📊 Full opportunity report: The rails. Why European agentic commerce is co-defined by two converging regimes. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

European law currently prevents AI agents from executing payments without human authorization, despite technological capabilities. This is due to two regulatory regimes—PSD3/PSR and the AI Act—being developed concurrently, which together define the legal framework for agentic commerce in Europe.

The core issue is that European payment rails are statutory, not private infrastructure like in the US. PSD3 and the Payment Services Regulation (PSR), agreed in November 2025 and set to be implemented by 2028, are rebuilding payment infrastructure with mandatory API parity, requiring banks to expose interfaces as capable as their apps. This facilitates open finance and direct access for non-bank entities.

Simultaneously, the EU AI Act, with high-risk obligations landing in 2026, classifies AI systems used in finance—such as credit scoring and fraud detection—as high-risk, requiring conformity assessments, human oversight, and registration. These guardrails impose restrictions on AI behavior, affecting how agents can assess, recommend, or score.

The convergence of these regimes means that the legal architecture governing agentic commerce is not a unified system but a fragmented, statutory framework that is still being written. The two regimes have different timelines, scopes, and authorities, creating seams that influence what AI agents can do in payments and decision-making processes in Europe.

Implications of Dual Regulatory Frameworks on European AI Commerce

This convergence significantly impacts the speed and nature of AI-enabled commerce in Europe. Unlike the US, where private networks and commercial rails allow faster deployment of agentic payment systems, Europe’s statutory approach results in slower implementation but potentially more durable and open infrastructure.

The mandated API parity and open finance under PSD3/PSR mean no single bank can dominate the interface, fostering a more open ecosystem. Conversely, the AI Act’s high-risk classification introduces strict oversight, potentially limiting the scope and agility of AI agents in financial transactions.

Ultimately, the European approach may favor long-term stability and openness over rapid deployment, influencing which model—speed or durability—prevails in shaping the future of agentic commerce.

Regulatory Foundations Shaping European Agentic Commerce

The development of European agentic commerce is rooted in a regulatory environment that differs fundamentally from the US. In the US, private infrastructure like Mastercard’s Agent Pay and Visa’s Intelligent Commerce enables faster, decision-based extension of payment capabilities by private firms. These private rails are owned and controlled by a few corporations, allowing rapid innovation and deployment.

In contrast, Europe’s approach is grounded in statutory laws—PSD3/PSR and the AI Act—that are designed to create a transparent, open, and durable infrastructure. PSD3/PSR aims to rebuild payment rails with API parity and open access, while the AI Act imposes high-risk obligations on AI systems used in finance, requiring oversight and registration.

This divergence results in a slower, more deliberate development of agentic commerce in Europe, with the legal architecture shaping what is possible rather than what is technologically feasible.

“The European approach is simultaneously the harder path and the more durable one. It’s slower but lays a foundation that no single network controls, fostering openness and stability.”

— Thorsten Meyer

Uncertainties in Regulatory Timelines and Implementation

It remains unclear how quickly the full implementation of PSD3/PSR and the AI Act will occur, given legislative and political processes. PSD3 is expected around 2028, but FIDA and the AI Act’s high-risk obligations may experience delays, possibly slipping into 2027 or beyond.

Additionally, it is uncertain how the seams between these regimes will be managed in practice, and whether the legal architecture will fully enable or hinder the deployment of AI agents in payments and decision-making.

Next Steps in European Agentic Commerce Regulation

Regulators will continue finalizing and implementing PSD3/PSR and the AI Act, with detailed technical standards and compliance requirements emerging over the next two years. Industry stakeholders are closely monitoring these developments to adapt their AI and payment solutions accordingly.

Further, legal and technical interoperability tests are expected to clarify how the two regimes will interact in practice, shaping the future capabilities of AI agents in European commerce.

Key Questions

How does Europe’s regulatory approach differ from the US in AI payments?

Europe relies on statutory laws like PSD3/PSR and the AI Act to build a transparent, open infrastructure, while the US depends on private, decision-driven networks like Mastercard and Visa for faster deployment.

When will AI agents in Europe be able to execute payments independently?

It is uncertain; full legal authorization depends on the implementation of PSD3/PSR, likely around 2028, and whether the AI Act’s high-risk obligations will permit such capabilities.

What are the main challenges of Europe’s dual-regime approach?

The primary challenge is managing the seams and interactions between the two regimes, which have different timelines, scopes, and authorities, potentially slowing innovation but increasing stability.

Will Europe’s approach lead to a more open or closed agentic market?

Europe’s open, statutory infrastructure aims to foster a more open ecosystem, but the slower pace may delay market development compared to the US.

Source: ThorstenMeyerAI.com