and prominently displayed." The consent flow covers collection, use, and disclosure as separate consent elements. 2024 amendments introduced bundled consent and pre-filled consent for necessary data; a principles-based ban on dark patterns was considered but replaced with "standards and guidelines on manipulation." The CDR consent model includes a formal "Consent Review" process covering authorization, revocation, re-authorization, and notification.
Open-banking consent flows are the closest existing analogue to government-to-agent delegation. Directly transferable: redirect-based authentication (the citizen authenticates with the government identity provider, not the agent, which never sees credentials); scoped permissions with human-readable summaries; consent dashboards for viewing, managing, and revoking active delegations; SCA for re-authorization when the agent requests expanded scope; and time-bound access that expires and must be renewed.
Key differences for government services: government actions are often irreversible (lodging a tax return, applying for a benefit) in ways that viewing bank data is not. The consent model needs to distinguish "view" delegations from "act" delegations, with higher ceremony for the latter. The CDR's experience with dark patterns is cautionary: bundled and pre-filled consents reduce friction but can undermine informed delegation. The temptation to bundle ("just let the agent do everything") has to be resisted by design.
The failure to guard against is an over-broad or unauthorized data grab proceeding silently at scale. Redirect authentication keeps credentials away from the agent and forces the citizen to confirm scoped permissions, so that grab cannot happen unseen.