Page 3: AI Agent Protocols: The Biggest Surprise

Contents

Arguably the most unexpected layer of the Deutschland-Stack is the top one: artificial intelligence. Here, the IT Planning Council defines four protocols as standards, all of which are still quite young.

The Model Context Protocol (MCP), originally developed by Anthropic, standardizes the access of AI models to external data sources and tools – it is often described as "USB-C for AI." The Agent2Agent Protocol (A2A), initiated by Google, regulates direct communication between AI agents from different manufacturers. The Agent Network Protocol (ANP) enables the networking of autonomous agents in decentralized networks, and the Agent-User Interaction Protocol (AG-UI) standardizes the interface between AI agents and human users.

The fact that the traditionally conservative administration standardization is adopting protocols that are sometimes only a few months old and whose maturity is still being discussed in the industry is unusual. The goal may be not to lag behind AI, but to rely on open, interoperable standards from the outset. Nevertheless, the open definition needs in this layer are particularly extensive: Standards for selecting language models, for Retrieval-Augmented Generation (RAG), for Responsible AI and traceability, as well as for the exchange of models and training data are missing.

Despite all the courage, the Stack here describes more of a direction than a finished architecture.

The Gaps: LowCode Without Matrix

One layer falls out of line: workflow automation (LowCode). It is the only level of the Deutschland-Stack for which not a single standard has been defined. At the point where standards should be, the document merely notes "./" and lists exclusively open definition needs: formats for integrating external solutions, for exporting and importing models, and for cross-platform execution. It is also striking that established modeling standards like BPMN (Business Process Model and Notation) are not even mentioned.

At least as revealing as the included standards is what is missing. The Matrix protocol for federated communication, which is already used in the Bundeswehr's Bw Messenger, for example, does not appear – there is no separate layer for communication and collaboration in the Stack. TLS 1.3 as a specific transport encryption standard is not mentioned – while the BSI guidelines implicitly cover it, an explicit definition is missing. And the Open Container Initiative (OCI), the open standard for container formats that underlies Kubernetes, also remains unmentioned, even though Kubernetes itself is in the Stack.

Blueprint or Wish List?

The Deutschland-Stack, in its breadth and ambitious level, is initially a remarkable document. For the first time, German administration is attempting to commit its entire technical architecture across layers to open standards – from network virtualization to AI agent communication.

At the same time, the paper raises questions. The binding nature of the decision will have to prove itself in practice. Experience with previous standardization decisions does not inspire unreserved optimism. The long lists of open definition needs in practically every layer show that the Stack, in many parts, outlines a framework rather than providing a finished architecture. And the inclusion of extremely young AI protocols is in some tension with the stability one would expect from administrative standards.

What will be crucial is whether and how quickly the open definition needs are met – and whether the adopted standards actually find their way into tenders, procurements, and specialized applications. Because a standard catalog unfolds its effect not through the decision, but through its implementation.

The complete resolution is available on the website of the IT Planning Council.

(fo)