Vol. 1 · No. 1
Monday, 1 June 2026
Saigar'sDesk
Delft, The Netherlands
20:12 CET
Brief · edition-2026-w19 · Wednesday, 6 May 2026 · 10 min read

Five terms every European agentic commerce stakeholder must understand

*The vocabulary of classical EU agency law and the vocabulary of automated commerce are converging on the same five terms, carrying different meanings and distinct liability consequences.*

Core Definitions at a Glance

  • AGENT The legal or software actor authorised to act on behalf of another; under EU commercial law, an agent's acts bind the principal within the scope of the mandate granted.

  • PRINCIPAL The natural or legal person whose authority an agent exercises; liability for agent actions flows back to the principal where the agent acted within authorised scope.

  • DELEGATION The formal act by which a principal transfers a defined permission scope to an agent; in agentic systems, the parameters of that transfer determine whether downstream acts are authorised.

  • SETTLEMENT The point at which a payment obligation is discharged and becomes final; under SEPA Instant Credit Transfer, this occurs within the scheme's ten-second ceiling, often before disputes can be raised.

  • ATTESTATION A cryptographically verifiable record that a specific authority was granted; the mechanism by which delegation is proved after the fact. Documentary records may serve this function where cryptographic infrastructure is absent, but this brief addresses the cryptographic form throughout, as it is the form most relevant to machine-initiated payment instructions.

Context

Why These Five Terms Matter Now

European commerce platforms are deploying autonomous software agents that initiate purchases, authorise payments, and negotiate contract terms without per-transaction human sign-off. The regulatory frameworks governing these acts, principally the Commercial Agents Directive 86/653/EEC, PSD2 and the forthcoming PSD3/PSR package, GDPR, and the EU AI Act, were drafted with human actors in mind. Each framework assigns obligations and liability to identifiable legal persons, and each depends on a clear account of who instructed whom, under what authority, and when.

The five terms addressed in this brief sit at the intersection of those frameworks. When a software agent initiates a SEPA Instant payment on behalf of a consumer, the structural determinations that follow concern whether the agent was authorised, by which principal, under what scope, whether that scope was recorded in a form a court or regulator can inspect, and whether the transaction was final before any party could intervene. The answers hinge entirely on how precisely these five terms are defined and operationalised within a given system's architecture.

How Agent and Principal Shape Liability

Under EU commercial law, grounded in the Commercial Agents Directive 86/653/EEC and its national implementing legislation across member states, an agent is a person authorised to negotiate or conclude contracts in the name of the principal. The principal is bound by acts the agent performs within the scope of that authority. Acts outside that scope create personal liability for the agent, and potentially for the principal if apparent authority can be established. This structure presupposes a human actor who can be held to account, a mandate whose terms can be interrogated, and a temporal sequence in which authority precedes action.

Delegation is the instrument that defines scope. In classical commercial law, delegation may be express (a written mandate specifying permitted acts) or implied (derived from the nature of the relationship). In agentic commerce systems, delegation must be rendered machine-readable: a permission scope specifying, for example, the maximum transaction value, the categories of goods that may be purchased, the counterparties with whom the agent may deal, and the time window during which authority holds. Each parameter of that scope is a legal boundary; acts beyond any single parameter are, in the classical framework, unauthorised.

Settlement introduces a temporal complication that the classical framework did not anticipate. When a payment agent initiates a SEPA Instant Credit Transfer and settlement occurs within the scheme's ten-second ceiling, the financial obligation discharges before any human review is possible. Classical agency law resolves disputes after the fact, examining whether the agent acted within scope at the moment of instruction. Settlement at that speed means that the financial consequence is irreversible before the dispute can even be identified. The liability question therefore turns entirely on what was recorded at the moment of delegation, because the window between instruction and irreversible consequence is too narrow for real-time intervention. Attestation is the mechanism that bridges this gap: a cryptographically verifiable record, generated when authority is granted, that allows a court, a payment service provider, or a regulator to reconstruct the scope of delegation after settlement has already occurred.

Reference Materials

  1. Commercial Agents Directive 86/653/EEC (consolidated text, EUR-Lex): the foundational EU instrument defining agent and principal relationships in commercial contexts.

  2. EBA Guidelines on major incident reporting under PSD2 (EBA/GL/2021/03): grounds the incident reporting and notification duties that apply where a payment-initiating agent's acts give rise to a reportable operational or security event.

  3. EU AI Act (Regulation (EU) 2024/1689, OJ L 2024/1689, 12 July 2024): the classification and conformity assessment obligations that attach to AI systems, including those operating as commerce agents.

  4. eIDAS 2.0 Regulation (EU 2024/1183, amending 910/2014): the legal framework governing digital identity wallets and qualified electronic attestations of attributes, directly relevant to delegation records.

Three Architectural Consequences

Precise definitional grounding on these five terms changes system architecture in at least three concrete directions.

First, settlement design can no longer treat payment finality as a purely technical event. Because SEPA Instant settlement is irreversible within the scheme's ten-second ceiling, the delegation record must be generated and cryptographically bound to the payment instruction before the instruction is transmitted. Platforms that treat attestation as a post-hoc audit function rather than a pre-settlement prerequisite will face disputes they cannot resolve: no record of scope means no basis for determining whether the agent acted within authority, which defaults, under most member-state interpretations of the Directive, to principal liability for the full transaction value.

Second, audit trail architecture must distinguish between the moment of delegation and the moment of settlement. These two events frequently occur hours or days apart in agentic systems, because authority may be granted once (the consumer authorises an AI shopping agent for a monthly budget cycle) and exercised repeatedly and autonomously across dozens of individual transactions. Each exercise of authority is a distinct legal act. Compliance teams must therefore structure logs such that each transaction can be traced back to a specific delegation event, with the scope at that moment recoverable in a form admissible as evidence.

Third, liability allocation in commercial contracts between platform operators, AI system developers, merchants, and consumers must explicitly assign responsibility for each definitional failure mode: unauthorised agent acts, scope ambiguity, settlement before dispute identification, and attestation record loss or tampering. The EU AI Act's provisions on high-risk AI systems introduce conformity assessment obligations that begin to address developer liability, but they do not resolve the downstream allocation between platform operator and the deploying principal. That allocation remains a matter of contract, and it must be drafted with these five structural distinctions in view.

In agentic commerce operating under EU law, the terms agent, principal, delegation, settlement, and attestation each mark a point at which liability either transfers to an identifiable and recoverable party or dissolves into an unresolvable dispute. The dissolution follows a predictable pattern: a consumer asserts that the agent acted outside authority; the platform operator points to a delegation record that was never generated or was generated after settlement; the AI system developer invokes the conformity assessment it completed under the EU AI Act; and the payment service provider notes that the instruction appeared regular on its face and settlement is final. No single party holds the record that would have resolved the question, because no party was required to produce it before the ten-second window closed.

The five terms are therefore not merely vocabulary. Each one corresponds to a system design requirement. Agent identity must be registered and traceable. Principal liability must be mapped to a legal person before the mandate is issued. Delegation scope must be machine-readable, cryptographically bound, and timestamped. Settlement architecture must treat the attestation record as a prerequisite to instruction transmission, not a post-event compliance artefact. And attestation infrastructure must be capable of producing a record that survives the full evidentiary chain: from the moment of authority grant, through each autonomous exercise of that authority, to the point at which a court, regulator, or dispute resolution body demands an account. Platforms that address these requirements in sequence will be in a materially different position from those that treat the five terms as interchangeable process labels.

Counterpoint

The Autonomy Question

The strongest objection to applying classical agency law to agentic commerce systems is structural, with practical consequences following from that structural mismatch. Classical agency law presupposes a principal who forms an intention, delegates a bounded task, and can be held to account for the scope of the mandate granted. A sufficiently autonomous AI agent does not receive a bounded task in any legally meaningful sense: it receives a goal, an optimisation target, and a set of environmental constraints, then derives its own action sequence. The acts that result may be impossible to trace back to a specific delegated permission without recharacterising the system in ways that distort its actual operation.

If this characterisation is accurate, the appropriate response is a new liability framework oriented around the developer, the deployer, and the operator as distinct responsible parties, structurally similar to the product liability model under the revised EU Product Liability Directive (politically agreed as of mid-2024, but not yet published in the Official Journal and therefore not yet operative law), rather than an extension of the agent-principal relationship. On this view, mandating attestation records keyed to classical delegation scope constitutes a category error: the approach imposes a legal structure on systems that operate outside that structure, producing records that are formally compliant but analytically misleading. The counterpoint raises the open empirical question of whether attestation of a permission scope meaningfully constrains an agent that derives its actions from learned behaviour rather than explicit instruction.

Unresolved Tensions

  1. Under PSD3/PSR, it remains unresolved whether the definition of 'payer' extends to an autonomous software agent, or whether liability for a disputed payment instruction reverts automatically to the human account holder regardless of the agent's scope record.

  2. The treatment of recurring delegations is unsettled: where an agent operates under a single authority grant covering multiple transactions over time, regulators have not yet determined whether each transaction requires a fresh attestation event or whether the original delegation record suffices for all downstream acts.

  3. A tension exists between GDPR's purpose limitation and data minimisation obligations on one hand, and the comprehensive transaction-level logging that meaningful attestation infrastructure requires on the other, with no authoritative reconciliation yet in place.

  4. The threshold of autonomy at which an AI commerce agent ceases to qualify as an agent under the Commercial Agents Directive is addressed in the counterpoint section as a structural problem without settled resolution; what remains open beyond that structural argument is the specific regulatory criterion, whether quantitative, functional, or supervisory, that a competent authority or court would apply to make that determination in a contested case.

Sources

[1] Howell, S. T., Niessner, M., & Yermack, D. (2019). Initial Coin Offerings: Financing Growth with Cryptocurrency Token Sales. Oxford University Press.

[2] Alexiadis, P., & de Streel, A. (2020). Designing an EU Intervention Standard for Digital Platforms. RELX Group (Netherlands).

← all briefs