📊 Full opportunity report: The rails. Why European agentic commerce is co-defined by two converging regimes. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

European law currently prevents AI agents from executing payments without human authorization, creating a legal gap that differs from the US model, where private infrastructure allows autonomous payments. This gap is being addressed through two converging regulatory regimes—PSD3/PSR and the AI Act—that are simultaneously shaping the legal and technical foundations for agentic commerce in Europe.

In Europe, the ability of AI agents to make payments hinges not on technological capability but on compliance with two major regulatory regimes. The PSD3 and Payment Services Regulation (PSR), agreed in November 2025 and expected to be implemented by 2028, are rebuilding the payment infrastructure with mandatory API parity, requiring banks to expose interfaces as capable as their own apps. This aims to facilitate open finance and direct access for nonbank payment providers.

Simultaneously, the European AI Act, with high-risk obligations scheduled to take effect in 2026, classifies AI systems used in finance—such as credit scoring and fraud detection—as high-risk, subjecting them to conformity assessments, human oversight, and registration. These two regimes were not designed together but are now converging, creating a complex legal environment where the capabilities of AI agents are intertwined with statutory constraints.

According to Thorsten Meyer, this convergence means that European agentic commerce is not simply a product of technological innovation but is being co-defined by statutory frameworks that are slower to develop but potentially more durable. The legal architecture imposes constraints that may delay the deployment of autonomous payment agents but ensures a more open and regulated environment overall.

Implications of Dual Regulatory Frameworks for European AI Payments

This convergence of regulations matters because it fundamentally shapes the future of agentic commerce in Europe. Unlike the US, where private firms own and extend payment rails, Europe’s infrastructure is built into law, making it slower to develop but more open and resilient. The statutory approach aims to prevent monopolistic control, promote interoperability, and embed human oversight, which could lead to a more stable and equitable market. However, the delay in legal authorization for autonomous payments may slow innovation and adoption in the near term.

European Regulatory Shift Toward Statutory Payment and AI Frameworks

Historically, European payments have been governed by strict regulations requiring human authorization, notably under PSD2 and its successor proposals. The recent agreement on PSD3 and PSR marks a shift toward rebuilding the payment infrastructure with open APIs and direct access, aligning with broader open finance initiatives. Concurrently, the AI Act, proposed in 2021 and scheduled for implementation in phases starting in 2026, classifies high-risk AI systems used in finance as subject to strict oversight. These developments reflect Europe’s broader strategy to regulate digital finance through statutory law rather than relying solely on private infrastructure, contrasting with the US model of commercial rails.

“European agentic commerce is being co-defined by two regulatory regimes—PSD3/PSR and the AI Act—that are not designed together but are converging to shape the legal infrastructure.”

— Thorsten Meyer

Unresolved Aspects of Europe’s Dual Regulatory Approach

It remains unclear how quickly the full implementation of PSD3/PSR and the AI Act will occur, given legislative delays and potential amendments. The precise timeline for when AI agents will be legally authorized to execute payments independently is still uncertain, as is how effectively the two regimes will integrate in practice. Additionally, questions persist about how enforcement and compliance will be managed across different authorities and whether the regulatory complexity will hinder innovation or foster a more resilient ecosystem.

Next Steps in European Agentic Commerce Regulation

European regulators are expected to finalize and implement PSD3 and PSR by 2028, while the AI Act’s high-risk obligations are scheduled for phased enforcement starting in 2026. Stakeholders are preparing for these changes by developing compliant AI systems and payment interfaces. Monitoring will focus on legislative progress, regulatory guidance, and industry adaptation, with the first practical tests of autonomous payments likely emerging within the next two years.

Key Questions

Will AI agents in Europe be able to pay without human approval?

Currently, European law requires human authorization for payments, but future regulations under PSD3/PSR and the AI Act aim to enable AI agents to execute payments autonomously once the legal framework permits.

How do European regulations differ from the US approach to agentic commerce?

Europe relies on statutory, law-driven payment rails with mandated API access and open finance, whereas the US depends on private, commercial infrastructure controlled by firms like Mastercard and Visa, allowing faster extension of agent capabilities.

What are the main challenges of Europe’s dual regulatory regime?

The primary challenges include legislative delays, integration of two separate regimes, and ensuring compliance without stifling innovation due to complex legal requirements.

When might autonomous AI payments become common in Europe?

Potentially after 2028, once PSD3/PSR is implemented and the AI Act’s high-risk obligations are fully enforced, though timelines remain uncertain.

Why is Europe’s approach considered more durable than the US’s?

Because Europe’s infrastructure is embedded in law, making it less susceptible to private control and more adaptable to future regulatory changes, potentially leading to a more stable agentic commerce environment.

Source: ThorstenMeyerAI.com