The first post in Adyen’s Agentic Foundations series  explored how product data built for traditional marketing feeds is a systemic blocker for agentic commerce. The article outlined how leading players are addressing this gap, and what it takes to prepare data systems for real-time, machine-driven queries.

But even with a perfect machine-readable catalog, agentic commerce faces a more fundamental constraint: trust.

AI agents are turning the shopper-merchant duo into a trio, disrupting traditional trust signals. The urgent, unanswered question remains: when a machine acts as a proxy, who is liable?

Until this is answered, trust cannot be established. And without trust, transactions cannot be reliably authorized or resolved, and agentic commerce cannot scale.

Why trust collapses

The future of agentic commerce is stalling across three definitive trust fault lines:

1. Good vs bad bots

For over a decade, e-commerce has operated on a binary assumption: humans are customers, and bots are adversaries. Fraud systems, authentication protocols, and risk models are all built on this logic. With agentic commerce, these lines are blurred.

When an AI agent initiates a transaction, merchants lose the digital breadcrumbs of the underlying shopper. Stable device IDs, known IP addresses, and behavioral patterns disappear. Without this context, transactions default to something that looks like a high-risk guest checkout.

A new intent gap compounds the issue. If an agent misinterprets instructions, like ordering the wrong product or the wrong quantity, the resulting dispute does not map cleanly to existing categories like “unauthorized transaction” or “item not as described.” This creates a liability gray area where merchants cannot distinguish between malicious activity and misconfigured automation.

Crucially, responsibility for agent-driven errors is not yet codified in payment network rules. Today’s implementations are already showing elevated chargeback and refund rates, early signals of what becomes significant financial exposure at scale.

2. Lack of data sharing

Trust also breaks at the data layer. In a two-party model, identity and intent move together. In a three-party system, they fragment. The agent captures intent without always proving it. The merchant processes the transaction without seeing its origin. Payment networks authorize the event without full context.

The result is a system where no single party has a complete, reliable view of the transaction. Without shared, structured data across all participants, trust cannot be reconstructed. Transactions become harder to verify, harder to authenticate, and harder to resolve when something goes wrong.

3. Regulatory friction

The third constraint is regulatory. Frameworks like SCA and 3DS2 are built on the assumption that a human is present to authenticate a transaction in real time: biometrics, passcodes, or step-up challenges.

Agentic commerce is fundamentally different as agents are designed to evaluate and execute independently, often hours after a prompt is given, or while the user is offline. This creates a structural mismatch between how transactions are authorized and how they are executed.

The current demand for real-time human approval is a hard ceiling, and unless the industry moves to asynchronous authorization, high-stakes commerce will remain off-limits to autonomous systems.

Each of these fault lines erodes a different layer of trust, but they converge on the same outcome: no single party can confidently verify what happened, who approved it, or who is responsible. In that vacuum, liability becomes ambiguous and financial exposure increases.

What matters most when preparing for agentic commerce at scale

To scale, the industry must resolve the same three fault lines.

Trust in agentic commerce will not be solved at the interface, but decided at the infrastructure layer. Bolting new features onto legacy systems cannot fix the core problem. It requires a redesign of how identity, risk, and payments operate within this new three-party environment.

Adyen is shaping the infrastructure of trust on three critical fronts:

Governance: Adyen is actively contributing to the most critical industry working groups shaping agentic commerce. Its contribution made fraud and liability core tenets of these groups’ charters to ensure this is addressed at the foundation, not left as unresolved edge cases.

Partnership: Adyen is actively influencing how the biggest players design and implement their own agentic commerce solutions, ensuring that trust, risk, and authorization are built into the agentic transaction flow from the outset. This is not passive collaboration, the company works directly with all the major payment networks, as well as the leading AI platforms.

Technical integration: Adyen is working with partners to define information-sharing requirements and ensure they are embedded at the critical points of the stack: firstly across PSP-AI platform integrations and, secondly, at the protocol level.

The bottom line

Agentic commerce cannot scale until the industry can answer three questions: who acted, what was intended, and who approved it. Until then, every transaction carries unresolved liability.

Moving forward requires a shift in focus, from optimizing the interface to redesigning the underlying systems that define, share, and validate these signals.

Trust will not emerge organically. It must be engineered.