AI agents are starting to transact on behalf of humans. Whether mainstream adoption arrives in three or five years is secondary. What matters is readiness—defining digital mandates, verifying
agent identity, and allocating liability before scale arrives. Europe can lead if it builds a trusted framework for agent-initiated payments now.

From human approval to delegated authority

Agentic commerce replaces the user click with predefined intent. Instead of a person approving each transaction, an authorized software agent acts within a scope: “reorder when stock < 20%,” or “renew
if the quote is below €400.” The mechanism is delegation, not autonomy.

Europe already understands this principle. The Dutch eHerkenning scheme proves that digital mandates can work securely at scale. It authenticates organizations and verifies who may act on their behalf through a governed trust framework. Payments now need a
similar structure—one that turns permission and identity into programmable components.

What payments can learn from digital-mandate systems

Four live models show how digital mandates operate safely in production:

·   
Australia –
PayTo: live nationwide. Customers authorize payment agreements inside their banking apps; mandates are stored in a central Mandate Management Service and can be amended or revoked instantly.

·   
UK
–
Variable Recurring Payments (VRP): API-based recurring-payment consents that give users granular control over amount and frequency; commercial pilots expanding in 2025.

·   
EU –
SEPA e-Mandates: new ISO 20022 standard (2025) for electronic creation and verification of SEPA Direct Debit mandates.

·   
India – UPI AutoPay: more than 200
million live mandates for subscriptions and bills, approved via any UPI app and cancellable in seconds.

All share common traits: bank-level authorization, shared mandate registries, full lifecycle management, and scheme governance that distributes risk among participants. These are the same building blocks agentic payments will require.

Agentic payments already emerging

Examples noted by McKinsey and other market reports include
Google’s Agent Payments Protocol (AP2), which is progressing toward open-protocol deployment in 2025, and
Mastercard’s Agent Pay, currently running as a pilot initiative. These demonstrate that the technical foundations for machine-initiated payments are emerging, even if commercial adoption is still limited to controlled
environments.

These initiatives confirm that machine-initiated payments are technically feasible today. The question for financial institutions is not timing but readiness: how to integrate trust, identity, and
auditability before adoption accelerates.

Designing the mandate and identity layer

Agentic payments require a new control layer that links every action to a verifiable identity and a valid mandate.

Key components:

·     
Mandate API: standard interface for creation, amendment, and verification.

·     
Real-time revocation: immediate withdrawal of an agent’s authority.

·     
Continuous authentication: behavioural and contextual monitoring instead of one-time SCA.

·     
Immutable audit trail: cryptographic record tying each payment to its mandate and decision path.

In the EU, this can align naturally with eIDAS 2.0 and the upcoming EU Digital Identity Wallet (EUDI), providing trusted credentials for both human users and their agents.

Regulatory readiness and risk management

Agentic payments intersect three regulatory domains:

·     
AI Act – agent systems will qualify as high-risk; they must be explainable, logged, and subject to human
override.

·     
PSD3 / Payment Services Regulation (PSR) – will formalise delegated initiation and harmonise liability
rules.

·     
GDPR – Article 22 on automated decision-making obliges controllers to maintain auditability and user rights
of review.

A new compliance category will emerge: Know Your Agent (KYA). Just as PSPs verify customers, they must verify the provenance, credentials, and behaviour of the agents acting for them. Continuous risk
scoring and anomaly detection will replace static authentication events.

Scheme-based ecosystems over silos

Europe’s strategic advantage lies in its tradition of scheme governance. Frameworks like eHerkenning and PayTo show that multi-party trust models—rather than closed big-tech ecosystems—deliver scalability
without fragmentation.

A scheme-based approach defines common technical standards (API, credential, event log), shared liability allocation, and certification for participants. This prevents the emergence of isolated agent networks controlled by individual platforms and keeps data
sovereignty within regulated boundaries.

Execution roadmap (next 12–18 months)

Five imperatives:

1.   
Mandate management: develop shared APIs and registries.

2.   
Identity integration: connect payment credentials to EUDI Wallet identities.

3.   
Authentication upgrade: deploy behavioral and contextual risk engines.

4.   
Liability clarity: align contractual frameworks with PSD3 and AI Act expectations.

5.   
Industry collaboration: join pilot programs such as AP2, Agent Pay, or EPC e-Mandates to test
interoperability.

Accountability as infrastructure

Agentic commerce will not replace today’s payments—it will extend them. The institutions that invest now in mandates, identity, and governance will define how autonomy
operates safely within financial infrastructure.

Whether widespread adoption arrives by 2028 or 2030 is largely irrelevant. The systems that engineer accountability today will become the backbone of tomorrow’s autonomous payment ecosystem.