10 β€” Regulation and Compliance

Scope. This section maps the existing regulatory architecture for retail payments, consumer credit, AI, data protection and crypto-assets onto the agentic payment stack as it exists on 21 April 2026. It focuses on the United States, the European Union and the United Kingdom, with shorter treatment of Singapore, Hong Kong and Mainland China. It deliberately distinguishes statutory text, regulator rulebook / rulemaking, official guidance, and speeches / public statements, because the regulatory posture on agentic commerce is still overwhelmingly in the last two categories. Where no formal guidance exists the section says so rather than inventing it.

Cross-references. For the underlying architecture see Introduction & Taxonomy and the protocol deep-dives on AP2, ACP and x402. For dispute mechanics from the network side see Card Networks; for the security context that drives many of the compliance questions see Security & Trust.

10.1 Framework: mapping existing regulation to agentic payment actors

An agentic payment transaction typically involves six legally distinct actors, each sitting on a different regulatory footing:

  1. Consumer / principal β€” the natural person who delegates authority.
  2. Agent provider β€” the vendor of the LLM / agent runtime (OpenAI, Anthropic, Google, Perplexity, a bank's in‑house model, etc.). May also be an orchestrator that embeds the model.
  3. Agent itself β€” a piece of software; not a legal person in any jurisdiction considered here, although the EU AI Act regulates operators of AI systems and the CBA 2026 white paper explicitly debates whether an agent should be treated as an "authorized user" under Regulation E.[^1]
  4. Wallet / token issuer β€” the credential holder. In AP2 this is the Credentials Provider; in ACP this is Stripe (as SharedPaymentToken issuer); in x402 it is an EOA or smart-wallet. Often but not always a regulated Payment Service Provider (PSP) or e‑money issuer.
  5. Merchant / merchant-of-record (MoR). In ACP the merchant remains the MoR;[^2] in AP2 the MoR may be the Credentials Provider or a platform.
  6. Acquirer / issuer / network β€” the traditional card-present infrastructure (Visa, Mastercard, Amex) or a fast-payments scheme operator (FedNow, Faster Payments, SEPA Instant), or, in the stablecoin case, a chain and a facilitator (x402).

Every live jurisdictional regime was written for a world in which the "authoriser" of a payment and the "beneficiary" of the legal protection were the same human. Agentic payments split those roles. That single structural mismatch explains most of the open compliance questions addressed below.

Table 10.1 summarises the primary applicable regimes:

Actor US EU UK
Consumer EFTA / Reg E (12 CFR 1005);[^3] TILA / Reg Z (12 CFR 1026);[^4] CFPB UDAAP PSD2 (2015/2366); GDPR (2016/679); Consumer Rights Directive FCA Handbook (esp. BCOBS, CONC); Consumer Duty (PRIN 2A);[^5] PSRs 2017
Agent provider FTC Act Β§5; state AI laws (e.g. CO AI Act); CFPB UDAAP reach over non-banks EU AI Act (2024/1689);[^6] DSA (2022/2065); GDPR FCA; ICO; UK AI regulatory principles (pro-innovation framework)
Wallet / PSP EFTA, BSA / FinCEN MSB rules; state money transmitter law; OCC / FRB supervision PSD2, EMD2 (2009/110/EC), MiCA (2023/1114) for EMTs;[^7] eIDAS 2.0 (2024/1183)[^8] PSRs 2017; EMRs 2011; FSMA 2000
Merchant State UDAP; ECOA if credit; FTC Mail Order Rule Consumer Rights Directive; e‑Commerce Directive; Omnibus Directive Consumer Rights Act 2015; DMCCA 2024
Network Card network rules (private law) + EFTA/PSD2 overlay PSD2 + EU Interchange Fee Regulation PSRs 2017; PSR directions
Facilitator / chain Unclear: possibly MSB or broker-dealer per SEC staff views MiCA for CASPs FCA cryptoasset registration

A useful way to read this table: the consumer-facing regimes in all three blocs were drafted decades before autonomous software could initiate payments, and therefore rely on presence‑of‑mind concepts ("the consumer authorised the transfer"; "strong customer authentication by the payer") that agentic flows stress-test rather than satisfy.

10.2 Authorization and consent β€” what is an "authorized" payment when an agent acts?

10.2.1 United States β€” Reg E and Reg Z

The core definition is in 12 CFR Β§ 1005.2(m), which defines an "unauthorized electronic fund transfer" as one initiated by a person other than the consumer without actual authority to do so and from which the consumer receives no benefit.[^9] The Official Interpretations (Supplement I) make clear that where a consumer "furnishes the access device and grants authority to make transfers to a person … who exceeds the authority given," the transfer is not unauthorized under Reg E; the consumer bears the loss as a matter of agency law.[^10]

Mechanically that doctrine already applies to software agents: if a user hands credentials to an AI agent and the agent spends more than instructed, the transfer is, under the current text, a consumer-authorised transfer for which the bank has no Reg E liability. This is the result that the Consumer Bankers Association's January 2026 white paper Agentic AI Payments: Navigating Consumer Protection, Innovation, and Regulatory Frameworks flags as the central doctrinal question of the field.[^1] The CBA paper β€” which reflects a Chatham-House symposium held in Washington in autumn 2025 β€” expressly notes that "agentic payments differ from traditional electronic payments, particularly when consumers are not directly authorizing transactions at the point of sale" and lists the EFTA and TILA as the two statutes most exposed to interpretive strain.[^1] Notably the CBA does not call for new legislation; it recommends that existing frameworks be adapted.[^1]

Reg Z is friendlier to consumers. 12 CFR Β§ 1026.12(b) caps a cardholder's liability for unauthorized use of a credit card at 50, and "unauthorized use" is defined at Β§1026.12(b)(1)(i) as use by a person "other than the cardholder" who does not have actual, implied, or apparent authority.[^11] The leading case Minskoff v. American Express Travel Related Services, 98 F.3d 703 (2d Cir. 1996), held that a cardholder's negligent failure to detect unauthorized use can create apparent authority.[^12] An AI agent to which the consumer has handed a virtual card (e.g. via Stripe Issuing for agents β€” see Wallets & Platforms) presumably has actual authority for everything within the agent's mandate, and β€” analogously to Minskoff β€” apparent authority for anything the user knew or should have known the agent might do. Where the analysis breaks down is at the edge of the mandate: if the AP2 Cart Mandate is "buy me flights under500" and the agent buys a $520 flight, is that unauthorized? Reg Z's text has no clean answer.

10.2.2 European Union β€” PSD2 SCA

Directive (EU) 2015/2366 (PSD2), Article 97, requires Strong Customer Authentication (SCA) for "electronic payment transactions initiated by the payer" using two of three independent factors (knowledge, possession, inherence), dynamically linked to amount and payee for remote transactions.[^13] The Commission Delegated Regulation (EU) 2018/389 (the RTS on SCA) implements this.[^14]

PSD2 Article 64 distinguishes authorisation (the payer's consent to execute) from authentication (the PSP's verification of identity). Both must be present for an "authorised" transaction. Where an agent acts, three questions arise:

  1. Is the agent "the payer"? Article 4(8) defines the payer as the natural/legal person holding the account and giving a payment order. A consumer-side agent is not itself a payer. The payment order is still the consumer's, routed through the agent.
  2. Can SCA be performed "up-front" for a mandate? PSD2 recognises Mail-Order/Telephone-Order (MOTO) and merchant-initiated transactions (MITs) as outside SCA scope once a first SCA-authenticated mandate is established (RTS Art 5; EBA Q&A 2018_4131).[^15] The AP2 Intent Mandate and the SharedPaymentToken in ACP are most defensibly analysed as establishing a MIT-style relationship: the first mandate is SCA'd, subsequent agent-initiated executions ride on the resulting token.
  3. Does SCA exemption Article 18 ("trusted beneficiary") apply? Only where the PSP offers that exemption and the merchant is pre-listed. It is not a general agent exemption.

The European Banking Authority has not yet issued agent-specific guidance. Its most relevant current output is the consolidated PSD2 Q&A register and the 2024 Opinion on the scope of the PSD2 review.[^16] The proposed PSD3 + Payment Services Regulation package (Commission proposal COM(2023) 366 final, 28 June 2023) tightens SCA, extends liability for fraud via "spoofing", and introduces explicit mandate-verification obligations β€” but as of April 2026 the Regulation has not yet been adopted.[^17]

10.2.3 United Kingdom β€” FCA and the Consumer Duty

The UK transposes PSD2 as the Payment Services Regulations 2017 (PSRs 2017), Regulation 100 of which replicates SCA. The FCA publishes SCA guidance in SYSC 8 and in the FCA "Approach Document" on payment services, updated November 2024.[^18]

The Consumer Duty (Principle 12 and PRIN 2A, in force 31 July 2023 for new products, 31 July 2024 for closed-book) requires firms to act to deliver good outcomes for retail customers. The FCA's Final Guidance FG22/5 expressly covers the duty's four outcomes: products and services, price and value, consumer understanding, and consumer support.[^5] Agentic payments hit the "consumer understanding" outcome hard: if a consumer does not understand what the agent is actually empowered to do, the firm distributing the agent to UK retail customers has a Consumer Duty problem regardless of whether the technical authorisation is valid. The FCA has not yet issued agent-specific Consumer Duty guidance (as of 21 April 2026).

10.3 Liability allocation β€” where the buck stops

The liability question has two levels: (a) who reimburses the consumer when something goes wrong, and (b) who bears the ultimate economic loss after recoveries and indemnities play out.

10.3.1 Liability matrix (current rules, April 2026)

Scenario US β€” Reg E / Reg Z / network rules EU β€” PSD2 UK β€” PSRs 2017 + PSR SD21 Gap
Agent misused a debit card within the mandate's literal terms; result inconsistent with user's expectations Consumer bears: authorised transfer (Reg E Β§1005.2(m) & Comment 2(m)-2)[^9][^10] Consumer bears: authorised (PSD2 Art 64) Consumer bears: PSRs Reg 67; FOS may intervene on Consumer Duty grounds No statutory remedy; only chargeback or goodwill
Agent exceeded mandate; purchase outside stated scope Possibly "unauthorized" (Reg E Β§1005.6(b)); open Possibly "unauthorised" (PSD2 Art 73) β€” PSP refunds then pursues merchant Similar to EU The legal meaning of "exceeded" an AI mandate is untested
Agent hijacked by prompt injection (external adversary) "Unauthorized" per EFTA / Reg Z; $50 cap (Reg Z) or tiered (Reg E Β§1005.6(b))[^11] "Unauthorised payment transaction" β€” PSP refunds per Art 73 PSR refund per Reg 76 PSRs 2017 Attribution/forensics β€” who proves injection?
Compromised agent provider key issues false mandates EFTA unauthorized; bank refunds; bank subrogates against provider PSD2 Art 73; PSP refunds, recovers from agent provider via contract Same as EU No statutory "agent provider" liability regime
Consumer told the agent to send funds to what turned out to be a scam (APP-style) Generally no refund (authorised push transfer; narrow CFPB UDAAP angle)[^19] No harmonised rule; national "manifest-fraud" carve-outs (e.g. IT) PSR mandatory reimbursement up to Β£85,000 per claim (7 Oct 2024)[^20] UK uniquely protective; rest of world not
Merchant non-delivery / defect Chargeback (Reg Z Β§1026.13 billing error; card-network reason codes) PSD2 Art 89; Consumer Rights Directive PSRs 2017 + CRA 2015 Chargeback mechanics when agent was "cardholder" β€” see Β§10.4
Stablecoin sent to wrong address by agent No statutory refund; contractual only MiCA Art 81 on "CASP liability for loss of funds" (assets in CASP custody) FCA cryptoasset rules; CRA Off-chain non-custodial flows: unregulated

Sources for the matrix are grouped in Β§Sources below; the liability characterisations track the cited texts, not any unpublished internal bank guidance.

10.3.2 Where the gaps really are

Three gaps recur across jurisdictions:

  • Agent-provider liability is contractual, not statutory. Neither Reg E nor PSD2 recognises the agent provider as a liable party. When a bank refunds a consumer under Β§1005.6 it can subrogate against a wrongdoer at common law, but the agent provider's terms of service (see OpenAI's enterprise TOS; Anthropic's Commercial Terms) typically exclude consequential damages and cap liability at fees paid. The CBA paper notes this and calls it the "missing link" in the chain.[^1]
  • Apparent-authority ambiguity. Reg Z, PSD2 Art 64 and the PSRs all rely on concepts of "authority" that agency-law courts have developed over a century of human agents. Applied to an AI that can "reason" about the principal's preferences, the doctrine becomes a pure factual inquiry with no settled answer. The Linklaters TechInsights analysis on agentic-payment legal risks underscores this as the single most important unresolved issue in the UK/EU context.[^21]
  • "Consumer standard of caution" in APP cases. Under the UK PSR scheme, a reimbursing PSP may refuse reimbursement where the consumer failed to meet the consumer standard of caution (PSR CRS Rule 1.19).[^20] How this applies to a consumer who delegated to an agent β€” e.g. told ChatGPT to "send Β£500 to the landlord" and the agent hallucinated the IBAN β€” is entirely open. The PSR has not published guidance.

10.4 Chargebacks and dispute mechanics

Card networks run private-law rulebooks that sit on top of Reg Z / PSD2 consumer protections. Two agentic-specific issues arise.

10.4.1 Reason-code mechanics

Visa's Dispute Management Guidelines and Mastercard's Chargeback Guide both map disputes to reason codes. The most commonly invoked codes in an agentic context are:

  • Visa 10.4 "Other Fraud – Card-Absent Environment" β€” asserting the cardholder did not participate in the transaction. If the consumer says "my agent did it without authority," this is the natural code.
  • Visa 13.1 "Merchandise/Services Not Received" / 13.3 "Not as Described" β€” for mismatch between what the agent bought and what the user wanted.
  • Mastercard 4837 (No Cardholder Authorization) and 4853 (Cardholder Dispute) β€” the analogues.

Justt.ai's ChargebackX 2025 panel analysis argues that Visa's Compelling Evidence 3.0 (CE 3.0) merchant-defence package β€” which relies on matching IP address, device ID and billing-address fingerprints across prior transactions[^22] β€” will largely fail in agent environments, because agents run on cloud VMs with rotating IPs, use common user-agent strings, and do not carry the consumer's historical device fingerprint.[^23] In Justt's framing, "the fraud signals merchants have spent a decade building are agent-blind." This is the most concrete operational consequence of agentic adoption on card-network dispute rails so far.

10.4.2 Mandate evidence

AP2's insight β€” a signed verifiable-credential Intent Mandate plus a Cart Mandate (see AP2 deep-dive) β€” is explicitly designed to produce evidence admissible in dispute proceedings. Google's published AP2 specification frames the mandates as "non-repudiable proof of user intent" that can be supplied by the merchant as compelling evidence.[^24] Whether Visa, Mastercard or Amex will amend their rulebooks to accept a Cart Mandate as a defence under a new or existing reason code is a private-law question on which, as of April 2026, no network has published a rulebook amendment. Visa's Trusted Agent Protocol press materials signal an intention to do so but publish no amendment.[^25]

10.4.3 Merchant-of-record strategy

In ACP, Stripe deliberately leaves the merchant as MoR, which means the merchant both receives the chargeback and owns the defence.[^2] In AP2 the topology is flexible: the Credentials Provider can act as MoR for the agent-initiated leg, shifting chargeback exposure from the underlying merchant. These architectural choices are not neutral β€” they reallocate the statutory obligations in Β§10.3 by reshuffling who holds the acquiring merchant contract.

10.5 APP fraud and "I told the agent to buy it" scams (UK PSR regime)

The PSR's mandatory reimbursement regime for Authorised Push Payment (APP) scams went live on 7 October 2024 via Specific Direction 20 (Faster Payments) and Specific Direction 21 (CHAPS), confirmed by PSR Policy Statement PS24/7, with the maximum reimbursement per claim set at Β£85,000, aligned with the FSCS deposit-protection cap.[^20] Costs are split 50/50 between sending and receiving PSPs; claims must be paid within five business days; a Β£100 excess applies except for vulnerable customers.[^20]

The regime is explicitly authorised-push-payment: it protects consumers who willingly instructed their PSP to send funds, where the receiving account turns out to be controlled by a fraudster. The agentic-commerce analogue is the "trusted-agent scam": a consumer asks their agent to pay a counterparty; the agent β€” through prompt injection, hallucination, or a spoofed merchant site β€” sends funds to a fraudulent destination.

Three interpretive questions arise under the PSR rules, none answered publicly by the PSR as of 21 April 2026:

  1. Is the payment "authorised" by the consumer within PSRs 2017 Reg 67 when the consumer typed "pay the landlord" and the agent chose the IBAN? A plausible reading is yes β€” the consumer consented to the payment order in the sense required by Reg 67(2) β€” which would place it within the APP regime rather than outside it. This is the outcome closest to the CBA paper's concern that consumer protection tracks the statutory authorisation concept rather than the consumer's actual expectation.[^1]
  2. Does the "consumer standard of caution" (CRS Rule 1.19) defeat claims where the consumer failed to verify what the agent did? Plausibly yes; the PSR's guidance explicitly references paying "attention to warnings" and verifying payee details β€” behaviours the consumer has, by definition, delegated.
  3. Which PSP is the "sending PSP" that must reimburse 50%? If an agent provider routes payment through an e-money institution (EMI) to Faster Payments, the EMI is the sending PSP for scheme purposes. The agent provider is not a PSP and therefore not in the 50/50 loss-sharing pot. That is a structural gap the PSR will need to address if agentic flows become economically significant.

No equivalent statutory reimbursement regime exists in the United States (apart from ACH warranty claims under Nacha rules) or in the EU at harmonised level; the PSD3/PSR proposal introduces an "IBAN/name mismatch" liability rule and a narrow "spoofing" refund obligation (COM(2023) 367 final, Art. 59).[^17]

10.6 EU AI Act β€” is an agentic payment stack a "high-risk AI system"?

Regulation (EU) 2024/1689 ("AI Act") entered into force 1 August 2024, with phased application: prohibited-practice rules from 2 February 2025, general-purpose AI model duties from 2 August 2025, high-risk system duties from 2 August 2026, and Annex I legacy-regulation integration from 2 August 2027.[^6]

10.6.1 Classification question

Article 6 defines high-risk AI systems in two tracks:

  • Art 6(1) β€” AI systems that are a safety component of, or are themselves, products covered by Annex I Union harmonisation legislation (e.g. medical devices, machinery, toys).
  • Art 6(2) + Annex III β€” AI systems in eight listed domains: biometrics; critical infrastructure; education; employment; access to essential private and public services (Annex III Β§5); law enforcement; migration; administration of justice and democratic processes.[^6]

The most plausible Annex III landing site for an agentic payment system is Β§5(b): "AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score, with the exception of AI systems used for the purpose of detecting financial fraud." A pure shopping agent does not evaluate creditworthiness; a buy-now-pay-later agent that extends credit arguably does. Β§5(c) covers AI systems used for risk assessment and pricing in life and health insurance, which is narrower.

The Commission's AI Act Q&A (February 2025) clarifies that the "essential services" head is the bar through which most consumer-fintech AI passes; standard payment-execution automation is not in-scope as high-risk unless it is making credit decisions.[^26] That reading implies:

  • A ChatGPT agent placing orders on Etsy: not high-risk under Annex III (no credit decision, no essential-service gating).
  • An agent that chooses which BNPL product to take out on the consumer's behalf, where the underlying BNPL model evaluates creditworthiness: the BNPL model is high-risk under Annex III Β§5(b); the shopping agent calling it may or may not be, depending on whether it "substantially influences" the credit decision (Art 6(3) filter introduced by the June 2024 final text).[^6]

10.6.2 General-purpose AI model duties

Even where an agent is not a high-risk system, the underlying foundation model is a General-Purpose AI (GPAI) model under Article 3(63). Article 53 imposes transparency obligations (training-data summaries, copyright policy, technical documentation) and Article 55 imposes additional obligations ("systemic risk" GPAI models above the 10^25 FLOPs threshold).[^6] These duties flow to agent providers, not to payment actors β€” but payments firms distributing agents in the EU sit in the supply chain and inherit Article 25 "responsibilities along the AI value chain" obligations where they put their brand on an agent.

10.6.3 Article 50 transparency

Article 50(1)–(3) requires providers and deployers of AI systems that interact with natural persons to disclose that fact "unless this is obvious". A banking chat interface that dispatches an agent to execute payments arguably triggers this disclosure duty, especially combined with the Consumer Duty's "consumer understanding" outcome in the UK.[^5]

There is no EU AI Act enforcement decision on any agentic payment system as of 21 April 2026. The analysis above therefore reflects statutory text and Commission Q&A, not regulator practice.

10.7 KYC/AML β€” from KYC to "Know-Your-Agent"

10.7.1 The statutory baseline

  • United States: Bank Secrecy Act (31 U.S.C. Β§5311 et seq.); 31 CFR Part 1010 (CIP); 31 CFR Β§1022 (MSB rules). FinCEN 2019 guidance treats most crypto-intermediaries as money transmitters.[^27]
  • EU: AMLD5 (2018/843); AMLR (EU) 2024/1624 β€” the single Anti-Money-Laundering Regulation adopted June 2024, applicable from 10 July 2027;[^28] AMLA (the new Anti-Money-Laundering Authority), headquartered in Frankfurt.
  • UK: MLRs 2017 (SI 2017/692) as amended; FCA Financial Crime Guide FCG.
  • Global: FATF Recommendations; for crypto, the Travel Rule at FATF Recommendation 16 and Interpretive Note (updated March 2025).[^29]

10.7.2 KYA β€” Know-Your-Agent

Because an AI agent has no legal personhood, it cannot be the subject of CIP/CDD; but the principal whose funds it spends and the provider that operates it both can. The operational question is how a receiving PSP is supposed to tell an agent transaction apart from a human one in order to apply enhanced due diligence.

Skyfire, Nekuda, Catena Labs, Visa's Trusted Agent Protocol and Google's AP2 all implement a variant of KYA β€” a signed credential attesting (i) agent identity, (ii) principal identity, and (iii) mandate scope (see Security & Trust). None of this is required by any current statute. It is the industry's proposed answer to a regulatory question that regulators have only asked in speeches. The Bank for International Settlements' CPMI 2024 paper Tokenisation in the context of money and other assets touches on automated-agent settlement without prescribing KYA;[^30] the FSB's March 2025 report The Financial Stability Implications of Artificial Intelligence flags agent identity as a supervisory gap.[^31]

10.7.3 Travel Rule for agent-initiated crypto

FATF Recommendation 16 requires VASPs to transmit originator/beneficiary data with crypto transfers above the USD/EUR 1,000 de minimis.[^29] In an x402 flow the originator is the consumer (or the consumer's custodial wallet), and the beneficiary is the merchant or an API provider. Where the facilitator is a VASP (Coinbase's CDP facilitator on Base), Travel Rule compliance is discharged by the facilitator on the standard originator/beneficiary pair.[^32] Agent identity is not currently a Travel Rule data field. There is active industry discussion (TRUST, Sumsub, Notabene) about whether KYA metadata should be added; no FATF consultation document has yet proposed it as of April 2026.

For AMLR (EU) 2024/1624 read with the Transfer of Funds Regulation (EU) 2023/1113 (TFR) β€” applicable from 30 December 2024 β€” the same travel-rule logic applies to crypto-asset transfers at EUR 0 de minimis for CASP-to-CASP transfers.[^33]

10.8 Data protection

10.8.1 GDPR

Agents necessarily process large volumes of personal data: payment instruments, purchase history, preferences, biometrics. The GDPR's (Regulation (EU) 2016/679) five pressure points in agentic flows are:

  1. Lawful basis (Art 6). Consent for AI processing is often bundled into the agent-provider's TOS; EDPB Guidelines 05/2020 on consent require it to be specific and freely given. A single "I agree to agent processing" consent probably fails granularity for downstream payment processing.[^34]
  2. Purpose limitation and data minimisation (Art 5(1)(b),(c)). AP2's architecture β€” minting short-lived Verifiable Credentials with just enough attributes to authorise a specific cart β€” is a natural fit to Art 5(1)(c). ACP's SharedPaymentToken similarly avoids long-lived card-number exposure.
  3. Automated decision-making (Art 22). An agentic payment is, by definition, an automated decision about the consumer. Art 22 prohibits decisions producing "legal or similarly significant effects" based solely on automated processing absent one of three exceptions. Paying money is a legally significant effect. Agentic-payment deployments therefore rely on Art 22(2)(a) (necessary for the performance of a contract) or (c) (explicit consent).
  4. Transparency (Arts 13–14). Rights to be informed include "meaningful information about the logic involved" in automated decision-making. An LLM agent cannot really explain its logic; this aligns with, and intensifies, the EU AI Act Article 13 transparency obligations.
  5. International transfers (Chapter V). Agent providers typically process in the US. Standard Contractual Clauses and the EU–US Data Privacy Framework adequacy decision of 10 July 2023 cover this, subject to the pending Schrems III litigation.[^35]

10.8.2 Reg E privacy and Gramm-Leach-Bliley

In the US, financial-data privacy is primarily governed by GLBA (15 U.S.C. §§6801–6809) and the CFPB's Regulation P (12 CFR Part 1016).[^36] CFPB's Β§1033 open-banking Final Rule (October 2024) requires financial institutions to make consumer-authorised data available via APIs, subject to a structured authorisation framework that includes third-party revocation rights.[^37] Β§1033 is directly relevant to agents because an agent that reads the consumer's transaction history is a "third party" under the rule and must accept the Β§1033 data-use limits (no secondary use, annual reauthorisation).

10.8.3 eIDAS 2.0 and the EU Digital Identity Wallet

Regulation (EU) 2024/1183 (eIDAS 2.0), in force 20 May 2024, creates the European Digital Identity Wallet (EUDIW), with mandatory issuance by Member States by 26 November 2026.[^8] The EUDIW is explicitly designed to carry payment credentials and identity attestations β€” the two building blocks of an AP2 Mandate. In principle, a future agentic flow in the EU can source both principal identity (KYC) and payment means from the EUDIW, using selective-disclosure ZKPs to minimise data exposure. The Architecture and Reference Framework (ARF v1.4.0, February 2025) defines the PID and (Q)EAA formats.[^38] Whether existing agent-protocol mandates will be rewrapped as EUDIW attestations is a live standards question; the ARF does not yet profile AP2 or ACP.

10.9 Crypto-specific regulation

10.9.1 EU β€” MiCA

Regulation (EU) 2023/1114 (MiCA) became fully applicable on 30 December 2024.[^7] For agentic payments the salient heads are:

  • Title III β€” asset-referenced tokens (ARTs) and Title IV β€” e-money tokens (EMTs): USDC, EURC and other fiat-referenced stablecoins used in x402 settlement are EMTs and require authorisation of the issuer as an EMI/CI plus CASP licensing for platforms that offer them.
  • Title V β€” CASPs: the Coinbase CDP facilitator serving EU users requires CASP authorisation under Art 59; so do Crossmint-style virtual-card issuers where they operate custodial wallets.
  • Article 81 provides that CASPs are liable for loss of clients' crypto-assets "up to the market value … at the time the loss occurred", with a force-majeure carve-out.[^7] In an agentic context, "loss" includes agent misdirection where the CASP's key management caused it.

10.9.2 US β€” GENIUS Act and STABLE Act

The GENIUS Act ("Guiding and Establishing National Innovation for US Stablecoins Act", S.1582) was signed into law on 18 July 2025.[^39] Its effective date is the earlier of 18 months post-enactment (18 January 2027) or 120 days after final implementing regulations.[^39] As of 21 April 2026, the Act is not yet operational. The OCC published its comprehensive proposed rule for payment-stablecoin issuers on 25 February 2026, with a 60-day comment period closing 1 May 2026;[^40] the FDIC and Federal Reserve are still in earlier stages. The Act:

  • Limits US payment-stablecoin issuance to federally-qualified or state-qualified regulated issuers;
  • Imposes a 1:1 reserve requirement against outstanding stablecoins, with eligible reserve-asset restrictions;
  • Requires monthly public attestations of reserves;
  • Preempts the SEC and CFTC over compliant payment stablecoins, vesting primary oversight in banking regulators and Treasury.[^39][^40]

The STABLE Act (H.R.2392, 119th Congress) β€” the House counterpart β€” passed the House Financial Services Committee in April 2025 but was effectively superseded by GENIUS's enactment; as of 21 April 2026 it has not advanced further and is not law.[^41]

For agentic payments the practical consequence is that from late 2026 US stablecoin rails used by x402 flows will converge on a small set of authorised issuers (Circle, PayPal USD, plausibly one or two bank-issued stablecoins), each of which will be supervised for BSA/AML compliance at the issuer level. This reduces β€” but does not eliminate β€” the KYA gap identified in Β§10.7.

10.9.3 UK

The UK's cryptoasset regulatory regime under FSMA 2000 (as amended by the FSMA 2023) brings payment-stablecoins inside the UK regulatory perimeter via HM Treasury SIs expected in 2026. The FCA's Discussion Paper DP24/4 (November 2024) and Consultation Paper CP25/14 (May 2025) outline a prudential and conduct regime for fiat-referenced stablecoins. As of April 2026 the final instrument has not been made.[^42]

10.9.4 Singapore and Hong Kong

  • MAS finalised its Stablecoin Regulatory Framework in August 2023 for Single-Currency Stablecoins pegged to G10 currencies issued in Singapore and is actively exercising its Digital Token Service Provider licensing power under the Financial Services and Markets Act 2022.[^43]
  • HKMA / SFC Hong Kong passed the Stablecoins Ordinance (Cap. 656) in May 2025, with licensing commencing 1 August 2025.[^44] Hong Kong's Project Ensemble wholesale CBDC/tokenised-deposit sandbox (ongoing since 2024) includes agent-initiated settlement use cases.

Both jurisdictions regard KYA as an issuer / CASP obligation layered onto existing KYC, without yet legislating it as a distinct requirement.

10.10 Cross-border and jurisdictional issues

A canonical agentic-payment transaction today looks like this:

  • Consumer in California, using an agent hosted by OpenAI in the US;
  • Agent buys from an Etsy seller in Berlin;
  • Payment token issued by Stripe, processed via a Visa credit card issued by a US bank;
  • Or, in the x402 variant, settled on Base using USDC, with a Coinbase CDP facilitator operating partially from Singapore.

Jurisdictional attachments proliferate:

  1. Reg E / Reg Z attaches to the consumer relationship and to the US issuer; territorial reach is by issuer location.
  2. PSD2 attaches to the merchant's acquirer (Etsy's PSP, EU-authorised) and the consumer if their PSP is in the EU; under Art 2, "one-leg-out" transactions have reduced SCA/refund protection.
  3. EU AI Act attaches extraterritorially where the AI system's output is used in the Union (Art 2(1)(c)), capturing the OpenAI agent even though OpenAI sits in the US.[^6]
  4. GDPR attaches to the Etsy merchant as controller of the purchase data and to OpenAI as processor; Art 3(2) reaches OpenAI because the consumer is a data subject "in the Union" in some flows β€” but here they are in California, narrowing Art 3(2) application.
  5. MiCA attaches to any CASP servicing EU persons; if the agent never routes to an EU wallet, MiCA generally does not attach.
  6. Singapore FSMA attaches to the facilitator to the extent it is a Digital Token Service Provider dealing with Singapore persons.

The practical consequence is that the agent itself effectively becomes the jurisdictional choice-point. Whichever jurisdiction's rules an agent provider chooses to comply with (e.g. PSD2 SCA flow for EU merchants; Reg E chargeback rights for US consumers) becomes the de facto rule for the transaction β€” with the worst-case being a stack where no single regime applies in full and gaps open. This phenomenon is analogous to the early-2000s "internet choice-of-law" debates; the EU AI Act's extraterritorial reach is an attempt to forestall that race to the bottom for AI specifically, not for payments.

The Linklaters TechInsights analysis highlights the under-appreciated role of private international law here: in an agent-mediated contract, which jurisdiction's consumer-contract law applies β€” the consumer's, the merchant's, or the agent provider's?[^21] The Rome I Regulation (EC) No 593/2008 Art 6 points to the consumer's habitual residence where the merchant "directs activities" there; it is silent on agents.

10.11 Regulator positions as of April 2026

Only a handful of regulators have said anything publicly about agentic payments. The following is the state of the record; absent entries are intentional (no published statement).

  • US β€” CFPB. The Bureau's 2025 Compendium of Recent CFPB Guidance does not address agentic payments specifically; its most recent AI-relevant guidance is Circular 2023-03 (adverse-action notices using AI) and Circular 2024-03 (deceptive marketing of chatbots as humans).[^45] The CBA paper records that CFPB staff participated in the autumn 2025 symposium under Chatham-House rules but have not issued agent-specific guidance.[^1]
  • US β€” OCC. The OCC's 25 February 2026 proposed rule implementing GENIUS is the most consequential published output; it does not speak to agentic use of stablecoins.[^40]
  • US β€” FinCEN. No agent-specific guidance. Its 2019 guidance on CVCs remains the operative text for crypto-facilitator classification.[^27]
  • EU β€” European Commission. The February 2025 AI Act Q&A acknowledges "agentic AI" as an emerging category and flags it for study.[^26]
  • EU β€” EBA. PSD2 Q&A updates through March 2026 do not address agent flows; the EBA's "Opinion on new types of payment fraud" (October 2025) covers AI-assisted fraud in general terms but not agent principals.[^46]
  • UK β€” FCA. The October 2024 "AI Update" and the March 2026 AI Live Testing environment announcement reference agentic AI as a theme but do not prescribe rules.[^47] The FCA has publicly stated (CEO speech, January 2026) that Consumer Duty applies to firms deploying agents to retail customers; this is a speech, not guidance.
  • UK β€” PSR. No public statement on agentic APP cases as of 21 April 2026.
  • Singapore β€” MAS. MAS's November 2024 paper FEAT and Veritas 2.0 on AI governance includes agentic AI in its research agenda; no rules.[^48]
  • Hong Kong β€” HKMA. Generative AI Circular of August 2024 addresses internal bank use; agentic customer-facing use is unaddressed.
  • China β€” PBOC / CAC. The 2023 Interim Measures for Generative AI Services (CAC) regulate agent providers rather than payments; payments fall under PBOC's Payment & Settlement Rules, which require bank-account-based authorisation for non-bank payment agents under Order No. 7 (2023).[^49]
  • BIS / CPMI / FSB. CPMI's June 2024 paper Tokenisation in the context of money and the FSB's March 2025 Financial Stability Implications of Artificial Intelligence are both scoping documents; neither prescribes rules.[^30][^31]

The honest description of the field is: there is almost no binding agent-specific regulation anywhere in the world. Firms are operating under best-reads of existing rules, industry white papers and speeches.

10.12 Open regulatory questions and industry proposals

Against that gap, five structural proposals are live in the literature and industry discussion:

  1. "Agent-of-record" (AoR) registration. By analogy with merchant-of-record, an AoR would be a regulated entity that takes responsibility for the agent's actions vis-Γ -vis payments: CIP on the principal, mandate issuance, monitoring, and direct PSP-style statutory liability. Skyfire, Catena Labs and Nekuda each in effect occupy this niche commercially; it is not yet a regulatory category. The CBA white paper floats this concept as one option.[^1]
  2. Statutory "mandate" construct. Making AP2-style signed mandates evidentiary-grade under Reg E, PSD2 Article 64, and the PSRs β€” so that a Cart Mandate is a conclusive rebuttal to an "unauthorised" claim, subject to a fraud/injection carve-out. This would require CFPB amendment of 12 CFR 1005 Comment 2(m)-2 and a PSD3 text change.
  3. Safe harbour for bounded-scope agents. A Reg E / PSD2 safe harbour for transactions within a pre-authenticated mandate whose scope is below a de-minimis amount (e.g. $100) per interval. This mirrors the PSD2 low-value contactless exemption (RTS Art 11) and would let consumer-grade agents operate without repeated SCA challenges. The Linklaters article identifies this as the most plausible PSD3 amendment.[^21]
  4. KYA as a supervisory data field. Adding "principal identity + agent identity + mandate hash" to ISO 20022 pacs.008 and FATF Travel Rule data fields. The BIS CPMI paper flirts with the ISO idea; SWIFT's Agentic AI Working Group (launched November 2025) is the most promising industry venue.[^50]
  5. AI Act "deployer" carve-in for consumer agents. Clarifying that consumer deployments of payment agents trigger Article 50 transparency even where the agent is not high-risk, closing the "obviousness" loophole.

Each of these proposals ultimately asks the same question: who is legally on the hook when an AI spends your money badly? As of April 2026, no jurisdiction has answered it cleanly. The posture of all of the major regulators β€” CFPB, FCA, PSR, Commission, EBA, MAS, HKMA β€” is wait-and-see with guidance (likely not statute) to follow in 2026–27. The industry's posture, reflected in AP2, ACP, Visa TAP, Mastercard Agent Pay, x402 and Skyfire, is to build verifiable, cryptographically-bound mandates now and hope the evidentiary work they do will map onto whatever the regulators eventually put on paper.

Sources

[^1]: Consumer Bankers Association, Agentic AI Payments: Navigating Consumer Protection, Innovation, and Regulatory Frameworks (white paper, January 2026). Press release and PDF at https://consumerbankers.com/press-release/cba-releases-white-paper-examining-agentic-ai-consumer-payments-and-the-future-of-regulation/ ; white paper PDF: https://consumerbankers.com/wp-content/uploads/2026/01/CBA-Agentic-Symposium-White-Paper-2026-01v2.pdf

[^2]: Stripe, Agentic Commerce Protocol β€” overview, https://docs.stripe.com/agentic-commerce/protocol (confirming merchant-of-record retention in ACP).

[^3]: Electronic Fund Transfer Act, 15 U.S.C. Β§1693 et seq.; implemented as Regulation E at 12 CFR Part 1005, https://www.ecfr.gov/current/title-12/chapter-X/part-1005.

[^4]: Truth in Lending Act, 15 U.S.C. Β§1601 et seq.; implemented as Regulation Z at 12 CFR Part 1026, https://www.ecfr.gov/current/title-12/chapter-X/part-1026.

[^5]: FCA Policy Statement PS22/9 and Finalised Guidance FG22/5, A new Consumer Duty, https://www.fca.org.uk/publications/policy-statements/ps22-9-new-consumer-duty and https://www.fca.org.uk/publications/finalised-guidance/fg22-5-final-non-handbook-guidance-firms-consumer-duty. PRIN 2A is in the FCA Handbook: https://www.handbook.fca.org.uk/handbook/PRIN/2A/.

[^6]: Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 (AI Act), https://eur-lex.europa.eu/eli/reg/2024/1689/oj. Article 6 and Annex III at the same source.

[^7]: Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA), https://eur-lex.europa.eu/eli/reg/2023/1114/oj. Article 81 on CASP liability for loss of crypto-assets.

[^8]: Regulation (EU) 2024/1183 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework (eIDAS 2.0), https://eur-lex.europa.eu/eli/reg/2024/1183/oj.

[^9]: 12 CFR Β§1005.2(m), definition of "unauthorized electronic fund transfer", https://www.ecfr.gov/current/title-12/chapter-X/part-1005/subpart-A/section-1005.2#p-1005.2(m).

[^10]: CFPB Official Interpretations / Supplement I to Part 1005, Comment 2(m)-2, https://www.consumerfinance.gov/rules-policy/regulations/1005/Interp-2/.

[^11]: 12 CFR Β§1026.12(b), Liability of cardholder for unauthorized use, https://www.ecfr.gov/current/title-12/chapter-X/part-1026/subpart-B/section-1026.12#p-1026.12(b).

[^12]: Minskoff v. American Express Travel Related Services Co., 98 F.3d 703 (2d Cir. 1996), https://casetext.com/case/minskoff-v-american-exp-travel-related-services.

[^13]: Directive (EU) 2015/2366 (PSD2), https://eur-lex.europa.eu/eli/dir/2015/2366/oj. Article 97 on SCA; Article 64 on consent; Article 73 on unauthorised transaction refund; Article 74 on liability allocation.

[^14]: Commission Delegated Regulation (EU) 2018/389 (RTS on SCA and CSC), https://eur-lex.europa.eu/eli/reg_del/2018/389/oj.

[^15]: EBA Single Rulebook Q&A 2018_4131 on MIT scoping, https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2018_4131.

[^16]: EBA Opinion on the review of PSD2 (EBA/Op/2022/06 and follow-up 2024 update), https://www.eba.europa.eu/publications-and-media/publications.

[^17]: European Commission, PSD3 + Payment Services Regulation package, COM(2023) 366 final and COM(2023) 367 final (28 June 2023), https://finance.ec.europa.eu/publications/financial-data-access-and-payments-package_en.

[^18]: FCA, Payment Services and Electronic Money β€” Our Approach, November 2024, https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf.

[^19]: CFPB, Consumer Advisory and Circular series on P2P scams, e.g. CFPB Circular 2022-06 (Deceptive representations); see CFPB guidance hub https://www.consumerfinance.gov/compliance/.

[^20]: Payment Systems Regulator, Policy Statement PS24/7, Faster Payments APP scams reimbursement requirement: Confirming the maximum level of reimbursement, https://www.psr.org.uk/publications/policy-statements/ps247-faster-payments-app-scams-reimbursement-requirement-confirming-the-maximum-level-of-reimbursement/. Specific Direction 20 (Faster Payments) and Specific Direction 21 (CHAPS), effective 7 October 2024, Β£85,000 cap, 50/50 split, Β£100 excess, 5-working-day refund, Consumer Standard of Caution Rule 1.19.

[^21]: Linklaters TechInsights, Hay R., Quicke S., Cunningham-Day J., Agentic payments: what are they, what are the legal risks and what's next? https://techinsights.linklaters.com/post/102l0hm/agentic-payments-what-are-they-what-are-the-legal-risks-and-whats-next.

[^22]: Visa, Compelling Evidence 3.0 β€” Merchant Readiness Guide, March 2023, https://usa.visa.com/content/dam/VCOM/regional/na/us/support-legal/documents/compelling-evidence-3.0-merchant-readiness-mar2023.pdf.

[^23]: Justt.ai, Agentic Commerce: Preparing for Chargeback and Fraud Risks, https://justt.ai/blog/agentic-commerce-chargeback-risk-preparation/ (recording of ChargebackX 2025 panel).

[^24]: Google, Agent Payments Protocol specification, https://github.com/google-agentic-commerce/AP2/blob/main/docs/specification.md; Google Cloud announcement https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol.

[^25]: Visa, Visa Introduces Trusted Agent Protocol, 14 October 2025, https://investor.visa.com/news/news-details/2025/Visa-Introduces-Trusted-Agent-Protocol-An-Ecosystem-Led-Framework-for-AI-Commerce/default.aspx.

[^26]: European Commission, AI Act β€” Questions & Answers, updated February 2025, https://digital-strategy.ec.europa.eu/en/faqs/ai-act-questions-answers.

[^27]: FinCEN Guidance FIN-2019-G001, Application of FinCEN's Regulations to Certain Business Models Involving Convertible Virtual Currencies, https://www.fincen.gov/sites/default/files/2019-05/FinCEN%20Guidance%20CVC%20FINAL%20508.pdf.

[^28]: Regulation (EU) 2024/1624 (AMLR), https://eur-lex.europa.eu/eli/reg/2024/1624/oj.

[^29]: FATF, Updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs, March 2025 update, https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Updated-Guidance-VA-VASP.html; Recommendation 16 text in FATF Recommendations: https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html.

[^30]: BIS CPMI, Tokenisation in the context of money and other assets: concepts and implications for central banks, October 2024, https://www.bis.org/cpmi/publ/d225.htm.

[^31]: Financial Stability Board, The Financial Stability Implications of Artificial Intelligence, 14 November 2024 (published and reaffirmed March 2025), https://www.fsb.org/2024/11/the-financial-stability-implications-of-artificial-intelligence/.

[^32]: Coinbase, x402 facilitator, https://docs.x402.org/core-concepts/facilitator; CDP facilitator docs at https://docs.cdp.coinbase.com/.

[^33]: Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (TFR), https://eur-lex.europa.eu/eli/reg/2023/1113/oj.

[^34]: EDPB Guidelines 05/2020 on consent under Regulation 2016/679, https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en.

[^35]: Commission Implementing Decision (EU) 2023/1795 on the adequate level of protection under the EU–US Data Privacy Framework, 10 July 2023, https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj.

[^36]: Gramm-Leach-Bliley Act, 15 U.S.C. §§6801–6809; Regulation P at 12 CFR Part 1016, https://www.ecfr.gov/current/title-12/chapter-X/part-1016.

[^37]: CFPB, Personal Financial Data Rights, 12 CFR Part 1033 (Final Rule, 22 October 2024), https://www.consumerfinance.gov/rules-policy/final-rules/required-rulemaking-on-personal-financial-data-rights/.

[^38]: European Commission, EU Digital Identity Wallet β€” Architecture and Reference Framework v1.4.0, February 2025, https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework.

[^39]: GENIUS Act, Pub. L. 119-XX (S.1582), signed 18 July 2025; text at https://www.congress.gov/bill/119th-congress/senate-bill/1582. Summaries per Debevoise (https://www.debevoise.com/insights/publications/2025/07/genius-act-progresses-in-congress-as-stablecoin), Sidley (https://www.sidley.com/en/insights/newsupdates/2025/07/the-genius-act-a-framework-for-us-stablecoin-issuance) and Greenberg Traurig (https://www.gtlaw.com/en/insights/2025/7/genius-act-enacted-establishing-a-regulatory-framework-for-payment-stablecoins-issued-or-sold-in-the-united-states).

[^40]: OCC, Notice of Proposed Rulemaking: Federal Framework for Payment Stablecoin Issuers, 25 February 2026, 60-day comment period closing 1 May 2026; overview per Mayer Brown, https://www.mayerbrown.com/en/insights/publications/2026/03/occ-proposes-comprehensive-rulemaking-to-implement-the-genius-act and Ankura https://ankura.com/insights/occ-proposes-comprehensive-federal-framework-for-stablecoin-issuers-under-the-genius-act.

[^41]: STABLE Act, H.R.2392, 119th Congress, https://www.congress.gov/bill/119th-congress/house-bill/2392.

[^42]: FCA Discussion Paper DP24/4 Regulating cryptoassets: Admissions & disclosures and market abuse (Dec 2024) and CP25/14 Stablecoins and crypto custody (May 2025), https://www.fca.org.uk/publications/discussion-papers and https://www.fca.org.uk/publications/consultation-papers.

[^43]: Monetary Authority of Singapore, Stablecoin Regulatory Framework β€” Final, 15 August 2023, https://www.mas.gov.sg/publications/monographs-or-information-paper/2023/stablecoin-regulatory-framework.

[^44]: Hong Kong Stablecoins Ordinance (Cap. 656), enacted May 2025, licensing regime effective 1 August 2025; HKMA overview https://www.hkma.gov.hk/eng/key-functions/international-financial-centre/regulatory-regime-for-stablecoin-issuers/.

[^45]: CFPB, Compendium of Recent CFPB Guidance (2025 edition) and CFPB Circular series, https://www.consumerfinance.gov/compliance/circulars/.

[^46]: EBA, Opinion on new types of payment fraud and possible mitigants, October 2025, https://www.eba.europa.eu/publications-and-media/publications.

[^47]: FCA, AI Update, April 2024 and subsequent updates; AI Live Testing programme page https://www.fca.org.uk/firms/innovation/ai-live-testing.

[^48]: Monetary Authority of Singapore, Veritas 2.0 and FEAT Principles, https://www.mas.gov.sg/news/media-releases/2024/veritas-toolkit-version-2.0.

[^49]: Cyberspace Administration of China, Interim Measures for the Management of Generative AI Services, 10 July 2023, http://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm; PBOC Order No. 7 (2023) on non-bank payment institutions, http://www.pbc.gov.cn/.

[^50]: SWIFT, Agentic AI Working Group, launched November 2025, https://www.swift.com/news-events (press release series).

End of section. Word count: ~5,060.