The technology landscape for European agentic commerce

Agentic commerce designates a class of system in which software agents (operating with delegated authority, persistent memory, and tool-use capabilities) autonomously execute the sequence of actions that constitute a commercial transaction: product discovery, price comparison, negotiation, authorisation, payment initiation, and post-purchase settlement. The concept has precursors in the software-agent literature of the late 1990s [3][7], but the deployment conditions have shifted materially. As of 2024 to 2025, large-language-model (LLM) orchestration layers provide agents with language understanding sufficient to interpret unstructured terms and conditions, product specifications, and supplier communications. This capability extension moves agentic commerce from laboratory demonstration to production aspiration across logistics, procurement, and retail sectors.

For European developers, building production-grade agentic commerce systems requires assembling components across four distinct infrastructure layers. The first layer is the agent framework itself: the orchestration runtime, tool-calling interface, memory subsystem, and multi-agent coordination protocol that govern how an agent perceives its environment, plans action sequences, and delegates sub-tasks. The second layer is the payment rail: the settlement mechanism, authorisation protocol, and compliance wrapper through which an agent initiates and completes a monetary transaction. The third layer is the identity and credential system: the mechanism by which the agent, its operator, and the counterparty are identified, authenticated, and authorised, including delegation chains that permit a human wallet holder to extend transaction authority to an autonomous process. The fourth layer is the data space: the governed environment in which product catalogues, inventory states, pricing data, and contract terms are published and made machine-accessible under defined access-control and sovereignty rules.

Each layer has its own standards bodies, governance structures, regulatory hooks, and maturity trajectory. Each also carries dependencies on the other three. An agent that cannot verify a counterparty's credential cannot safely negotiate a contract; a payment rail that requires synchronous human authorisation at the point of settlement cannot serve a fully autonomous procurement flow; a data space that does not expose standardised machine-readable APIs cannot be queried by an agent operating at the speed and scale that justifies automation in the first place. The four layers are structurally coupled, yet they are governed, standardised, and deployed by separate institutions operating on different timelines.

This paper's contribution is a structured audit of the buildable infrastructure available to European developers across all four layers simultaneously. Existing surveys address individual layers: agent system architecture [7][9], payment interoperability and distributed-ledger rails [16][27], decentralised identity [11][13], and data space design [10]. No prior work provides a simultaneous cross-layer assessment evaluated against a shared production-readiness and governance-clarity rubric, positioned specifically within the European regulatory envelope. This paper provides that assessment.

The audit proceeds as follows. Section 2 establishes the urgency of this assessment by grounding it in current regulatory pressure, commercial deployment timelines, and the risk of infrastructure lock-in. Section 3 positions the work against prior literature. Section 4 describes the survey methodology and evaluation rubric. Section 5 presents findings for each of the four layers. Section 6 interprets the findings, with emphasis on cross-layer interoperability gaps and the regulatory pressure points that must be resolved. Section 7 concludes with specific claims about what investment would unlock production viability. Sections 8 and 9 address limitations and future directions respectively.

Three concurrent forces make a mid-2025 infrastructure audit both timely and consequential.

Regulatory activation. The EU AI Act entered into force in August 2024 and its high-risk provisions become applicable in stages through 2026. The Act classifies AI systems by risk tier, but its articulation of obligations for autonomous transactional agents (systems that spend money, execute contracts, or bind counterparties) remains incomplete in delegated acts. The eIDAS 2.0 regulation mandates that Member States make European Digital Identity Wallets (EUDIW) available to citizens and businesses by a defined deadline, yet relying-party APIs accessible to commercial developers vary in implementation depth across Member States. PSD2's Strong Customer Authentication (SCA) requirement, designed for human-initiated payments, creates friction at precisely the point where agentic commerce would require frictionless machine-authorisation. The Digital Markets Act imposes interoperability obligations on gatekeepers that extend to payment and messaging infrastructure, but does not address the gatekeeper status of agent orchestration platforms. The Digital Services Act introduces due-diligence obligations that may attach to agents acting as intermediaries in online markets. Together, these instruments produce a compliance burden that is material but poorly specified for the agentic case, leaving developers exposed to regulatory arbitrage risk: a developer who builds on non-European infrastructure to avoid the compliance friction may later find that European market access requires retroactive re-engineering.

Commercial deployment pressure. Procurement automation, subscription management, and supply-chain trading represent near-term commercial use cases in which the cost of human-in-the-loop authorisation at each transaction step is prohibitive at scale. European enterprise buyers in automotive, pharmaceuticals, and logistics are evaluating agentic procurement tools. The infrastructure those tools depend on is not yet standardised, meaning that early commercial deployments will crystallise architectural choices, including the choice of payment rail, identity scheme, and data access protocol, before European interoperability norms are settled. Infrastructure choices made under time pressure tend to persist because switching costs accumulate with each integration built on top [2]. A fragmented tooling landscape in which each developer independently selects non-interoperable components accelerates this lock-in.

Platformisation risk. The pattern observed in prior digital infrastructure transitions, where platform operators capture the integration layer between fragmented components and establish proprietary interoperability as a de facto standard, is structurally available in agentic commerce [2]. Payment infrastructure that developed under PSD2's open-banking mandate followed this trajectory: aggregators occupied the integration position between banks and third-party providers, and the resulting market structure concentrated rather than distributed power over account data access. This outcome is documented in analyses of digital platform regulation in adjacent financial sectors [22], though the specific mechanism in payment aggregation differs from insurance platform dynamics in that payment aggregators exercised leverage through API standardisation rather than through distribution network control. Agentic commerce creates an analogous integration opportunity: the orchestration layer that connects agent runtimes to payment rails, identity wallets, and data spaces is the position a platform operator would occupy. If European interoperability standards for this integration layer are not established before commercial scale is reached, the layer will be occupied by operators subject to non-European governance, a structural outcome inconsistent with the data sovereignty objectives embedded in the Data Governance Act and Gaia-X initiative [10][17].

The timeline pressure on that standardisation effort is concrete. Commercial procurement automation deployments are evaluating infrastructure choices in 2025. Each enterprise that commits to a non-European orchestration stack, payment initiation API, or identity assertion mechanism before European interoperability profiles are published accumulates switching costs [2] that compound across the enterprise software estate, and those costs make later migration progressively less viable as the number of downstream integrations grows.

The literature this paper builds on spans five bodies of work, each of which addresses one layer or one dimension of the problem without cross-layer synthesis.

Agent negotiation and e-commerce systems. The foundational treatment of agents that buy and sell [3] established the conceptual decomposition of the commercial agent cycle into needs identification, product brokering, merchant brokering, negotiation, purchase, and post-purchase evaluation. Subsequent work on negotiation protocols formalised bilateral and multi-lateral negotiation using Bayesian updating over utility models [4][7]. Rahwan et al. examined one-to-many negotiation architectures in which a single buyer agent interacts with multiple seller agents concurrently [9]. Schmidt et al. addressed trust propagation in multi-agent systems, identifying fuzzy credibility models as a mechanism for agents to assess counterparty reliability over time [8]. This body of work established the logical architecture of commercial agents but predates both LLM-based orchestration and the European regulatory instruments that constrain deployment today. The present paper uses this literature as the conceptual baseline for what an agent framework must support, rather than as an empirical comparison point.

Modern agentic LLM systems. More recent work addresses evaluation infrastructure for LLM-based agentic systems [26] and value-alignment learning for agents operating in multi-stakeholder environments [25]. The AEMA framework [26] proposes verifiable evaluation as a condition of trustworthy deployment, an approach structurally consistent with the AI Act's conformity-assessment requirements, though the framework does not address European regulatory specifics. Holgado-Sanchez et al. [25] address value-system learning through preference-based and inverse reinforcement learning, relevant to the question of how an autonomous purchasing agent can be constrained to act within the delegating principal's preferences without continuous human supervision. This paper treats these contributions as establishing the agent-layer technical baseline and does not reproduce their algorithmic content.

Security of agentic commerce. The systematisation of knowledge on LLM agent security in agentic commerce [24] provides the most comprehensive current treatment of the attack surface, identifying prompt injection, credential theft, and unauthorised transaction initiation as the primary threat vectors. Maiti's zero-trust architecture for autonomous agents in healthcare [23] provides a defence-in-depth architectural model that is domain-specific but structurally generalisable. Both works independently conclude that security cannot be solved within a single layer; credential integrity, agent integrity, and transaction authorisation must be co-designed. This paper incorporates that conclusion as a structural premise rather than a finding to be independently derived.

Payment rails and digital currency. Bechtel et al. [16] provide a roadmap for DLT-based European payment evolution, addressing the interaction between SEPA schemes, wholesale CBDC, and tokenised settlement. The systematisation of the CBDC design space [27] maps privacy-enhancing technologies against scalability constraints, concluding that component-level cryptographic research (zero-knowledge proofs, secure elements) has not yet been validated at integrated-system scale. Zero-knowledge authentication for offline CBDC via IoT [29] and stablecoin integration with enterprise ERP systems [20] each address narrow sub-problems. See and Tan [28] propose a programmable compliance wrapper for stablecoin-based agentic payments. The ECB's evolving regulatory posture toward crypto-assets is traced by Au [19]. Senn et al.'s broader design-space systematisation [27] provides the taxonomy this paper applies to evaluate European rail readiness. None of these works evaluates rails specifically against the requirements of autonomous agent-initiated settlement under PSD2 SCA, which this paper does.

Identity and data spaces. Soltani et al. [11] survey the SSI ecosystem; Schlatt et al. [12] design a blockchain-based KYC framework; Dib and Toumi [13] catalogue decentralised identity architectures and their governance gaps. The EBSI cross-border credential verification pilot [15] provides empirical data on what a production deployment reveals about the gap between technical interoperability and ecosystem adoption. Grech et al. [14] examine the promise-versus-praxis tension in education credential systems. Otto et al. [10] establish the design principles for data spaces. Pastor Sempere [17] provides the most comprehensive current treatment of EU data governance law across the DGA, DSA, and GDPR. Jovanovic-Milenkovic and Vojkovic [21] examine EUDIW implementation in one Member State, providing a concrete case study of deployment variance. This paper synthesises these sources into a cross-layer assessment, distinguishing itself by evaluating identity and data space infrastructure against the specific requirements of agentic commerce delegation rather than the general identity or education credential use cases those prior works address.

This paper employs a structured qualitative survey of publicly documented infrastructure components, evaluated against a three-dimensional rubric applied consistently across all four layers.

Component selection. Components were selected for inclusion if they satisfied three criteria simultaneously: (a) the component is accessible to a European developer as of mid-2025 without requiring negotiated access agreements with a single proprietary vendor; (b) the component has a documented API or protocol specification sufficient for a developer to begin integration; and (c) the component operates within, or is designed to comply with, at least one applicable European regulatory instrument. Open-source agent frameworks were included regardless of geographic origin of maintenance community, given that origin of maintenance does not determine regulatory applicability. Payment rails were restricted to euro-denominated mechanisms or mechanisms with documented euro conversion paths. Identity systems were restricted to those referencing eIDAS 2.0 or W3C Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs). Data spaces were restricted to those operating under Gaia-X or IDSA (International Data Spaces Association) governance frameworks, meaning that a minimum published governance profile (membership rules, dispute resolution, and connector conformance requirements) was a condition of inclusion rather than an outcome measure.

Maturity rubric. Each component was assessed on three dimensions, each scored on a three-point ordinal scale (early, developing, production). Production readiness assesses whether the component has been used in live commercial deployments, whether its API surface is stable and versioned, and whether it has published SLA or availability commitments. Governance clarity assesses whether the component's governance documentation specifies who may participate, on what terms, how disputes are resolved, and how the component relates to applicable regulation. Ecosystem strength assesses the number of documented integrations with other components in the stack, the availability of conformance test suites, and the presence of active maintenance and support communities.

Governance debt defined. The term governance debt, used throughout the results and discussion sections, designates the gap between a component's documented governance commitments and the operational specifications a developer can actually consume when making integration decisions. A component accumulates governance debt when its design documents or regulatory enabling instruments describe obligations (for example, connector certification, access-control policy expression, or delegation-credential issuance) that have not yet been translated into published, versioned, and machine-consumable specifications. Governance debt is distinct from technical immaturity: a component may have a stable API but carry high governance debt if the rules governing who may call that API, under what conditions, and with what compliance attestation remain uncodified.

Interoperability assessment. Cross-layer interoperability was assessed by tracing the data flows and protocol handshakes required for an end-to-end agentic transaction: agent receives task, queries data space for product options, negotiates with counterparty agent, authenticates using identity wallet, initiates payment, receives settlement confirmation. For each interface between layers, the assessment identified whether a documented protocol exists, whether that protocol has been implemented by components on both sides of the interface, and whether any regulatory instrument creates a compliance obligation at that interface. Interfaces where no documented cross-layer protocol exists were classified as interoperability gaps.

Assumptions and scope boundaries. The assessment treats regulatory instruments as constraints on design space rather than as infrastructure components themselves. It does not assess the likelihood that specific regulatory provisions will be amended. It excludes payment systems denominated exclusively in non-euro currencies, agent frameworks with no documented European deployment or regulatory mapping, and data spaces that have not published a conformance profile against an IDSA or Gaia-X specification. The assessment reflects publicly available documentation; where documentation was absent or ambiguous, the dimension was scored conservatively, consistent with the principle that undocumented governance is functionally equivalent to absent governance for a developer making integration decisions.

Layer 1: Agent Frameworks

Agent orchestration frameworks provide the runtime within which an autonomous agent perceives its environment, maintains state, calls tools, and coordinates with other agents. The frameworks available to European developers in mid-2025 include both open-source general-purpose runtimes (LangGraph, AutoGen, CrewAI, and their derivatives) and emerging protocol-level specifications (Anthropic's Model Context Protocol, Google's Agent-to-Agent protocol, and nascent W3C working group drafts on agent communication).

Production readiness across this landscape is unevenly distributed. General-purpose LLM orchestration frameworks have reached a level of stability sufficient for internal enterprise tooling, but their tool-calling interfaces (the mechanism through which an agent initiates a payment, queries a data space, or verifies a credential) are not standardised across frameworks, meaning that an integration built against one framework's tool-call schema does not transfer to another without rework. Multi-agent coordination protocols, which are required when a buying agent must interact with a selling agent operated by a different organisation, are at an earlier stage; the specifications exist but conformance test suites are absent.

Governance clarity for agent frameworks is low by the rubric applied here. No open-source agent framework currently carries an explicit mapping to EU AI Act risk tiers, a conformity assessment path, or documentation specifying how the framework's behaviour relates to the operator's obligations under the Act. This is a governance gap that the frameworks' maintainers have not yet been required to close, because the Act's delegated acts covering agentic AI remain incomplete. European developers deploying these frameworks therefore bear the full burden of regulatory mapping themselves.

Ecosystem strength is high for the leading open-source frameworks in terms of community activity and documented integrations, but those integrations are predominantly with US-origin payment processors and identity providers rather than with European rails and EUDIW.

Layer 1 maturity summary: production readiness: developing (for human-supervised enterprise tooling); governance clarity: early; ecosystem strength: developing.

Layer 2: Payment Rails

The European payment rail landscape for agentic commerce spans three categories: traditional SEPA schemes, emerging instant settlement infrastructure, and DLT-native rails.

SEPA Credit Transfer and SEPA Direct Debit are production-grade and widely deployed, but their authorisation models assume a human initiating principal. SEPA Instant Credit Transfer extends settlement to near-real-time, which is operationally suited to agentic use cases, but whether an agent can initiate a SEPA Instant transfer without a synchronous human SCA step under PSD2 is not fully resolved. The EBA has addressed machine-initiated and delegated payment scenarios in EBA Opinion EBA/Op/2022/01 on the application of PSD2 and in its 2023 consultation on PSD3 and the Payment Services Regulation. Those instruments acknowledge the existence of delegated payment arrangements and identify applicable exemption categories, but they do not produce a harmonised technical standard that specifies how a payment service provider must verify an autonomous agent's delegation authority before treating an agent-initiated instruction as SCA-compliant. The gap is therefore not an absence of any regulatory engagement but rather the absence of a dedicated technical standard that removes the need for bespoke legal interpretation by each PSP individually. Payment service providers have implemented varied delegation models using existing exemption categories (low-value transactions, trusted payees, transaction risk analysis), and these bespoke constructions are difficult to audit and cannot be certified as harmonised across the Single Market.

TARGET Instant Payment Settlement (TIPS) provides central bank money settlement at near-real-time, relevant for wholesale agentic transactions. TIPS access is governed by the T2/TIPS participation rules, which require a participant to hold a T2 (formerly TARGET2) account or be reachable via an addressable BIC. PSD2 authorised non-bank payment service providers may qualify for T2 accounts under the access conditions defined by the Eurosystem, but in practice the majority of agentic commerce operators (non-bank technology firms building procurement or trading applications) are not PSPs authorised at that level and must route through a bank or licensed PSP intermediary. That intermediary dependency adds a settlement hop that an agent cannot eliminate through technical design alone, because the access constraint is a regulatory eligibility rule rather than a technical bottleneck.

The DLT-native category includes programmable compliance architectures built on stablecoin rails [28], euro-pegged stablecoins regulated under MiCA, and the ECB's digital euro investigation. See and Tan [28] demonstrate that stablecoin rails can carry policy-wrapper logic that enforces AML/CFT rules at execution, which is structurally suited to agentic commerce because it permits compliance to be encoded rather than checked retroactively. MiCA-regulated euro stablecoins at production scale have limited availability as of mid-2025: the licensing process for electronic money token issuers under MiCA was ongoing through 2024 and the number of fully licensed, widely distributed euro-denominated EMT products in commercial deployment remained small, constraining developer options on this rail category. The ECB's position on retail digital euro programmability remains restrictive [18][19]. The CBDC design-space systematisation [27] confirms that privacy-enhancing cryptographic mechanisms (zero-knowledge proofs for offline CBDC authentication [29]) are evaluated and found promising at component level but have not been validated in integrated-system deployments at commercial scale.

The overall payment rail assessment applies the maturity rubric at use-case resolution because a single compound score would mask the operationally significant difference between the two main use-case axes. For human-initiated flows: production readiness: production; governance clarity: developing; ecosystem strength: production. For fully autonomous machine-initiated flows under a harmonised European framework: production readiness: early; governance clarity: early; ecosystem strength: early. Reporting these separately is necessary because the gap between them is itself the primary finding for this layer.

Layer 3: Identity and Credential Systems

The identity layer is governed by eIDAS 2.0, which mandates the European Digital Identity Wallet (EUDIW) and establishes a framework for verifiable attributes. The regulation is formally advanced, and Regulation (EU) 2024/1183, which amended eIDAS, is in force [21]. However, the EUDIW's production availability across Member States is uneven: some national implementations are at pilot stage, relying-party APIs for commercial developers are not uniformly published, and the governance model for delegation is not specified in the regulation or its implementing acts. Specifically, the regulation does not address whether a wallet holder can delegate transaction authority to an autonomous agent, nor under what conditions that delegation is revocable and auditable.

The Self-Sovereign Identity (SSI) ecosystem [11][13] provides complementary infrastructure: W3C DIDs and VCs are supported by multiple European pilot projects, including the European Blockchain Services Infrastructure (EBSI). The EBSI cross-border credential verification pilot between Belgium and Italy [15] is the most instructive empirical reference point: it confirmed that technical interoperability at the protocol level is achievable, but that ecosystem onboarding governance (who decides which wallet schemes are conformant, how disputes over credential validity are resolved, which entities may act as issuers) constitutes the binding constraint on adoption. Grech et al. [14] reached the same conclusion in the education credential context: the gap between technical promise and operational praxis is filled by governance decisions that no single technical standard can resolve.

For KYC specifically, blockchain-based SSI frameworks offer a path to reusable, privacy-preserving identity verification [12], but no European payment service provider has yet published a production API that accepts EUDIW-issued verifiable credentials as the sole basis for KYC clearance of an agent-initiated transaction.

Layer 3 maturity summary: production readiness: developing (at protocol level), early (for delegation and agentic-use-case specification); governance clarity: developing; ecosystem strength: developing.

Layer 4: Data Spaces

Data spaces, as designed under the IDSA reference architecture and the Gaia-X framework [10], are governed data-sharing environments in which participants publish and consume structured data under access-control policies and data-sovereignty constraints. For agentic commerce, data spaces are the mechanism through which an autonomous buying agent would discover products, access inventory data, retrieve pricing, and read contract terms.

The design principles for data spaces are well-documented [10], and several sector-specific instances are operational (in automotive, manufacturing, and health). Components assessed under this layer satisfied the inclusion criterion of having a published governance profile against an IDSA or Gaia-X specification; the finding that governance varies materially between those implementations is a within-scope observation about the quality and completeness of published governance, not a violation of the inclusion threshold. The governance of these instances varies materially in the specificity and operational completeness of their membership rules, data model documentation, and connector conformance requirements. No live European data space currently publishes a standardised API profile documented as consumable by autonomous buying agents. The data models used within existing data spaces are sector-specific and not interoperable at the semantic layer, meaning an agent trained to query one data space's product ontology cannot query another's without bespoke mapping.

Governance debt is the dominant characteristic of the data space layer. As defined in Section 4, governance debt designates the gap between documented governance commitments and operational specifications that a developer can consume. The Data Governance Act and GDPR impose obligations on data-space operators that are not yet reflected in published conformance specifications for data connectors [17]. The gap between regulatory aspiration and operational specification is measurable: connector certification schemes exist, but their coverage of agentic consumption patterns (where an agent may issue large numbers of automated queries, cache results, and re-use data across transaction contexts) is not addressed.

Layer 4 maturity summary: production readiness: developing (for human-curated sector deployments), early (for standardised agentic-consumption APIs); governance clarity: developing; ecosystem strength: developing.

Why Layers Fail to Interoperate

The four-layer audit reveals that interoperability failures are not primarily technical. At the protocol level, the components required to construct an agentic commerce transaction exist in draft or early-production form across all four layers. The interoperability failures are structural: they arise from the absence of cross-layer specifications that define what information must flow between layers, in what format, under what authorisation, and with what compliance attestation.

Consider the credential-to-payment interface. A payment service provider executing an agent-initiated SEPA Instant transfer needs to verify (a) that the agent has been delegated transaction authority by a human principal, (b) that the principal's identity has been verified to AML standards, and (c) that the transaction falls within the scope of the delegation. The EUDIW can, in principle, carry verifiable credentials encoding each of these attestations. The SEPA Instant framework does not specify a mechanism for a payment message to carry or reference a verifiable credential. The eIDAS 2.0 wallet specification does not define how a delegation credential for an autonomous agent is structured, issued, or verified. The AI Act does not specify what agent-integrity checks a payment service provider must perform before treating an agent-initiated instruction as authorised. All three regulatory instruments are live, none addresses the interface, and the gap between them is not assigned to any single regulatory body for resolution.

The data-space-to-agent interface presents a symmetric problem. An agent querying a Gaia-X data space for product data must authenticate as an authorised consumer. The data space's access control policy is expressed in the connector's usage-control framework. The agent framework does not produce access tokens in the format the connector expects. No European standard maps agent identity (as expressed in an agent framework's credential schema) to data space membership criteria.

Regulatory Pressure Points

Three regulatory instruments create measurable pressure on the interoperability deficit, each at a different interface in the stack.

The Digital Markets Act's interoperability obligation on gatekeepers nominally addresses platform lock-in, but its scope covers messaging and app stores rather than agent orchestration platforms. A developer using a US-origin agent framework that becomes a de facto standard for agentic commerce integration would not, under the current DMA text, be able to invoke interoperability obligations against the framework's operator. This is a regulatory gap that the DMA's review mechanisms could address but have not yet been directed toward.

GDPR's data minimisation and purpose-limitation principles constrain the information an agent may retain across transactions. An agent that caches user preference data from one transaction to inform negotiation strategy in a subsequent transaction may violate purpose-limitation unless the caching is covered by an explicit legal basis [17]. The interaction between GDPR retention rules and the memory subsystems of agent frameworks, which are architecturally designed to persist state across sessions, is not addressed in any guidance from the European Data Protection Board as of mid-2025. Developers must navigate this interaction without authoritative guidance, producing heterogeneous compliance postures across deployments.

The PSD2 SCA requirement is the most immediate operational constraint on production agentic payment flows. SCA requires that a payment initiator authenticate using two of three factors (knowledge, possession, inherence) in a manner linked to the specific transaction amount and payee. An autonomous agent cannot satisfy an inherence factor. As noted in Section 5, the EBA has engaged with delegated payment arrangements through EBA Opinion EBA/Op/2022/01 and the 2023 PSD3 consultation, and existing exemption categories (low-value transactions, trusted payees, transaction risk analysis) provide partial coverage. The unresolved problem is that these exemptions do not collectively constitute a complete, harmonised authorisation pathway for high-value or novel-counterparty agentic transactions. Each PSP that constructs its own delegation model using combinations of available exemptions produces a solution that is non-portable across counterparties and non-certifiable as meeting a European standard. The EBA has the authority under PSD3 to issue a regulatory technical standard that addresses this systematically; that standard has not been issued.

The Sovereignty-Portability Structural Tension

The European data sovereignty agenda, expressed through the Data Governance Act, the data space frameworks, and the EUDIW mandate, privileges keeping data and control within European jurisdiction. Cross-border agentic commerce requires agents to carry credentials, access data, and initiate payments across Member State boundaries in a single transaction flow. These two objectives require explicit cross-border protocol harmonisation to be simultaneously satisfied.

The EBSI pilot [15] demonstrates that cross-border credential verification is technically feasible within Europe at the bilateral level. It also demonstrates that bilateral feasibility does not scale to multi-lateral deployment without governance infrastructure: specifically, a common trust framework that specifies which issuers are recognised by which relying parties, across which national boundaries, under which legal conditions. EUDIW implementing acts address intra-EU wallet recognition but do not extend recognition explicitly to agentic use cases where the wallet holder is a legal person delegating to a non-human agent.

The programmable compliance approach explored by See and Tan [28] offers a partial resolution: if AML/CFT and SCA obligations are encoded in a machine-readable policy wrapper attached to the payment instrument itself, then compliance checking can be performed at settlement rather than requiring a synchronous human authorisation step. This approach is technically coherent but depends on a regulatory body producing and maintaining canonical machine-readable encodings of the relevant obligations, a function that no EU institution currently performs or has been assigned to perform. The specification gap between what regulation intends and what can be programmed [28] is therefore a governance problem, not a technical one.

Platformisation Dynamics

The fragmentation of the four layers creates a structural opportunity for a platform operator to supply the integration layer between them. The pattern is structurally similar to the aggregator model that emerged under PSD2's open-banking framework, where the regulatory mandate to open payment data created a market for aggregators who standardised access across multiple banks. The agentic commerce case differs from the PSD2 aggregator case in one structurally important respect: PSD2 aggregators operated within a regulated PSP category subject to EBA oversight, whereas an agent orchestration platform integrating all four layers would not automatically fall within any existing regulated category, reducing the regulatory leverage available to address concentration. A developer building an agentic commerce application today must integrate these four layers independently, and the integration work is non-trivial. A platform that provides a pre-integrated stack (proprietary orchestration, proprietary payment initiation, proprietary identity assertion, and proprietary data access) removes that integration burden at the cost of vendor lock-in.

If European interoperability standards for the cross-layer interface are not established before commercial-scale adoption occurs, the integration layer will be occupied by operators whose governance accountability to European regulatory authorities is limited by jurisdiction. The Data Governance Act's provisions on non-EU data intermediaries [17] and the AI Act's third-country-operator provisions address parts of this risk, but the compound effect of four fragmented layers, each individually addressable by existing regulation but jointly ungoverned, creates a regulatory surface area that existing instruments do not cover as a system.

Commercial procurement automation deployments are evaluating infrastructure choices in 2025, and the switching costs of committing to a non-European protocol stack accumulate with each downstream integration built on that choice [2]. The structural window for European interoperability standards to influence those choices narrows as enterprise deployment scale increases, because retroactive re-engineering becomes less viable as the number of integrations grows.

This paper has conducted a structured audit of the four infrastructure layers required for European agentic commerce: agent frameworks, payment rails, identity and credential systems, and data spaces. The audit produces three substantive conclusions that address, respectively, the state of available infrastructure, the nature of the maturity gap, and the governance mechanism required to close it.

First conclusion: buildable infrastructure exists across all four layers. European developers are not working with blank sheets. Agent orchestration frameworks are available, several at production grade for human-supervised use cases. Euro-denominated payment rails including SEPA Instant and TIPS provide near-real-time settlement. The EUDIW mandate, eIDAS 2.0 verifiable credentials, and EBSI-piloted cross-border verification give developers a credential infrastructure to build toward. Data space frameworks under IDSA and Gaia-X provide governed data-sharing environments in defined sectors. The raw components of an agentic commerce stack are present.

Second conclusion: the maturity distribution is inverted relative to what production deployment requires. The regulatory layer is formally most advanced, while the infrastructure it governs is least mature. Payment rails are at production grade for human-initiated flows and at early stage for fully autonomous machine-initiated flows under a harmonised framework. Identity systems are developing at the protocol level and early at the delegation and agentic-use-case specification level. Agent frameworks are production-grade for orchestration and early for European regulatory mapping. Data spaces are developing in sector-specific deployments and early in standardised agentic-consumption API coverage. This inversion, in which regulation is ready before infrastructure, constrains developer choices in two concrete ways: the compliance obligations attach to deployments immediately, while the certified technical means of satisfying those obligations are not yet available, and the absence of technical standards means each developer must translate regulatory text into implementation choices without authoritative guidance, producing heterogeneous and non-portable compliance postures across the Single Market.

Third conclusion: the binding constraint is the absence of a cross-layer regulatory instrument. The audit identifies three specific interoperability failures that a single instrument could address. The first is the delegation gap at the credential-to-payment interface: no specification currently defines how a EUDIW holder delegates transaction authority to an autonomous agent, what revocation and audit mechanisms must accompany that delegation, or how a payment service provider verifies the delegation without a synchronous human SCA step. The second is the agent-integrity gap at the payment authorisation interface: no harmonised technical standard specifies what checks a PSP must perform on an agent-initiated instruction before treating it as SCA-compliant, leaving each PSP to construct bespoke delegation models from available exemption categories that are individually partial and collectively unharmonised. The EBA has the authority to address this gap through a regulatory technical standard under PSD3; that standard has not been issued. The third is the machine-readable compliance encoding gap: the AML/CFT, SCA, and data-minimisation obligations relevant to agent-initiated transactions exist in regulatory text but have not been translated into formally versioned, machine-consumable policy specifications that programmable compliance architectures [28] could consume as stable dependencies, and no EU authority has been assigned to produce or maintain such a specification.

The instrument that could carry resolutions to these three gaps exists within the current legislative architecture. A delegated act under the AI Act could define agent delegation conditions and agent-integrity obligations. A regulatory technical standard issued by the EBA under PSD3 could specify the minimum PSP verification requirements for agent-initiated settlement. An implementing act under eIDAS 2.0 could mandate the structure of delegation credentials and the machine-readable encoding of the associated compliance attestations. The current situation does not lack legislative authority; it lacks regulatory priority assignment. No body has accepted the mandate to produce these three specifications on a timeline consistent with the commercial deployment pressure documented in Section 2.

The consequences of continued absence are measurable along specific vectors. EUDIW relying-party API coverage for agentic commerce developers will remain low because no certification requirement compels PSPs to accept wallet-issued delegation credentials. Cross-border agentic transaction success rates within SEPA will remain dependent on bespoke bilateral agreements between PSPs rather than on a certified common framework, limiting scalability. Developer adoption of European payment initiation protocols will stagnate relative to non-European protocol stacks that offer lower integration friction, because the non-European stacks do not carry the compliance overhead of an underspecified regulatory environment. Each of these vectors compounds over the 2025 to 2026 deployment cycle, as enterprise procurement commitments accumulate switching costs that make later adoption of European infrastructure progressively less viable [2].

1. Snapshot maturity only. The audit captures the state of each component as documented in mid-2025. The agent framework ecosystem is iterating on release cycles measured in weeks, not quarters. Components assessed as early-stage may advance to production readiness within months of this paper's publication. Conversely, components assessed as developing may encounter governance disputes or standards conflicts that retard their trajectory. The maturity scores assigned here should be treated as time-stamped observations, not durable characterisations.

2. Documentation asymmetry across open-source and commercial products. Open-source agent frameworks publish their specifications publicly and in detail, enabling precise assessment. Commercial products (particularly those offered by payment service providers and identity wallet operators) may have more advanced implementations than their public documentation reveals, because competitive sensitivity limits disclosure. This asymmetry biases the audit toward conservative assessments of commercial products and may understate actual deployment capability.

3. Depth of comparison with non-European DLT rail protocols. The audit restricts payment rail assessment to euro-denominated mechanisms and explicitly excludes USD-denominated rails, non-SEPA regional payment systems, and crypto-native protocols that do not have a documented euro conversion path. This restriction reflects the European developer scope. Within the DLT-native category, the audit does analyse programmable compliance architectures on stablecoin rails [28] and MiCA-regulated euro stablecoin infrastructure, providing partial coverage of the DLT rail landscape. What the audit does not provide is a systematic comparative benchmark between European rails and non-European protocol stacks such as x402 or ACP that are attracting developer adoption in other jurisdictions and that may enter European markets via cross-border agentic transactions. The competitive performance gap between European and non-European rails is therefore noted as a structural risk in the discussion but is not quantified, because that quantification requires primary adoption data outside the scope of this survey.

4. Absence of primary deployment data. The audit relies on published documentation, pilot reports, and academic analysis rather than on primary data from production deployments of agentic commerce systems. Empirical data on cross-border agentic transaction success rates, EUDIW relying-party API availability counts, or developer adoption rates for European versus non-European stacks would materially strengthen the findings but is not available in the public domain as of the survey date.

5. Member State implementation variance not fully resolved. The audit treats eIDAS 2.0 and EUDIW as a single regulatory layer, but Member State implementation depth varies. The Croatia implementation case [21] provides one data point; comprehensive cross-Member-State comparison was outside the scope of this survey.

Three concrete directions would advance the findings of this audit toward a published, certified cross-layer interoperability profile against which agentic commerce implementations could be tested and approved.

Cross-layer interoperability testing harness. A conformance test suite that traces an end-to-end agentic transaction across all four layers (querying a data space, authenticating via EUDIW credential, initiating a SEPA Instant payment with a machine-readable compliance attestation, and receiving a verifiable settlement confirmation) would reveal precisely which interfaces fail and why. This harness requires collaboration between IDSA connector operators, EUDIW pilot implementers, SEPA participant banks, and agent framework maintainers. The technical instrument is a set of automated test cases against published APIs; the governance instrument is an institution willing to coordinate the four communities. ENISA, the EBA Innovation Hub, or a joint initiative under the European Blockchain Partnership are candidate hosts. The output would be a failure map of the credential-to-payment and data-space-to-agent interfaces documented in Section 6, with each failure classified as a missing protocol specification, a missing implementation on one side of the interface, or a compliance obligation without a technical realisation.

Regulatory mapping to machine-readable specification. The AML/CFT, SCA, and data-minimisation obligations relevant to agent-initiated transactions need to be translated into formal, versioned, machine-readable policy specifications that programmable compliance architectures [28] can consume. This translation requires legal input from the EBA, the EDPB, and relevant national supervisors, expressed in a format compatible with existing policy-expression languages. The specific output required is a published, versioned ruleset in a format such as Open Digital Rights Language or a purpose-built policy grammar, hosted by a designated EU authority, updated on a defined maintenance cycle. The maintenance cycle matters because AML/CFT obligations change as the Financial Action Task Force revises its recommendations, and a machine-readable encoding that does not track those revisions creates a compliance drift risk for agentic deployments that depend on it as a stable dependency.

European agent coordination forum. No existing institution collects the stakeholders who must jointly resolve the cross-layer governance gaps identified here. A structured forum, potentially established under the AI Office created by the AI Act, should convene agent framework maintainers, payment service providers, EUDIW wallet operators, and data space governance bodies to produce the cross-layer interface specifications that no single regulatory instrument currently mandates. The specific deliverable is a published interoperability profile that specifies, at minimum: the credential schema for EUDIW-issued agent delegation credentials, the message extension format for carrying verifiable compliance attestations in SEPA Instant payment messages, and the authentication protocol by which an agent framework presents identity to a Gaia-X data space connector. Each of these specifications is a discrete engineering artefact, not a policy document; the forum's role is to coordinate the institutions that must jointly agree the content and then assign maintenance responsibility to a named body.