Google Pushes Standards for Agentic AI Commerce With AP2
Summary
Google has unveiled the Agent Payments Protocol (AP2), an open specification designed to let AI agents make secure, auditable purchases across platforms. AP2 builds on Google’s earlier Agent2Agent (A2A) work and aligns with the Model Context Protocol (MCP) to improve interoperability and context for agent-driven commerce.
At the heart of AP2 are cryptographically signed “mandates” — Intent Mandates and Cart Mandates — which capture user instructions, constraints and locked cart details to create verifiable, tamper-proof proof of authorisation, intent and an auditable trail. The protocol already counts more than 60 partners from payments, fintech and enterprise software, signalling a broad industry push for standards rather than bespoke, fragmented solutions.
Key Points
- AP2 is an open standard enabling AI agents to initiate and complete purchases with verifiable proof of user authorisation and intent.
- Mandates (Intent and Cart) are cryptographically signed verifiable credentials that create an auditable chain from request to checkout.
- The protocol supports multiple payment rails: card networks, real-time bank transfers and stablecoins/tokenised payments.
- Over 60 partners — including Mastercard, American Express, PayPal, Coinbase, Adobe and major processors — back AP2, reducing the risk of fragmentation.
- AP2 addresses three core problems in agentic commerce: authorisation, authenticity and accountability.
- Practical capabilities include tokenised payments, spending limits, audit trails and cross-system agent interoperability with MCP and A2A.
- CX and commerce leaders should treat mandates as customer-facing artefacts (receipts/authorisation records) and begin with low-risk, high-intent journeys.
Why should I read this?
Short version: if you run commerce, payments or customer experience, this matters. Google + 60 partners are trying to make sure AI bots can shop for people without breaking payments, privacy or trust. Read this so you don’t wake up to a dozen incompatible agent-payment hacks on your site next quarter.
Context and Relevance
As AI agents move from assistants to active shoppers, standards become essential to avoid a patchwork of proprietary integrations that would raise risk and cost. AP2 plugs into broader trends — tokenisation of payments, stronger identity and consent controls, and provenance signals for both content and transactions (Adobe’s Content Authenticity Initiative is cited as a parallel effort).
For CX and commerce teams this means a step towards scaling agentic features without bespoke payment plumbing for every channel. It also raises implementation priorities: solid identity stacks, clear consent flows, and instrumented audit trails so disputes and compliance checks are manageable.
Practical takeaways for teams
- Start small: pilot AP2-enabled journeys where intent is clear (replenishment, price caps, back-in-stock alerts).
- Design mandates as visible artefacts — customer receipts and admin audit logs reduce disputes.
- Ensure your identity, consent and payment risk controls align with A2A/MCP expectations.
- Watch partner rollouts (card networks, processors) to prioritise tokenisation and supported rails.
