A finance team produces the audit trail in two minutes. The transaction stands.
A finance team at a UK acquirer receives a query from a card-issuing bank on a disputed agent-initiated transaction. The amount sits inside the user's standing delegation, the merchant category was authorised, and the cryptographic record of the user's consent was produced at the point of the action. The finance lead opens the dashboard, pulls the audit artefact, attaches it to the case, and the dispute closes the same afternoon. Two minutes of work. The transaction stands. That is agentic commerce compliance in production today.
OneID is the Authority Layer that produces that artefact. It is already live and is the practical answer for any merchant, acquirer or payment network preparing for the UK regulatory contact agentic commerce will run into across 2026 and 2027.
This is the proof piece. It walks through what the infrastructure looks like in production today, who is running on it, and the action list for merchants, acquirers and payment networks.
Agentic commerce compliance, already in production
The infrastructure is not a roadmap. OneID has completed 10 million+ identity verifications across a network connected to 29 UK banks, covering 98% of UK adults with bank accounts, drawing on 37 authoritative data sources. Bank-based and digital-wallet journeys complete at 80 to 90%, well above the rates for document-only verification flows.
The regulatory anchoring is layered. OneID is the first certified Identity Service Provider, first certified Orchestration Service Provider, and first certified Holder Service Provider under the UK Digital Verification Services Trust Framework. FCA regulated under FRN 928911. B Corp certified. ACCS accredited. Aligned with the Data (Use and Access) Act 2025, Part 2 of which placed digital verification services on a statutory footing on 1 December 2025 and authorised the public register, the information gateway to public authorities, and the UK CertifID trust mark for certified providers.
What merchants need now
For merchants, the operational priority is producing an audit artefact when a regulator asks. The Merchant Advisory Group's 2 February 2026 guidance held merchants responsible for fraud, chargebacks and compliance even when an agent initiates the payment. The Competition and Markets Authority's 9 March 2026 guidance put merchant liability for AI-agent actions on the same terms as employee actions, with fines of up to 10% of worldwide turnover under the Digital Markets, Competition and Consumers Act 2024.
A merchant accepting agent-initiated transactions today should be able to produce, on demand, the verified human behind the agent, the scope of the delegation, the consent that was captured, and the audit trail of the transaction inside that scope. OneID delivers this as an integration that sits underneath the existing payment rail, not as a replacement for it.
Acquirers, PSPs and the dispute lifecycle
For acquirers and payment service providers, the operational priority is reducing dispute volume and giving merchant customers a defensible answer to chargeback queries on agent traffic. Bain & Company forecasts that 15% to 25% of US online retail could be agent-mediated by 2030. As volume scales, so does dispute exposure in merchant categories subject to consumer protection rules. The Authority Layer reduces dispute volume by producing an artefact the issuing bank can reference, and shortens dispute lifecycle by giving the merchant customer a single record to attach to a case.
OneID integrates with the Visa Trusted Agent Protocol, Mastercard Verifiable Intent and Amex ACE flows where merchants are running on those networks, sitting as the identity authority above the payment authorisation. Acquirers piloting agent traffic should be evaluating integration paths now while transaction volumes are still small.
The protocol gap payment networks now have to fill
For payment networks, the operational priority is the protocol gap. Each of the major networks has shipped capable agent-recognition specifications. None of them specifies the regulatory standard of the identity check behind the cardholder. The FIDO Alliance Agentic Authentication Technical Working Group is the open-standards forum where that gap is being worked on, with OneID participating as a UK certified provider.
The constructive position for a network is to credit the Authority Layer as the layer adjacent to the rail, and to publish integration guidance for merchants using a DVSTF-certified Authority provider. This is the path of least friction for the regulatory questions that the FCA, ICO and CMA will be asking through the rest of this year and into 2027.
The world is moving the same way
The UK is ahead in statute. The direction of travel is global. The World Bank's Identification for Development programme is supporting 49 countries on digital ID, and the regulatory work to give that identity an agent dimension has begun in jurisdictions including the EU under eIDAS 2.0. UK certification is a forward-compatible position.
What to do this quarter
The work is limited. A typical engagement covers integration of the Authority Layer into one merchant flow, definition of the audit artefact required by the operator's regulatory regime, configuration of the autonomy modes for the user base, and a production handover.
Talk to OneID about the Authority Layer at oneid.uk/agentic-commerce. Payments prove a transaction happened. OneID proves it was authorised.
