Agentic Payments: a new challenge for Europe’s payments ecosystem

As AI-agent technology moves from the 'back office' to the 'front office' for payment institutions, banks, and payment system operators, the relevance of regulatory requirements increases significantly. In this context, questions arise around the regulatory classification of the service, the allocation of liability, and the satisfaction of authorisation requirements and Strong Customer Authentication (SCA).

The European implementation perspective

Instead of operating under a standalone regulatory regime in the European Union, agentic payments represent a new operating model. This approach will, in practice, test the effectiveness of existing mechanisms such as customer consent, strong authentication, fraud controls, and liability frameworks.

In the European context, the core issue is not the permissibility of the concept, but its implementation. The task is to create a model for delegating authority to an agent that secures compliance, security, and accountability with all binding regulations and ensures resilience amid disputes or operational incidents.
It cannot be ruled out that, over time, both EU and national legislators and supervisory authorities will issue guidance and recommendations expressly addressing agentic payments and impose bespoke requirements.

What are “agentic payments”?

In broad industry terms, agentic payments refer to deploying autonomous AI agents that learn from data to make real-time decisions throughout the payments value chain - from initial customer interaction to operational processes like routing, risk and fraud management, and dispute handling.

From an e-commerce perspective, “agentic” capability means that an agent may:

• search for and compare products;
• compile a shopping basket;
• select a payment method/provider;
• initiate payment and, depending on the model, also support returns and complaints handling.

The principal distinction from “classic automation” is that an agent does not simply execute a pre-defined task - it also assists the user in decision-making based on context, preferences and objectives.

Legal implications of agent-initiated payments: authority, risks and obligations

Within the EU, agent-based payment models remain subject to PSD2 and the RTS requirements concerning Strong Customer Authentication (SCA) - there is currently no special “extra-regulatory” regime in this area. The key questions today are functional in nature: who, within a given scheme, is in fact providing a payment service; who holds or controls the customer’s funds; and, where activities are delegated to an agent, what constitutes valid authorisation and meets the SCA requirements.

These issues intersect with three principal areas of operational risk:

1. Consent and evidence: disputes will increasingly focus on whether the user authorised all elements of the transaction (the specific payee, amount and timing) and whether this can be evidenced in an auditable manner.
2. Fraud and abuse: European reports emphasise that fraudsters are increasingly manipulating users to induce them to initiate payments, rather than targeting the authentication process itself. In agentic models, this risk may escalate more quickly if delegation is not constrained by limits, monitoring and “stop/step-up” mechanisms.
3. Compliance: when AI agents, cloud services, and external connectors become part of the critical payments chain, the system design must incorporate AI governance, operational resilience, cyber security, and data protection as integral architectural requirements.

Constrained delegation rather than blind automation

Industry initiatives indicate that agentic payments can succeed only with strong, controlled delegation to build confidence and ensure compliance.

In practical terms, this entails:

• Authentication of the agent: confirming that the request originates from an authorised instance/service of the agent and can be unambiguously assigned to a specific provider and user.
• Verification of the mandate: defining which actions (purchases with which merchants, amounts, categories, etc.) the agent is authorised to undertake.
• Constraints on actions: implementing safeguarding mechanisms - monetary limits, frequency limits, category segmentation, allow-lists/deny-lists of payees, and “step-up” conditions.

Moreover, the ecosystem must ensure a complete audit trail for purposes such as disputes, AML/fraud analysis, and incident management. This includes documenting who granted consent, what the mandate included, applied limits, if step-up/SCA was triggered, and exactly which actions the agent performed. This full documentation defines bounded delegation - delegated authority constrained by explicit rules and evidence. Without this, the agentic payments model will be difficult to defend in disputes and could increase regulatory risk.

Osborne Clarke advisory areas

As a result, agentic payments sit at the intersection of payments regulation and digital compliance. Practical support, therefore, requires a coordinated approach within a single, coherent workstream so that the legal and technical architecture together form an operational model capable of withstanding supervisory scrutiny, audit, and dispute.

Typical areas of our advice include:

• Payment services perimeter and licensing analysis (PSD2, e-money, open banking, regulatory sandboxes, outsourcing, agent model as TPP/TechSP).
• Consumer and e-commerce layer preparation: terms and conditions, information obligations, complaints procedures, chargebacks, cancellations and refunds.
• AI governance (AI Act), data protection (GDPR) and operational resilience/cyber (DORA/NIS2) - including an “evidence pack”, i.e. audit-ready documentation and artefacts for supervisory review.
• Technology and commercial contracting: allocating responsibility across the chain between agent providers, PSPs/acquirers, merchants, AI platforms and cloud providers, in a manner consistent with auditability, incident reporting and risk management.