📊 Full opportunity report: The rails. Why European agentic commerce is co-defined by two converging regimes. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

European law is currently shaping the future of agentic commerce through two converging regulatory regimes—PSD3/PSR and the AI Act—that together determine how AI agents can operate in payment and decision-making roles. This dual regulation creates a complex legal architecture that will influence the speed, openness, and durability of European agentic commerce.

The core issue is that in Europe, an AI agent’s ability to make payments is constrained not by technology but by law. Unlike the US, where private payment networks like Mastercard and Visa enable agents to pay directly, European law requires human authorization at the moment of payment, due to regulations such as Strong Customer Authentication under PSD2. Meanwhile, new regulations—PSD3 and the Payment Services Regulation (PSR)—are set to rebuild payment rails with API parity, making interfaces more open and standardized across banks, but these are still in development, with implementation expected around 2028.

Simultaneously, the EU’s AI Act, scheduled to come into high-risk classification in 2026, imposes strict obligations on AI systems involved in credit scoring, fraud detection, and other financial decision-making. These high-risk AI systems will require conformity assessments, human oversight, and registration, adding another layer of regulation that affects how AI agents can operate in finance.

The convergence of these two regimes—regulatory rebuilding of payment infrastructure and AI guardrails—means that the European agentic commerce ecosystem is being co-defined by statutory rules that are not designed together. This results in a fragmented, slower-moving system that prioritizes durability and openness over speed and concentration, contrasting sharply with the US model based on private, privately controlled commercial rails.

Implications of Europe’s Dual Regulatory Framework

This regulatory convergence significantly impacts the development of AI-driven commerce in Europe. The statutory nature of the payment rails means no single private entity controls the infrastructure, leading to a more open but slower system. This approach prioritizes consumer protection, interoperability, and data openness, which could result in a more resilient market in the long term. Conversely, the US’s faster, private-led model may offer quicker innovation but risks creating closed ecosystems vulnerable to control by a few firms. The European approach could set a global standard for secure, transparent, and interoperable agentic commerce, but at the cost of reduced speed and agility.

European Regulatory Reforms Underpinning Agentic Commerce

The European Union has embarked on a comprehensive reform of its financial and AI regulations. The PSD3 and PSR are part of the broader Payment Services Directive, aiming to overhaul payment infrastructure with mandatory API access, direct payment system access for nonbanks, and open finance principles under the upcoming FIDA regulation. These reforms are designed to create a unified, accessible payment ecosystem that supports agentic transactions.

At the same time, the AI Act, agreed upon in November 2025 and scheduled for implementation in 2026, classifies certain AI systems as high-risk, imposing strict compliance, registration, and oversight requirements. This regulation aims to ensure safe and ethical AI deployment, including those used in financial decision-making, credit scoring, and fraud detection. The timing of these reforms overlaps, meaning the infrastructure and guardrails are being built concurrently, but they are governed by separate authorities and legislative processes.

“European agentic commerce is being co-defined by two regulatory regimes—PSD3/PSR and the AI Act—that are not designed together, creating a fragmented but durable system.”

— Thorsten Meyer

Uncertainties in Regulatory Timelines and Implementation

Key details remain unclear, including the exact timeline for PSD3/PSR implementation, which is expected around 2028, and the final scope of the AI Act’s high-risk classification, which might slip to 2027. Additionally, how these two regimes will interact in practice—particularly how AI systems will be integrated into the statutory payment infrastructure—is still under development. The precise impact on the speed of market development and the competitiveness of European agentic commerce remains uncertain.

Next Steps in European Regulatory and Infrastructure Development

Regulatory authorities are expected to publish detailed implementation rules for PSD3/PSR by summer 2026, with phased rollout over the subsequent years. The AI Act’s high-risk obligations are also scheduled to be clarified and enforced starting in 2026, with ongoing adjustments. Observers will monitor how these regulations influence the deployment of AI agents in financial services, and whether the European approach results in a more open, resilient market or delays innovation compared to the US.

Key Questions

How will the EU’s payment reforms affect AI agents’ ability to make payments?

The reforms require AI agents to operate within a statutory payment infrastructure that demands human authorization, so AI agents cannot yet pay directly without human oversight, unlike in the US.

What impact will the AI Act have on AI systems used in finance?

The AI Act will impose high-risk classification, requiring AI systems involved in financial decision-making to undergo conformity assessments, human oversight, and registration, potentially slowing deployment but increasing safety.

Why is Europe’s regulatory approach slower than the US?

Because Europe’s infrastructure is built through legislation that takes longer to pass and implement, emphasizing durability and openness over speed and concentration.

Will Europe’s approach lead to a more resilient agentic economy?

Potentially yes, due to the open, standardized, and statutory nature of its infrastructure, but this comes at the expense of reduced agility compared to private, commercial networks.

Source: ThorstenMeyerAI.com