Agentic checkout beyond the hype: what European players can do to stay ahead of the revolution

Despite the flurry of recent US tech announcements, the reality for European business is that scalable Agentic Commerce remains 9 to 12 months away. This lag is not a setback, but a critical strategic window to architect the rules of the road before the concrete sets. The imperative for the financial service industry is distinct for each player: while merchants must deploy agentic layers (MCP) to make their products visible to AI agents ; banks must urgently define "Know Your Agent" (KYA) mandates to maintain control over transaction liability; and payment processors must implement compatibility layers like SRC (Click-to-Pay) to bridge the gap between current rails and future autonomous flows. We recommend abandoning the paralysis of multi-year transformations in favor of agile 90-day "build-to-learn" sprints starting today. This immediate action is what will differentiate the organizations that become the platforms the economy runs on from the silent utilities it consumes.

The signal in the noise

The fall of 2025 is likely to be remembered as the "iPhone moment" for agentic commerce. In the span of just six weeks, the theoretical debate ended, and the infrastructure war began. The industry witnessed OpenAI and Stripe demonstrate the sheer power of deep integration with "Instant Checkout," allowing US consumers to buy from major retailers directly within a chat interface. Almost immediately, Google countered with the AP2 (Agent Payments Protocol) coalition, rallying payment leaders like Adyen, PayPal, and Mastercard around an open standard.

Figure 1. Current agentic payments protocol landscape as of 5/12/2025

For European CIOs, however, this flurry of headlines creates a deceptive picture. While the press releases suggest a binary war between "Closed" and "Open" ecosystems is imminent, the reality on the ground in Milan, Paris, and Frankfurt will be far more fluid. The region is currently in an "implementation gap" - with scalable pilots not expected to hit the continent until Summer 2026.

This lag is not a delay to be lamented; it is a strategic grace period. Unlike their US counterparts who are rushing to integrate early proprietary SDKs, European enterprises have a unique window. This is the time to observe, architect, and build the transaction rails correctly before the market hardens.

The strategic posture: a dual-track approach

As the market splits into "Walled Gardens" (like OpenAI) and "Open Alliances" (like the Google-led AP2), the temptation is to pick a side. However, for European players, a binary choice is dangerous. The prudent strategy is a dual-track posture that balances data sovereignty with commercial opportunity.

The Core Track must be built on open standards. AP2 has emerged as a prominent open candidate, though the industry should expect overlapping schemes and wallet-level interoperability to emerge in 2026–27. By architecting primary infrastructure for payment-agnostic protocols, enterprises ensure that their existing payment stack - whether it’s Adyen, Nexi, or Worldline - remains the backbone of transaction volume. This preserves data sovereignty and prevents organizations from becoming tenants in external ecosystems.

Figure 2. AP2 compliant high level architecture

Simultaneously, an Experimental Track should be pursued. It is recommended to ring-fence specific, low-risk product lines to test proprietary connectors like OpenAI’s SDK. These pilots should be used to audit the economics of acquisition: does the higher conversion rate of a "walled garden" experience offset the loss of customer data? Collecting this data now allows for informed arbitrage decisions when the technology matures.

The new anatomy of a transaction

To prepare for this future, the industry must shift from thinking in terms of card numbers to thinking in terms of "Mandates." In an agentic world, a transaction is a chain of cryptographic proofs that answer three questions: Is the product real? Is the money real? And is the buyer authorized?

This stack implies strict acceptance criteria:

  • The cart mandate: A cryptographic proof containing a reproducible hash of items, price, stock timestamp, and a snapshot of the returns policy. It must include expiry parameters and replay protection to prevent stale offers from being executed.

  • The payment mandate: A binding instruction linked to the user-agent identity (via FIDO key) and device attestation where available. It explicitly binds amount, currency, and merchant ID to a dynamic risk score and a specific validity time window.

  • The intent mandate: To mitigate risk, this must start with constrained scopes—including value caps, Merchant Category Code (MCC) allowlists, specific merchant allowlists, time bounds, and revocation mechanisms. Clear audit logging and dispute traceability are prerequisites for bank acceptance.

The "Intent Mandate" remains the industry's hardest problem: under European SCA2 rules, autonomous purchases must be bound to a concrete amount and payee or operate under a pre-authorized mandate.

Where available, A2A Variable Recurring Payments (VRP) enable delegated autonomy: users perform SCA once to establish a tightly scoped mandate (amount caps, frequency, beneficiary), and subsequent in-scope payments execute without fresh SCA. For card rails, an analogous pattern uses merchant-initiated transactions (MIT) with explicit, agent-scoped consent.

Realism is also required: not every merchant will have a fully native AP2 API by 2026. In the interim, early indicators suggest the industry is coalescing around EMV SRC (Click-to-Pay). Crucially, SRC is a compatibility layer, not a destination. It should be used to ensure a storefront is not invisible to early transitional agents while native mandate flows are being built.


2 Strong Customer Authentication

The regulatory enablers: why Europe moves differently

In the US, agentic commerce is being driven by technology. In Europe, it will be shaped by regulation. Three key frameworks - PSD3, eIDAS 2.0, and the AI Act - are converging to create the rules of the road.

PSD3 & the liability model: The upcoming Payment Services Regulation (PSR) is designed to clarify liability for "Technical Service Providers."

  • Human-signed payment mandate: Liability remains analogous to current SCA-compliant flows

  • Delegated payments: For autonomous flows (leveraging VRP or MIT frameworks), the industry is likely to move toward a shared-liability model. Initial deployments could rely on micro-delegation and limited MCCs while data models mature

eIDAS 2.0 & the EUDI Wallet: The rollout of the European Digital Identity (EUDI) Wallet by 2026 is poised to provide the missing link for high-value transactions. For high-value approvals in 2026, EUDI Wallet + Qualified Electronic Signature (QES) is the likely benchmark for legal non-repudiation. Banks should be testing wallet orchestration and QES user experiences now.

GDPR & the AI Act: Finally, the EU AI Act mandates transparency - users must know they are interacting with an AI. Furthermore, if a "Credit Agent" denies a loan during a checkout, the GDPR "Right to Explanation" applies. Architectures must be built to explain why a decision was made, not just execute it.

The banking imperative: moving upstream

For banks, the risk is existential. Institutions waiting to offer financing on the checkout page are already too late. To stay relevant, banks must generate high-margin revenue from their core asset - the balance sheet. Institutions should prioritize moving upstream to deploy a Credit Agent that engages during the search and discovery phase, reclaiming the loan origination moment from competitors already active in the chat environment (e.g. BNPL providers).

  • Banks should deploy specialized, real-time Credit Agent that listens for Cart Mandate data and injects binding credit offers into the agent-to-agent communication channel.

  • This agent must satisfy the AI Act transparency requirements by returning decisions with short "reason codes," and must protect the institution by binding credit offers to the Cart Mandate hash with a 15–30 minute validity window to prevent bait-and-switch disputes.

The immediate enabler: KYA (Know Your Agent) platform. This brings the discussion to the most critical build for 2026: KYA. Today, banks perform KYC on humans. Tomorrow, they must perform KYA on software. If banks do not build it,  Big Tech will, reducing the bank to a dumb pipe. A concrete KYA blueprint includes:

  • Agent registry: A system tracking publisher identity, deterministic versioning, attestation proofs, and a real-time revocation list.

  • Delegation tokens: Granular scopes allowing control over amount, frequency, specific merchants, and time windows. These must support instant revocation, anomaly triggers, and audit export.

  • Transaction flagging: The introduction of an "agent-origin" transaction flag and specific dispute codes to segregate fraud patterns and speed up investigations.

Even in markets characterized by payment processing outsourcing, the responsibility for KYA and the liability under PSD3 remain with the ASPSP3. Banks must not build the infrastructure; they must own the requirement and leverage their power as the legal client authority and look at KYA as a set of non-negotiable SLAs and contractual requirements imposed upon processor partners (Nexi, Worldline, etc.). The goal is to ensure the metadata flows back to their ledger

Banks should demand the following capabilities from their partners:

  • Agent registry & attestation: the ability for the bank to consult a partner registry of verified software identities, linking publisher, version, and security profile to every transaction.

  • Delegation token flow: A defined protocol for the instantaneous flow of granular delegation tokens from the bank's core system to the processor's network.

  • Transaction flagging & audit: The introduction of an "agent-origin" transaction flag and specific dispute codes to ensure the audit trail (required under PSD3) is clear and accessible directly to the bank's risk and compliance teams, not just held by the processor.

The 2026 mission for banks is to establish the necessary points of strategic influence before the platforms become non-negotiable gatekeepers.

3 Account Servicing Payment Service Providers

The merchant's tactical list: From SEO to GEO

For merchants, the shift is from Search Engine Optimization (SEO) to Generative Experience Optimization (GEO).

While it is true that advanced agents can scrape HTML, they struggle with it. Agents increasingly prioritize structured, deterministic interfaces. Optimization of Schema.org feeds should continue, but a Model Context Protocol (MCP) server should be deployed simultaneously. The MCP implementation should move from abstract principle to a concrete checklist, which could include:

  • Server SLAs: Launch an MCP server for one category with defined SLAs on stock freshness and price validity windows.

  • Offerability metadata: Publish delivery promises, returns policies, warranty details, and carbon footprints. Agents will rank "complete" offers higher.

  • Negotiator guardrails: Implement discount caps based on margin and inventory age. Publish "negotiation capability" metadata so buyer agents know when to haggle and when to execute.

The open files: four questions for 2027

While the technical rails are becoming clear, four critical issues remain open nodes in the network, requiring close observation as the market matures in 2026.

  • The interface of trust (The CX Gap): The industry is moving to an "interface-less" economy, yet humans still crave control. We currently lack a standard UI pattern for the "Agent Dashboard." How does a user intuitively visualize, cap, and kill active agents? Designing a command center that translates technical mandates into human-readable authority remains a massive greenfield opportunity for the bank that solves it first.

  • The economics of inference (The "Agent Tax"): Who pays for the compute? When a Buyer Agent queries a Merchant’s MCP server 500 times to check stock but makes no purchase, the merchant incurs a cost. We expect the emergence of "Token-Gated APIs" where high-frequency agents must pay a micro-fee (likely via stablecoin rails) to access premium, real-time inventory data.

  • Operationalizing the "Stupid Agent" dispute: Fraud is one thing; incompetence is another. What happens when a user claims, "My agent bought the wrong color" or "My agent misunderstood the return policy"? The industry needs a new class of dispute codes specifically for "Agent Error," distinct from "Unauthorized Transaction," to prevent operational paralysis in customer support centers.

  • The fragmentation of identity: While eIDAS 2.0 is an EU-wide regulation, the technical implementation of EUDI Wallets will likely vary across member states. Cross-border agentic commerce will require robust identity orchestration layers to bridge these national variances without breaking the checkout flow.

Conclusion: The 90-Day Sprint

It is tempting to look at these open questions—particularly around UX and disputes—and adopt a "wait and see" posture. That would be a strategic error. While the edges of the map are still being drawn, the core infrastructure requirements are clear.

The foundational capabilities must be built today so they are ready when the standards calcify tomorrow. We recommend that European leaders stop planning for 2027 and launch a 90-day "Build-to-Learn" Sprint:

  • Merchants: Audit structured data coverage and launch a small MCP pilot for a single product category.

  • Banks: Initiate a KYA War Room focused on legal and commercial requirements, updating partnership contracts to mandate KYA compliance and audit trail access from processors.

The revolution is no longer coming; it is here. The only question remaining is whether incumbents will be the platform it runs on, or the utility it consumes.