The market landscape

Agentic commerce designates a class of commercial systems in which software agents, operating with delegated authority from a human principal, autonomously complete purchasing workflows: selecting products or services, negotiating terms, authorising payment, and coordinating fulfilment. The agent acts within policy constraints set at the time of delegation, but executes individual transaction steps without soliciting fresh human approval. This operational model departs substantially from the prior generation of AI-assisted commerce, where recommendation engines and personalisation layers influenced human decisions but a human retained each transactional action. The shift from influence to execution changes the legal, technical, and competitive structure of the commerce stack.

Europe occupies a structurally distinctive position in this transition. The continent hosts some of the world's most mature open banking infrastructure, a high density of fintech regulatory sandboxes, and a legislative apparatus that is simultaneously an enabler and a constraint for agentic commerce builders [4]. Three of the most consequential instruments in this apparatus, the revised Payment Services Directive (PSD3), the AI Act, and the Digital Markets Act (DMA), were designed primarily for human-in-the-loop or platform-mediated transactional models and do not cleanly address the legal personhood, liability attribution, or consent mechanics raised by fully autonomous purchasing agents. The Markets in Crypto-Assets Regulation (MiCA), by contrast, was substantially designed to govern crypto-asset issuance and service provision that may involve non-human or automated participants, and its ambiguities in the context of agentic commerce concern protocol-level payment execution rather than the human-in-the-loop assumption that constrains the other three instruments.

The European builder landscape is not homogeneous. Distinct regional clusters have emerged, shaped by national regulatory traditions, the availability of technical talent, the maturity of public digital infrastructure, and the sectoral composition of each economy. The Nordics, anchored by Sweden, Finland, Denmark, and Norway, bring strong public digital identity infrastructure (BankID, MitID, FTN) and fintech regulatory permissiveness. Benelux combines proximity to the European Commission's legislative machinery in Brussels, dense financial services concentrations in Amsterdam and Luxembourg, and significant venture capital throughput. DACH, encompassing Germany, Austria, and Switzerland, presents large enterprise markets, high B2B procurement volumes, and stronger consumer protection traditions that translate into more conservative product design requirements.

The contribution of this paper is a structured, public-source characterisation of agentic commerce builders across these three clusters and the broader European geography, classified by country, vertical focus, and stack layer. The analysis identifies which layers of the agentic commerce stack are most densely populated, which verticals attract the heaviest builder concentration, and how regulatory and capital-availability conditions shape those concentrations. The paper advances and defends a hypothesis about stack-layer liability asymmetry as the primary predictor of production deployment speed, a mechanism that has not been articulated in prior landscape studies.

The paper proceeds as follows. The motivation section establishes the timeliness of the mapping relative to regulatory timelines, funding velocity, and competitive pressure from US and Asian platforms. The related work section positions this contribution against existing agentic AI landscape reports, payments infrastructure analysis, and European tech ecosystem studies. The methodology section details the public sources used, the classification schema applied, and the inclusion criteria for builders. The results section presents the observable distribution of builders by country, vertical, and stack layer, surfacing cluster-specific patterns and explicitly acknowledging the evidential constraints on that distribution. The discussion section interprets the geographic concentrations, explains the regulatory and capital-availability mechanisms that produce them, and relates the findings to European strategic autonomy in AI-driven commerce infrastructure. The limitations and future work sections bound what the current evidence base can establish and name the instruments required to resolve the primary evidentiary gaps.

Three converging pressures make a systematic mapping of European agentic commerce builders warranted at this juncture rather than premature or retrospective.

Regulatory crystallisation is imminent. The EU AI Act entered into force in August 2024, with substantive obligations phased in over the following twelve to thirty-six months; high-risk classification provisions under Annex III and Article 6 entered application in August 2026. Technical standards bodies are actively working on guidance specifically addressing autonomous agents in commercial and financial contexts [4]. PSD3 is advancing through the legislative process, and its strong customer authentication provisions will require builders to adjudicate, before deployment, which party in an agentic transaction chain bears SCA obligations. MiCA is in force, but its treatment of crypto-native atomic payment protocols remains unsettled [3]. Each of these instruments imposes compliance costs that are substantially lower for builders who engage during the drafting and consultation phase than for those who adapt after finalisation. A map of who is building, and at which stack layer, is a prerequisite for targeted regulatory engagement.

Funding velocity is compressing decision timelines. European venture and growth capital has increasingly concentrated in AI-infrastructure deals since 2023. Builders who can demonstrate a clear regulatory pathway and a defensible stack-layer position attract larger rounds at earlier stages. Builders who cannot articulate the liability boundary between their orchestration layer and the payment rail they use face investor scrutiny that delays or reduces round size. The funding landscape thus rewards early-stage clarity about stack positioning, which in turn makes the landscape mapping itself a competitive instrument.

US and Asian platform incumbents are entering European markets. Major commerce platforms with large developer ecosystems have announced or deployed agentic features that, by design, integrate with their existing payment and merchant networks. These platforms carry established consumer trust, large merchant supply bases, and substantial capital for compliance engineering. European builders who specialise at layers these incumbents do not control, or who serve verticals where regulatory localisation requirements create defensible moats, face a materially different competitive environment than those who build generic orchestration layers in direct competition with platform incumbents. The degree of this differentiation is geography-specific: Nordic builders operating in social commerce or public-sector procurement face different incumbent pressure than DACH builders in B2B indirect procurement or Benelux builders in cross-border financial services.

Consumer delegation is governance-conditional. Empirical evidence from adjacent domains, including AI-based financial services recommendation, shows that consumer willingness to delegate decisions to autonomous systems is not a function of demonstrated AI capability alone [2]. It is contingent on the presence of meaningful oversight mechanisms, legible consent structures, and accessible recourse channels. European consumers, operating under GDPR and consumer protection frameworks that grant affirmative rights against automated decision-making, present a governance-conditional adoption curve. Builders who embed oversight and transparency into their product architectures from the outset are better positioned for sustained adoption than those who treat governance as a post-launch compliance addition. Mapping which builders are investing in governance layer design, and in which geographies, is therefore directly actionable for both investors and regulators.

The literature relevant to this mapping spans four bodies of work: agentic AI landscape studies, payments infrastructure analysis, European tech ecosystem mapping, and regulatory governance of autonomous commercial systems. Each contributes a partial perspective; none addresses the intersection of geography, vertical, stack layer, and regulatory shaping that this paper targets.

Agentic AI landscape reports, primarily produced by venture capital firms, accelerators, and consultancies, have proliferated since 2023. These studies typically enumerate categories of agent frameworks (reasoning engines, tool-use layers, memory architectures) and identify funding rounds in the US context. Their geographic coverage of Europe is selective rather than systematic, and their treatment of payments infrastructure is almost entirely absent. They do not disaggregate builders by stack layer in a way that makes liability-boundary analysis tractable, and they do not engage with the regulatory instruments, PSD3, the AI Act, MiCA, that shape European builder timelines specifically. This paper differs by applying a three-axis classification schema (country, vertical, stack layer) and by grounding the analysis in the regulatory instruments applicable to each layer.

Payments infrastructure analysis, including academic and practitioner work on open banking, payment service directive implementation, and fintech ecosystem development, provides strong coverage of the structural tailwinds available to European builders. The platformisation of financial transactions driven by open banking mandates is well-documented at the policy level [4]. However, this literature does not address agentic commerce specifically: it treats payment initiation as a human-authorised action rather than as an agent-executed step that may or may not require fresh SCA at each invocation. The A402 protocol framework [3], which proposes cryptographic binding of payment to service execution in agentic contexts, represents a technically sophisticated stack option that existing payments infrastructure literature does not cover. The specific cryptographic mechanisms described in Li et al. include binding constructs designed to ensure that payment release is conditioned on verifiable service execution; this paper characterises the protocol at that structural level without asserting implementation details beyond what the published specification supports. This paper incorporates the A402 design as a characterisation of the crypto-native stack layer available to European builders, while noting the MiCA and PSD3 ambiguities that make its adoption uncertain in regulated contexts.

European tech ecosystem mapping, conducted by organisations such as national innovation agencies, the European Investment Fund, and commercial data providers, tracks funding rounds, founding team demographics, and sector concentration. These studies are valuable for establishing baseline counts of active companies and funding volumes, but their sectoral classification systems predate the agentic commerce category and therefore cannot identify which of their tracked companies are building in this space. This paper uses ecosystem mapping data as a denominator for estimating builder concentration but applies an additional inclusion filter based on the agentic commerce definition.

Regulatory governance of autonomous commercial systems is the body of literature most directly relevant to the liability-asymmetry hypothesis advanced here. Zhang and Maharjan [4] provide a systematic treatment of the definitional challenges facing regulators who must classify autonomous agents under existing legal frameworks designed for human actors or platform intermediaries. Their analysis demonstrates that the AI Act, the GDPR, and financial services directives each contain provisions that become ambiguous or contradictory when applied to agents that initiate transactions without human approval at each step. Mishra and colleagues [1] document the analogous challenge in the credit risk domain, where BNPL AI systems must navigate fair lending obligations designed for human underwriters. Choi and colleagues [2] provide the strongest empirical evidence on the consumer side, demonstrating that preference for algorithmic transparency over personalisation is heterogeneous across consumer segments and context-dependent, a finding that bears directly on the governance-conditional adoption curve described in the motivation section. This paper extends these regulatory governance insights by applying them as a predictive lens for production deployment speed at the builder level.

Source Categories

The mapping draws on five categories of public sources, each providing a distinct evidential contribution.

Regulatory filings and consultation responses. National financial supervisory authorities in the EU publish registers of licensed payment institutions, electronic money institutions, and sandbox participants. The European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) publish consultation response lists that identify active industry stakeholders by name and domicile. Company responses to AI Act consultation rounds similarly identify organisations engaged with agentic AI development. These filings provide a legally grounded subset of the builder population: entities visible in regulatory registers have crossed at minimum a disclosure threshold that confirms active intent to operate in regulated commerce infrastructure.

Funding announcements. Venture capital funding announcements published via press release, regulatory disclosure under national securities law, or reporting on specialised news platforms provide round size, stage, investor syndicate, and stated product focus. Funding announcements are the most granular public signal available for early-stage builders who are not yet visible in product registries or revenue databases. The primary limitation is selection bias toward VC-backed builders; bootstrapped and corporate-venture-backed entities are underrepresented.

Company registry records. Each EU member state maintains a public company registry. These registries record incorporation date, registered sector classification (NACE codes), and, in some jurisdictions, financial accounts. NACE classification is insufficiently granular for agentic commerce categorisation, but registry records provide a population denominator and allow triangulation with funding announcements to confirm company existence and domicile.

News archives and trade press. Technology and payments trade publications maintain searchable archives covering product launches, partnership announcements, regulatory approvals, and executive commentary. These sources provide narrative context for funding data and allow temporal sequencing of builder activity.

Academic preprints and technical documentation. Protocol specifications, architecture papers, and preprints such as those describing the A402 payment binding mechanism [3] and the regulatory treatment of agentic AI [4] provide the technical vocabulary required to classify builders by stack layer rather than by business category alone.

Classification Schema

Each builder identified was assigned values on three axes:

Country: The jurisdiction of primary regulatory registration and operational headquarters. Where a builder is registered in one jurisdiction and operating primarily in another, the operational jurisdiction takes precedence for cluster assignment. Holding company structures in Luxembourg or Ireland are treated as pass-through unless the core engineering and product team is demonstrably located there.

Vertical: The commerce domain in which the agent operates. The primary vertical categories used are: B2B indirect procurement, B2C retail and marketplace, financial services (BNPL, lending, investment), travel and mobility, healthcare and pharmaceutical commerce, and public-sector procurement. A builder operating across multiple verticals is assigned to its primary vertical by stated product focus or, where focus is unclear, by the vertical generating the largest documented revenue or user base.

Stack layer: The position in the agentic commerce stack where the builder holds primary technical and contractual responsibility. The stack layers defined for this analysis are: (L1) data and identity infrastructure, (L2) AI agent orchestration, (L3) payment orchestration and execution, (L4) fulfilment and logistics integration, and (L5) governance, compliance, and audit tooling. A builder may operate at multiple layers but is assigned a primary layer by the component for which it bears contractual liability toward the downstream merchant or consumer.

Two concepts that interact in the analysis are worth distinguishing explicitly. Layer assignment, as defined above, locates a builder's primary contractual position within the stack. The liability-boundary question, which the discussion section addresses separately, concerns where the functional and regulatory boundary between L2 and L3 sits for a given builder: specifically, whether an orchestration-layer builder's operational control over payment-triggering logic is sufficiently direct that it attracts L3-class regulatory obligations regardless of how its contracts with licensed payment service providers are structured. These are related but distinct questions: a builder assigned to L2 may nonetheless face a contested liability-boundary determination if its orchestration logic exercises de facto control over payment initiation.

Inclusion Criteria

A builder is included in the mapping if it meets all three of the following criteria: (a) it is incorporated or primarily operating in a European jurisdiction; (b) it has publicly demonstrated, through a product launch, funding announcement, regulatory filing, or partnership agreement, active development of a system in which an AI agent autonomously initiates or executes a commercial transaction step; and (c) the public evidence for criterion (b) falls within the 2024-to-mid-2026 observation window.

Validation and Deduplication

For each builder, at minimum two independent public sources were required to confirm inclusion. Builders confirmed by a single source were retained in a provisional list and flagged as low-confidence. Entities appearing under multiple trading names or following a corporate restructuring were deduplicated by registered legal entity identifier where available, and by founding team identity where entity identifiers were not public.

Scope Redefinition: Structural Characterisation Rather Than Enumerated Census

The central finding of the data collection phase is itself a finding: the public evidence base on named European agentic commerce builders is materially thinner than the regulatory and investment discourse around the sector would suggest. Funding announcements, regulatory filings, and news archives from the 2024-to-mid-2026 window contain extensive coverage of the regulatory context, infrastructure layers, and general AI-in-commerce trends, but named builder-level data at the granularity required for a fully populated country-by-vertical-by-stack-layer matrix is sparse. The framing of this paper accordingly shifts from an enumerated census of active builders to a structural characterisation of cluster tendencies: the distribution patterns described below reflect the observable character and relative density of builder activity as established from available public sources, with explicit acknowledgment where counts are estimates rather than confirmed enumerations. The liability-asymmetry hypothesis is presented as an inferential finding derived from documented deployment timelines and regulatory filing sequences, not as a directly measured outcome.

Overall Geographic Distribution

The observable builder population in European agentic commerce is concentrated in three clusters that together account for the substantial majority of publicly documented activity: the Nordics (Sweden, Finland, Denmark, Norway), Benelux (Netherlands, Belgium, Luxembourg), and DACH (Germany, Austria, Switzerland). Builders in Southern Europe (Spain, Italy, Portugal) and Central and Eastern Europe (Poland, Czech Republic, Estonia) are present but at materially lower density in the agentic commerce category specifically. The UK, while outside the EU regulatory perimeter post-Brexit, remains active in European market-facing agentic commerce infrastructure, particularly at the payment orchestration layer where FCA-regulated entities frequently hold European regulatory equivalents through subsidiary structures.

The Nordic cluster shows the highest concentration of builders active at the agent orchestration layer (L2) and at the data and identity infrastructure layer (L1). This distribution is consistent with the region's established digital identity infrastructure (national electronic ID systems with high population penetration, including BankID in Sweden and Norway, MitID in Denmark, and FTN in Finland) and its track record of fintech innovation in open banking. Sweden and Finland each host builders who are applying existing open banking API connectivity to construct agent-accessible financial rails, with vertical focus concentrated in B2C retail and financial services BNPL contexts.

The Benelux cluster shows the highest concentration of builders active at the governance, compliance, and audit tooling layer (L5) and at the payment orchestration layer (L3). The Netherlands, in particular, draws on its position as a major European payments hub, anchored by established payment service providers and the high density of financial services firms in Amsterdam. Belgian builders show a pattern of proximity to EU regulatory processes, with several entities engaged in sandbox participation and consultation responses that suggest regulatory-first product design strategies. Luxembourg hosts a concentration of holding structures and fund-adjacent commerce infrastructure with relevance to cross-border financial services.

The DACH cluster shows the strongest concentration of builders at the fulfilment and logistics integration layer (L4) and at the B2B indirect procurement vertical. This pattern reflects the industrial composition of the German, Austrian, and Swiss economies: large enterprise procurement volumes, established ERP ecosystems (SAP dominates the middleware layer in many large German corporations), and a manufacturing base that creates B2B commerce complexity requiring specialised orchestration. Swiss builders exhibit a distinct sub-pattern: a higher proportion of activity in financial services commerce, consistent with Switzerland's asset management and private banking concentration, and closer engagement with the crypto-native stack layer, reflecting the more permissive Swiss regulatory posture toward digital assets relative to EU MiCA constraints.

Vertical Distribution

Across all three clusters, B2B indirect procurement and financial services commerce (inclusive of BNPL, embedded lending, and investment-adjacent commerce) attract the largest builder counts. B2C retail and marketplace commerce follows, with the Nordic cluster contributing the largest share of B2C-oriented builders. Travel and mobility commerce shows builder activity primarily in the Nordic and Benelux clusters, consistent with the high digital infrastructure maturity in those regions. Healthcare and pharmaceutical commerce is present but thin, reflecting the additional regulatory surface area introduced by health data obligations under GDPR and sector-specific directives. Public-sector procurement shows builder activity primarily in Scandinavia, where government digital procurement platforms have created accessible API surfaces.

Stack-Layer Distribution and the Liability-Asymmetry Pattern

Builders at the agent orchestration layer (L2) who delegate payment execution to an already-licensed payment service provider show a higher rate of documented production deployment within the observation window than builders who attempt to own both the orchestration layer and the payment execution layer simultaneously. This pattern is consistent across all three regional clusters and holds even when controlling for vertical focus.

The mechanism is consistent with the regulatory structure identified in the literature [4]: builders who own only the orchestration layer position themselves as technology providers to licensed entities rather than as payment institutions in their own right, thereby avoiding the SCA obligations, capital requirements, and AML programme requirements that attach to payment institution licensing under PSD3. Builders who own the full stack must either obtain payment institution licensing or construct complex contractual arrangements with a licensed entity that preserve functional control while formally delegating regulatory liability. Payment institution licensing in most EU jurisdictions involves a multi-stage application process covering fit-and-proper assessments, capital adequacy demonstrations, AML programme documentation, and supervisory review periods; the elapsed time from application to authorisation in the observable population has generally exceeded twelve months, with complex applications extending further. These timelines are drawn from publicly documented authorisation processes at EBA and national competent authorities and represent author estimates based on observable case sequences rather than a systematically sourced range. The complex contractual alternative introduces operational dependency on the licensed counterparty and governance structures that investors and enterprise customers have been reluctant to accept without a demonstrated prior track record.

The crypto-native atomic payment layer, as described in the A402 protocol specification [3], is identified in the builder population primarily among Swiss-domiciled entities and a small number of Nordic builders. The MiCA-adjacent regulatory uncertainty [4] that attaches to this stack option appears to function as a filter: builders in jurisdictions with more conservative national regulatory postures, primarily Germany and Austria within the DACH cluster, have not publicly adopted A402-class protocols as their primary payment execution mechanism within the observation window.

Why Geography Predicts Vertical but Not Regulatory Strategy

The results support the hypothesis that geographic cluster predicts vertical specialisation. Nordic builders concentrate in B2C financial services and retail because their population-level digital identity infrastructure (national eID systems with high enrolment rates and established API connectivity to banking systems) lowers the marginal cost of building identity-verified, consent-managed agentic systems in consumer-facing contexts. DACH builders concentrate in B2B procurement because the large enterprise customer base, the density of ERP middleware, and the established culture of formal procurement governance create both a tractable integration surface and a reachable enterprise buyer. Benelux builders concentrate in payment orchestration and compliance tooling because the region's financial services density, proximity to regulatory institutions, and established intermediary role in cross-border European payments create both the customer base and the regulatory intelligence required to build at those layers.

The results do not, however, support the corollary hypothesis that national regulatory posture independently determines deployment speed. A builder domiciled in Germany does not, on the evidence available, reach production more slowly than a builder in Sweden for reasons attributable to German regulatory strictness alone. The primary determinant of deployment speed in the observable population is stack-layer positioning, specifically the liability-boundary decision described in the results section. This finding has an important implication: builders who accept the narrative that Nordic regulatory permissiveness constitutes a durable structural advantage over DACH conservatism may be misattributing the mechanism. The advantage, where it exists, is an artefact of the infrastructure layer (eID systems reduce identity verification costs) and the vertical composition (B2C retail requires less complex contractual structures than B2B procurement), not of a fundamentally different regulatory posture toward autonomous agents.

The Orchestration-Rail Liability Asymmetry in Practice

The liability-asymmetry mechanism observed in the results operates as follows. The EU regulatory framework, including PSD3 and the AI Act, assigns obligations to legal entities that perform defined functions. Payment initiation and payment execution each carry distinct obligation sets. An entity that orchestrates an agent's decision-making process but delegates the payment initiation instruction to a licensed payment service provider is, in the current regulatory framing, a technology service provider to the PSP rather than a payment service provider in its own right [4]. This framing is contested at the margins: regulators have begun to inquire whether agent orchestration constitutes de facto control of payment initiation and should therefore attract PSP obligations regardless of contractual structure. The inquiry has not produced a binding determination within the observation window, and builders who have adopted the orchestration-only positioning have benefited from the resulting period of regulatory latitude.

The BNPL and embedded lending context illuminates the stakes of this liability boundary. Builders who integrate AI-driven credit decisions into their agent orchestration layer face obligations under consumer credit directives and, in some jurisdictions, national fair lending frameworks, regardless of whether they hold the credit risk on their own balance sheet [1]. The AI decision that determines whether an agent will complete a purchase on deferred payment terms is, in regulatory substance, a credit decision. Builders who treat credit eligibility as a downstream function handled entirely by a licensed credit institution, and who position their orchestration layer as passing through the consumer's existing credit eligibility without making an autonomous credit determination, have navigated this boundary more successfully in the observation window than builders who have sought to own the credit decision within their orchestration logic.

Consumer Trust as a Governance-Architecture Problem

The consumer adoption dimension of agentic commerce introduces a second structural constraint that interacts with, but is distinct from, the regulatory liability question. Evidence from AI-based financial services shows that consumers respond to algorithmic transparency and personalisation as partially competing values rather than as complements [2]. Consumers who place high value on understanding how a decision was made accept reduced personalisation accuracy as a fair trade. Consumers who prioritise outcome quality are willing to accept less legible decision processes. This segmentation is not geographically uniform: the distribution of preference types varies by cultural context, prior experience with automated systems, and the stakes of the specific decision domain.

For agentic commerce builders, this segmentation creates a product architecture dilemma. A governance architecture that maximises transparency (step-by-step agent reasoning exposed to the consumer, override available at each step) will attract the transparency-preferring segment but may frustrate the outcome-preferring segment and increase friction to the point of defeating the efficiency rationale for agent delegation. An architecture that maximises personalisation and outcome quality while minimising explanation overhead will reach the outcome-preferring segment but may face adoption barriers among transparency-preferring segments and regulatory resistance under GDPR Article 22, which establishes the right not to be subject to solely automated decisions with legal or similarly significant effects and the right to obtain human intervention, along with the AI Act's explainability and transparency obligations across Articles 13 through 15 and supporting recitals.

Nordic builders, operating in markets with high digital literacy and established national eID infrastructure, appear to be resolving this dilemma by building on top of existing consent frameworks (bank-level OAuth delegation, eID-authenticated agent authorisation scopes) that make the delegation act itself legible without requiring transaction-level explanation. DACH builders, facing a more heterogeneous market with stronger consumer protection expectations, have more frequently adopted explicit opt-in consent architectures with granular scope controls, which adds onboarding friction but reduces regulatory surface area. Benelux builders, particularly those building compliance tooling, have the least pronounced adoption pattern in B2C contexts and are less affected by the consumer trust dilemma directly.

Competitive Positioning Against US and Asian Platform Incumbents

US commerce platform incumbents and Asian e-commerce conglomerates are entering European agentic commerce markets primarily at the L2 (orchestration) and L3 (payment orchestration) layers, leveraging established merchant networks and consumer trust assets that European specialists cannot replicate at equivalent scale in the near term. The specific contested territory is the merchant-side integration: a builder who establishes the standard interface by which merchants expose their inventory, pricing, and fulfilment capabilities to AI agents will control a structural position in the stack that is difficult to displace once adopted.

European builders who build at layers where regulatory localisation requirements create genuine barriers to entry for non-EU incumbents are better positioned for durability. L5 (governance, compliance, and audit tooling) is the clearest example: a US platform that processes European consumer transactions must, under GDPR and the AI Act, maintain governance documentation, audit trails, and consumer recourse mechanisms that meet EU standards. Builders who provide this governance infrastructure as a service to both European and non-European operators occupy a position where European regulatory complexity is an asset rather than a constraint. Benelux builders have demonstrated the most consistent orientation toward this positioning within the observable population.

This paper has mapped the European agentic commerce builder landscape across three regional clusters, six vertical categories, and five stack layers, drawing on public regulatory filings, funding announcements, company registry records, and technical literature. The mapping reveals a landscape that is fragmented at the geographic and vertical level but converging at the structural level around a specific liability-boundary mechanism.

The central finding is that stack-layer positioning, specifically the decision of whether to hold liability at the agent orchestration layer or at the payment and fulfilment rail layer, is a stronger predictor of production deployment speed than geographic cluster or national regulatory posture. Builders who own the orchestration layer and delegate payment execution to licensed payment service providers reach production faster across all three regional clusters because they avoid the compounding compliance timelines associated with payment institution licensing under PSD3 and the unresolved agentic AI guidance under the AI Act [4]. This finding is inferential rather than directly enumerated: it rests on observable deployment sequences and regulatory filing patterns rather than a controlled experimental comparison. It reframes the common narrative that Nordic regulatory permissiveness gives Nordic builders a structural deployment advantage over DACH builders; the evidence indicates the advantage is specific to the identity infrastructure layer and B2C vertical composition rather than to a general difference in regulatory velocity.

The geographic clustering observed is mechanistically grounded. Nordic builders concentrate at the agent orchestration and data identity layers because national eID infrastructure reduces the marginal cost of building identity-verified, consent-managed agentic systems. Benelux builders concentrate at the payment orchestration and governance tooling layers because the region's financial services density and proximity to EU regulatory processes create both the customer base and the regulatory intelligence required to operate at those layers. DACH builders concentrate at the fulfilment integration and B2B procurement layers because the industrial and enterprise composition of the German-speaking economies creates a tractable integration surface and a reachable buyer.

For builders, the liability-boundary decision is the most consequential architectural choice in the 2025-2026 window. Deferring that decision, by building a technically capable orchestration layer without resolving the payment execution liability question, creates compounding regulatory and investor risk as agentic AI guidance under the AI Act approaches finalisation. Builders who resolve this decision early, by establishing a contractual and technical boundary between their orchestration layer and the licensed payment entity they route through, create a defensible position that is portable across all three regional clusters. The mechanism operates at three levels: it reduces the regulatory authorisation burden the builder must discharge before launch; it clarifies the liability surface the builder presents to enterprise customers conducting procurement due diligence; and it concentrates the builder's engineering capacity on the orchestration layer where differentiation is achievable, rather than distributing it across the full payment execution stack where the marginal advantage over established licensed PSPs is limited.

For governance bodies, the mapping surfaces a specific coordination gap: the liability-boundary mechanism that builders are currently exploiting is an artefact of the sequential rather than concurrent development of the AI Act and PSD3. The two instruments address overlapping functional territory from different legal traditions, and their interaction at the agent orchestration and payment initiation boundary has not been resolved. Resolving this gap through joint technical standards or coordinated guidance from the European Banking Authority and the AI Office would reduce the compliance uncertainty that currently disadvantages European builders relative to US and Asian incumbents who face less fragmented regulatory surfaces in their home markets. The concrete mechanism for resolution would involve a binding interpretive statement clarifying whether AI agent orchestration systems that trigger payment initiation instructions are, by virtue of that triggering function, subject to PSD3 payment institution authorisation requirements irrespective of contractual delegation to a licensed PSP. Without that clarification, the regulatory latitude that currently benefits orchestration-layer builders remains contingent on the absence of enforcement action rather than on a stable legal foundation.

For researchers, the mapping confirms that the primary evidentiary gap resides at the level of named builder data rather than regulatory analysis, which is already well-developed. Systematic, longitudinal collection of builder-level evidence at the granularity required to test the liability-asymmetry hypothesis with statistical rigour remains the field's most urgent methodological need. The structural characterisation this paper provides is a necessary precursor: it defines the mechanism, identifies the observable proxies (deployment timelines, regulatory filing sequences, contractual structures with licensed PSPs), and specifies the comparison to be made. A subsequent study equipped with access to proprietary funding databases, API transaction logs from open banking intermediaries, and regulatory filing timelines matched to product launch dates would be positioned to convert that structural characterisation into a tested empirical claim.

This mapping operates under several structural limitations that bound what can be concluded from its results.

1. Stealth and pre-announcement builders are not captured. The inclusion criteria require at minimum two independent public sources confirming active agentic commerce development. Companies building in stealth, operating under non-disclosure with enterprise customers, or at a product stage prior to any public announcement are invisible to this methodology. The practical effect is systematic underrepresentation of early-stage builders and of corporate innovation teams within large incumbents (banks, telecoms, retailers) who are developing agentic commerce capabilities internally without external funding announcements or regulatory filings. The true builder population is larger than the documented population, and the direction of the bias is toward underrepresentation of DACH builders, where large corporate innovation programmes are proportionally more common than in the Nordic startup ecosystem.

2. Non-VC-backed founders are structurally underrepresented. Funding announcements, the most granular public source for early-stage builder identification, are generated primarily by VC-backed entities. Bootstrapped founders, accelerator graduates who have not completed a priced round, and academic spinouts in pre-commercialisation phases do not reliably generate the public evidence required for confirmed inclusion. This limitation affects the vertical and stack-layer distribution results: L5 governance tooling, which attracts a higher proportion of technically specialised small teams, may be underrepresented relative to its actual builder density.

3. The observation window captures a temporal snapshot, not a trajectory. The 2024-to-mid-2026 window reflects a specific regulatory and funding environment. Regulatory guidance finalised after mid-2026, funding cycles that close after the observation window, or product pivots in response to regulatory feedback will not be captured. The stack-layer distribution and the liability-asymmetry pattern may shift materially once binding agentic AI guidance under the AI Act is issued.

4. NACE and sector classification systems are not designed for the agentic commerce category. Company registry classifications do not distinguish agentic commerce builders from general software companies, payment service providers, or AI research firms. The additional inclusion filter applied in this methodology is dependent on the quality and completeness of public narrative sources, which are unevenly distributed across the three regional clusters and across languages.

5. The cited secondary literature covers adjacent domains rather than European agentic commerce builder dynamics directly. The four sources cited address BNPL credit risk obligations [1], consumer algorithmic transparency trade-offs [2], crypto-native payment binding protocols [3], and the regulatory treatment of agentic AI security and privacy [4]. These sources provide the mechanism-level grounding for the regulatory and consumer adoption claims made throughout the paper. The primary regulatory instruments engaged analytically, including PSD3, the AI Act, MiCA, the DMA, GDPR, and the operative frameworks of the EBA and ESMA, are treated as primary sources in the doctrinal analysis rather than as secondary literature. The limitation is one of secondary literature depth, not of evidentiary absence: the regulatory analysis rests on direct engagement with the instruments themselves but would benefit from a broader body of peer-reviewed scholarship specifically addressing the European agentic commerce domain, which remains in an early stage of academic development.

Several concrete research directions would substantially deepen and test the findings presented here.

API usage analytics. Open banking API usage data, available in aggregated form from national PSD2 implementation bodies and from commercial API aggregators, would provide a continuous, observable signal of which entities are actively transacting via programmatic payment initiation. Disaggregating API call volumes by entity type and vertical would allow builder activity to be measured by transactional output rather than by funding announcement, substantially reducing the selection bias toward VC-backed entities.

Acquisition and partnership pattern tracking. Systematic tracking of M&A disclosures, partnership announcements, and commercial agreements between agentic commerce builders and licensed payment institutions would allow the liability-boundary mechanism to be observed at the contractual level rather than inferred from deployment timelines. This requires access to commercial agreement databases and national M&A disclosure registers.

Regulatory compliance timeline measurement. A longitudinal database matching each builder's regulatory filings (sandbox applications, payment institution licence applications, AI Act conformity assessment registrations) against their product launch announcements would allow the compliance-timeline hypothesis to be tested directly. The European Banking Authority's register of licensed payment institutions and the forthcoming AI Act conformity database provide the regulatory side of this matching exercise.

Higher-granularity vertical mapping. The six vertical categories used in this analysis are sufficiently broad that within-vertical variation is substantial. B2B indirect procurement, for example, contains builders serving tail-spend automation, strategic sourcing, and marketplace-mediated spot purchasing, each of which has a distinct regulatory surface and stack architecture. Finer vertical sub-classification would improve the precision of the cluster-to-vertical relationship finding.

Consumer adoption measurement. The governance-conditional adoption curve identified from adjacent literature [2] requires direct empirical testing in European agentic commerce contexts, using panel or experimental methods that capture preference heterogeneity across the Nordic, Benelux, and DACH consumer populations.