Agentic Payments Are Coming: What European PSPs and Compliance Teams Must Do Before Regulators Catch Up

By Zinah Abdaki, CMO at Qube

AI agents are already making payments on behalf of consumers. The compliance frameworks governing those payments do not exist yet.

That gap between what the technology can do and what regulation currently covers is the most pressing risk management challenge facing European PSPs and compliance teams in 2026. And it is one that will not wait for regulatory clarity before it starts creating real problems.

The Scale of What Is Already Happening

Google launched its "Buy for Me" feature in November 2025, enabling users to delegate purchases from major merchants without human involvement at the point of transaction. FIS followed in January 2026 with the payments industry's first dedicated agentic commerce offering, built in partnership with Mastercard and Visa to allow banks to identify, authorise and manage agent-initiated transactions at scale.

The numbers behind this shift are significant. McKinsey forecasts agentic commerce could generate up to $1 trillion in orchestrated transactions in the US alone. Global B2C sales through AI agents are projected to reach $3–5 trillion by 2030. AI drew nearly a quarter of all fintech funding in Q3 2025, according to CB Insights.

As Mastercard's chief digital officer noted recently: "Typically in payments, it takes 10 to 15 years to have a global technology adopted but the pace of this technology is something else." Regulators will not keep pace. The institutions building internal frameworks now will be ahead when they do.

What to Do Before the Framework Arrives

Waiting for regulatory guidance is not a strategy. These five steps do not require it.

Define agent transaction policies now. Spending limits, permitted merchant categories, step-up triggers for human review, these are risk decisions PSPs are equipped to make internally today.

Build agent identity into transaction monitoring. Every agent-initiated transaction should carry metadata agent type, authorisation scope, consent timestamp as the foundation for AML screening and dispute resolution.

Map SCA delegation liability under PSD3. Identify where agent transactions sit in your delegation chain and who carries liability at each point before PSD3 enters force.

Bring agentic AI inside your model risk framework. Explainability and auditability are not optional features, they are the conditions under which regulators will permit autonomous

AI to operate in regulated payments.

Monitor Visa's Trusted Agent Protocol and Mastercard's Verifiable Intent framework. These are the most developed industry-level responses to agent identity and authorisation, and the most likely forerunners of eventual regulatory standards.

Join the Conversation in Dublin

These questions, liability, SCA, Know Your Agent, model risk and agentic fraud, are on the agenda at the NextGen Payments & RegTech Forum, 11 June 2026, Conrad Hotel, Dublin.

Senior contributors from Stripe, JPMorgan Chase, Coinbase, Fexco, European Payment Initiative, Paysafe, Banking & Payments Federation Ireland,

Corpay, Central Bank of Ireland, Mangopay, Fire, Flagstone

 and Dojo will address the practical steps Irish and European

 PSPs need to take - before regulators take them for you.

Attendance is free for qualified delegates.