The Grammar of Agentic Commerce

What every business leader needs to understand before the proving ground arrives.

Hi, welcome to the Trusted Agents Situation Room. In this edition we're anticipating Agentic pilots for Holiday 2026 and providing a guide as to the protocols needed to make these a reality.

In 20 seconds

The infrastructure that makes agentic commerce possible is moving out of the lab. Payment rails are live in controlled pilots. The protocol layer that makes agent transactions safe, auditable and scalable is converging on a V1.0. Holiday 2026 is the first real proving ground for end-to-end agentic commerce.

This edition gives non-technical leaders a simply explained map of what the protocol layer does, why it exists, and the five questions to put to your vendors before any statement of work is signed.

What happened last week

Ed Lawson convened 25 retail brands at The Retail Hive last week to compare notes on agentic commerce strategy. The conversation has moved decisively from "should we watch this" to "how do we prepare."

Five takeaways :

1. Traffic attribution is already breaking down under AI search.
2. User-generated content and reviews carry more weight than ever in agent-driven discovery.
3. Brands cannot compare themselves to competitors directly, but their customers can — and agents will use that sentiment data.
4. AEO [Agent Engine Optimisation — making your content discoverable to AI agents, not just search engines] is intention-based in a way that keyword SEO never was.
5. There is now a genuine fork between what a human reads on a product page and what an agent needs to read.

The prediction

Since we founded Trusted Agents in January 2026, our central forecast has been this: once the infrastructure layer supporting agentic commerce — protocols, identity, governance, infosec — is stable enough to support a complete, trusted, end-to-end transaction, agentic commerce will accelerate. Not gradually. Fast. Because the consumer behaviour was already there. The infrastructure was the missing piece.

That infrastructure is now forming on schedule. The forecast is tracking.

Discovery tools, agents helping customers find, shortlist and compare, are already live. Full commerce, meaning identity-verified, payment-executed, and refund-capable transactions, waits on the identity and delegation layer completing its first production cycle. Our working prediction since Fall 2025 has been that V1.0 of this foundation layer would be stable enough for functional pilots by Fall 2026. Nothing we have seen has changed that view.

Two Santander pilots are the clearest evidence yet that this timeline is credible. In March 2026, Santander completed live end-to-end AI agent payment pilots with both Mastercard in Europe and Visa in Latin America. Controlled environments — but Santander is talking about them publicly. Banks do not do that with experiments they expect to fail.

The decision it forces

This is not a technology decision. It is a governance decision. Who authorised the agent to act? What is the paper trail if a transaction goes wrong? What recourse does your customer have? These questions belong on your programme agenda now, even at pilot stage. Leaders who wait for market certainty before asking them will find those questions have already been answered — by their vendors, or by events.

What we’re tracking this week

• ​Retail operators defining AEO strategy in real time — 25 brands at The Retail Hive working through agent discovery, two-form product pages, and sentiment as an agent signal.
• ​Santander and Mastercard complete Europe's first live end-to-end payment executed by an AI agent — a controlled pilot, but one Santander is prepared to announce.
• ​Santander and Visa deliver Latin America's first end-to-end payments powered by AI agents — the same signal, different continent, same quarter.

Do you want Situation Room updates delivered to your inbox?

The Grammar of Agentic Commerce

The shift nobody sees

The web was built for human eyes. Agents don't browse — they query, execute and move on. A page built for a person is slow, cluttered and largely illegible to a machine. The shift underway is from visual pages to machine-readable decision surfaces. Most organisations haven't started it. Most don't yet know they need to.

What it actually looks like

It's December and you're planning your summer holiday for a family of five — easy mountain walks, good restaurants, a small high-quality hotel, within 75 minutes of home. You describe it in a single conversation.

An orchestrator agent, 'the itineary builder' interprets your request, adds your personal context — travel history, loyalty memberships, the hiking content you've been watching — and dispatches a team of specialist agents. One researches destinations matching your brief. One checks flight availability from your home airport. One retrieves your loyalty credentials. One queries hotel inventory directly — not by loading a webpage, but through a structured machine connection that returns only what the agent needs: availability, price, room configuration, cancellation terms. One handles the booking and confirmation.

The customer sees a conversation. Behind it, a coordinated team has queried live inventory across multiple systems, applied constraints and preferences, and assembled a complete itinerary — in seconds.

This is not a smarter chatbot. It is a department working for one person. The hotel's website was never visited. The airline's booking page was never rendered. The transaction happened machine to machine, through a structured protocol layer that made it possible.

That protocol layer is what this edition is about.

Why natural language is not enough

Imagine sending a 10-year-old to the store with a verbal instruction and twenty dollars. The merchant needs to know who sent the child. The child needs written instructions and a clear spending limit. You need a way to verify the transaction happened correctly and that the right amount was spent on the right things.

Natural language alone cannot execute a binding commercial transaction safely. An AI agent operating on your behalf faces exactly this problem at scale. Protocols are the written instructions, the spending limit, and the verification method — all three, made machine-readable, so that any system the agent interacts with can trust what it is being asked to do and who is asking.

The Holiday 2026 proving ground

When Jamie Smith and I mapped the protocol and standards landscape in late 2025, we made a specific prediction. Once the foundation layer — protocols, identity, governance, infosec — was stable enough to support a complete trusted transaction, agentic commerce would accelerate fast. Not gradually. Fast. Because consumer behaviour was already moving in that direction. The infrastructure was the missing piece, not the demand.

We described that foundation as needing five capabilities working together: core plumbing to connect agents to systems, trust and identity to verify who an agent represents, delegation controls to set spending and action limits, payment rails to execute and settle transactions, and context infrastructure to carry customer preferences accurately across the agent journey.

That forecast is tracking. Every major card network moved in the same quarter. The core protocols are shipping. The identity and delegation layer is forming. The Santander pilots moved controlled lab experiments onto published press releases — and banks do not announce controlled pilots they expect to abandon.

Discovery is already live. Agents helping customers find, compare and shortlist are operating today. Full commerce — verified identity, agent-executed payment, refund capability — will be proven or disproven in the months ahead. That is not a long way away. If you are a B2C organisation with a meaningful online channel, Holiday 2026 is where your readiness, or your lack of it, becomes visible.

3.5 What this means for your roadmap

You do not need to implement protocols. Your vendors do. Your job is to know which questions to ask — and to make sure protocol readiness is on your governance checklist before any statement of work is signed. The sections that follow give you the map and the questions.

4.0 The Protocol Map

The five categories every leader needs to understand — and the questions to ask before any vendor conversation.

The word "protocol" belongs to engineers. The concept belongs to everyone. A protocol is simply a shared set of rules that allows two systems to interact predictably and safely. You already depend on them every time a payment clears, an email arrives, or a website loads.

There are more protocols in this space than any leader needs to memorise. What follows is a map of five functional categories, with the most important protocols named in each. Maturity is flagged: not everything here is in production. That distinction matters before you brief a vendor.

Category 1: Core Plumbing

Job: connects AI agents to your systems and to each other.

This is the foundational layer — the pipes. Without it, an agent has no structured way to query your inventory, retrieve a price, check a policy or trigger a booking. It also enables agents to hand tasks to other agents in a structured, traceable way.

MCP — Model Context Protocol (Anthropic): a secure, structured adapter between an AI agent and a backend system. Instead of an agent scraping your website, MCP gives it a controlled, machine-readable pathway to your actual data and tools — availability, pricing rules, booking confirmation. Think of it as a service hatch: the agent gets what it needs without touching your core systems. Shipping.

A2A — Agent to Agent (Google): the structured handshake between two AI agents. It defines how agents discover each other, exchange tasks and share digital artefacts — receipts, forms, booking confirmations. It handles the communication, not the authority. Shipping.

Category 2: Trust and Identity

Job: proves who an agent represents and whether it is authorised to act.

This is the most consequential category for governance. Without it, a merchant cannot distinguish a legitimate customer agent from a malicious bot. Without it, a business cannot verify that the person who supposedly delegated authority to an agent actually did so — correctly, currently, and with the right permissions.

AIS-1 (open standard): defines a bonded identity pair — one identity for the agent, one for the legal entity or person accountable for it. Together they give an AI agent verifiable legal standing. The bond is cryptographic: neither party can be separated from the other without revoking it. Addresses what its designers call the Wild Agent Problem — hundreds of millions of agents operating globally with no identity, no accountability, no legal standing. Emerging.

TAP — Trusted Agents Protocol (Visa): uses cryptographic agent signatures to give merchants verifiable proof of agent legitimacy at enrollment and checkout. Acts as the bouncer: distinguishing agents that represent real, authorised customers from bots attempting to exploit agent-enabled flows. Emerging.

Category 3: Delegation and Limits

Job: sets explicit boundaries on what an agent can spend, book or cancel without human approval.

Delegation is the governance layer of agentic commerce. It answers the question that every CFO and risk officer will eventually ask: what exactly did we authorise this agent to do, and where is the proof? Without delegation controls, agent-initiated spend has no ceiling, no audit trail and no clear human owner.

AP2 — Agent Payments Protocol (Google): creates a signed mandate chain from intent through to payment. Intent, cart and payment are cryptographically linked, so that at any point in the transaction there is a verifiable record of who authorised what. Designed to reduce fraud and chargebacks in agent-initiated commerce. Emerging.

UCP — Universal Commerce Protocol (Google): the spine of the agent commerce journey. Standardises the shopping flow across merchants, handles scoped release of personal data fields from a wallet, and creates verifiable, portable context for checkout. Also functions as a context carrier — carrying customer preferences and history as the agent moves across systems. Emerging.

Category 4: Payments

Job: executes and settles agent-initiated transactions.

When all four card networks move in the same direction in the same quarter, it is not experimentation. It is infrastructure being laid. Each network has a distinct positioning, but the shared direction is clear: agent-initiated payments are coming, and the networks intend to own the trust layer around them.

Mastercard Agent Pay (Mastercard): biometric-bound agent payments. The human is present and verified at the point the agent is authorised. Reduces the risk of silent, unauthorised purchases. Piloting in Europe with Santander. Emerging. {}​

Visa Intelligent Commerce (Visa): agent verification at enrollment and checkout via the TAP protocol. Merchants get cryptographic proof that the agent is legitimate before any transaction is executed. Emerging.

Amex Agentic Commerce Experiences (Amex): focused on B2B and premium consumer use cases. Agent-friendly credentialing and trust infrastructure for higher-value transactions where identity and accountability matter most. Emerging.

Stripe Agentic Commerce Protcol (Stripe): developer-first checkout infrastructure for agent-initiated transactions. Already embedded in many enterprise stacks. The path of least resistance for organisations whose payments infrastructure already runs on Stripe. Shipping.

Category 5: Context and Preferences

Job: carries customer history, preferences and consent accurately across the agent journey.

This category is the least visible and the most consequential for customer experience. An agent that doesn't carry accurate context about the person it represents will make poor decisions on their behalf — wrong room type, wrong price range, wrong loyalty tier. It will also create liability if it acts on stale or incorrect preferences. Context infrastructure is what turns an agent from a capable tool into a trusted representative.

The two-form Product Detail Pages (PDP) problem — flagged by Ed Lawson's Retail Hive session — sits here. What a human reads on a product detail page is not what an agent needs to read. Agents need structured, semantically rich data: not marketing copy, but machine-readable facts about specifications, availability, policies and constraints. Most enterprise product data is not yet built for this.

UCP (also here as context carrier): as well as handling commerce flow, UCP manages the scoped release of personal data fields — the agent gets what it needs for this transaction, and no more.

These five categories must work together. MCP without identity is an open door — any agent can walk through it. Payments without delegation limits are ungoverned spend — there is no ceiling and no paper trail. Identity without context produces a verified agent that still makes poor decisions. The stack only holds when all five layers connect. That is the test Holiday 2026 will run.

The Payment Rail Race

When Visa, Mastercard, Amex and Stripe all move in the same direction in the same quarter, the right question is not "is this real?" It is "how fast?"

Each network is positioning differently. Mastercard is leading with biometric binding — human presence at the point of authorisation. Visa is leading with merchant-side verification — giving businesses cryptographic proof that the agent is legitimate before they accept the transaction. Amex is focusing on B2B and premium consumer trust, where the stakes per transaction are higher and identity matters more. Stripe is leading with developer-first infrastructure — making agent-initiated checkout the path of least resistance for the engineering teams already building on its stack.

The shared direction is agent payments becoming a first-class product category, not an edge case handled by existing API infrastructure.

One failure mode that none of these rails resolves on their own: agent-initiated payments without a delegation layer mean an agent can spend without a ceiling, without a signed mandate, and without a human who provably authorised the specific transaction. That is not a technology risk. It is a financial controls risk. It belongs on your risk register now, not after the first pilot.

Three Things That Can Go Wrong

Three failure modes. Each one is a design question your programme must answer before you go to pilot — not after.

Identity fraud. An agent with no verifiable identity can misrepresent who it represents. A bad actor can deploy an agent that claims to be acting for a legitimate customer but is not. Merchants have no way to distinguish a legitimate customer agent from a sophisticated bot without the identity layer in place. TAP and AIS-1 exist specifically to close this gap — but only if your systems are built to check them.

Inventory and pricing abuse. Agents operate at machine speed. They can hold inventory, probe pricing logic, churn cancellations, and exploit promotional rules faster than any human team can detect and respond to. Your systems were built for human traffic patterns. Agent traffic is different in volume, rhythm and intent. Rate limiting, hold controls and bot detection need to be part of your agent-readiness plan, not an afterthought.

Audit gaps. If a transaction goes wrong — wrong amount, wrong item, wrong cancellation — and you cannot replay exactly what the agent did, why it did it, and who authorised it, you have a compliance problem and a customer recourse problem simultaneously. The signed mandate chain from AP2 and the audit log from AIS-1 are designed to prevent this. They only work if your implementation requires them.

Five Questions to Ask Your Programme Manager or Vendor

These are not technical questions. They are governance questions. They are appropriate for anyone commissioning, approving or overseeing a programme that involves AI agents interacting with customers or executing transactions on their behalf.

1. Which protocols does our implementation support, and which are we deliberately excluding — and why? A vendor who cannot answer this clearly has not thought carefully about interoperability or governance. A vendor who answers it confidently should be able to map each protocol to the functional category it covers.
2. How does our agent verify its identity to a merchant or payment provider, and what happens if that verification fails? This is the trust and identity question. If the answer is "the agent doesn't verify — it just transacts," that is a risk that belongs on your register before the pilot starts.
3. What are the delegation limits — what can the agent spend, book or cancel without a human approval step? There must be an explicit answer to this. "It depends on the use case" is not an answer. The spending limit, the action boundary and the escalation path should be defined in writing before any agent is authorised to act.
4. If a transaction goes wrong, what is the audit trail and who is liable — us, the vendor, or the customer's agent provider? Liability in agentic commerce is not yet settled in most jurisdictions. That is exactly why you need a clear contractual answer before a pilot, not after a dispute.
5. How will our systems handle agent-volume traffic — holds, cancellations, pricing probes — without breaking inventory or pricing controls? Agents do not behave like human customers. Your infrastructure needs to be tested against agent traffic patterns before it goes anywhere near a live customer base.

Trusted Agents Executive Briefings

This edition maps the protocol layer, the governance questions and the readiness checklist that form the core of the Trusted Agents Executive Briefing — a two-hour session for leadership teams who need a precise, grounded understanding of agentic commerce before committing to pilots or vendors.

If Holiday 2026 is on your planning horizon and your team does not yet have a shared point of view on protocols, identity, delegation and governance, this is the right place to start.

Start here and book a 30 minute conversation with us.

Two to Watch

​Dataiera — an agentic commerce platform built A2A-ready from the ground up, enabling rapid development of AI-powered customer, operational and commerce agents.

​Murfee — adds policy enforcement and a complete audit trail to every AI agent action before a booking, payment or change is executed. Built for organisations that need automation with control.

The protocol layer is forming. The payment rails are live in pilot. The proving ground is six months away. The leaders who understand the grammar of agentic commerce now will be the ones setting the terms when it becomes the default.

Until next week.

Gam

​shift@trustedagents.ai​

​The Trusted Agents Ltd.​
​Unsubscribe · Preferences​