📊 Full opportunity report: The rails. Why European agentic commerce is co-defined by two converging regimes. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.
TL;DR
European agentic commerce is being co-defined by two regulatory regimes—PSD3/PSR and the AI Act—creating a statutory infrastructure that contrasts with the US’s private, commercial payment systems. This convergence impacts how AI agents can operate in Europe.
European law currently prevents AI agents from making payments without human authorization, despite technological capability. The regulatory environment is being reshaped by two major regimes—PSD3/PSR and the AI Act—that will fundamentally determine how agentic commerce can operate in Europe.
In Europe, the ability for AI agents to pay for goods and services is limited not by technology but by law. The Payment Services Directive (PSD3) and Payment Services Regulation (PSR), scheduled for implementation around 2028, are rebuilding the payment infrastructure with mandatory API parity, requiring banks to expose interfaces capable of supporting agent transactions. Simultaneously, the European AI Act, with high-risk obligations set for 2026, classifies AI systems involved in finance—such as credit scoring and fraud detection—as high-risk, subject to strict oversight, conformity assessments, and registration.
These two regulatory regimes are not coordinated; PSD3/PSR focus on payment infrastructure, while the AI Act imposes guardrails on AI systems. The result is a fragmented, statutory infrastructure where an AI agent’s ability to pay depends on the evolving legal framework, not on technological capability. This divergence creates a complex environment where the legal architecture constrains and shapes the development of agentic commerce.
The rails.
Why European agentic
commerce is co-defined by
two converging regimes.
SCA needs a human payer
first-class third-party interfaces
(Omnibus may slip it to 2027)
the clock agentic commerce runs on
choose the best deal — capability is here
authentication
required
as the equivalent of a human payer
- Mastercard Agent Pay, Visa Intelligent Commerce, Plaid
- The rail’s owner sets the rule — extend to agents by product decision
- Fast — moves at product speed
- Concentrated — a few firms control access
- PSD2/PSD3, PSR, SCA, FIDA
- The legislature sets the rule — no network can grant payer status
- Slow — moves at legislative speed
- Open — mandatory API parity, public data substrate
within
limits
Europe is betting that durable, open, publicly-owned rails produce a better agentic-commerce market than fast, concentrated, privately-owned ones — even at the cost of arriving later. Which foundation an agent economy actually prefers is the genuine open question.Thorsten Meyer · The Rails · Agentic Commerce 04
Implications of Dual Regulatory Regimes for European AI Commerce
This convergence of regulations means European agentic commerce will develop more slowly than in the US but may be more durable. The statutory, law-driven infrastructure is less controllable by private firms, promoting open finance and API parity, which could foster a more open and interoperable market. However, the legal process is slower, and the timeline for full implementation remains uncertain, potentially delaying the deployment of AI-driven payment agents in Europe.
Furthermore, the separation of regulatory regimes introduces seams and complexities that could impact the seamless functioning of AI agents, affecting innovation and competitiveness. The fundamental difference in foundation—statutory versus private infrastructure—may influence which system ultimately prevails in the global market.
European AI payment regulation compliance tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
European Regulatory Frameworks Reshaping Payment and AI Laws
Europe’s approach to agentic commerce is shaped by two major regulatory developments. The PSD3/PSR reforms, agreed in November 2025 and expected to be implemented by 2028, aim to overhaul payment infrastructure by mandating API parity and open access to payment systems, reducing control by individual banks and fostering open finance. Concurrently, the European AI Act, finalized in late 2025 with high-risk obligations set for 2026, imposes strict oversight on high-risk AI systems involved in financial transactions, requiring conformity assessments and human oversight.
These two regimes were not designed to work together, resulting in a fragmented landscape where the legal authority, data access, and payment capabilities for AI agents are governed by separate, evolving frameworks. This contrasts sharply with the US, where private companies build and extend commercial rails for agentic payments, enabling faster deployment.
“European agentic commerce is being co-defined by two regulatory regimes—PSD3/PSR and the AI Act—that are not designed together, resulting in a complex, statutory infrastructure.”
— Thorsten Meyer
AI payment authorization hardware
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Unclear Timeline and Practical Impact of Regulatory Convergence
It remains uncertain how quickly the new regulations will be fully implemented and how they will interact in practice. The exact timeline for AI high-risk obligations, the speed of PSD3/PSR adoption, and the operational impact on AI agents are still developing. Additionally, how these regulatory frameworks will influence innovation and market competitiveness in Europe remains to be seen.
European payment API integration devices
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Upcoming Regulatory Milestones and Market Developments
Regulators are expected to finalize detailed rules for PSD3/PSR by mid-2026, with full implementation targeted around 2028. The AI Act’s high-risk obligations are likely to come into force by 2027, with conformity assessments and oversight mechanisms established. Industry stakeholders are closely monitoring these developments, preparing for the integration of AI agents within the new legal frameworks. The next steps include regulatory consultations, pilot programs, and potential market tests of agentic payment systems in Europe.
AI high-risk credit scoring software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How does the European regulatory approach differ from the US?
Europe relies on statutory, law-based infrastructure with mandated API parity and open finance, while the US depends on private, commercial rails controlled by firms like Mastercard and Visa, which can extend or modify their systems more quickly.
When will AI agents in Europe be able to make payments independently?
Full legal capability depends on the implementation of PSD3/PSR around 2028 and the AI Act’s high-risk obligations, possibly by 2027, but practical deployment will depend on regulatory clarity and industry readiness.
What are the risks of Europe’s statutory approach?
The slower regulatory process could delay innovation and deployment, but the resulting infrastructure may be more durable, open, and less controlled by private firms, potentially fostering a more resilient and interoperable market.
Will Europe’s approach favor certain types of AI applications over others?
High-risk classification under the AI Act means AI systems involved in finance, including credit scoring and fraud detection, will face stricter oversight, potentially limiting some applications but ensuring safety and compliance.
Source: ThorstenMeyerAI.com