📊 Full opportunity report: The rails. Why European agentic commerce is co-defined by two converging regimes. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

European law is currently constructing a complex legal framework that will determine how AI agents can perform financial transactions. Unlike the US, where commercial infrastructure like Mastercard and Visa facilitate agent payments, Europe’s payment rails are being rebuilt through statutory regulation, notably PSD3 and the Payment Services Regulation (PSR), which will require banks to expose APIs and enable direct access for nonbank agents. Simultaneously, the EU AI Act is establishing high-risk obligations for AI systems involved in finance, including credit scoring and fraud detection. This convergence of two regulatory regimes—one rebuilding payment infrastructure, the other imposing AI guardrails—will fundamentally shape the operational landscape for agentic commerce in Europe.

In Europe, the ability of AI agents to execute payments hinges on a legal architecture driven by two regulatory regimes. PSD3 and the PSR, agreed in November 2025 and expected to be implemented around 2028, mandate API parity, requiring banks to provide open interfaces that enable third-party agents to access payment services directly. This statutory overhaul aims to create a more open, resilient payment infrastructure that is not controlled by any single network or bank.

Concurrently, the EU AI Act, with high-risk obligations set to land in 2026, classifies AI systems used for credit scoring, fraud detection, and other financial functions as high-risk. These systems will be subject to conformity assessments, human oversight, and registration requirements, establishing guardrails that limit how AI can operate within the payment ecosystem. The two regimes were not designed together, leading to a fragmented but converging legal landscape where the rules for AI and payments intersect at multiple points.

Thorsten Meyer, a policy analyst, notes that this dual regulation means that whether an AI agent can pay or assess credit depends not only on technological capability but also on compliance with these evolving legal frameworks. The timelines differ—PSD3/PSR is set for 2028, while the AI Act’s high-risk obligations may be phased in as early as 2027—adding complexity to the development of agentic commerce in Europe.

Why the European Regulatory Approach Shapes Future Markets

This regulatory convergence matters because it creates a deliberately designed, legally grounded infrastructure that could lead to more durable, open, and resilient agentic markets. Unlike the US, where private firms control payment rails and extend their capabilities freely, Europe’s statutory framework aims for transparency, interoperability, and shared standards. The mandatory API parity and open finance principles embedded in PSD3 and the PSR mean no single entity can dominate the infrastructure, potentially fostering a more competitive and innovative ecosystem. However, this approach also means slower deployment and adaptation, as legislative processes are inherently longer than private sector development cycles.

Ultimately, the European model could set a global standard for responsible, secure, and inclusive agentic commerce, but only if the legal regimes are effectively implemented and harmonized. The ongoing development will influence whether AI agents become a common feature of European financial markets and how they compare to the faster, more concentrated US counterpart.

European Regulatory Milestones and Divergent Foundations

Historically, the US has relied on private sector infrastructure like Mastercard and Visa, which can extend agent capabilities through decision-making and commercial agreements. In contrast, Europe’s approach is rooted in statutory regulation, with laws like PSD2, PSD3, and the upcoming AI Act establishing a legally binding framework. The PSD2, enacted in 2018, introduced open banking principles, but PSD3 and the PSR represent a significant upgrade, requiring banks to provide API access on equal footing and enabling nonbank entities to participate directly in payment flows.

Meanwhile, the EU AI Act, agreed upon in November 2025, classifies certain AI systems as high-risk, imposing conformity assessments, human oversight, and registration. These rules are designed to ensure AI systems used in finance are safe, transparent, and accountable, but they also introduce seams and complexities that do not exist in the US private infrastructure model. The two regimes are being developed independently but will converge in practice, shaping the operational environment for AI agents in Europe.

“The question ‘can an AI agent pay for things in Europe’ has no technological answer, only a regulatory one.”

— Thorsten Meyer

Unresolved Aspects of the Regulatory Convergence

It remains unclear how quickly and uniformly the PSD3/PSR reforms will be implemented across member states, given legislative and technical complexities. Additionally, the exact scope and enforcement timeline of the AI Act’s high-risk obligations may shift, potentially affecting the deployment of AI agents in finance. The interaction between these two regimes—how they will operationally coexist and influence each other—is still being defined, and the precise impact on market development is uncertain.

Next Steps in European Agentic Commerce Regulation

Regulatory agencies are expected to finalize and implement PSD3 and PSR by 2028, with ongoing trilogues and legislative adjustments likely. Simultaneously, the European Commission will continue refining the AI Act’s high-risk classification and compliance standards, with formal adoption anticipated in late 2026. Industry stakeholders are preparing for these changes, but the full impact on AI agent capabilities and market structure will only become clear once the regulations are in force and operationally tested.

Key Questions

How will PSD3/PSR affect AI agents’ ability to make payments in Europe?

They will require banks to provide open, API-based access to payment services, enabling AI agents to initiate transactions directly, provided they comply with authentication and security standards.

What role does the EU AI Act play in agentic finance?

The AI Act will impose high-risk obligations on AI systems involved in finance, including requirements for oversight, transparency, and registration, which will influence how AI agents operate within the payment and credit ecosystems.

Why is Europe’s approach slower than the US?

European regulations are statutory, requiring legislative approval and alignment across member states, which takes longer than the private, commercially driven development in the US.

Could the European regulatory framework lead to a more durable agentic market?

Yes, because laws embedded into the infrastructure create a shared, transparent, and resilient foundation, potentially fostering long-term stability and innovation.

Source: ThorstenMeyerAI.com