Written by Sabine VanderLinden

• Navigating the Regulatory Maze: Understand the critical EU regulations, from the AI Act to PSD3, that create a phased 2026-2028 deployment timeline for Agentic Commerce, and what they mean for autonomous payment protocols.

• The $5 Trillion Prize: Explore how "Frontier Firms" are leveraging AI agents to capture a share of the projected multi-trillion-dollar agentic commerce market, with deep dives into the strategies of Stripe, Microsoft, and OpenAI.

• Reinventing Industries: Discover how agentic AI is set to revolutionize highly regulated sectors like finance and insurance, transforming everything from underwriting with "Digital Risk Management Intelligence" to closing the vast "Protection Gap" with embedded, parametric products.

Imagine your digital twin. You have a critical, multi-city business trip across Europe in two weeks, and you delegate the entire task. Within moments, your AI agent analyzes your calendar, identifies the optimal travel windows, and books the flights and hotels, cross-referencing your loyalty programs and seating preferences. It secures ground transportation and even procures a tailored travel insurance policy that covers specific risks associated with your destinations. The entire, complex itinerary is handled autonomously.

This isn’t science fiction. This is the dawn of the Agentic Frontier. But as this digital twin prepares to execute the final payment, it enters the world’s most complex and robust regulatory market: Europe.

Will the transaction succeed? The answer to that question is shaping the future of commerce.

Why This Matters Now: The Inevitable Convergence

We are at a critical inflection point where three powerful forces are converging: the maturation of generative AI into autonomous agents, the crystallization of a comprehensive European regulatory framework for AI and payments, and a market demand for hyper-personalized, frictionless experiences. The window to define the market architecture for this new world is now open. Those who wait on the sidelines will be forced to play by the rules that others create. The opportunity is not just to participate in the agentic future but to build it, embedding trust, security, and value from the ground up. Integrating AI into business processes requires careful consideration of associated risks and the development of mitigation strategies. For regulators, standards bodies, and corporate leaders, the time to act is now. Business leaders play a critical role in overseeing decision-making processes and ensuring that AI integration into business processes is aligned with organizational goals and risk management strategies.

The Dawn of the Agentic Frontier: A New Economic Paradigm

Agentic Commerce is a revolutionary paradigm in which AI agents, acting on behalf of consumers and businesses, orchestrate the entire commercial journey. This is a seismic shift that goes beyond a mere e-commerce evaluation. McKinsey & Company projects that agentic commerce could generate $3 trillion to $5 trillion in global retail revenue by 2030 [1]. This transformation is giving rise to a new kind of organization: the Frontier Firm. Coined by Microsoft, a Frontier Firm is a human-led, agent-operated organization that treats intelligence as a utility [2]. These hyper-agile entities are built for this new era, leveraging AI as “digital labor” to augment human capability and unlock unprecedented efficiency. The data signals a rapid shift: 81% of leaders expect AI agents to be moderately or extensively integrated into their company’s AI strategy in the next 12–18 months [2], and among consumers 44% of those who have tried AI-powered search now call it their primary and preferred source, compared with 31% who still favour traditional search [1].

Agentic AI builds on generative AI techniques by using large language models to function in dynamic environments. These advanced AI tools are designed to manage complex workflows, where multiple autonomous agents coordinate to solve problems and execute multi-step business processes seamlessly. Agentic systems can maintain long-term goals, manage multistep problem-solving tasks, and perform specific tasks ranging from simple, repetitive duties to highly complex activities. They provide the flexibility of large language models with the structured features of traditional programming, enabling deployment across virtually any AI use case in any real-world ecosystem. Furthermore, agentic AI can learn from experiences and gather feedback to improve future decisions through reinforcement learning.

Navigating Europe’s Regulatory Maze: A Blueprint for Deployment

The European Union, often seen as a complex regulatory environment, is paradoxically creating the very rails upon which agentic commerce will run. A suite of interconnected regulations forms a gauntlet that, once navigated, provides a clear and secure path to market. For agentic payment protocols, four pieces of legislation are paramount.

• First, the EU AI Act, effective in 2024 and the cornerstone of the regulatory framework for AI, classifies AI systems by four risk levels: unacceptable, high, limited, and minimal. High-risk AI systems, particularly in finance, must comply with stringent requirements before market entry. The Act specifically designates financial AI use cases such as creditworthiness assessment, credit scoring, and life and health insurance pricing for natural persons as high-risk, while explicitly exempting fraud detection systems. The Act mandates rigorous risk assessments, high-quality datasets to prevent bias and ensure fair outcomes in financial services, transparency, and meaningful human oversight for these designated applications [3]. The EU intends to set global standards in AI regulation, positioning itself as a leader in ethical AI development. AI-driven payments are further supported by initiatives such as the AI Pact and AI Factories, which help businesses comply with regulations. The AI Liability Directive aims to ease the burden of compensation claims for damages caused by defective AI systems, placing responsibility on developers. The directive for AI-driven payments is anchored in the EU AI Act, supplemented by the Apply AI Strategy and Digital Omnibus Package. There is also uncertainty regarding liability when an AI agent exceeds its mandate or causes financial loss, which organizations must consider in their risk management strategies. The EU is developing a trust framework based on "Know Your Agent" (KYA) principles for AI systems, aiming to establish trust as a competitive advantage by mandating transparency and bias mitigation.

• Second, the upcoming Payment Services Directive (PSD3) and Payment Services Regulation (PSR) will evolve the open banking framework and, most critically, force the industry to solve the challenge of applying Strong Customer Authentication (SCA) to autonomous agents [4].

• Third, the Digital Operational Resilience Act (DORA), which became applicable on 17 January 2025, requires all 21 categories of financial entities to maintain robust frameworks for ICT risk management, incident reporting, resilience testing, third-party risk management, and threat intelligence sharing. In November 2025, the three European Supervisory Authorities (EBA, EIOPA, and ESMA) jointly designated the first Critical ICT Third-Party Providers (CTPPs) under DORA, bringing major cloud and AI infrastructure providers under direct regulatory oversight [5].

• Finally, the GDPR’s Article 22 establishes a general prohibition on decisions based solely on automated processing that produce legal effects or similarly significant impacts on individuals. Separately, Articles 13, 14, and 15 require controllers to provide “meaningful information about the logic involved” in such processing, an obligation the CJEU reinforced in its 2025 ruling in Case C-203/22 (Dun & Bradstreet Austria). Together, these provisions create layered transparency and contestability requirements that must be designed into agentic payment flows from the outset [6].

To manage AI adoption effectively, companies should prioritize risks based on their potential impact and likelihood of occurrence, ensuring that risk management decisions are made at the appropriate level of authority. Reducing risks involves implementing controls, process improvements, and adopting methodologies such as those used in software development, which enable early problem detection and minimize costly rework. Integrating AI into business processes requires careful consideration of associated risks and the development of mitigation strategies. Organizations should also establish clear communication channels and expectations to manage relationships with AI technology providers effectively.

These regulations are not barriers but a blueprint. They create a phased deployment timeline for agentic commerce in Europe, providing clarity for innovators and investors.

Building the Engine: The New Market Architecture for AI Payments

With the regulatory framework providing the blueprint, the industry’s architects are now building the engine. An autonomous payment ecosystem requires a directive market architecture with new rules for security, liability, and interoperability. Leading this charge are the tech giants who are building the foundational platforms.

Stripe's Payment Intelligence Layer

Stripe is creating a “Payment Intelligence Layer” for agents, encapsulated in its Agentic Commerce Suite. Through its partnership with Microsoft, Stripe now powers Copilot Checkout, enabling seamless purchases within a chat interface. As Kevin Miller, Stripe’s head of payments, states, “AI is changing how commerce works, and as with every technology shift, it needs new infrastructure. Stripe is building that infrastructure.” [7]

Microsoft Brings Conversational Commerce to Life

Microsoft itself is driving the vision of agentic AI in retail, with major announcements at NRF 2026 and partnerships with companies like Etsy to bring conversational commerce to life [8]. Meanwhile, OpenAI is building the foundational Agentic Commerce Protocol (ACP), an open standard for AI-driven transactions, while Perplexity is demonstrating a direct-to-consumer model with its “Buy with Pro” feature [9, 10]. This work is supported by standards bodies like ACORD (for insurance), ISO (with its new AI management standard, ISO/IEC 42001), and the W3C, which are all creating the legitimacy frameworks for a trusted, interoperable agentic economy [11, 12, 13].

Agentic Commerce Goes Complex Workflows

After these foundational platforms and protocols, AI agents are now poised to manage complex purchasing workflows, such as automated stock replenishment and personal shopping based on user preferences, by leveraging advanced AI tools. These AI agents can evaluate multiple options and determine the best course of action for purchases, streamlining decision-making and execution across intricate, multi-step processes. As a result, payments in the future will become invisible, embedded within conversations or integrated directly into procurement-to-pay systems. The transition to instant payments is expected to become the default option by 2026, significantly enhancing transaction efficiency for SMEs. Additionally, the new Third Payment Services Directive (PSD3) aims to formalize delegated initiation and harmonize liability for AI-initiated transactions, providing further clarity and trust in agent-driven commerce.

Building the Trust Infrastructure

Critically, the payment networks themselves are now building the trust infrastructure for agent-to-merchant transactions. Visa unveiled its Trusted Agent Protocol (TAP) in October 2025, developed in collaboration with Cloudflare. TAP uses cryptographic HTTP Message Signatures based on IETF standards (RFC 9421), specifically Ed25519, to allow merchants to verify that an AI agent is trusted before processing any transaction. Each request is signed with a private key, verified against a public key store, and locked to a specific merchant context with replay-attack protection. In December 2025, Visa reported hundreds of completed agent-initiated transactions with partners including Adyen, Shopify, Stripe, Microsoft, and Fiserv [17].

Mastercard's Partnerships

Mastercard launched Agent Pay in April 2025, introducing Mastercard Agentic Tokens—dynamic, scope-limited, short-lived digital credentials that carry governance metadata, including agent identity, intent, and consent proof. Agents must be registered and cryptographically attested via a “Know Your Agent” protocol, analogous to traditional KYC requirements. By late 2025, OpenAI’s Instant Checkout had integrated Agent Pay for ChatGPT, and in January 2026, Mastercard joined Google’s Universal Commerce Protocol and partnered with Cloudflare on Web Bot Auth [18].

Protocol for Autonomous AI Systems

Underpinning these commercial protocols is an emerging security framework. The OWASP Top 10 for Agentic Applications, released on 9 December 2025, is the first globally peer-reviewed security framework for autonomous AI systems, developed by over 100 experts with review board members from NIST, the Alan Turing Institute, and the European Commission. It catalogues the ten most critical risks, from Agent Goal Hijack (ASI01) and Tool Misuse (ASI02) through to Rogue Agents (ASI10), and establishes two guiding design principles: Least Agency (granting agents only the minimum autonomy needed for their defined task) and Strong Observability (maintaining comprehensive visibility into agent actions and decision pathways). For any organisation deploying agentic payment systems in Europe, this framework provides an essential security baseline [19].

The Role of the Venture Client Unit in Agentic Commerce

In the rapidly evolving landscape of agentic commerce, the venture client unit has emerged as a strategic powerhouse for large corporations seeking to stay ahead of the curve. Venture clienting, a methodology first championed by the BMW Startup Garage, redefines how established companies engage with startups, not as investors, but as early customers. This approach allows corporations to directly purchase and implement startup solutions to address pressing business challenges, unlocking innovation at a pace and scale that traditional R&D or corporate venturing often cannot match. 

The Role of the Venture Client Unit

By establishing a dedicated venture client unit, companies create a structured gateway for scouting, validating, and adopting cutting-edge technologies from the startup ecosystem, with a strong emphasis on usability to ensure startup solutions can be adopted at scale. This model is particularly effective in the context of AI-powered payments and agentic commerce, where the speed of technological change and the complexity of integration demand agile, low-risk experimentation. Rather than waiting for a startup to mature or for a venture capital investment to yield returns, the venture client unit enables immediate access to innovative solutions that can be piloted, refined, and scaled across the business.

Benefits of Venture Clienting for Corporations and Startups

The benefits are substantial. Venture clienting focuses on solving real business problems, ensuring that every engagement with a startup is tied to a clear operational need. This not only accelerates time-to-value but also reduces the risk typically associated with adopting new technologies. By leveraging the technical expertise and fresh perspectives of startups, large corporations can enhance internal processes, improve the customer experience, and gain a sustainable competitive advantage.

Managing Risks and Driving Long-Term Success

Moreover, the venture client model fosters a culture of close collaboration and long-term relationship building between corporates and startups. It allows companies to tap into emerging trends and business models, while startups benefit from access to real-world business operations, industry knowledge, and the resources of an established organization. This symbiotic relationship drives growth and innovation on both sides, positioning companies to lead in the agentic future.

As agentic AI and multi-agent systems become integral to business operations, the venture client unit will be essential for managing risks, reducing time-to-market, and ensuring that the entire organization is equipped to make informed decisions about which technologies to adopt. In a world where more than half of innovation initiatives fail to scale beyond pilot projects, venture clienting offers a proven pathway to achieve operational impact and long-term success. For companies aiming to solve complex tasks, optimize resource usage, and maintain a lower risk profile while embracing new technologies, the venture client unit is not just an option—it is a strategic imperative.

Sector Spotlight: The Agentic Revolution and Risk Management in Insurance

Nowhere is the potential of agentic commerce more profound than in highly regulated sectors like insurance. AI agents are set to transform the entire value chain, from distribution to underwriting.

Autonomous Insurance Purchasing and Claims Processing

The autonomous purchase of motor, home, and travel insurance will become standard, while claims processing will shift from a reactive, manual process to a proactive, parametric one, leveraging agentic AI to reduce disputes and avoid costly claim litigation. This is the dawn of Digital Risk Management Intelligence, a new capability that provides underwriters with real-time, data-driven insights, leading to estimated loss ratio improvements of 3-5% and quote-to-bind times that are up to 99% faster [14].

Cross-Industry Applications and Risk Considerations

Beyond insurance, agentic AI tools are already streamlining supply chain management through process automation and optimization, helping organizations solve problems that previously required significant manual intervention. In healthcare, agentic AI can monitor patient data and adjust treatment recommendations as new test results become available, while in insurance, digital transformation and AI are reshaping underwriting, claims, and customer engagement, and in cybersecurity, these systems can continuously monitor network traffic for anomalies that might indicate vulnerabilities. In finance, generative and agentic AI can analyze live stock prices and economic indicators to perform predictive analytics, supporting faster and more informed decision-making. These AI tools are designed to autonomously solve problems across sectors, but their autonomous nature means that if they go 'off the rails,' the consequences for enterprises can be serious. As organizations adopt these technologies, business development skills become critical for building teams that can leverage AI-driven capabilities and ensure responsible deployment.

Agentic Commerce and The Protection Gap

Perhaps most importantly, agentic commerce offers a tangible solution to the world’s massive insurance protection gap. While total global insurance premium income reached €7.0 trillion in 2024 [15], the gap between existing coverage and actual protection needs remains vast: Swiss Re’s sigma Resilience Index estimates it at USD 1.83 trillion in annual premium-equivalent terms, while MAPFRE Economics measures the total coverage shortfall at USD 9.0 trillion [20, 21]. By enabling zero-marginal-cost distribution, AI agents make it economically viable for insurers to reach underserved populations with micro-policies, thereby finally closing the gap in areas such as climate and catastrophe coverage. The choice for insurers is becoming stark. As the consultancy AI Risk puts it:

“The strategic choice is binary: Lead this transformation or become invisible to the algorithms that increasingly mediate insurance distribution. (Source: AI Risk” [16]

Shaping the Future, Today

Agentic Commerce in Europe is not a question of if, but how and when. The regulatory framework, once viewed as a potential barrier, is now providing the very rails for a secure and trusted deployment. For today's Frontier Firms, the opportunity is not merely to adapt to this new reality but to actively co-design its market architecture. By embedding trust, transparency, and value into the protocols and platforms that will power this new economy, we can build a future that is not only more efficient but also more equitable and resilient.

Looking ahead, the expected maturity of AI in commerce is projected for 2028-2030, with a shift toward competition for algorithmic attention. In this evolving landscape, leveraging external innovation—by engaging with startups and external partners—will be essential to complement internal efforts and access new solutions. Attracting and working with top talent through pilot projects and venture clienting programs will also be critical for maintaining competitiveness and driving rapid growth. The digital twin is at the gate; who among us will build the bridge?

Frequently Asked Questions (FAQ)

What is Agentic Commerce?

Agentic Commerce is an e-commerce model where intelligent AI agents act autonomously on behalf of consumers or businesses to manage the entire shopping process, from product discovery and price negotiation to final purchase and delivery.

Is Agentic Commerce secure and compliant in Europe?

It will be. The European Union is establishing a comprehensive regulatory framework, including the EU AI Act, PSD3, and DORA, to ensure that agentic commerce is secure, transparent, and compliant. This framework creates a clear path for companies to build and deploy trusted AI payment solutions.

When will I be able to use AI agents for shopping in Europe?

While some early forms are available now, widespread, fully autonomous agentic commerce is expected to roll out in phases between 2026 and 2028, in line with the enforcement timelines of key EU regulations.

How will Agentic Commerce impact the insurance industry?

It will be revolutionary. Agentic AI will automate insurance purchasing, enable proactive and parametric claims, and provide underwriters with powerful new “Digital Risk Management Intelligence.” It also presents a historic opportunity to close the global insurance protection gap.

References

[1] McKinsey & Company. (2025). The agentic commerce opportunity: How AI agents are ushering in a new era for consumers and merchants.

[2] Microsoft. (2025). 2025: The year the Frontier Firm is born.

[3] European Parliament. (2024). EU AI Act: first regulation on artificial intelligence.

[4] Hogan Lovells. (2024). Hogan Lovells PSD3 Impacts Report.

[5] FTI Consulting. (2025). AI and DORA: Enhancing Digital Resilience in Financial Services.

[6] intersoft Consulting Services AG. (n.d.). Art. 22 GDPR Automated individual decision-making, including profiling.

[7] Stripe. (2026). Stripe helps power a new shopping experience in Microsoft Copilot.

[8] Microsoft. (2026). Microsoft propels retail forward with agentic AI capabilities.

[9] OpenAI. (n.d.). Agentic Commerce.

[10] Perplexity. (2024). Shop like a Pro: Perplexity’s new AI-powered shopping assistant.

[11] ACORD. (n.d.). Next-Generation Digital Standards.

[12] ISO. (n.d.). AI management systems: What businesses need to know.

[13] W3C. (2025). Web AI standardization in W3C.

[14] Hyperexponential. (2025). Agentic AI in insurance underwriting: 6 use cases.

[15] Thoughtworks. (2025). Agentic AI: Bridging the global insurance penetration gap.

[16] AI Risk. (2025). Agentic Commerce: The Insurance Distribution Takeover.

[17] Visa. (2025). Visa Trusted Agent Protocol.

[18] Mastercard. (2025). Mastercard Agent Pay.

[19] OWASP. (2025). OWASP Top 10 for Agentic Applications for 2026.

[20] Swiss Re. (2024). sigma Resilience Index 2024.

[21] MAPFRE Economics. (2025). Global Insurance Protection Gap 2025.