What is European agentic commerce

The deployment of artificial intelligence systems capable of executing commercial transactions without per-step human authorisation is accelerating across European markets. Retailers, travel platforms, financial service providers, and logistics operators are piloting systems that select vendors, negotiate terms, confirm purchases, and manage post-transaction processes on behalf of human or institutional principals. These systems are, in a functional sense, agents operating in commercial environments. The regulatory instruments that govern those environments, however, were designed around a fundamentally different model of commerce, one in which a human being initiates each transaction, evaluates each offer, and exercises informed consent at the point of commitment.

This mismatch between technology and regulatory architecture is not a marginal concern. The EU AI Act, which entered into force in August 2024, classifies AI systems by risk category but does not establish a coherent taxonomy of commercially transacting agents as a distinct class. The Digital Services Act addresses platform intermediaries but was written at a time when the primary intermediary was understood to be a human-curated marketplace rather than an autonomous purchasing system. The Consumer Rights Directive and Unfair Commercial Practices Directive presuppose a human consumer who can read, deliberate, and withdraw consent, presuppositions that do not hold when the transacting party is an AI agent acting on a human principal's behalf.

The consequence of this mismatch is not merely academic. Liability for defective transactions, transparency obligations concerning the use of AI, consumer withdrawal rights, and market oversight authority all depend on characterising the system through which a transaction occurs. When that characterisation is absent or contested, enforcement gaps follow. Determining which instrument applies, and to whom, requires a prior act of definition: agentic commerce must be distinguished from e-commerce and platform commerce, and its boundaries must be drawn with sufficient precision to support consistent regulatory application.

This paper provides a structured answer to that prior definitional requirement. Its contribution is a formal definitional framework for European agentic commerce, constructed through analytical rather than empirical methods and designed to be operationally usable by regulators, standards bodies, compliance practitioners, and researchers. The framework does not prescribe specific regulatory responses; it establishes the categorical boundaries on which any coherent regulatory response must rest.

The paper proceeds as follows. Section 2 grounds the urgency of the definitional problem in the current European legislative environment and the specific stakes that arise when commerce is conducted by autonomous systems. Section 3 surveys prior taxonomic work on autonomous commerce, algorithmic intermediation, and agent-based systems, identifying the analytical gap that motivates this contribution. Section 4 describes the analytical method used to construct the definition and its boundary conditions. Section 5 presents the core definition and the decision criteria that determine category membership. Section 6 interprets the boundary conditions against existing and pending European legal instruments, identifying where regulatory coverage is adequate, where it is partial, and where it is absent. Section 7 synthesises the contribution and names the specific governance dimensions most immediately dependent on definitional clarity. Sections 8 and 9 address the definition's limitations and directions for empirical refinement.

Three terminological commitments are maintained throughout. First, "agent" refers to an AI system that meets the functional criteria established in Section 4, not to a human intermediary or a legal agent in the private-law sense. Second, "agentic commerce" denotes the genus; the boundary conditions produce the genus-differentia pair. Third, "European" refers to the legal and regulatory context of the European Union, acknowledging that individual member-state implementation varies but treating the acquis communautaire as the operative framework. These commitments are necessary to prevent the definitional problem from reproducing itself within the paper.

The European Union has produced more AI-specific legislation in the period from 2022 to 2024 than any other comparable jurisdiction. The EU AI Act was formally adopted by the Council in May 2024 and entered into force in August 2024. Its substantive obligations apply on a phased schedule running from 2025 through 2027, a staggered applicability that is directly material to enforcement planning: provisions governing high-risk systems and general-purpose AI models become operative at different points, and agentic commerce systems may fall under distinct applicability timelines depending on how they are ultimately classified. The Act establishes a risk-tiered classification schema, imposes conformity assessment obligations on high-risk AI systems, and introduces transparency requirements for certain AI interactions with natural persons. The Digital Services Act regulates online intermediaries and creates a new supervisory architecture for very large platforms. The proposed Data Act governs machine-generated data flows. Each instrument addresses a distinct surface of the AI-in-commerce problem, and each was developed through a legislative process that assumed a relatively stable model of how AI systems participate in commercial activity.

That model is being destabilised by the emergence of transacting systems. A recommendation engine that surfaces a product leaves the human consumer to initiate the purchase. An agentic system given a budget, a category of goods, and a quality threshold selects a vendor, compares prices across multiple channels, and commits the principal's funds without further authorisation. The formal distinction between recommendation and transaction is legally significant: contract formation, distance selling rules, right of withdrawal, and misrepresentation liability all attach at the point of transaction commitment, not at the point of recommendation.

Existing EU taxonomies do not capture this distinction cleanly. The AI Act's high-risk categories, set out in Annex III, cover specific domains such as biometric identification, critical infrastructure, and employment decisions, but the category of AI systems autonomously executing consumer transactions does not appear as a named class. Notably, Article 6(2) of the Act and the Commission's power to amend Annex III through delegated acts create a mechanism by which such a category could be added without primary legislation, which means the instrument has an adaptive capacity that the current Annex text alone does not reveal. The DSA's intermediary liability framework addresses hosting and conduit functions derived from the foundational E-Commerce Directive distinctions; it was not designed to address an AI system that is simultaneously the intermediary, the purchaser, and the disclosure obligation-bearer. Consumer protection directives define the "consumer" as a natural person acting outside a trade or profession, a definition that does not contemplate a natural person whose commercial engagement consists entirely of delegating transactional authority to an AI system.

The stakes of this definitional vacuum are concrete. Liability for a defective or fraudulently induced transaction requires identifying who bore the capacity to consent and who had the duty to disclose. When an autonomous agent is the transacting party, the developer, the deploying merchant, and the human principal are all potential liability-bearers, and without a definitional framework, none can be assigned that role with legal precision. Accountability for algorithmic decision-making, as the literature on algorithm ethics has established, requires that someone be designated as the responsible party for the choices embedded in the system's design [8]. Without a category boundary that places agentic commerce systems within a specific regulatory perimeter, that designation cannot occur systematically.

Consumer vulnerability compounds the problem. Adam, Wessel, and Benlian [6] document that anthropomorphic design features in AI-based customer service systems increase user compliance with service-request prompts. Applied to agentic transaction contexts, that finding implies that design choices favouring anthropomorphism can shift principal behaviour in ways the principal does not recognise, an inference warranted by the mechanism the study identifies even though the study's direct context is service compliance rather than purchasing authority. When the agent is the transacting party rather than a surface for human decision-making, the compliance influence risk shifts from the consumer's own choices to the principal-agent relationship itself, a shift that existing consumer protection frameworks are not structured to address.

The literature on AI in commercial contexts offers several overlapping taxonomies, each designed for a different primary purpose. Understanding what each framework achieves and where it stops is a prerequisite for establishing what a purpose-built definition of agentic commerce must add.

AI functional taxonomies. Huang and Rust [3] propose a strategic framework for AI in marketing organised around three functional layers: mechanical AI (performing routine, rule-based tasks), thinking AI (analysing data and making inferences), and feeling AI (recognising and responding to human emotional states). This taxonomy is useful for mapping AI capabilities onto marketing functions and for predicting where AI substitution of human judgment is most advanced. It does not, however, establish transactional authority as a dimension of classification. A mechanical AI system could execute a transaction (a vending machine's payment processing is mechanical), and a thinking AI system could produce recommendations without transacting. The taxonomy captures capability type rather than transactional role, which means it cannot directly delineate agentic commerce from other AI-assisted commercial activity.

Dwivedi and colleagues [1] offer a multidisciplinary survey of AI challenges and opportunities across sectors, including commerce, and identify autonomy and learning as key axes of AI development. The framework is broad enough to acknowledge that AI systems can act with varying degrees of independence, but it does not operationalise a threshold at which independence becomes transactional authority, nor does it address the regulatory implications of that threshold.

Recommender and context-aware systems. Adomavicius and colleagues [4] provide a detailed technical taxonomy of context-aware recommender systems, distinguishing systems that incorporate contextual signals (time, location, social context) from those that do not. This is relevant to agentic commerce because sophisticated recommender systems can appear to exercise judgment across multiple dimensions simultaneously, a surface characteristic that resembles agentic behaviour. The critical distinction the recommender taxonomy does not make is between producing ranked output for human selection and producing a committed transaction. Recommender systems, however context-aware, are defined by their function as decision-support tools; they present options. Agentic systems, as this paper defines them, close transactions. The recommender literature does not establish this boundary, and as a result, a highly capable context-aware recommender sitting inside a one-click purchasing flow occupies an analytically ambiguous position in that literature.

Platform economics and intermediary structure. Langley and Leyshon [7] characterise digital platforms as multi-sided socio-technical intermediaries that capture value through the coordination of digital economic flows. Their analysis of platform capitalism emphasises that platforms do not merely facilitate exchange; they restructure it by extracting and monetising data, establishing pricing architectures, and creating dependency relationships between participants. This framing is directly relevant to agentic commerce in that an agentic system operating within a platform ecosystem both benefits from and contributes to the platform's intermediation logic. The limitation is that the platform capitalism framework analyses platforms as collective structures and does not address the conduct of individual agents operating within or across those platforms. An autonomous purchasing agent may operate across multiple platforms simultaneously, undermining the platform-as-bounded-intermediary assumption on which Langley and Leyshon's analysis depends.

Network externality and market structure. Liebowitz and Margolis [5] challenge the standard account of network externalities as a market failure justification for ex ante regulation. Their argument is more precisely that most cases alleged to constitute network externalities are better explained by network effects that clear through the price system without producing market failure, a narrower claim than a wholesale rejection of externality theory. The practical implication for agentic commerce is nonetheless significant: competition-based justifications for regulating agentic infrastructure providers cannot rely on network externality arguments that the Liebowitz and Margolis analysis shows are difficult to sustain, and regulators will require alternative doctrinal grounding.

Trust, reputation, and agent accountability. Josang, Ismail, and Boyd [2] survey trust and reputation mechanisms for online service provision, establishing that trust systems in multi-agent environments must account for both direct experience and propagated reputation signals. Their work anticipates environments in which non-human agents transact with each other and with humans, and it identifies the problem of delegation chains in which trust attributed to a principal must be re-evaluated when an agent acts on that principal's behalf. This is structurally analogous to the principal-agent relationship in agentic commerce, with the difference that the legal consequences of delegation in a commercial transaction context extend beyond reputational harm to contract formation and statutory liability, dimensions the trust-system literature does not engage.

Algorithmic accountability. Martin [8] argues that algorithm designers bear direct ethical and practical accountability for the degree of user agency their systems permit, and that this accountability cannot be deflected to users or deploying organisations. This normative position has not been translated into any EU legal instrument in its full form, creating a gap between scholarly accountability frameworks and operative law.

The gap this paper fills. The collective limitation of this body of work is that it was not designed to produce a category boundary suitable for regulatory use. Each framework addresses a component: capability type, intermediary structure, trust mechanics, accountability norms. None establishes the full functional definition that a European regulatory instrument requires. This paper fills that gap by integrating the relevant components into a single bounded definition with explicit classification criteria.

The citation by Adam, Wessel, and Benlian [6] to compliance effects of anthropomorphic chatbot design, discussed in the motivation section, also requires contextualisation here. That study documents compliance increases in customer service interactions, not in autonomous purchasing scenarios. The inference to agentic commerce design is grounded in the underlying mechanism (anthropomorphic cues alter the user's model of the system's authority and responsiveness) but goes beyond the study's direct findings. This paper treats the mechanism as applicable to principal-agent design while acknowledging that the specific magnitude of the effect in agentic transaction contexts remains empirically untested.

The definitional framework constructed in this paper is produced through analytical jurisprudence applied to the intersection of AI system design and European commercial law. The method is conceptual rather than empirical: it proceeds by identifying the structural features that must be present for a system to generate the regulatory and liability questions that existing law cannot resolve, and it formulates inclusion and exclusion criteria around those structural features. The framework does not require empirical data about current market deployments as a prerequisite for its validity; rather, it is designed so that empirical evidence of specific deployments can be evaluated against it.

Constituent elements. The definition is constructed from three constituent elements, each of which is necessary and whose conjunction is sufficient for category membership.

The first constituent element is autonomous transactional authority. A system exhibits autonomous transactional authority when it can commit a principal's resources, whether financial, reputational, or contractual, to a commercial obligation without per-transaction approval from that principal. "Per-transaction approval" means an affirmative human act directed specifically at the transaction in question, such as clicking a purchase confirmation or signing a contract. A human act that establishes parameters in advance, such as setting a budget ceiling or authorising a category of purchase, does not constitute per-transaction approval; it constitutes delegated authority, and delegation is a precondition for the agentic relationship rather than a negation of it.

The second constituent element is multi-step goal-directed action. A system engages in multi-step goal-directed action when it executes a sequence of decisions across at least two distinct stages of the commercial process: identification, evaluation, negotiation, commitment, or post-transaction management. These stages need not be contiguous: a system that evaluates counterparties at the identification stage and then commits at the transaction-commitment stage, bypassing an intermediate negotiation stage because no negotiation is available in the given channel, still satisfies the criterion. The requirement is that the system exercises goal-directed sequencing across at least two stages, not that it passes through every intervening stage in order. This criterion excludes single-step automatons such as standing orders and pre-programmed repeat purchases from the agentic category because those systems do not exercise judgment across stages; they execute a single rule.

The third constituent element is operation on behalf of a principal. A system operates on behalf of a principal when the commercial consequences of its actions, whether contractual obligations, financial expenditure, or warranty entitlements, accrue to a human or institutional entity that is distinct from the system itself. This element connects the definition to the legal concept of principal-agent relations and ensures that systems operating for purely internal optimisation purposes, such as inventory management software that reorders stock within a closed warehouse system, are not captured unless their actions produce external contractual obligations.

Boundary condition methodology. Each boundary condition is established by testing whether the removal of a constituent element would change the regulatory analysis. If removing a given element produces a system whose regulatory treatment under existing European law is already determinate, then the element is load-bearing for the definition. If removing it produces a system whose regulatory treatment remains indeterminate, the element is either insufficient alone or has been incorrectly specified.

Scope decisions. The framework is scoped to systems operating in consumer-facing markets and business-to-business transaction markets within the European Economic Area. It excludes purely internal supply-chain automation that does not produce external contractual commitments, financial trading algorithms regulated under MiFID II as a distinct regulatory regime, and systems operating exclusively in labour or public-procurement markets, which are governed by specialised instruments. The scope is set at the transaction layer; systems that influence transactions without executing them are addressed only in the context of establishing the boundary with platform commerce.

Classification procedure. To classify a specific system, three criteria are applied in sequence. The first criterion is whether the system commits the principal to an external commercial obligation without per-transaction approval. The second is whether it does so through a sequence of decisions across more than one stage of the commercial process, including non-adjacent stages. The third is whether the resulting obligations accrue to a party distinct from the system itself. A system that satisfies all three criteria falls within the agentic commerce category. A system that fails any one of the three criteria is classified against the appropriate adjacent category: conventional e-commerce, platform commerce, or internal automation, as specified in Section 5.

Core Definition

For the purposes of European policy and research, agentic commerce is defined as follows:

Agentic commerce is the class of commercial activity in which an AI system, acting with autonomous transactional authority and through multi-step goal-directed action, executes or commits to one or more commercial transactions on behalf of a human or institutional principal without per-transaction approval from that principal, where the resulting obligations, entitlements, or liabilities accrue to the principal rather than to the AI system.

This definition is bounded by three criteria, each necessary, and by their conjunction sufficient for category membership. The criteria operate as binary tests in the central case: a system either possesses autonomous transactional authority or it does not; it either acts across multiple stages or it does not; the resulting obligations either accrue to a principal or they do not. The definition is jurisdiction-neutral in its functional components but is applied here within the European legal context, where the specific regulatory instruments that attach at each boundary point are specified in Section 6.

Borderline cases arise when one or more criteria are only partially satisfied, for example, when a confirmation step exists but is structurally designed to be bypassed by default, or when the system acts across two stages in some transaction types and one stage in others. In those cases, the analytically correct procedure is not to abandon the binary criteria but to characterise precisely which criterion is partially satisfied and to what degree. The regulatory consequence is then calibrated to that degree: fuller obligations attach as autonomous transactional authority increases. This graduated calibration does not contradict the binary character of the criteria; it operates at the level of enforcement response rather than at the level of category membership.

Constituent Criteria Elaborated

Criterion 1: Autonomous transactional authority. The system must be capable of crossing the threshold from deliberation to commitment without a human authorisation act directed at the specific transaction. Prior-parameter-setting by the principal (budget, category, quality threshold, counterparty whitelist) is consistent with autonomous transactional authority because it constitutes delegated scope rather than per-transaction consent. The operationally critical marker is whether, at the moment of contract formation or payment commitment, a human being made an affirmative, transaction-specific decision. If so, the system is a decision-support tool regardless of how sophisticated its prior analysis was. If not, and if the system crossed the commitment threshold on its own determination, autonomous transactional authority is present.

Criterion 2: Multi-step goal-directed action. The system must exercise judgment across at least two sequential stages of the commercial process. The relevant stages are: (a) need or opportunity identification; (b) vendor or counterparty selection; (c) price evaluation or negotiation; (d) transaction commitment; (e) post-transaction management including returns, disputes, and re-ordering. These stages need not be contiguous. A system that evaluates options at stage (b) and commits at stage (d), selecting among available vendors on price and availability and bypassing stage (c) because fixed pricing precludes negotiation, satisfies the criterion because it exercises goal-directed sequencing across two non-adjacent stages. A system that is hardwired to execute stage (d) alone, such as a standing order or a cron-triggered API call with fixed parameters, does not satisfy this criterion because it exercises no goal-directed sequencing; it executes a single pre-specified rule.

Criterion 3: Principal accrual. The commercial consequences of the system's actions must accrue to a party other than the system. This criterion is satisfied in all consumer-facing deployments where a natural person's financial account is debited or their contractual rights and obligations are engaged. It is satisfied in B2B deployments where a corporate entity bears the resulting obligations. It is not satisfied by closed-system optimisations that adjust internal resource allocation without creating external contractual relationships.

Boundary Condition 1: Agentic Commerce versus Conventional E-Commerce

Conventional e-commerce is characterised by a human consumer who initiates each transaction, selects each product, and provides affirmative purchase confirmation at the point of commitment. Algorithmic systems may assist this process extensively: they may rank results, personalise price presentation, and apply discount rules. The functional boundary is the location of the commitment decision.

A system crosses from conventional e-commerce into agentic commerce when the commitment decision is made by the AI system rather than by the human principal. The presence of a confirmation step that is designed to be bypassed, skipped by inertia, or pre-populated by the system such that the human's role is notification rather than decision, moves the classification toward agentic commerce. The legal test is whether a reasonable analysis of the system's architecture places the transaction-initiation capacity in the human or the AI. Systems that employ one-click purchasing where the click is a genuine human decision remain in conventional e-commerce. Systems where the AI determines timing, counterparty, and amount, and the human receives a post-hoc notification, are in the agentic commerce category.

Boundary Condition 2: Agentic Commerce versus Platform Commerce

Platform commerce, following Langley and Leyshon's framing of platforms as multi-sided socio-technical intermediaries [7], is characterised by a structure in which the platform coordinates exchange between independent buyers and sellers without itself transacting. The platform sets rules, extracts data, and captures rent from coordination; the transacting parties remain distinct human or institutional actors.

The boundary condition here is structural. An agentic commerce system may operate within a platform; the platform does not become an agentic commerce system merely because it hosts agentic actors. The boundary is located at the level of transactional authority: a platform that matches buyers and sellers and charges for the match is platform commerce; an AI system that, within or across platforms, selects and commits on a principal's behalf is an agentic commerce system, regardless of where it operates. A sufficiently autonomous platform recommendation engine that progresses to automated checkout, however, crosses the boundary because it assumes transactional authority. Context-aware recommender systems [4] that stop short of commitment remain in the platform commerce category.

The Liebowitz and Margolis [5] analysis of network externalities is relevant here: to the extent that platform commerce attracts regulatory attention on market-failure grounds, those grounds require independent justification for agentic systems that operate across platforms rather than within a single platform's network, because the price-system-clearing argument they advance applies differently to infrastructure bottlenecks in agentic capability than to conventional two-sided network markets.

Boundary Condition 3: Agentic Commerce versus Non-Commercial Agent Systems

AI agent systems that do not produce external commercial obligations are excluded from the definition. This boundary matters for policy because many autonomous AI systems are deployed in operational contexts: scheduling, routing, quality inspection, content moderation. These systems may exhibit multi-step goal-directed behaviour and may operate on behalf of an institutional principal, but unless they cross the threshold into external transaction commitment, they are outside the agentic commerce category. The boundary is the presence of commercially consequential autonomy, not the presence of AI agency in the general sense.

Classification Decision Procedure

For any system under evaluation, the classification procedure applies the three criteria sequentially:

1. A system that commits the principal to an external commercial obligation without per-transaction approval satisfies the first criterion; a system that does not is classified as conventional e-commerce, platform commerce, or internal automation as appropriate and is outside the agentic commerce category.
2. Among systems satisfying the first criterion, those that do so through a sequence of decisions across more than one stage of the commercial process (including non-adjacent stages) satisfy the second criterion; those that do not are classified as automated execution rather than agentic commerce.
3. Among systems satisfying both prior criteria, those whose resulting obligations accrue to a party distinct from the system satisfy the third criterion and are instances of agentic commerce; those whose obligations do not so accrue are classified as internal optimisation.

This procedure produces a binary classification. Borderline cases are those in which one of the three criteria is partially satisfied. The appropriate analytical response is to characterise the degree to which the relevant criterion is met and to calibrate regulatory treatment to that degree, with fuller obligations attaching as the degree of autonomous transactional authority increases. This calibration operates at the level of enforcement response and does not alter the binary structure of the classification criteria themselves.

The definitional framework established in Section 5 has direct consequences for how European regulatory instruments apply to systems that fall within the agentic commerce category. This section traces those consequences across three regulatory domains: AI Act classification, DSA intermediary liability, and consumer protection law. It then identifies the points at which the boundary conditions create regulatory gaps that existing instruments do not fill. The gaps identified correspond to the three governance vectors named in Section 7: liability allocation, transparency obligations, and market oversight authority. Each gap is presented here in the regulatory context that generates it; the governance-level analysis follows in Section 7.

AI Act Classification and Agentic Commerce

The EU AI Act establishes a risk-based classification schema in which the regulatory burden scales with the potential harm associated with a system's outputs. General-purpose AI systems and high-risk AI systems attract the most substantive obligations, including conformity assessment, transparency to affected natural persons, and registration in a Union-level database. Systems classified as presenting unacceptable risk are prohibited outright.

Agentic commerce systems do not map cleanly onto any existing high-risk category in the AI Act. The high-risk categories in Annex III address domains such as biometric identification, critical infrastructure management, employment decisions, and credit scoring. An AI agent that selects vendors and commits purchase obligations on a consumer's behalf does not fall squarely into any of these categories, even though its decisions may be consequential for the consumer's financial position and legal obligations. The Act's general-purpose AI provisions may partially capture foundation models that underpin agentic systems, but the application layer where transactional authority is exercised is not systematically addressed.

The Act does, however, contain a structural mechanism for extending its high-risk coverage. Article 6(2) and the Commission's delegated-act authority over Annex III allow the high-risk category list to be amended without primary legislation. This adaptive capacity means that the current absence of agentic commerce from Annex III is a feature of the Act's present state rather than a permanent architectural constraint. The definitional framework presented in this paper provides the categorical basis on which a delegated-act amendment could be grounded: the three constituent criteria translate directly into a specification of the system class that warrants high-risk designation.

The boundary condition between agentic commerce and conventional e-commerce is directly relevant to the AI Act's transparency obligation. The Act requires that natural persons be informed when they are interacting with an AI system. In conventional e-commerce, the natural person interacts with the system directly and the disclosure obligation is straightforward. In agentic commerce, the natural person who is the principal does not interact with merchant-side AI systems at the point of transaction; their agent does. The question of to whom the transparency obligation runs, and what it requires when the immediate interlocutor is itself an AI system, is unresolved in the Act's current text. The boundary conditions established in this paper provide the categorical basis for extending transparency obligations to the principal even where the immediate transaction is AI-to-AI.

Digital Services Act and Intermediary Liability

The DSA reorganises and extends the liability distinctions for online intermediaries that were first established in the E-Commerce Directive (2000/31/EC), which introduced the foundational hosting, caching, and mere-conduit categories. The DSA does not simply reproduce those categories; it creates a tiered structure of obligations for hosting services, online platforms, and very large online platforms, assigning progressively heavier duties at each tier. The liability framework for platforms is predicated on the platform's role as an intermediary between independent parties: the platform is not the seller, and its liability for third-party content or conduct is conditioned on knowledge and expeditious action.

Agentic commerce disrupts this model at its foundation. When an AI agent operates across multiple platforms, selecting among them to find optimal transaction terms, no single platform intermediates the transaction in the traditional sense. The agent is, functionally, its own intermediary. The DSA's notice-and-action mechanism presupposes a hosting provider who can receive notice about third-party conduct and take action. An agentic system that itself decides where to transact does not fit this architecture: the agent developer, the deploying principal, and the platform infrastructure provider each bear partial responsibility for the transaction's occurrence, but the DSA assigns liability to platforms for hosting, not to agents for transacting.

The platform-versus-agentic-commerce boundary condition from Section 5 is therefore load-bearing for DSA analysis: if a given system is platform commerce, the DSA applies; if it is agentic commerce operating across platforms, the DSA provides only partial and potentially inadequate coverage. Closing this gap requires either an extension of the DSA's intermediary concept to cover agentic systems or a dedicated instrument.

Consumer Protection Law

The Consumer Rights Directive, the Unfair Commercial Practices Directive, and the Distance Selling regime collectively protect natural persons in their capacity as consumers transacting with traders. Each instrument presupposes that the consumer is the transacting party who reads the contract terms, exercises withdrawal rights, and receives mandatory pre-contractual information.

Agentic commerce displaces this presupposition structurally. When the transacting party is an AI agent, the pre-contractual information is received by the agent, not the human principal. The agent may not transmit that information to the principal; it may process it in ways the principal cannot audit; it may waive rights (such as the right of withdrawal in distance selling) in ways the principal would not have chosen. The Unfair Commercial Practices Directive prohibits practices that materially distort the economic behaviour of the average consumer. When the consumer is mediated by an agent, the operative question is whether the practice distorts the agent's behaviour in a way that ultimately harms the principal, a causal chain the Directive was not written to trace.

Adam, Wessel, and Benlian [6] document that anthropomorphic design features in AI-based customer service systems increase compliance with service-request prompts, identifying a mechanism by which design choices alter the system's effective authority and responsiveness in the user's model of it. Applied to agentic transaction design, this mechanism implies that a purchasing agent built with anthropomorphic features may pursue transactions more aggressively than the principal's stated preferences warrant, serving merchant interests at the expense of principal interests. The Unfair Commercial Practices Directive's prohibition on manipulation applies to practices directed at consumers, but when the consumer-in-law is the human principal and the AI agent is the commercial interlocutor, the directive's operative mechanism does not engage at the point where influence actually occurs.

Algorithmic Accountability and the Developer-Deployer Distinction

Martin [8] establishes that algorithm designers bear accountability for the structural choices embedded in their systems, including choices about the degree of user agency the system permits. Applied to agentic commerce, this principle implies that a developer who designs a purchasing agent to prioritise speed of transaction over verification of principal consent bears accountability for the predictable consequences of that design choice. The accountability framework in the AI Act's provisions for high-risk systems partially operationalises this principle through conformity assessment requirements, but because agentic commerce is not a named high-risk category in the current Annex III, the operationalisation is incomplete.

The distinction between developer accountability and deployer accountability is practically significant. A financial services firm that deploys a third-party agentic purchasing system for its clients occupies the deployer position; the firm that built the agent occupies the developer position. Trust and reputation mechanisms in multi-agent environments, as Josang and colleagues [2] document, require that both direct and propagated trust signals be assigned to identifiable parties. In agentic commerce, the liability chain must be equivalently traceable: developer obligations for system design, deployer obligations for appropriate use and disclosure to principals, and platform obligations for the infrastructure conditions under which the agent operates.

Regulatory Gaps Identified

Three specific regulatory gaps emerge from applying the boundary conditions to European law, each corresponding to one of the governance vectors analysed in Section 7. First, no instrument currently designates agentic commerce systems as a named regulatory category, meaning enforcement bodies lack a clear statutory hook for intervention and liability for harmful transactions is distributionally unresolved across developer, deployer, and platform. Second, the transparency obligation in the AI Act does not extend to the principal-agent communication channel that agentic commerce introduces, leaving the human principal without a guaranteed right to receive the pre-contractual information their agent processes on their behalf. Third, consumer withdrawal rights under distance selling rules are unenforceable as currently drafted when the transacting agent is an AI system that does not preserve or transmit the pre-contractual information on which those rights depend, an operational failure that is simultaneously a market oversight gap because it distorts the conditions under which merchants operating through agentic channels compete with those operating through conventional channels.

This paper has constructed a formal definitional framework for European agentic commerce and applied it to produce boundary conditions that distinguish agentic commerce from conventional e-commerce, platform commerce, and non-commercial agent systems. The core definition, which requires autonomous transactional authority, multi-step goal-directed action, and principal accrual, is designed to be operationally precise: it produces determinate classifications for systems at and near the boundary, and it grounds those classifications in the structural features of systems rather than in their surface labels or marketing descriptions.

The value of this definitional work is categorical clarity, a prerequisite for regulatory function in AI governance at scale. When enforcement bodies, courts, standards committees, and research programmes use overlapping but nonidentical categories, they produce inconsistent outcomes that advantage the parties best positioned to exploit the ambiguity. In the specific context of agentic commerce, the parties best positioned to exploit definitional ambiguity are developer firms that design systems sitting at the boundary between assisted commerce and autonomous commerce, and platform operators that benefit from agentic traffic without bearing the regulatory obligations that would attach if the agentic character of that traffic were formally recognised.

The governance vectors most immediately affected by this definitional clarity are the following.

Liability allocation requires a categorical framework in which each party's contribution to a harmful transaction can be mapped to an identifiable regulatory obligation. Without the agentic commerce category, that mapping defaults to the closest available category, typically platform commerce, and the resulting liability assignment is structurally incorrect because it attributes transactional authority to the platform rather than to the agent. The practical consequence is that a consumer harmed by an agent's autonomous purchasing decision may find that the platform bears no liability because it did not transact, the developer bears no liability because no current instrument designates agent design as a liability-generating act, and the deployer bears limited liability because the harm arose from a design choice rather than a deployment decision. The agentic commerce category makes each of these contributions visible and provides the factual predicate for an instrument that assigns obligations at each node of the developer-deployer-platform chain.

Transparency obligations require the agentic commerce category to determine the direction and content of required disclosures. When a human principal delegates transactional authority to an AI agent, the disclosures that principal requires differ in three specific respects from those a human consumer making a direct purchase requires. The principal must receive disclosure of the agent's decision criteria, so that the principal can evaluate whether the agent's optimisation targets align with the principal's actual preferences rather than with the deployer's commercial interests. The principal must receive disclosure of the agent's scope of authority, specifying the conditions under which the agent will and will not proceed to transaction commitment without seeking approval. The principal must receive disclosure of the agent's audit trail, providing a retrievable record of the decision sequence that produced each transaction, sufficient to support any subsequent withdrawal or dispute. None of the current European transparency instruments are drafted to require this content, because none have a named category of agentic commerce for which to require it. The AI Act's transparency provisions, as currently drafted, address the interaction between a natural person and an AI system; they do not address the communication that a deploying agent owes to its human principal after an autonomous transaction has occurred.

Market oversight authority requires the agentic commerce category to determine whether a given concentration of transactional capacity in agentic systems constitutes a market structure concern. If a small number of agentic infrastructure providers process a substantial share of European retail transactions, the competition authority questions that arise differ in character from those arising in platform markets. In platform markets, the relevant bottleneck is access to a two-sided network; the market-failure argument turns on whether network effects prevent entry by competing platforms. In agentic commerce infrastructure markets, the relevant bottleneck is access to the capability layer that selects vendors, evaluates offers, and commits funds. A merchant that is systematically deprioritised by a dominant agentic infrastructure provider will lose transaction volume without any platform rule change or explicit exclusion, because the selection occurs within the agent's decision model rather than in a visible marketplace rule. The Liebowitz and Margolis [5] analysis of price-system-clearing network effects points toward the inadequacy of standard network externality doctrine as the basis for intervention in this context, and the agentic commerce category provides the factual predicate on which alternative competition doctrine, grounded in access-to-capability rather than access-to-network, must be constructed.

The framework presented here is explicitly designed to be amended as the technical landscape evolves and as empirical evidence of specific deployments accumulates. Its purpose is to ensure that when those amendments are made, they are made to a coherent base: a definition with explicit constituent criteria, boundary conditions that produce determinate classifications, and a mapping onto the European regulatory instruments most immediately engaged by those classifications.

The following limitations are specific to this paper's evidentiary base, analytical method, and temporal position.

1. Absence of empirical deployment evidence. The framework is constructed analytically rather than from a survey of existing agentic commerce deployments in European markets. The boundary conditions are logically derived from structural criteria, but their discriminating power against real systems has not been tested. It is possible that the criteria, as formulated, classify certain systems ambiguously when the precise architecture of those systems is examined. Empirical case studies would identify which criteria require refinement.

2. Regulatory analysis as architectural description. The legislative instruments discussed in Section 6, including the EU AI Act, the Digital Services Act, and the consumer protection directives, are analysed at the level of instrument architecture and doctrinal structure. The analysis characterises each instrument's design logic and identifies where that logic fails to reach agentic commerce systems. It does not constitute close legal exegesis of specific articles, recitals, or implementing measures. Practitioners applying the framework to specific enforcement decisions should conduct text-level analysis of the operative provisions, since the instrument-level characterisations in Section 6 are intended to identify structural gaps rather than to resolve fine-grained questions of statutory interpretation.

3. Exclusion of specialised regulatory regimes. The definition explicitly excludes financial trading algorithms governed under MiFID II, public-procurement AI systems, and labour-market AI systems. These exclusions are analytically defensible given the distinct regulatory architectures in those domains, but they mean the framework does not provide guidance for agentic systems operating at the intersection of commerce and those specialised domains, such as an agent that purchases financial instruments on a retail principal's behalf.

4. Temporal sensitivity. AI system capabilities are advancing rapidly. The criterion of multi-step goal-directed action was formulated against the current generation of commercially deployed agentic systems. Future systems may compress or alter the stages of the commercial process in ways that make the criterion difficult to apply. The definition should be reviewed against the state of technology on a cycle no longer than two years from the date of this publication.

5. Single-jurisdiction scope. The framework is scoped to the European Economic Area. Agentic commerce systems frequently operate across jurisdictions, and a system classified as agentic commerce under this framework may be treated differently under US, UK, or Asian regulatory instruments. Cross-jurisdictional interoperability of this definition has not been assessed.

Several concrete research directions would test and refine the definitional framework presented here.

Empirical deployment mapping. A structured survey of commercially deployed AI systems in European retail, travel, and financial services markets, using the three classification criteria as a coding instrument, would identify the current prevalence of agentic commerce deployments and test whether the boundary conditions produce consistent classifications across independent coders. This survey would require access to system architecture documentation, which may necessitate regulatory-compelled disclosure or cooperation with industry participants.

Regulatory dispute case studies. As enforcement actions and consumer complaints involving autonomous purchasing systems accumulate, case studies tracing each incident through the classification procedure would identify the criteria that prove most contestable in practice. The specific evidentiary record in enforcement proceedings, including system design documentation, transaction logs, and principal communications, provides the material needed to test criterion 1 (autonomous transactional authority) under adversarial conditions.

Longitudinal technology tracking. The boundary between multi-step goal-directed action and single-step automated execution will shift as agentic systems become capable of compressing what are currently multi-stage processes into apparently instantaneous decisions. Longitudinal tracking of system architecture evolution, using capability assessments at regular intervals, would allow the criterion to be updated before it becomes analytically ineffective.

Legislative text analysis. Close reading of specific AI Act articles, DSA provisions, and consumer protection directive texts against the boundary conditions would produce a precise gap map: articles that partially apply, provisions that are silent, and recitals that might support interpretive extension. This analysis requires legal expertise beyond the analytical scope of this paper.