When Visa published its agentic commerce rules this spring, the most striking thing about them was how unremarkable they looked. An Agentic Payment Provider must obtain cardholder consent before storing a credential. It must verify identity before acting on a payment instruction. It must retain agreement records for the duration of the relationship and produce them on request. The cardholder is responsible for the agent's actions "as if the cardholder initiated the transaction."
Read those next to Visa's longstanding rules for recurring transactions, and the family resemblance is immediate. Recurring billing already required express consent, defined scope, identity validation, a simple cancellation procedure, and notice before a trial period ends. The cardholder could dispute a charge if permission was withdrawn before processing. Delayed charges went further: when a hotel or rental company needed to charge a guest after checkout for damages, the rules demanded documentary proof connecting the charge to the cardholder's stay, a twenty-business-day waiting period, and full dispute recourse if the amount was contested. Mastercard's Agent Pay follows the same structural logic. Payments as a category has spent decades codifying what happens when someone, or something, acts on your behalf and the outcome is later challenged.
Payments adapted infrastructure refined over years of answering a question every agent deployment eventually faces: who authorized this, within what limits, and what happens when someone disagrees? Every chargeback is a rehearsal for that question. The consent, scope, evidence retention, and dispute machinery were already there. Agents just became the newest entity moving through them.
The broader adoption picture looks nothing like payments. McKinsey's most recent data shows no individual business function with more than 10% of organizations scaling agents. Among those reporting meaningful financial impact, the distinguishing factor was workflow redesign: those organizations were nearly three times more likely to have restructured processes around the new capability. Model intelligence has advanced faster than most organizations can absorb. The institutions making progress already know how to delegate, bound, audit, and recover.
Healthcare's prior authorization system suggests the pattern extends beyond payments. CMS already requires standardized request formats, specific denial reasons, mandated response timeframes, and clinician review. Now it's running a six-year model that places AI and machine learning inside that existing environment, with human clinical review and compliance-based exemptions built in from the start. The same delegation scaffolding payments built around money, healthcare built around coverage decisions: who can authorize, under what criteria, with what evidence, and what recourse exists when the answer is wrong. The AI arrived where those answers were already codified.
Payments and healthcare weren't preparing for agents. They had been forced, by the cost of getting delegation wrong, to answer the questions agent deployment surfaces everywhere. Who can act on whose behalf, under what constraints, with what evidence, and what happens when the outcome is disputed. The organizations absorbing agents most readily are the ones whose institutional muscles, built for entirely other purposes, turn out to have been training for exactly this.
-
Task success isn't safety: A joint evaluation by the Singapore and Korea AI Safety Institutes found that agents completing tasks correctly still violated data-handling expectations, disclosing information to inappropriate recipients even on benign, non-adversarial scenarios.
-
Protocols aren't governance yet: MCP's June 2025 authorization specification makes authentication optional, and a recent measurement study found 40% of live remote MCP servers exposing tools without any authentication at all.
-
Visa's unresolved middle cases: AP reported that Visa sees the hardest agentic commerce disputes arising when consumer intent and merchant processing both appear correct but something goes wrong in the agent's choice between them.
-
EU AI Act timelines harden: High-risk AI obligations under the EU AI Act, including activity logging, human oversight, and robustness requirements, become fully applicable starting August 2026, turning governance from aspiration into compliance deadline.

