The digital euro as agentic settlement layer

The emergence of autonomous software agents capable of initiating, negotiating, and completing commercial transactions on behalf of human principals introduces a category of infrastructure demand that payment system designers have not previously needed to address at scale. An agent operating within a supply chain may need to reserve funds conditionally upon delivery confirmation from a logistics counterparty, release payment only when a cryptographic proof of receipt is available, and coordinate settlement across three or more parties whose obligations are logically interdependent. These requirements, taken together, constitute what this paper terms agentic settlement: the execution of multi-party payment workflows initiated and managed by software agents acting under delegated authority, without continuous human intervention at each transaction step.

Existing payment infrastructure handles human-initiated, single-counterparty transactions with reasonable efficiency. SWIFT messaging, card network clearing, and SEPA credit transfers all operate on the assumption that a legal person has authorised each payment instruction prior to submission. The rails are designed for instruction relay and final settlement of individually authorised items. They carry no native construct for conditional release, multi-party atomic commitment, or machine-verifiable delegation chains. Workarounds exist: escrow accounts, payment-on-delivery services, and API orchestration layers each simulate some of these properties, but each workaround introduces an additional counterparty, a latency cost, or a legal ambiguity that a purpose-built infrastructure would not require.

The digital euro, as developed through the European Central Bank's investigation and preparation phases, introduces programmability as a first-class design property. The ECB's design parameters include conditional payment triggers, support for ISO 20022 structured messaging, a tiered architecture in which intermediaries distribute the instrument while the central bank operates the settlement backbone, and holding limits that serve both monetary policy and financial stability objectives [7]. These properties were not assembled with agentic commerce in mind; the ECB's published rationale centres on consumer payments, financial inclusion, and euro area monetary sovereignty. The argument this paper advances is that the same architectural properties that make the digital euro serviceable for programmable retail payments make it structurally superior to available alternatives for agentic multi-party settlement, and that this superiority has not been assessed systematically against the specific requirements of autonomous commerce.

This paper makes three contributions. First, it establishes a structured set of five criteria against which any candidate agentic settlement infrastructure can be evaluated: machine-readability, programmability depth, atomicity guarantees, compliance integration, and policy neutrality toward agent principals. Second, it applies those criteria to the digital euro's current architectural specification, to legacy rail alternatives, and to representative competing instruments including stablecoins and permissionless DeFi protocols. Third, it identifies the specific tensions, architectural gaps, and policy preconditions that must be addressed before the digital euro's theoretical positioning can be realised in production agentic deployments.

The analysis yields five differentiated findings, one per criterion, which the discussion then consolidates into three actionable remediation vectors and one regulatory instrument. The consolidation is explicit: the atomicity finding and the programmability finding share a common technical resolution path; the accuracy-determinism finding and the settlement finality rules constitute a second path; and the privacy-programmability finding constitutes a third. The legal personhood gap, addressed as a fourth finding in the discussion, is resolved through a distinct regulatory instrument rather than an architectural extension.

The paper proceeds as follows. Section 2 grounds the urgency of the problem in current regulatory momentum and operational risk. Section 3 situates this contribution against prior scholarship on CBDC design, smart contract settlement, and agent architecture. Section 4 establishes the analytical framework and evaluation criteria. Section 5 presents the architectural findings on the digital euro as a settlement layer. Section 6 interprets those findings in terms of structural advantages and policy trade-offs. Section 7 concludes with a synthetic assessment and a statement of the policy posture required to realise the infrastructure. Supplementary sections address limitations, future research directions, a traced case study, and data provenance.

Three concurrent developments create urgency for a rigorous assessment of agentic settlement infrastructure: the acceleration of autonomous agent deployment in commercial contexts, the maturation of the legislative and design frameworks governing digital currencies in the European Union, and the measurable operational costs imposed by settlement layer mismatch in agent-mediated transactions.

Deployment of large language model agents in commercial workflows has moved from research prototype to production integration across logistics, procurement, and financial operations. These agents are not restricted to advisory functions; tool-using architectures allow agents to call payment APIs, submit purchase orders, and initiate fund transfers as execution steps within broader task completion [11]. The security properties of such agents in commercial contexts have received systematic treatment only recently, with evidence establishing that authentication, delegation, and cross-agent trust are structurally underspecified in current agentic system designs [11]. When an agent initiates a payment, existing rails treat that instruction identically to a human-authorised instruction, because they have no mechanism to verify that the initiator is an agent, that the agent is operating within its delegated authority, or that downstream settlement steps in the same workflow have been or will be completed. The absence of native delegation primitives in current infrastructure is a design gap, not a configuration oversight.

On the regulatory side, the European Union has advanced both the legislative framework for the digital euro and the broader payments regulation package on a timeline that intersects with the commercial deployment curve for agentic systems. The digital euro regulation, under development through the Commission's proposal process, envisions the instrument as legal tender across the euro area, with programmability features intended to support a range of use cases beyond simple peer-to-peer transfers. Separately, the Markets in Crypto-Assets Regulation and the Digital Operational Resilience Act establish regulatory expectations for instruments and infrastructure that could compete with or complement the digital euro in agentic settlement contexts. The regulatory window in which the digital euro's design can be shaped to accommodate agentic requirements is finite; architectural decisions being made now will constrain or enable agentic use cases for a decade or more.

The operational cost of mismatched settlement layers is concrete. In multi-party workflows where payment is contingent on the completion of upstream steps, the absence of native conditional settlement forces operators to implement compensating controls: escrow accounts that introduce custodial risk, time-locked instructions that introduce timing risk, or human approval steps that reintroduce the latency and error surface that automation was intended to eliminate. Each compensating layer adds a counterparty, an audit trail gap, or a failure mode. For high-frequency agentic workflows involving small transaction values across many counterparties, the overhead cost of these workarounds can eliminate the efficiency gains that motivated agent deployment in the first place.

The institutional actors bearing the cost of this infrastructure gap can be identified concretely. Enterprises deploying agentic procurement systems must maintain compensating escrow or human-approval infrastructure that adds per-transaction overhead and reintroduces manual error. Financial institutions building agent-facing payment APIs must perform identity and delegation verification outside the payment rail, creating audit trail fragmentation. Central banks designing next-generation settlement infrastructure face the risk that architectural decisions made without reference to agentic use cases will embed constraints that prove costly to reverse. Each of these actors faces a distinct operational consequence, and the design choices made in the digital euro's programmability layer will determine whether sovereign digital currency infrastructure serves or is bypassed by the agentic commerce layer being built above it.

The literature relevant to this paper spans four bodies of work: CBDC design, programmable payment and smart contract settlement, decentralised finance as an alternative settlement substrate, and the behavioural properties of LLM agents in financial contexts. This section positions each body of work against the contribution this paper makes.

CBDC design and the tiered model. Bindseil [1] establishes the foundational economic case for a tiered CBDC architecture in which the central bank operates the settlement backbone while licensed intermediaries manage customer relationships, holding limits, and distribution. The tiered design is shown to mitigate disintermediation risk to the commercial banking sector, a concern that has dominated CBDC policy debate. Bindseil, Panetta, and Terol [7] extend this framework to questions of functional scope, pricing, and usage controls, arguing that holding limits and remuneration policy are the primary instruments for balancing monetary policy objectives against financial stability. Both works are foundational to understanding the institutional constraints within which the digital euro's programmability is being designed, and neither addresses programmability as an infrastructure primitive for non-human transaction initiators. This paper takes the tiered architecture as given and assesses what programmability properties it can support for agentic use cases.

Elsayed and Nasir [6] provide a research agenda for CBDC design that catalogues the open questions across monetary policy, financial stability, privacy, and cross-border interoperability. Their survey confirms that programmability and its implications for non-standard transaction initiators are underexplored in the academic literature. Dionysopoulos, Marra, and Urquhart [8] offer a critical review of CBDC literature that identifies privacy, disintermediation, and cybersecurity as the dominant concerns, with limited treatment of the infrastructure requirements of automated commerce. Kuehnlenz, Orsi, and Kaltenbrunner [5] examine CBDCs through the lens of international monetary system dynamics and dollar hegemony, a macroeconomic framing that does not engage with the transaction-level architecture this paper analyses.

The ECB's own published materials on the digital euro's design, including the investigation phase report and the progress reports issued during the preparation phase, provide the primary source for the instrument's architectural properties assessed in this paper. These documents address privacy architecture, legal tender status, and programmability scope, and their specific design commitments and open questions are incorporated into the analysis in Sections 4 and 5. Where the published materials are ambiguous or unresolved on a specific design point, the analysis identifies the range of possible outcomes rather than asserting a single result.

Programmability, compliance, and regulation-by-design. Pocher and Veneris [9] develop the concept of regulation-by-design in the CBDC context, proposing an AML/CFT scheme in which compliance logic is embedded at the protocol level rather than applied post-hoc by intermediaries. Their architecture demonstrates that conditional transfer rules and transaction monitoring can be made compatible within a single design, though the paper acknowledges residual privacy costs from centralised policy logic. This paper draws on their framework for the compliance integration dimension of the evaluation criteria, and extends it to the specific case of agent-initiated transactions where the identity and authority of the initiating party must be verifiable at the protocol level.

Decentralised finance and competing settlement alternatives. Grassi et al. [2] examine the intermediation spectrum in DeFi, establishing that the elimination of intermediaries through smart contract execution redistributes risk toward protocol design and oracle reliability rather than uniformly reducing it. Their analysis is directly relevant to the comparison between digital euro programmability and permissionless DeFi as settlement substrates: DeFi achieves native conditionality and atomicity at the cost of regulatory legibility and recourse mechanisms that agentic commerce in regulated sectors requires. Allen, Gu, and Jagtiani [3] survey fintech research including smart contract applications, providing context on the maturation of programmable finance. Catalini, de Gortari, and Shah [4] analyse stablecoin economics, demonstrating that reserve backing, redemption guarantees, and regulatory status are the primary differentiators between stablecoin variants, with implications for their viability as settlement instruments. This paper uses these works to construct the comparison set against which the digital euro is evaluated.

LLM agent behavioural constraints. The security and architecture literature on autonomous LLM agents in commercial contexts identifies delegation chains, verifiable execution proof, cross-agent authentication, and exception handling as functional requirements that payment infrastructure must support when agents are transaction initiators [11]. A complementary body of work addresses the accuracy-determinism trade-off in tool-using LLM agents, demonstrating that no current model achieves simultaneously high accuracy and high determinism across financial tool calls, and proposes replay-based assurance mechanisms as a partial remediation [10]. Together, these works establish the agent-side constraints that any settlement infrastructure must accommodate. This paper is the first to evaluate a specific settlement instrument, the digital euro, against the infrastructure requirements these agent-side properties generate.

This paper evaluates the digital euro as agentic settlement infrastructure through a structured comparative analysis. The methodology proceeds in three stages: derivation of agentic settlement requirements from the literature on autonomous agent behaviour and multi-party commerce; translation of those requirements into infrastructure evaluation criteria; and application of those criteria to the digital euro alongside a comparison set of alternative instruments.

Stage 1: Requirements derivation. Agentic settlement requirements are derived by combining two bodies of evidence. The first is the security and architecture literature on autonomous LLM agents in commercial contexts [11], which identifies delegation chains, verifiable execution proof, cross-agent authentication, and exception handling as functional requirements that payment infrastructure must support when agents are transaction initiators. The second is the CBDC and programmable finance literature [7][9], which identifies conditional transfer, atomic multi-party commitment, and machine-readable instruction encoding as the payment-side counterparts to these agent requirements. The union of these two requirement sets defines the space within which a candidate settlement layer must operate.

Stage 2: Evaluation criteria. Five criteria are defined. For each criterion, a comparative scale is stated so that assessments in the results section are grounded in the methodology rather than asserted as self-evident orderings.

1. Machine-readability refers to the capacity of the settlement instrument to accept, parse, and act upon structured, machine-generated payment instructions without human intermediation. The comparative scale runs from no structured schema (unformatted free-text or proprietary binary encoding), through a transport-layer structured schema (ISO 20022 applied as a message envelope over an unstructured legacy core), to an instrument-level structured schema (ISO 20022 applied consistently from instruction origination through settlement, with mandatory structured fields at each processing step). The reference standard for the highest level is ISO 20022 applied at instrument scope.

2. Programmability depth refers to the richness of conditional logic that can be embedded in a payment instruction or associated smart contract. Depth is assessed on an ordinal scale: no conditionality (legacy rails), single-condition triggers (first-generation programmable CBDC designs), and multi-condition atomic workflows (full smart contract programmability on a shared execution environment).

3. Atomicity guarantees refer to the infrastructure's ability to ensure that a multi-leg transaction either completes in full or reverts completely, with no intermediate state in which some legs are settled and others are not. The comparative scale distinguishes: no atomicity guarantee (each leg settles independently), intra-intermediary atomicity (a single intermediary can guarantee atomic completion for legs within its own books), and cross-intermediary atomicity (a shared infrastructure enforces atomic commitment across multiple institutional counterparties). This property is essential for agentic workflows where payment obligations across multiple parties are logically interdependent.

4. Compliance integration refers to the degree to which AML/CFT and other regulatory controls are embedded at the protocol level rather than applied by intermediary layers operating independently of one another. The comparative scale runs from no embedded compliance (controls applied entirely outside the settlement layer), through intermediary-level embedded compliance (each intermediary applies controls as a mandatory step in settlement processing, under a common regulatory obligation), to protocol-level embedded compliance (controls are enforced by the shared settlement infrastructure itself, uniformly across all participants). Higher compliance integration reduces the regulatory overhead of agent-initiated transactions but introduces design trade-offs with privacy.

5. Policy neutrality toward agent principals refers to whether the settlement infrastructure imposes legal or operational requirements that effectively require a human legal person to be the proximate transaction initiator, or whether it accommodates software agents acting under delegated authority as first-class principals. The scale distinguishes: human-only attribution required (no infrastructure support for delegation records), delegation-by-convention (intermediaries may optionally maintain delegation records without regulatory standardisation), and delegation-by-design (the infrastructure mandates a standardised delegation record and assigns liability to a defined institutional actor for agent-initiated instructions).

Stage 3: Comparative application. The digital euro is assessed against each criterion using the ECB's published design parameters, supplemented by the analysis in [7] and [9]. The comparison set comprises: (a) legacy SEPA credit transfer and card network rails, representing the current default; (b) euro-denominated stablecoins operating under MiCA, representing the private programmable alternative; and (c) permissionless DeFi settlement via smart contracts, representing the maximally programmable but least regulated option [2][4]. For each criterion, the digital euro's current and proposed capabilities are contrasted with the comparison set's capabilities, and the residual gap between current design and full agentic requirement is stated explicitly.

This methodology is analytical rather than empirical: it does not use transaction-level data from deployed systems, because no production agentic settlement system operating on the digital euro exists at the time of writing. The analysis is therefore bounded by the architectural specifications available in published ECB materials and the academic literature. Where architectural specifications are unfinalized, the analysis identifies the range of possible outcomes rather than asserting a single result, consistent with the evidentiary limitations stated in Section 8.

Applying the five evaluation criteria to the digital euro's current design yields a differentiated profile. The assessments below are bounded inferences from published ECB design parameters and the academic literature; where the ECB's specification remains open, the finding states a range rather than a single result.

Machine-readability. The digital euro's design incorporates ISO 20022 as the native messaging standard, providing a structured schema capable of carrying rich metadata alongside payment instructions. ISO 20022 messages support structured originator and beneficiary data, purpose codes, remittance information, and extensible data elements that can carry agent-specific metadata such as task identifiers, delegation references, and workflow state. The ECB's published design parameters describe ISO 20022 adoption in terms of consistent message formatting across the digital euro lifecycle; the degree to which this constitutes instrument-level integration, in the sense of mandatory structured fields enforced at each processing step rather than a transport envelope, depends on implementation choices that the preparation phase has not yet finalised. On the comparative scale defined in Section 4, the digital euro's current design places it at or near the instrument-level tier, subject to that implementation caveat. Legacy SEPA credit transfer also operates on ISO 20022, but applies the schema primarily as a transport layer over processing systems that were not designed around it from the outset. Euro-denominated stablecoins operating under MiCA carry no mandatory messaging standard; their machine-readability depends entirely on the standards choices of individual issuers. Permissionless DeFi protocols use ABI-encoded calldata, which is machine-parseable but not semantically standardised across protocols. On this criterion, the digital euro is superior to stablecoins and DeFi for regulated multi-party workflows that require interoperability across institutional counterparties.

Programmability depth. The ECB has specified conditional payment functionality as a design objective, encompassing time-locked transfers, delivery-versus-payment triggers, and multi-condition release logic. The current design envisions this functionality being implemented at the intermediary layer within the tiered architecture [7], meaning that conditional logic is executed by the distributing intermediary rather than by a shared smart contract on a common ledger. This design choice has a material implication: conditionality is available but is not natively atomic across intermediaries. A three-party transaction in which each party holds a digital euro account at a different intermediary requires the intermediaries to coordinate condition evaluation, and no shared execution environment enforces that all conditions are evaluated identically or simultaneously. On the ordinal scale defined in Section 4, the digital euro's current design reaches the single-condition trigger tier within a single intermediary, with multi-condition atomic workflows available only if cross-intermediary coordination protocols are added. DeFi smart contracts achieve native multi-condition programmability on a shared execution environment, placing them at the highest tier on this dimension at the cost of regulatory legibility. The digital euro's programmability depth is therefore intermediate: richer than legacy rails, which carry no native conditionality, but shallower than full smart contract execution for multi-intermediary scenarios.

Atomicity guarantees. Within a single intermediary's books, the digital euro can, based on published design intentions, support atomic transfer: a conditional payment either executes completely or does not execute, with no partial settlement. Cross-intermediary atomicity, required for agentic workflows spanning multiple institutional counterparties, depends on coordination protocols between intermediaries that the ECB's current published design does not fully specify. On the scale defined in Section 4, the digital euro's current design achieves intra-intermediary atomicity; whether it reaches cross-intermediary atomicity is an open design question whose resolution depends on the final specification of the coordination mechanism. Legacy SEPA rails provide settlement finality at the individual instruction level but have no mechanism for multi-leg atomic commitment, placing them at the no-atomicity tier. Permissionless DeFi achieves cross-intermediary atomicity through the shared execution environment of the underlying blockchain, placing it at the highest tier on this dimension. The digital euro's cross-intermediary atomicity gap, if unresolved in the final specification, is the most significant architectural limitation relative to agentic multi-party requirements.

Compliance integration. The digital euro's tiered architecture embeds AML/CFT screening obligations at the intermediary layer, structurally similar to the regulation-by-design framework proposed by Pocher and Veneris [9]. Published ECB design materials describe a pseudonymisation model in which the central bank's settlement backbone does not hold direct access to individual transaction content below the intermediary level; supervisory visibility operates through intermediary-reported data rather than through direct backbone-level transaction monitoring. On the comparative scale defined in Section 4, this places the digital euro at the intermediary-level embedded compliance tier rather than the protocol-level tier. This distinction matters for agentic commerce: compliance screening of agent-initiated transactions is guaranteed at each intermediary, but the uniformity of that screening across intermediaries depends on regulatory standardisation of the embedded logic rather than on a single shared enforcement point. For agentic commerce in regulated sectors, intermediary-level compliance integration remains a material advantage over alternatives. Euro-denominated stablecoins operating under MiCA impose compliance obligations on issuers as regulated entities; those obligations are applied at the point of issuance and redemption rather than embedded as a mandatory step in each transfer, placing stablecoins below the digital euro on this criterion. Permissionless DeFi protocols have no embedded compliance mechanism, placing them at the no-compliance-integration tier.

Policy neutrality toward agent principals. Current EU legal doctrine does not recognise software agents as legal persons capable of bearing payment obligations or authorising fund transfers [11]. The digital euro's design inherits this constraint: every transaction must be traceable to a human or institutional legal person who bears liability. This applies equally to all alternatives in the comparison set. On the scale defined in Section 4, all current instruments sit at the human-only attribution tier. The digital euro's tiered architecture creates a structural opportunity that alternatives do not: intermediaries in the tiered model could be assigned the role of agent custodians, holding delegated authority records and bearing liability for agent-initiated transactions within defined parameters, which would advance the digital euro to the delegation-by-convention tier without requiring treaty-level legal change. No alternative instrument has an equivalent institutional actor positioned to perform this function under a common regulatory framework. Policy neutrality remains an open design question, but the digital euro's architecture is more amenable to a resolution than permissionless alternatives.

Why machine-readability and compliance integration create settlement superiority. The digital euro's combination of ISO 20022 native messaging and embedded compliance logic at the intermediary layer addresses two problems that agentic commerce generates simultaneously: the need for structured, machine-parseable instruction encoding and the need for regulatory screening that does not require a separate human-supervised compliance step. For enterprises deploying agents in procurement or logistics workflows, the ability to generate ISO 20022-compliant payment instructions directly from agent task outputs, without translation through a legacy API layer, reduces the latency and error surface of the settlement step. The compliance integration property means that an agent-initiated payment instruction is screened against AML/CFT rules as part of the settlement process at each intermediary, rather than as a precondition that must be managed outside the payment system.

These two properties together reduce the number of integration points between the agentic system and the payment infrastructure. Consistent with the attack surface taxonomy developed in the agentic commerce security literature [11], each integration point between an agent system and an external service constitutes a potential vector for instruction injection, delegation spoofing, or state inconsistency; reducing integration points therefore reduces the number of exploitable interfaces. This structural reduction is the mechanism through which the combination of machine-readability and compliance integration produces a security advantage, rather than an advantage that follows automatically from the properties taken individually.

This structural advantage over legacy rails is not contingent on any single design decision remaining unchanged. Even if the ECB modifies specific parameters of the digital euro's programmability layer during the preparation phase, ISO 20022 adoption and intermediary-level compliance integration are foundational to the tiered architecture [1][7] and are unlikely to be withdrawn. The advantage over euro-denominated stablecoins is more contingent: a stablecoin issuer operating under MiCA could adopt ISO 20022 messaging and embed AML/CFT screening as a mandatory step in each transfer, approximating the digital euro's machine-readability and compliance integration properties. The residual difference would then lie in the credit risk of stablecoin reserves versus the zero-credit-risk status of central bank money [4], a difference that is material for high-value agentic transactions but less so for low-value, high-frequency workflows.

The distinction between the digital euro's compliance integration and that of stablecoins requires precise statement to avoid an internal ambiguity. Both instruments apply compliance logic at an intermediary or issuer layer rather than at a shared protocol level. The difference is institutional rather than architectural: the digital euro's intermediary-layer compliance obligations are imposed uniformly by a common regulatory framework administered by the ECB and national competent authorities, whereas a MiCA-compliant stablecoin issuer applies compliance logic as a function of its own regulatory licence, without a common technical standard governing the depth or timing of that logic across transfers. For multi-party agentic workflows involving several intermediaries, regulatory uniformity of the compliance obligation determines whether all transaction legs are screened to the same standard, which is a material property that the stablecoin model does not guarantee.

The programmability depth gap and its consequences. The most significant structural finding is that the digital euro's programmability depth is constrained by the intermediary architecture in ways that DeFi is not. When agentic workflows require multi-condition atomic settlement across parties served by different intermediaries, the digital euro's current design requires intermediary-to-intermediary coordination that is neither specified nor guaranteed at the infrastructure level. This gap has three concrete consequences.

First, for supply chain workflows involving three or more counterparties, the digital euro cannot, under its current published design, natively guarantee that all payment legs either complete or revert; compensating escrow or sequencing logic must be implemented above the settlement layer, reintroducing the overhead that native atomicity would eliminate.

Second, the absence of a shared execution environment means that condition evaluation for multi-party workflows is distributed across intermediary systems that may implement the same conditional logic with different timing, state-snapshot assumptions, or failure handling. This creates a coordination risk that grows with the number of parties in the workflow.

Third, the programmability gap creates a structural incentive for agentic system designers to route complex multi-party workflows through permissionless DeFi or through private coordination layers built on top of the digital euro, rather than through the digital euro's native programmability. If this routing pattern becomes established, the digital euro's role in agentic commerce is reduced to a final settlement instrument rather than a native execution environment, which is a weaker position than its design properties warrant.

The accuracy-determinism trade-off and its implications for settlement finality. The tool-using LLM agent literature establishes a trade-off between accuracy (the probability that an agent selects the correct action) and determinism (the probability that the agent selects the same action on repeated execution of the same input), with no current model achieving high values on both dimensions simultaneously [10]. This empirical finding has a direct implication for settlement infrastructure: if an agent-initiated payment instruction is not deterministically reproducible, then the instruction cannot be audited by replaying the agent's decision process, and the settlement cannot be attributed unambiguously to the agent's authorised intent.

The digital euro's settlement finality rules, which treat a settled transaction as irrevocable, are incompatible with probabilistic transaction initiation in their current form. A settlement layer designed for deterministic human-authorised instructions must accommodate a new class of instructions where the authorising process is probabilistic. This requires either a pre-settlement verification step that confirms the instruction against the agent's declared intent, or a post-settlement dispute mechanism that can attribute erroneous instructions to agent behaviour rather than human authorisation. Neither mechanism is specified in the digital euro's current design. The regulation-by-design approach of Pocher and Veneris [9] provides a partial template: compliance logic embedded at the protocol level could include an intent-verification step for agent-initiated instructions, but the cryptographic and legal architecture for such a step remains an open design problem.

Privacy-programmability tension. The digital euro's compliance integration advantage is purchased at a privacy cost that the ECB has not fully resolved. The published pseudonymisation model, in which the central bank's settlement backbone does not hold direct access to individual transaction content, reduces but does not eliminate the privacy exposure relative to a fully transparent monitoring architecture. Intermediaries hold transaction-level data and report to supervisory authorities under defined conditions; for B2B agentic workflows involving commercially sensitive procurement data, this intermediary-level data retention creates a competitive intelligence risk that enterprises may treat as a disqualifying constraint, even where the central bank backbone does not itself access transaction content. The regulation-by-design framework [9] proposes privacy-preserving technologies such as zero-knowledge proofs as a path to reconciling AML/CFT monitoring with transaction-level privacy, but these techniques are not currently specified as part of the digital euro's production architecture.

The legal personhood gap. Current EU law does not provide a legal status for software agents that would allow them to bear payment obligations or authorise fund transfers in their own right [11]. All digital euro transactions must be attributed to a human or institutional legal person. For agentic workflows, this creates an attribution requirement that must be satisfied at every transaction step: the agent's instruction must be traceable to a delegating legal person whose authority encompasses the specific transaction. The digital euro's intermediary layer is structurally positioned to maintain these delegation records, but no regulatory instrument currently requires or standardises this function. This finding is treated separately from the three architectural vectors above because its resolution requires a regulatory instrument rather than a technical extension: a regulatory technical standard assigning liability for agent-initiated transactions to the intermediary, operating under a standardised delegation management obligation, rather than a change to the settlement infrastructure's execution logic. The accountability gap is not unique to the digital euro; it affects all candidate settlement instruments equally. The digital euro's tiered architecture, however, provides a more natural institutional home for delegation management than permissionless alternatives where no regulated intermediary exists.

The analysis presented in this paper establishes that the digital euro possesses a combination of architectural properties that positions it as the strongest institutional candidate for agentic settlement infrastructure among currently available or near-term alternatives. This conclusion rests on a specific set of findings rather than a general assessment of the instrument's quality.

On machine-readability, the digital euro's adoption of ISO 20022 structured messaging provides a machine-parseable instruction layer that agent systems can generate directly, eliminating the translation overhead that legacy rail integration requires. On compliance integration, the tiered architecture's embedding of AML/CFT screening at the intermediary level, under a uniform regulatory obligation, removes a class of regulatory integration burden from agentic system operators and ensures that compliance screening applies consistently across all transaction legs within a single intermediary's scope. On policy backing, the digital euro's status as central bank money eliminates the reserve credit risk that burdens stablecoin alternatives, making it the appropriate settlement instrument for high-value or high-stakes agentic workflows [4][7].

Three specific vectors constrain this positioning and must be addressed through targeted architectural work. The first is cross-intermediary atomicity. The current design's reliance on intermediary-level coordination for multi-party conditional settlement introduces timing risk and coordination overhead that grow with workflow complexity. Resolving this requires either a cross-intermediary atomic commitment protocol natively supported by the digital euro infrastructure, or a defined escrow mechanism with guaranteed settlement finality that intermediaries are required to implement uniformly. Without this extension, agentic supply chain workflows spanning multiple institutional counterparties cannot rely on the digital euro for atomic multi-leg settlement and must implement compensating coordination layers above the payment rail.

The second is exception handling for agent-initiated instructions. The accuracy-determinism trade-off in LLM agents [10] means that a proportion of agent-initiated payment instructions will not be reproducible or will deviate from the agent's declared intent. The digital euro's settlement finality rules must be extended to accommodate a pre-settlement intent verification mechanism and a post-settlement attribution protocol that distinguishes agent error from human-authorised deviation. The specific technical form of these mechanisms, whether cryptographic intent signing at instruction generation, replay-based audit at the intermediary, or a defined dispute window with burden-of-proof rules, is an open design question that the preparation phase should address before the digital euro is deployed for agentic workflows. Without these mechanisms, agentic settlement on the digital euro cannot satisfy the audit reproducibility standards that regulated financial workflows require.

The third is compliance integration that preserves transaction-level privacy. The current architecture's pseudonymisation model reduces but does not eliminate the privacy exposure that intermediary-level data retention creates for commercially sensitive B2B agentic workflows. Embedding privacy-preserving computation, such as selective disclosure credentials or zero-knowledge proof of compliance, at the protocol level would allow AML/CFT monitoring to proceed without exposing transaction content to intermediary staff or supervisory authorities in identifiable form. This extension requires explicit inclusion in the digital euro's specification before the preparation phase concludes; retrofitting cryptographic privacy architecture after deployment is substantially more costly than designing for it from the outset.

Beyond these three architectural vectors, the legal personhood gap for software agents requires a regulatory instrument that assigns liability for agent-initiated transactions to a defined institutional actor, most naturally the intermediary in the tiered architecture, operating under a standardised delegation management obligation. This instrument does not require amending EU treaty law; it requires a regulatory technical standard that the ECB and the European Banking Authority are positioned to develop jointly, specifying the data schema for delegation records, the conditions under which intermediary liability attaches, and the audit obligations that accompany that liability.

Realising the transition from candidate to production infrastructure requires the three technical extensions and the regulatory instrument identified above, along with empirical validation of those extensions in controlled pilot deployments before the digital euro reaches full rollout. The instrument's architectural foundation is more amenable to each of these extensions than any available alternative, which is the basis for the paper's principal finding: the digital euro is the strongest institutional candidate for agentic settlement infrastructure, and the gap between that candidacy and production readiness is defined by a bounded and addressable set of design decisions.

1. Unfinalized architectural specifications. The digital euro's programmability architecture remains under development as of the time of writing. The ECB's preparation phase has not produced a final technical specification for conditional payment triggers, cross-intermediary coordination protocols, or smart contract interoperability. The findings in Section 5 are therefore bounded inferences from published design intentions and working papers rather than from an implementation specification. The results section states this provenance for each finding and identifies the range of possible outcomes where the design space remains open. Specific findings about programmability depth and atomicity may require revision when the final specification is published.

2. Absence of production operational data. No production agentic settlement system operating on the digital euro, or on any CBDC, exists at the time of writing. The analysis relies on architectural specifications and on the behavioural properties of LLM agents documented in controlled research settings [10][11]. The extrapolation from controlled research to production multi-party commercial workflows involves assumptions about agent behaviour, error rates, and exception frequency that cannot be validated without operational data. The paper's findings on exception handling and audit reproducibility are structural inferences derived from the architecture, not empirically grounded measurements.

3. Policy posture on agent legal personhood undefined. EU legal doctrine on the status of software agents as transaction initiators is unresolved. The analysis assumes that liability must be attributed to a human or institutional legal person, which is consistent with current doctrine, but future regulatory instruments could alter this assumption in ways that would affect the paper's findings on policy neutrality and intermediary delegation management.

4. Comparison set is not exhaustive. The analysis compares the digital euro against legacy SEPA rails, MiCA-compliant stablecoins, and permissionless DeFi. Other candidate instruments, including BIS mBridge for cross-border settlement, Fed FedNow for dollar-denominated workflows, and private bank-issued programmable deposits, are not assessed. The finding that the digital euro is the strongest candidate is bounded by this comparison set.

5. Privacy technology maturity. The paper's discussion of privacy-preserving computation as a resolution to the privacy-programmability tension assumes that techniques such as zero-knowledge proofs can be implemented at the scale and latency of a retail CBDC. This assumption is contested in the technical literature and is not validated by the sources available in this analysis.

6. Source recency and verifiability. Two sources cited in this paper, Khatchadourian [10] and Mao et al. [11], carry 2026 publication dates and are cited from arXiv preprint identifiers. Their findings are incorporated at the level of mechanism and structural argument; specific empirical values attributed to these sources should be treated as indicative of the direction of effect rather than settled quantitative results until peer-reviewed publication is confirmed. Where the analysis depends on these sources, the dependency is stated explicitly so that readers can assess the evidentiary weight accordingly.

Pilot settlement scenarios. The most direct validation of the thesis requires a controlled pilot in which a defined set of agentic multi-party workflows, covering at minimum three-party supply chain settlement, delegated procurement, and exception-triggered payment reversal, are executed against a digital euro testnet implementation. The pilot must record latency at each settlement step, exception rates, and attribution chain completeness for each transaction. Output from such a pilot would provide the first empirical basis for assessing whether the digital euro's programmability depth is sufficient for production agentic workflows or whether cross-intermediary atomicity extensions are required before deployment.

Cross-intermediary atomic commitment protocol specification. A technical working group, drawing on the ECB's TARGET Instant Payment Settlement infrastructure and the coordination protocol literature, should specify a cross-intermediary atomic commitment protocol for digital euro multi-leg transactions. The specific design question is whether two-phase commit, three-phase commit, or a CBDC-native variant is compatible with the digital euro's settlement finality rules and the tiered architecture's intermediary autonomy constraints.

Agent middleware standards. A standardised middleware interface between agentic systems and digital euro intermediaries is required to operationalise delegation management and intent verification. This standard should specify the data schema for delegation records, the cryptographic mechanisms for intent signing, and the API surface through which intermediaries receive and validate agent-initiated instructions. The Financial-grade API standard developed by the OpenID Foundation provides a partial template; extension to agent principals requires additional delegation and audit fields.

Privacy-preserving compliance integration. Research into the application of selective disclosure credentials and zero-knowledge range proofs to digital euro AML/CFT screening should be conducted in collaboration between the ECB, the European Banking Authority, and academic cryptography groups. The specific research question is whether a zero-knowledge proof of compliance can be generated by an intermediary and verified by the ECB settlement backbone without exposing transaction content, at latency compatible with retail payment processing.