The agentic commerce ecosystem is settling into a shape that is finally legible. Three layers, with different jobs and different owners. The work the payment networks have done over the last six months is substantial. The layer that remains under-supplied is the one closest to the user.
Layer 1 of the agentic commerce ecosystem: discovery and orchestration
The discovery layer is where an agent finds products, surfaces options, and structures intent. OpenAI and Stripe published the Agent Commerce Protocol (ACP) to give agents a standard way to communicate with merchant storefronts. Google's Universal Commerce Protocol (UCP) covers similar ground from the Shopify-anchored side, announced by Sundar Pichai at NRF 2026 on 11 January. The OpenAI Agent APIs and Anthropic's Model Context Protocol (MCP) give agents structured access to tools and data on the merchant side.
These are protocol moves, and they do their job. They standardise how an agent reads a catalogue and structures a basket. They do not authenticate the person who set the agent loose.
Layer 2: payment execution
The payment execution layer is where money moves and where the card networks have been most active. Visa launched Intelligent Commerce Connect on 8 April 2026, including the Trusted Agent Protocol (TAP) which gives the network a way to recognise approved agents at the rail. Mastercard published its Verifiable Intent specification on 5 March 2026, a cryptographic delegation model binding identity, intent and action through the cardholder authentication flow.
American Express introduced ACE on 14 April 2026, with the Amex Agent Purchase Protection layer covering eligible card members when a registered agent makes an error on an authorised purchase. Google's Agent Payments Protocol (AP2) of September 2025 defined Mandates as cryptographically signed proofs of user instructions.
Each of these moves does what the network is built to do: prove the payment instrument is legitimate and the transaction is signed. None of them specifies the regulatory standard the human identity behind the cardholder was verified to, because that has never been the network's job.
Layer 3: trust and authority
The trust and authority layer is the one furthest from the rail and closest to the user. Two open-standards moves anchor it. W3C Verifiable Credentials and the W3C Digital Credentials API give browsers and operating systems a standard way to present cryptographic proofs of identity attributes. The European Digital Identity Wallet and eIDAS 2.0 give EU citizens a legal basis for that presentation. The FIDO Alliance opened an Agentic Authentication Technical Working Group in April 2026 to extend FIDO's authentication standards to agent-mediated interactions.
In the UK, the statutory anchor is Part 2 of the Data (Use and Access) Act 2025, which placed digital verification services on a legal footing on 1 December 2025. The Digital Verification Services Trust Framework (DVSTF) was re-grounded in statute on 3 March 2026, with formal roles for Identity Service Providers, Orchestration Service Providers, and Holder Service Providers. This is the layer where a verified human attests to an agent action, scopes the delegation, and produces an audit artefact that travels with the transaction.
Know Your Agent is necessary, not sufficient
Know Your Agent has emerged as the discipline of verifying the agent itself. PYMNTS and Trulioo defined it in March 2026 around five functional pillars: verify the human principal, verify the agent, verify the delegation, verify the scope, retain audit evidence. The framework is correct in shape, and Sumsub, Trulioo and Prove have done credible work building the agent-side of it.
The framework's own first pillar is the verified human, and the standard for that verification sits outside any agent protocol. A signed Mandate is only as good as the regulatory level of assurance the signer was checked to. KYA verifies the agent. The Authority Layer verifies the person behind the agent and binds the two cryptographically.
What no payment-rail layer can deliver
The mechanism that produces a binding to a verified human is independent of the agent and the merchant, and it has to be. The three properties that mechanism requires are non-repudiation by cryptographic signature, captured Privacy Consent that the user gave directly rather than the agent inferred, and a delegation record bound to a verified identity issued under a statutory standard. These properties cannot be produced inside a payment protocol, because the payment protocol exists to authenticate the instrument, not the human. They cannot be produced inside an agent protocol either, because the agent is the party being delegated to.
OneID is the Authority Layer for Agentic Commerce. The relevant point at the ecosystem level is that this is the layer with its own work to do, independent of the discovery and payment layers, and complementary to both.
What the next piece in this series covers
The Authority Layer is composed of three working parts: Verified Intent, Delegation Service, and Privacy Consent. The next piece in this series sets out how each of them works, how they combine into the seven steps that connect a user to a transaction, and what a UK merchant or acquirer is looking at when the regulator's letter arrives.
