September 2025 — Google has announced the Agent Payments Protocol (AP2), an open protocol designed to enable AI agents to securely initiate and execute payments on behalf of users across multiple platforms. Developed in collaboration with over 60 leading organizations—including Adyen, American Express, Mastercard, PayPal, Coinbase, and Salesforce—AP2 establishes a payment-agnostic framework that allows users, merchants, and payment providers to transact with confidence across diverse payment methods.
This development of this agent payments protocol marks a significant milestone in the evolution of agentic commerce, where autonomous AI systems can make purchasing decisions and complete transactions without direct human intervention. While the protocol addresses critical technical challenges around authorization, authenticity, and accountability, it simultaneously raises fundamental questions about AI governance, risk management, and regulatory compliance that organizations must address.
The traditional e-commerce model assumes a human directly clicks "buy" on a trusted interface. AP2 fundamentally disrupts this assumption by enabling AI agents to autonomously execute transactions based on user mandates—cryptographically-signed digital contracts that serve as verifiable proof of user instructions.
The Agent Payments Protocol (AP2) supports two primary transaction models:
Real-time purchases (human present): When a user requests an agent to "find new white running shoes," the request generates an Intent Mandate capturing the context. Upon user approval of the agent's selection, a Cart Mandate creates an immutable record of items and pricing.
Delegated tasks (human not present): Users can authorize agents to execute future transactions automatically—such as "buy concert tickets the moment they go on sale"—with predefined conditions including price limits, timing, and other parameters.
According to Google's announcement, AP2 also extends support to emerging payment systems including stablecoins and cryptocurrencies through the A2A x402 extension, developed in collaboration with Coinbase, Ethereum Foundation, and MetaMask.
Several sectors stand to gain immediate advantages from agentic commerce capabilities:
Retail and E-commerce: Automated inventory replenishment, personalized shopping experiences, and dynamic pricing optimization become feasible at scale. However, retailers must ensure their AI agents operate within established governance frameworks that prevent discriminatory pricing or manipulative purchasing patterns.
Financial Services: Banks and payment processors can streamline B2B procurement, automate recurring payments, and enable sophisticated treasury management. Yet these institutions face heightened scrutiny under existing financial regulations that now must account for non-human decision-makers.
Travel and Hospitality: Coordinated booking systems can optimize complex itineraries across multiple providers. The challenge lies in ensuring AI agents respect consumer protection laws and maintain transparent pricing practices.
Enterprise Software and Cloud Services: Autonomous license scaling and resource procurement can improve operational efficiency. Organizations must implement robust AI management systems to maintain oversight of these automated purchasing decisions.
Healthcare and Pharmaceuticals: Automated medical supply ordering and pharmaceutical procurement could enhance efficiency, but must navigate strict regulatory requirements around medical device regulations and patient safety standards.
While AP2 provides technical infrastructure for secure transactions, it does not address the broader governance challenges that autonomous AI agents introduce. Organizations deploying agentic commerce systems must consider:
Regulatory Compliance: As AI agents make independent purchasing decisions, they fall under the scope of emerging AI regulations globally. The EU AI Act, for instance, classifies certain AI systems based on risk levels and imposes specific obligations on providers and deployers. Organizations must assess whether their agentic commerce systems constitute high-risk AI applications requiring conformity assessments.
Algorithmic Accountability: When an AI agent makes an unauthorized purchase or executes a transaction that violates company policy, determining liability becomes complex. Clear governance structures must define accountability chains and establish mechanisms for human oversight, particularly for high-risk AI applications.
Data Privacy and Security: Agentic commerce systems process sensitive financial data and user preferences. Organizations must ensure compliance with data protection regulations including GDPR, implement robust cybersecurity measures, and maintain transparent data handling practices.
Bias and Fairness: AI agents making purchasing decisions on behalf of users could inadvertently perpetuate discriminatory practices—favoring certain merchants, excluding specific demographics from offers, or creating pricing disparities. Rigorous testing and ongoing monitoring are essential to prevent such outcomes.
Transparency Requirements: Users must understand how AI agents make decisions on their behalf. This aligns with broader transparency mandates in AI regulation, requiring explainable decision-making processes and clear communication about AI involvement in transactions.
The Agent Payments Protocol represents remarkable technical innovation, but technology alone cannot ensure trustworthy AI commerce. As autonomous agents gain transactional capabilities, the potential for unintended consequences—from financial losses to systemic market manipulation—increases exponentially.
Organizations rushing to implement agentic commerce must resist the temptation to prioritize speed over safety. The most successful deployments will be those that establish comprehensive governance frameworks before launching autonomous purchasing systems. This means conducting thorough risk assessments, implementing continuous monitoring mechanisms, and ensuring human oversight remains embedded in critical decision points.
The protocol's reliance on verifiable credentials and cryptographic mandates addresses technical authentication, but does not resolve questions of ethical AI deployment. For instance: Should AI agents be permitted to make purchasing decisions that conflict with a user's stated values? How do we prevent agents from being manipulated by adversarial actors? What recourse exists when agent behavior deviates from intended parameters?
These questions demand answers rooted in robust AI governance practices, not merely technical solutions. The organizations that will thrive in the agentic commerce era are those that view compliance not as a constraint, but as a competitive advantage—building trust through transparency, accountability, and demonstrable commitment to responsible AI deployment.
According to research from the World Economic Forum, organizations with mature AI governance frameworks report higher stakeholder trust and reduced regulatory risk. As agentic commerce scales, this governance maturity will separate market leaders from those facing reputational damage and regulatory penalties.
The era of agentic commerce is here, and it brings with it both immense opportunities and significant challenges. At Nemko Digital, we help organizations navigate this new landscape with confidence. Our comprehensive AI governance services provide the frameworks and expertise needed to ensure that your AI systems are designed, built, and deployed in a way that is responsible, compliant, and trustworthy.
We offer tailored solutions to help you implement a responsible AI framework in your business, ensuring that you are prepared for the future of AI-driven commerce. From navigating complex AI regulations to developing custom frameworks for responsible and transparent AI management, Nemko Digital is your trusted partner in the age of AI.
Contact Nemko Digital to discuss how we can support your organization's journey toward trustworthy agentic AI systems.
About Nemko Digital: Nemko Digital provides AI governance, compliance, and assurance services to organizations worldwide, helping them navigate complex regulatory landscapes and build trustworthy AI systems. With expertise spanning international standards and emerging regulations, Nemko Digital enables responsible AI innovation that drives business value while maintaining stakeholder trust.