📊 Full opportunity report: The rails. Why European agentic commerce is co-defined by two converging regimes. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

European agentic commerce is currently being shaped by two converging regulatory regimes—PSD3/PSR and the AI Act—that will determine whether AI agents can pay, assess, or recommend in Europe. These frameworks are being developed simultaneously, creating a complex legal infrastructure that contrasts with the US approach, which relies on private-sector networks.

The core issue is that, unlike in the US where private payment networks enable agentic payments, Europe’s laws require human authorization for transactions, preventing AI agents from acting as payers. The PSD3 and Payment Services Regulation (PSR), agreed in November 2025 and scheduled for implementation by 2028, will rebuild the payment infrastructure with mandatory API parity, forcing banks to expose interfaces equivalent to their apps. Simultaneously, the EU AI Act, with high-risk obligations landing in 2026, classifies AI systems used for credit scoring, fraud detection, and other financial functions as high-risk, requiring conformity assessments, human oversight, and registration.

This dual regulation means the European agentic commerce stack will inherit the seams between the two regimes. Whether an AI agent can pay depends on the payment regulation, while its ability to assess or recommend depends on the AI regulation. The different timelines, scopes, and authorities involved make the system inherently fragmented and statutory, not commercial.

Thorsten Meyer, author of this analysis, emphasizes that European agentic commerce is being co-defined by these two regimes—rather than by labs or private networks—and that this statutory approach, while slower, promises more durable, open, and network-neutral infrastructure. The US model, based on private rails owned by a few firms, is faster but less open.

Implications of Europe’s Statutory Infrastructure for Agentic Commerce

This regulatory approach matters because it shapes the future of AI-driven commerce in Europe. The slower, law-based infrastructure could delay the deployment of autonomous payment agents but offers a more transparent, open, and resilient system. The mandatory API parity and open finance provisions aim to prevent monopolistic control, fostering a broader ecosystem. Conversely, the US’s private network model enables faster innovation but risks consolidating power among fewer firms. The choice of infrastructure will influence which model proves more effective and scalable for AI agents in the long term.

European Regulatory Frameworks Reshaping Digital Commerce

Until now, European digital payments have been governed primarily by regulation requiring human authorization, such as Strong Customer Authentication under PSD2. The new PSD3/PSR regulations aim to overhaul this by mandating open, API-driven interfaces, effectively rebuilding the payment rails in statute. Meanwhile, the AI Act, agreed upon in late 2025, introduces high-risk classifications for AI systems used in finance, imposing conformity assessments and oversight. These developments are part of a broader European strategy to establish a deliberate, resilient infrastructure for AI-enabled commerce, contrasting with the more private-sector-driven US approach.

“The core issue is that, in Europe, the agentic commerce stack is being co-defined by two regulatory regimes—PSD3/PSR and the AI Act—creating a statutory infrastructure that differs fundamentally from the private, commercial rails in the US.”

— Thorsten Meyer

Uncertainties in Timelines and Implementation Details

It remains unclear how quickly the PSD3/PSR regulations will be fully implemented and how effectively they will be enforced across member states. The AI Act’s high-risk obligations may slip beyond 2026, possibly into 2027 or later, depending on legislative processes and trilogue negotiations. Additionally, the practical interoperability of the new infrastructure and how AI agents will navigate these seams are still uncertain, as the regulatory frameworks are newly established and evolving.

Next Steps in European Regulatory and Technical Development

Regulators will finalize and implement PSD3/PSR regulations by 2028, with ongoing adjustments based on industry feedback. The AI Act’s high-risk classifications and conformity assessment procedures are expected to take shape through detailed standards and registration processes in 2026 and beyond. Observers will monitor how these frameworks interact in practice, particularly how AI agents are authorized to perform payments and assessments within this statutory architecture. Further legislative developments and pilot programs are likely in the coming years.

Key Questions

Will AI agents in Europe be able to pay automatically?

Not immediately. Under current regulations, AI agents cannot act as payers until the legal framework explicitly authorizes it, which is expected to happen after PSD3/PSR implementation and AI Act high-risk obligations are in place.

How does Europe’s approach differ from the US?

Europe relies on statutory, open, and regulated infrastructure with mandated API parity and open finance, while the US depends on private payment networks owned by a few firms that can extend or restrict agent capabilities at will.

When will these regulations be fully in effect?

PSD3 and PSR are expected to be implemented by 2028, with the AI Act’s high-risk obligations possibly taking effect in 2026 or 2027, depending on legislative progress.

What are the advantages of Europe’s statutory approach?

It creates a more open, resilient, and transparent infrastructure that is less susceptible to monopolistic control, potentially fostering broader innovation and trust in AI-enabled commerce.

Source: ThorstenMeyerAI.com