The rails.

An agent that can shop cannot pay. That is the gap at the center of European agentic commerce, and it is not a technology gap. The AI can compare the products, fill the cart, and choose the best option — but at the moment of payment, European law requires that a human, not a machine, authorize the transaction, and there is no current mechanism to treat an AI agent as the equivalent of a human payer. The capability is there. The legal authority is not.

This is the European condition specifically. In the US, agentic payments run on commercial rails — Mastercard’s Agent Pay, Visa’s Intelligent Commerce, Plaid’s data network — private infrastructure the card networks and aggregators built and can extend to agents by decision. In Europe, the rails are statutory. Strong Customer Authentication under PSD2 requires multi-factor human authentication for online payments; the rails are defined by regulation, and an agent cannot simply be granted payer status by a network’s product team.

So the European agentic-commerce stack is being defined not by the labs or the networks but by two regulatory regimes arriving at once. PSD3 and the new Payment Services Regulation — agreed in November 2025, publishing in summer 2026 — rebuild the payment rails with mandatory API parity, forcing banks to expose interfaces as capable as their own apps. And the EU AI Act, with high-risk obligations landing in 2026, classifies the AI systems that would run agentic finance — credit scoring, fraud detection — as high-risk, subject to conformity assessment, human oversight, and registration. The rails and the guardrails are being poured in the same year.

The convergence is the story. An agent that shops in Europe must run on rails that PSD3/PSR are rebuilding, under guardrails the AI Act is installing — and the two regimes were not designed together, so the agentic stack inherits the seams between them. Whether an agent can pay depends on the payment regime; whether it can assess, recommend, or score depends on the AI regime; and the two regimes have different timelines, different scopes, and different competent authorities.

The structural argument I want to make: European agentic commerce is not a product the labs ship onto existing rails; it is a system being co-defined by two converging regulatory regimes — PSD3/PSR rebuilding the payment rails and the AI Act installing the AI guardrails — which means the constraint on agentic finance in Europe is not the agent’s capability but the legal architecture it must run on, and that architecture is statutory, fragmented across two regimes, and fundamentally different from the commercial rails the US agentic-commerce playbook assumes. This is the fourth dispatch in the Agentic Commerce track, and it is the European mirror of The mandate: where The mandate argued Europe regulates the agent’s conduct, this argues Europe is rebuilding the rails the agent must run on.

The headline integrative finding: The honest both-sides read is that the European approach is simultaneously the harder path and the more durable one. Harder, because the statutory rails move on legislative time (PSD3 applicable ~2028, FIDA still in trilogue, the AI Act’s high-risk deadline possibly slipping to 2027 under the May 2026 Omnibus), and an agent cannot be a legal payer until the regime says so — which means European agentic commerce will lag the US commercially. More durable, because rails built into law are rails no single network controls — mandatory API parity means no bank can degrade the interface to favor its own agent, and open finance under FIDA means the data substrate is a public utility, not a private moat. The deepest point is that the US and EU are building agentic commerce on opposite foundations: the US on commercial rails a few firms own and can extend by decision, the EU on statutory rails no one owns and everyone must follow. The US path is faster and more concentrated; the EU path is slower and more open. Which foundation produces the better agentic-commerce market is the genuine open question — and it will not be settled by capability, because the capability is the same on both sides. It will be settled by which rail architecture an agent economy actually prefers.

This essay walks the pay-versus-shop gap, the statutory-versus-commercial rails distinction, the PSD3/PSR rebuild, the AI Act guardrails, the seams between the two regimes, the mandate model that bridges the gap, and the structural reading of agentic commerce as co-defined by converging regulation.

By Thorsten Meyer — June 2026

This is the fourth dispatch in the Agentic Commerce track — the infrastructure and regulation of AI agents that transact. The first three walked the bank account in the chat, the unbundling of personal financial management, and the European mandate. This one walks the layer beneath all three: the rails an agent must run on to move money in Europe, and the two regulatory regimes rebuilding and constraining them simultaneously.

The structural argument I want to make: the question “can an AI agent pay for things in Europe” has no technological answer, only a regulatory one — and the regulation is being written right now, in two separate processes that an agentic economy will experience as a single stack. The agent’s wallet, the agent’s authority, the agent’s data access, and the agent’s accountability are each governed by a different instrument (PSR for authentication, FIDA for data, the AI Act for the model, PSD3 for the license), and the agentic-commerce experience is the sum of how those instruments interact — which is to say, the seams between them.

The headline integrative finding: Europe is building the most deliberate agentic-commerce foundation in the world and paying for that deliberateness in speed. The statutory rails — mandatory API parity, direct payment-system access for nonbanks, open finance — are genuinely better infrastructure than degraded bank APIs and sponsor-bank dependency. But they arrive on legislative time, and an agent cannot transact ahead of the regime. The bet Europe is making is that durable, open, publicly-owned rails will produce a better agentic-commerce market than fast, concentrated, privately-owned ones — even if it means arriving later. Whether that bet pays is the question the whole stack rests on, and it is genuinely unresolved.

This essay walks the pay-shop gap (Section I), statutory versus commercial rails (Section II), the PSD3/PSR rebuild (Section III), the AI Act guardrails (Section IV), the seams (Section V), the mandate bridge (Section VI), and the structural reading (Section VII).

---

Amazon

European multi-factor authentication payment device

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

I · The gap · an agent that shops cannot pay

The constraint crystallization. The defining fact of European agentic commerce is a legal gap, not a technical one. Understanding exactly where the agent stops is the key to everything that follows.

Where the agent stops

Capability is not the barrier: an AI agent can already do the commercial work — compare products, evaluate options, fill the cart, select the best deal. The technology for agentic shopping is largely in place. The barrier is the payment step, and it is legal: PSD2’s Strong Customer Authentication requires multi-factor human authentication for online payments, and there is no current mechanism to treat an AI agent as the equivalent of a human payer.

SCA was built for humans: SCA requires two of three factors — something the payer is (biometric), knows (password), possesses (a device). Each factor presumes a human. An autonomous agent has none of them in the way the regime intends; it cannot “be,” “know,” or “possess” in the SCA sense. The authentication regime that protects European payments is, by construction, built around a human payer — and the agent is not one.

Why this is the European-specific gap

The main barrier is regulatory, not technological: the analysts are blunt — the main barrier to agentic-payment adoption in Europe is not technological capability, which is largely in place, but legal and regulatory constraints. Europe’s agentic-commerce bottleneck is its own payment law. That is a different kind of constraint than a missing feature; it cannot be engineered around, only legislated through.

The gap observation

The defining constraint on European agentic commerce is a legal gap, not a technical one: an agent can shop but cannot pay, because Strong Customer Authentication requires human authentication and there is no mechanism to treat an agent as a legal payer. The capability is present; the authority is absent. This is the European-specific condition — the bottleneck is the payment regime itself — and it means agentic commerce in Europe waits not on better models but on a regulatory architecture that can accommodate a non-human payer. That architecture is exactly what PSD3/PSR and the AI Act are now building.

---

Amazon

PSD3 compliant API payment gateway

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

II · Statutory versus commercial rails · why the US playbook does not port

The foundational-difference crystallization. The single most important thing to understand about European agentic commerce is that its rails are statutory, while the American rails the US playbook assumes are commercial. That difference shapes everything downstream.

The US commercial rails

Private infrastructure, extendable by decision: in the US, agentic payments run on rails the card networks and aggregators own and operate — Mastercard’s Agent Pay, Visa’s Intelligent Commerce, Plaid’s data network. These are commercial systems; their operators can extend agent functionality, define agent authentication, and ship agentic-payment products as business decisions. When Visa decides agents can transact on Intelligent Commerce, agents can transact — the rail’s owner sets the rule.

Speed and concentration: commercial rails move at product speed, not legislative speed. They are fast — and they are concentrated, controlled by a handful of networks and aggregators who set the terms of access. The US agentic-commerce stack is fast because a few firms can decide to build it, and concentrated for the same reason.

The EU statutory rails

Public infrastructure, defined by regulation: in Europe, the payment rails are defined by law — PSD2/PSD3, the PSR, SCA, FIDA. No network can grant an agent payer status the way Visa can, because payer status is a regulatory question, not a product decision. The rail’s rules are set by the legislature, not the rail’s owner — which means agentic payment in Europe waits on regulation, not on a network’s roadmap.

Slowness and openness: statutory rails move on legislative time — slow. But they are open: mandatory API parity (PSD3) means no bank can degrade the interface to favor its own products, and open finance (FIDA) means the data substrate is a regulated utility, not a private moat. The EU stack is slow because law is slow, and open because law mandates openness.

Why the playbook does not port

You cannot import a commercial solution into a statutory regime: the US agentic-commerce playbook — build the rail, extend it to agents, ship the product — assumes the rail’s owner can set the rule. In Europe, the rule is set by regulation, so the playbook’s central move (extend the rail by decision) is unavailable. A US firm cannot bring Agent Pay to Europe and simply switch agents on; it must wait for the European regime to define how an agent authenticates, accesses data, and pays. The playbook does not port because the foundation is different in kind.

The rails observation

European agentic commerce runs on statutory rails defined by regulation, while the US runs on commercial rails owned by networks and aggregators — and that difference is foundational: US rails extend to agents by a firm’s decision (fast, concentrated), EU rails extend only by regulation (slow, open). The US playbook assumes the rail’s owner sets the rule; in Europe the legislature does, so the playbook’s central move is unavailable. This is why European agentic commerce will lag the US commercially and why it may end up structurally better: the same property that makes it slow — statutory rails — is the property that makes it open, and no agent economy built on Visa’s permission is as open as one built on mandatory API parity.

---

AI Ethics & Compliance Field Manual: A Practical Guide to Navigating EU AI Act, GDPR, and Responsible AI for Business Leaders (The Six Sigma Quick Wins Series)

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

III · The PSD3/PSR rebuild · the new payment rails

The infrastructure crystallization. The payment rails an agent must run on are being rebuilt right now, and the rebuild is the most consequential payments reform since PSD2 introduced open banking. The timeline and the substance both matter.

The timeline

Agreed, publishing, applying: the European Parliament and Council reached provisional political agreement on PSD3 and the PSR on November 27, 2025; final texts are expected in the Official Journal in summer 2026. The PSR (a directly applicable regulation) takes effect ~20 days after publication; PSD3 (a directive) requires national transposition over ~18 months, so full applicability lands around 2028. The rails are being rebuilt on a 2026-2028 schedule — which is the clock European agentic commerce runs on.

The substance that matters for agents

Mandatory API parity: the single most important change for agents — banks must maintain their third-party APIs to the same standard of stability, functionality, and performance as their own digital channels. No more deliberately degraded interfaces. An agent accessing a bank through a third-party API gets a first-class interface by law — which is the difference between an agent that works and one that is quietly throttled by the bank whose customer it is acting for.

Direct payment-system access for nonbanks: PSD3 lets nonbank PSPs participate directly in EU payment systems, ending the sponsor-bank dependency that gave banks a veto over fintech business models. An agentic-payment provider could access the rails directly rather than through a bank that competes with it — a structural shift that matters enormously for who can build agentic commerce.

The PI/EMI merger and SCA evolution: PSD3 merges the Payment Institution and E-Money Institution regimes into one license, and the PSR carries the conduct rules (SCA, fraud, APIs) directly. The SCA regime — the thing that currently blocks agent payment — is being rewritten in the PSR, which is where any accommodation for agentic authentication would have to live.

The fraud backdrop

The reform’s driver: the package is driven partly by a forecast of $400 billion in payment fraud losses over the coming decade; it shifts fraud liability toward institutions, mandates verification-of-payee on all transfers, and requires spending limits and blocking mechanisms. The fraud focus matters for agents because an autonomous payer is a new fraud surface — and the regime that accommodates agents will have to do so within a framework built to reduce fraud, not expand it.

The PSD3/PSR observation

The payment rails an agent must run on are being rebuilt on a 2026-2028 schedule, with mandatory API parity (a first-class interface by law), direct payment-system access for nonbanks (ending the sponsor-bank veto), and the SCA regime rewritten in the PSR (where any agentic-authentication accommodation must live). This is genuinely better infrastructure than degraded bank APIs and sponsor-bank dependency. But it arrives on legislative time, and the SCA accommodation that would let an agent pay is not yet written — which means the rails are improving and the specific gap (agent-as-payer) remains open, to be resolved within a framework built to fight a $400 billion fraud problem.

---

Amazon

European agentic commerce payment solution

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

IV · The AI Act guardrails · the model regime

The constraint-layer crystallization. Running on the payment rails is necessary but not sufficient. The AI systems that power agentic finance also fall under the AI Act, and the high-risk classification is the guardrail that shapes what an agent can do beyond paying.

The high-risk classification

Credit scoring is high-risk: the AI Act classifies certain financial AI uses — notably credit scoring and creditworthiness assessment — as high-risk under Annex III, subject to the strict obligations: conformity assessment, quality management, human oversight, transparency, data governance, registration in the EU database, and post-market monitoring. The AI that would let an agent assess a loan, score a borrower, or make a credit decision is high-risk by classification — which loads it with the heaviest compliance tier in the Act.

The timeline and the wrinkle

August 2, 2026 — maybe: the high-risk obligations (Annex III, Articles 9-17 for providers and Article 26 for deployers) were set to apply from August 2, 2026. But the May 7, 2026 “AI Act Omnibus” political agreement proposes extending certain high-risk deadlines (potentially to 2027) — though it is not yet formally adopted, and the prudent reading is to treat August 2026 as operative until the extension becomes law. The guardrail’s exact date is in flux, which is itself a planning problem: an agentic-finance builder must prepare for August 2026 while the deadline may move to 2027.

What the guardrail requires

Human oversight and accountability: deployers of high-risk systems must implement human oversight, retain automated logs for at least six months, and conduct Fundamental Rights Impact Assessments where required. The AI Act’s human-oversight requirement intersects directly with the payment regime’s human-authentication requirement: both regimes, from different directions, insist a human remain in the loop — the AI Act for the decision, the PSR for the payment.

The extraterritorial reach: the AI Act applies to any system serving EU customers, even if the model runs on servers outside Europe — so a US lab’s agent assessing credit for a European user is in scope. The guardrail is not escapable by hosting offshore, which means the European AI regime shapes agentic finance globally, the way the European payment regime shapes agentic payment — the Brussels Effect, applied to agents.

The AI Act observation

The AI systems powering agentic finance fall under the AI Act, which classifies credit scoring and creditworthiness assessment as high-risk — loading them with conformity assessment, human oversight, and registration — on a deadline (August 2, 2026) now possibly slipping to 2027 under the May 2026 Omnibus. The human-oversight requirement intersects with the payment regime’s human-authentication requirement: both insist a human stay in the loop. The guardrail shapes what an agent can do beyond paying — and because it reaches any system serving EU users, it shapes agentic finance globally. The rails (PSD3/PSR) govern whether the agent can pay; the guardrails (AI Act) govern whether it can decide.

---

V · The seams · where the two regimes meet imperfectly

The fragmentation crystallization. The agentic-commerce stack is the sum of two regimes that were not designed together — and an agent economy experiences the gaps between them. The seams are where the real difficulty lives.

Different instruments, one experience

Four instruments, one agent: the agent’s payment authority lives in the PSR (SCA), its data access in FIDA, its license in PSD3, its decision-making in the AI Act. An agentic-commerce provider must comply with four instruments that have different scopes, timelines, and competent authorities — and the agent’s user experiences the sum as one product. Where the instruments align, the experience is seamless; where they diverge, the seam shows.

The timeline seams

The regimes do not arrive together: the AI Act’s high-risk obligations (August 2026, maybe 2027); PSD3/PSR (publishing summer 2026, applying ~2028); FIDA (still in trilogue in 2026, no firm date). The pieces of the agentic stack mature on different clocks, so for a window, an agent might be governed for its decisions (AI Act live) before the rails it needs are rebuilt (PSD3 applying) or the data it needs is opened (FIDA pending). The stack is not synchronized.

The scope seams

Who is the deployer, who is the provider?: the AI Act distinguishes providers (who build the system) from deployers (who use it); the PSR distinguishes PSPs by license type; FIDA introduces a new Financial Information Service Provider category. An agentic-commerce firm may be a deployer under the AI Act, a PSP under the PSR, and an FISP under FIDA simultaneously — three regulatory identities, three sets of obligations, potentially three competent authorities. The seams are where those identities overlap or conflict.

Why the seams matter

The agent inherits the gaps: a well-designed single regime would govern the agent coherently. Two (or four) regimes designed separately govern it in pieces, and the pieces have gaps and overlaps. The friction in European agentic commerce is not within any one regime but between them — and that inter-regime friction is the structural cost of regulating a converged technology with un-converged instruments.

The seams observation

The agentic-commerce stack is the sum of four instruments — PSR (payment), FIDA (data), PSD3 (license), AI Act (model) — that were not designed together, have different scopes, timelines, and competent authorities, and govern a single agent in pieces. The seams between them are where the real difficulty lives: a firm may hold three regulatory identities at once, and the pieces of the stack mature on different clocks. European agentic commerce’s friction is inter-regime, not intra-regime — the structural cost of regulating a converged technology with instruments that did not converge. The agent inherits every gap between the regimes that govern it.

---

VI · The mandate bridge · how the gap gets crossed

The mechanism crystallization. There is a model that bridges the agent-as-payer gap without waiting for the regimes to fully resolve it — the pre-authorized spending mandate. It is the most likely near-term path, and it reveals what the regimes will have to formalize.

The mandate model

Pre-approved spending boundaries: the model behind Mastercard’s Agent Pay and the emerging European approaches — the human user sets spending limits, allowed merchants, and use cases in advance, and the agent acts within those pre-authorized boundaries. The human authenticates the mandate once (satisfying SCA at the point of authorization); the agent then transacts within it without re-authenticating each payment. The human authority is established up front and delegated, within limits, to the agent.

Why this fits the regimes

It keeps the human in the loop where both regimes require it: the mandate model satisfies the payment regime’s human-authentication requirement (the human authorizes the mandate) and the AI Act’s human-oversight requirement (the human sets and can revoke the boundaries) simultaneously. It is the design that threads both regimes’ insistence on a human in the loop — authorization at the mandate level, oversight through the boundaries — without requiring the human to authenticate every transaction. This is the bridge that connects to The mandate dispatch’s thesis: the European model is permission-and-boundary, not autonomous action.

What the regimes must formalize

The mandate needs a legal basis: for the mandate model to scale, the regimes have to formalize it — define how a delegated mandate satisfies SCA, how the agent’s authority is scoped and revoked, how liability allocates when an agent transacts within a mandate that turns out to be exploited. The PSR’s SCA rewrite is where the mandate’s legal basis would live, and the AI Act’s oversight rules are where the boundary requirements would live. The mandate is the practical bridge; the regimes must build the legal abutments.

The mandate observation

The pre-authorized spending mandate bridges the agent-as-payer gap by establishing human authority up front (satisfying SCA) and delegating bounded action to the agent (satisfying AI Act oversight) — threading both regimes’ insistence on a human in the loop without per-transaction authentication. It is the most likely near-term path and the design the regimes will have to formalize — the PSR for the SCA basis, the AI Act for the boundaries. The mandate is the answer to “how does an agent pay in Europe”: not as an autonomous payer, but as a bounded delegate of a human who authorized it once — which is exactly the permission-and-boundary model the European approach favors over autonomous action.

What this is not

It is not a claim that Europe will lose agentic commerce. The statutory rails are slower but more open; the bet is on durability over speed, and it may well pay. The claim is about the foundation’s nature, not its inferiority.

It is not a claim that the US approach is wrong. Commercial rails are faster and have shipped working products; speed has real value in a nascent market. The claim is that the two foundations are different in kind, with different tradeoffs.

It is not a prediction of the deadlines. PSD3 applicability (~2028), the AI Act high-risk date (August 2026 or 2027), FIDA (pending) are all subject to the legislative process. The claim is structural, not a forecast of exact dates.

The synthesis observation

European agentic commerce is not a product shipped onto existing rails; it is a system co-defined by two converging regulatory regimes — PSD3/PSR rebuilding the statutory payment rails and the AI Act installing the high-risk guardrails — so the constraint is not the agent’s capability but the legal architecture it must run on, and that architecture is statutory, fragmented across four instruments, and different in kind from the commercial rails the US playbook assumes. The agent that shops cannot yet pay; the mandate model bridges the gap by keeping a human in the loop where both regimes require one; and the rails improve on legislative time while the seams between the regimes are where the friction lives.

There is no single answer. Anyone offering one is selling something. What is unambiguous is that the US and EU are building agentic commerce on opposite foundations: the US on commercial rails a few firms own and extend by decision — fast and concentrated; the EU on statutory rails no one owns and everyone follows — slow and open. Europe is betting that durable, open, publicly-owned rails produce a better agentic-commerce market than fast, concentrated, privately-owned ones, even at the cost of arriving later. The capability is identical on both sides; the foundation is not. Which foundation an agent economy actually prefers — the fast private rail or the open public one — is the genuine open question, and it will be answered not by which has the better models but by which has the better rails.

That is the structural editorial question the rails sit on top of. It is an agent that can shop but cannot pay, blocked by law and not by capability. It is a statutory foundation that is slower and more open than the commercial one the US assumes. And it is a stack co-defined by regimes that did not converge, governing a converged technology through its seams. And it is the layer where European agentic commerce gets decided — not in the labs that build the agents, but in the Parliament and Council that are, right now, pouring the rails the agents will have to run on, and the guardrails they will have to run within.

---

About the Author

Thorsten Meyer is a Munich-based futurist, post-labor economist, and recipient of OpenAI’s 10 Billion Token Award. He spent two decades managing €1B+ portfolios in enterprise ICT before deciding that writing about the transition was more useful than managing quarterly slides through it. He runs StrongMocha News Group, a network of more than 450 niche WordPress magazines built on the DojoClaw editorial engine. More at ThorstenMeyerAI.com.

---

Related Reading · the Agentic Commerce track

This dispatch

• This piece · The rails · the European-infrastructure forensic — how PSD3/PSR and the AI Act co-define the rails and guardrails agentic finance must run on, and why the statutory European foundation differs in kind from the US commercial one · structural-slate dominant, transition-bronze and empirical-clay balance

The track

• The bank account in the chat · Agentic Commerce 01 · the consumer-finance agent whose payment step this piece shows is legally blocked in Europe
• Unbundled · Agentic Commerce 02 · the personal-financial-management layer that FIDA’s open finance would turn into a regulated utility
• The mandate · Agentic Commerce 03 · the conduct regime this piece complements — The mandate governs the agent’s behavior, The rails rebuilds the infrastructure it runs on

Adjacent tracks

• The prospectus · AI Governance 04 · the labs whose agents must meet these European rails when they cross the Atlantic
• The stake · Post-Labor 01 · who owns the open, statutory rails — the public-utility logic that connects to broad ownership
• The deployment · Enterprise Reorg 03 · the enterprise-AI deployment that meets the same AI Act high-risk obligations in the financial sector

---

Sources

The payment rails · PSD3 and PSR

• Crassula · PSD3 and PSR 2026 — provisional agreement November 27, 2025; publication H1/summer 2026; entry into force 2027 after 21-month transition; PI/EMI merger; IBAN-name check; APP-fraud liability; FIDA still in trilogue April 2026 (extends open banking to investments, pensions, insurance, mortgages under a Financial Information Service Provider category) · crassula.io
• Open Banking / PSD3 restarts the revolution — PSD3 publication H1 2026, ~18-month transposition → applicability Q2/Q3 2028; PSR directly applicable 20 days after publication; mandatory API parity (banks must maintain third-party APIs to the same standard as their own channels); FIDA extends open finance to insurance, pensions, investments · mybusinessfuture.com
• Speednet · PSD3 and PSR architectural reset — the $400B-fraud-loss forecast driving the reform; the right for nonbank PSPs to participate directly in EU payment systems (ending sponsor-bank dependency and the bank veto over fintech models); consent dashboards; penalties to 4% of turnover · speednetsoftware.com
• Norton Rose Fulbright · PSD3/PSR 2026 readiness — harmonized authorization timelines; EMIs become a sub-category of PIs; DORA alignment; triangular passporting; MiCA streamlined path · nortonrosefulbright.com
• Linklaters · Payments in 2026 #3 (PSD3) — texts to become law ~mid-2026; verification-of-payee on all wire transfers; spending limits and blocking measures; the EBA’s ~40 mandates under PSR/PSD3; Q2 2026 EBA implementation roadmap · financialregulation.linklaters.com

The agent-as-payer gap and the mandate model

• Taylor Wessing · Agentic AI in payments: key regulatory considerations — the AI Act applying in full from August 2, 2026 (risk-based, high-risk obligations); the provider/deployer distinction; PSD2’s SCA requiring two of three factors (something the payer is/knows/possesses) — built around a human payer · taylorwessing.com
• Finextra (Zelezkins) · Agentic AI in payments 2026 — “the main barrier is not technological capability, which is largely in place, but legal and regulatory constraints”; PSD2/SCA require clear human authorization and there is “no current mechanism for AI agents to be treated as equivalent to a human payer”; Mastercard Agent Pay and Visa Intelligent Commerce; the pre-approved spending mandate model · finextra.com

The AI Act guardrails

• CSA / Lab Space · EU AI Act high-risk deadline — August 2, 2026 the binding enforcement date for high-risk obligations (Articles 9-17 providers, Article 26 deployers); the November 2025 Commission proposal to delay to late 2027 “has not been enacted — treat August 2026 as operative”; conformity assessment, EU-database registration, quality management, post-market monitoring, FRIAs, six-month log retention · labs.cloudsecurityalliance.org
• Latham & Watkins · AI Act Omnibus (May 7, 2026) — the political agreement extending certain high-risk deadlines, expected formal adoption by July 2026 ahead of the August 2 date; generative-AI watermarking grandfathered to December 2, 2026; fines up to €15M or 3% of turnover · lw.com
• Secure Privacy · EU AI Act 2026 compliance — credit-application assessment and candidate screening as high-risk; the extraterritorial reach (a US company using AI for loan approvals serving EU customers is in scope even if models run outside Europe); non-compliance up to 7% of global revenue · secureprivacy.ai
• EBA · AI Act implications for the EU banking sector — the Commission’s mandate to issue high-risk-classification guidelines by February 2, 2026; the interaction with CRD/CRR, DORA, the Consumer Credit Directive, the Mortgage Credit Directive, and PSD — the sectoral-overlap problem · eba.europa.eu

The track backbone

• The bank account in the chat / Unbundled / The mandate · Thorsten Meyer · Agentic Commerce 01-02-03 · the consumer agent whose payment is blocked, the PFM layer FIDA would open, and the conduct regime this infrastructure piece complements

Key reference figures crystallized

• The gap: agent can shop, cannot pay; SCA requires human multi-factor authentication; “no current mechanism for AI agents to be treated as equivalent to a human payer”; the barrier is legal, not technological
• Statutory vs commercial rails: US — Mastercard Agent Pay, Visa Intelligent Commerce, Plaid (commercial, extendable by decision, fast, concentrated); EU — PSD3/PSR/SCA/FIDA (statutory, defined by regulation, slow, open)
• PSD3/PSR: provisional agreement Nov 27 2025; publication summer 2026; PSR directly applicable ~20 days after; PSD3 applicable ~2028; mandatory API parity; direct payment-system access for nonbanks; PI/EMI merger; $400B fraud-loss driver; 4%-turnover penalties
• The AI Act: high-risk (Annex III) credit scoring/creditworthiness; August 2, 2026 deadline (May 2026 Omnibus may slip to 2027, not yet adopted); conformity assessment, human oversight, registration, FRIAs; extraterritorial; up to 7% of global revenue
• The seams: four instruments (PSR/FIDA/PSD3/AI Act), different scopes/timelines/authorities; one firm may be deployer + PSP + FISP simultaneously; inter-regime friction
• The mandate bridge: pre-authorized spending mandate (Mastercard Agent Pay model); human authorizes once (satisfies SCA) + sets boundaries (satisfies AI Act oversight); the legal basis must live in the PSR’s SCA rewrite