On 2 March 2026, an AI agent processed a complete payment through the regulated infrastructure of a major European bank – without any human intervention between instruction and execution. Banco Santander and Mastercard announced Europe's first end-to-end transaction by an autonomous agent within a regulated banking environment. For the European financial industry, this pilot marks a turning point: not because a single transaction transforms the industry, but because it demonstrates that agentic payments work within a regulated framework.
Behind the press release lies a race that extends far beyond a single pilot. Visa, Mastercard and Google have each presented their own protocols for agent-driven payments within 90 days of one another. McKinsey & Company projects that AI agents could process transactions worth one trillion US dollars in the United States alone by 2030. Grand View Research estimates the global agentic commerce market at USD 7.71 billion in 2026 – with a projected compound annual growth rate (CAGR) of 35.7 per cent through to 2033.
What: Europe's first end-to-end payment by an AI agent within regulated banking
Who: Banco Santander ∙ Mastercard Agent Pay ∙ Microsoft Azure OpenAI Service ∙ PayOS
When: 2 March 2026 (pilot, not a commercial launch)
Market size: USD 7.71bn (2026) → USD 65.47bn (2033), CAGR 35.7%
Regulation: EU AI Act – high-risk obligations for financial AI from August 2026
The Santander–Mastercard Pilot in Detail
Technical Architecture
The transaction was built on Mastercard Agent Pay, a framework for agent-driven payments launched in April 2025. PayOS handled end-to-end orchestration, whilst the AI agent ran on the Microsoft Azure OpenAI Service and Microsoft Copilot Studio. The payment was processed through Santander's production payment infrastructure – not in a sandbox, but on live banking rails.
In practice, this means the AI agent identified the payment instruction, verified authorisation within predefined limits and permissions, initiated the transaction via Mastercard Agent Pay, and completed it through Santander's live infrastructure. Human control was ensured through pre-set parameters – the agent acted autonomously, but within a clearly defined mandate.
Santander emphasises that the transaction was conducted in a controlled environment and does not constitute a commercial rollout. The bank now plans extended testing and the exploration of additional use cases before considering a broader deployment.
Why This Pilot Matters
The decisive aspect of the Santander transaction is not the technical feasibility – that a Large Language Model (LLM) can trigger a payment surprises no one in 2026. Its significance lies in three aspects: first, the transaction ran through a regulated payment infrastructure with all applicable compliance requirements. Second, it used existing card network rails, enabling scalability across the entire Mastercard infrastructure. Third, the pilot was conducted within a governance framework that addresses auditability, traceability and consumer protection.
The Protocol Race: Three Approaches, One Goal
The Santander pilot comes during a period in which the major payment networks and technology companies are competing for definitional authority over agent-driven payments. Within three months – from January to March 2026 – Mastercard, Visa and Google each presented their own frameworks.
Mastercard: Agent Pay and Verifiable Intent
Mastercard pursues a dual approach. Agent Pay provides the operational infrastructure: Agentic Tokens secure payment credentials stored with AI agents through dynamic cryptographic methods. Biometric authentication uses Mastercard Payment Passkeys. Issuers and merchants receive transparency across the entire transaction lifecycle.
Additionally, on 5 March 2026, Mastercard published the Verifiable Intent specification as an open-source standard. The framework links the consumer's identity, their specific instructions and the transaction outcome in a tamper-resistant cryptographic protocol. Technically, Verifiable Intent builds on standards from the FIDO Alliance, EMVCo, the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C).
A central design principle is Selective Disclosure: each party in the transaction chain receives only the minimum necessary information – enough for verification, but no more. Google, IBM, Fiserv and Checkout.com have already pledged their support. The open-source approach via GitHub is a deliberate strategy: Mastercard is banking on broad participation to establish the standard.
Visa: Intelligent Commerce and Trusted Agent Protocol (TAP)
Visa presented its own approach with the Trusted Agent Protocol (TAP) as early as October 2025 – developed jointly with Cloudflare and supported by Adyen, Stripe, Shopify, Microsoft and more than ten additional partners. TAP addresses one of the fundamental questions of agentic commerce: how does a merchant distinguish between a legitimate AI agent acting on a customer's behalf and a malicious bot?
The protocol enables approved agents to securely transmit critical information to merchants, allowing them to verify authenticity. Tokenised payment credentials are bound to specific agents – payments can only be initiated by the right agent, for the right purpose, at the right moment.
In December 2025, Visa reported hundreds of successfully completed agent-initiated transactions in production environments. Under the Visa Intelligent Commerce (VIC) brand, the company is building a platform that combines tokenisation, authentication, spending limits and privacy-aware personalisation. More than 100 partners worldwide are already working with Visa, with over 30 actively developing in the VIC sandbox. The forecast: millions of agent-driven purchases by the 2026 holiday season.
Google: Agent Payments Protocol (AP2) and Universal Commerce Protocol
Google has presented the Agent Payments Protocol (AP2), an open protocol designed as an extension of the Agent2Agent protocol (A2A) and the Model Context Protocol (MCP). More than 60 organisations are shaping the standard – including Adyen, American Express, Ant International, Coinbase, Mastercard, PayPal, Revolut and Worldpay.
In parallel, Google has introduced the Universal Commerce Protocol (UCP), which standardises the interaction between AI agents and merchants. The approach is cross-platform by design and targets interoperability across different agent ecosystems.
Notably, the protocols coexist: Mastercard's Verifiable Intent was explicitly positioned as compatible with Google's AP2 and UCP – complementary infrastructure rather than a competing standard. Whether this compatibility holds in practice as systems scale remains to be seen.
Agentic Commerce: What Lies Behind the Term
The term agentic commerce describes a trading model in which AI agents independently prepare and execute purchasing decisions – from price comparison and supplier selection through to payment and post-purchase management. The human defines the objective, budget and preferences; the agent handles execution.
The implications extend far beyond payment processing. For merchants, agentic commerce means their primary "customer" is increasingly an algorithm seeking structured data, machine-readable product information and standardised interfaces. Brand loyalty, emotional purchasing decisions and traditional marketing lose relevance when an agent optimises for value and availability.
For banks, the value chain shifts: the account becomes the platform on which agents operate. Whoever controls authentication, defines spending limits and provides transaction monitoring holds a key position in the agent-driven economy. Those who fail to occupy this role will be relegated to interchangeable payment service providers.
Mastercard Agent Pay + Verifiable Intent: Agentic Tokens, Payment Passkeys, cryptographic audit trail, open-source specification. Partners: Google, IBM, Fiserv, Santander
Visa Intelligent Commerce + TAP: Tokenised agent binding, bot-vs-agent distinction, spending controls. Partners: Cloudflare, Stripe, Shopify, Microsoft
Google AP2 + UCP: Cross-platform interoperability, extension of A2A/MCP, 60+ partners incl. AmEx, Coinbase, Revolut, Mastercard
Regulatory Framework: The EU AI Act as Guardrail
Agentic payments are not developing in a regulatory vacuum. From August 2026, the high-risk requirements of the EU Artificial Intelligence Act (AI Act) apply to AI systems in the financial sector. Credit scoring, fraud detection, anti-money-laundering (AML) profiling and automated decisions affecting access to financial services are explicitly classified as high-risk AI systems.
For agent-driven payments, this means specifically: risk management systems must be documented and auditable. Human oversight must be maintained – even when the agent acts autonomously. Transparency towards the consumer is mandatory: the customer must know that an AI agent is acting on their behalf. Ongoing monitoring of system performance and decision quality is required.
The European Banking Authority (EBA) has announced specific activities in 2026 and 2027 to support the implementation of the AI Act in the banking and payments sector. It aims to promote common supervisory approaches and coordinate cooperation between national competent authorities responsible for financial sector supervision and market surveillance authorities.
For banks looking to implement agentic payments, the message is clear: compliance by design is not an option but a prerequisite. Santander's pilot – with a predefined mandate, authorisation limits and regulated infrastructure – shows a viable path. Institutions deploying autonomous payment agents without comparable governance structures are operating in a regulatory grey area that will increasingly close in 2026 and 2027.
Risks and Open Questions
Liability and Dispute Resolution
Who is liable when an AI agent executes a faulty payment? Existing chargeback mechanisms of card networks were designed for human error – not for algorithmic misjudgements. Mastercard's Verifiable Intent addresses this problem through the cryptographic audit trail, but the legal clarification remains outstanding. The question of whether an agent is considered a representative of the customer or an independent actor will occupy courts and regulators in the coming years.
Fragmentation Versus Interoperability
Three major protocols in three months signal dynamism – but also the risk of fragmentation. Even though Mastercard and Google declare their standards compatible, practice remains to be seen. For banks and merchants that must choose an infrastructure today, this uncertainty means increased integration costs and the risk of backing the wrong standard.
Security and Misuse
Autonomous payment agents significantly expand the attack surface. Prompt injection – the manipulation of an AI agent through crafted inputs – could cause agents to route payments to the wrong recipients. Social engineering becomes more complex when the attacker must deceive not a human but an algorithm. The tokenisation approaches of Visa and Mastercard address part of this risk, but the threat landscape evolves at the same pace as the technology.
The Pilot Character
It is important to contextualise the Santander announcement correctly: this is a controlled pilot, not a commercial launch. Between a single successful transaction and processing millions of agent-driven payments per day lie considerable technical, regulatory and organisational challenges. The history of fintech innovation is replete with promising pilots that never achieved scale.
Recommendations for European Banks
Agentic payments are no longer a future topic – the technical infrastructure is in place, the first regulated transactions have been completed, and protocol standards are crystallising. For European financial institutions, five concrete areas for action emerge:
Immediately: Institutions should conduct a stocktake of their payment infrastructure and evaluate how prepared their systems are for agent-driven transactions. Key questions: does the existing API architecture support the integration of Agent Pay protocols? Are authentication systems designed for non-human actors? What does the authorisation management for delegated payments look like?
By August 2026: With the high-risk requirements of the EU AI Act coming into force, banks must document their AI-powered payment systems, make them auditable and implement human oversight mechanisms. Governance frameworks ensuring transparency, traceability and consumer protection are not optional – they are a regulatory obligation.
Q2–Q3 2026: The parallel development of Mastercard Agent Pay, Visa TAP and Google AP2 requires a deliberate strategic decision. Institutions should evaluate protocol compatibility with their existing infrastructure, leverage network sandbox programmes and consider multi-protocol capability as a target architecture to avoid dependency on a single standard.
H2 2026: Not every payment is suited to agent-driven processing. Recurring payments with clear rules (subscriptions, B2B procurement, travel bookings) offer a more favourable risk profile than one-off, high-value transactions. Institutions should begin with clearly scoped pilot use cases before expanding agent mandates.
Ongoing: Agentic payments require customer trust. Banks must clearly communicate what an AI agent can and cannot do on their behalf, how limits and permissions work, and what control the customer retains. Transparency here is not merely a regulatory requirement but a business-critical success factor.
Keep reading – in your inbox every two weeks.
Capital markets insights, regulatory updates and AI trends. Concise, well-founded, free.
GDPR-compliant. Unsubscribe any time.