The Protocol Question: Why Picking a Winner Is the Wrong Strategy for Agentic Commerce post

Between September 2025 and March 2026, the agentic commerce industry produced at least ten production-grade protocols governing how AI agents discover products, authenticate themselves, initiate payments, and settle transactions. Stripe shipped the Agentic Commerce Protocol, integrated into ChatGPT. Shopify and Google co-developed the Universal Commerce Protocol. Stripe and Tempo published the Machine Payments Protocol. Coinbase revived HTTP's long-dormant 402 status code for stablecoin micropayments. Google proposed the Agent Payments Protocol, with PayPal as the primary implementer. Azoma launched the Agentic Merchant Protocol with L'Oreal, Unilever, and Mars among the early adopters. Visa, Mastercard, and Cloudflare each published competing authentication frameworks.

If you are a B2B founder or growth leader trying to make sense of this, the instinct is to ask: which one should I back? That instinct is understandable. It is also the wrong starting point.

The pattern emerging from the first six months of protocol competition is not a standards war heading toward a single winner. It is a layered ecosystem where different protocols solve different problems, and the real strategic question is not which protocol will win but whether your business operates through infrastructure flexible enough to survive regardless of which standards consolidate.

The most useful way to understand the current landscape is not as a flat list of competing standards but as a four-layer stack. Each layer addresses a different part of the commerce interaction between an AI agent and a business.

Layer 1: Discovery and catalogue distribution. This is how agents find your products or services and understand what you offer. Stripe's Agentic Commerce Protocol (ACP), currently integrated with ChatGPT, and the Universal Commerce Protocol (UCP) from Shopify and Google both operate here, along with Azoma's Agentic Merchant Protocol (AMP), which focuses specifically on how brand catalogues are represented across multiple agent surfaces. Anthropic's Model Context Protocol (MCP) provides the foundational data access layer that sits beneath all of these.

Layer 2: Agent authentication. This is how your systems verify that an incoming agent is legitimate and authorised to act on behalf of a real buyer. Visa's Trusted Agent Protocol, Mastercard's "know your agent" framework, and Cloudflare's Web Bot Auth each take different approaches. There is no dominant standard here yet.

Layer 3: Payment processing. This is how agents initiate and execute payments. Stripe's Shared Payment Tokens (within ACP) handle consumer checkout in ChatGPT. The Agent Payments Protocol (AP2), proposed by Google and implemented by PayPal, uses cryptographically signed mandates for auditable multi-step authorisation. Coinbase's x402 handles stablecoin micropayments. The Machine Payments Protocol (MPP) from Stripe and Tempo bridges fiat and cryptocurrency rails.

Layer 4: Settlement infrastructure. This is where money actually moves. Visa and Mastercard have both launched agentic commerce frameworks that operate on existing card rails. FIS, one of the largest financial technology providers globally, announced in January 2026 that it would offer the first bank-level agentic commerce capability to its issuing clients, in partnership with both card networks. Fiserv has adopted both Visa's and Mastercard's agentic commerce frameworks, according to industry mapping from Major Matters.

The layers matter because a protocol that solves discovery does not solve authentication. A protocol that solves payments does not solve catalogue representation. The question is never "ACP or UCP?" in isolation. It is "which combination of standards across these four layers fits my business, my customers, and my compliance requirements?"

The dominant framing of the protocol landscape treats it as a standards war. VHS vs Betamax. Blu-ray vs HD DVD. Pick the winner early, or get locked out.

I think that framing misreads what is actually happening.

The evidence from the first six months points to a different pattern: convergence through abstraction, not consolidation into a single standard.

Consider what Shopify has done. Shopify co-developed the Universal Commerce Protocol with Google. Shopify merchants can also sell through ChatGPT via Stripe's ACP. The merchant does not need to choose between protocols. They manage commerce through their Shopify admin, and the platform handles protocol routing. The merchant never touches either protocol directly.

Stripe has done something similar. Its Agentic Commerce Suite abstracts protocol complexity so that merchants like Coach, Kate Spade, and Etsy onboard to Stripe's system rather than integrating protocols directly. Amazon Web Services has built multi-protocol support into Bedrock's AgentCore, allowing agents built on AWS to use x402, MPP, and other standards through a unified infrastructure layer.

The pattern is consistent: infrastructure providers are building abstraction layers that support multiple protocols and present a single interface to end businesses. Protocol diversity is being managed at the infrastructure level, not the merchant level.

This has a direct implication for how B2B leaders should think about readiness. If you are asking "which protocol should I integrate?", you may be solving the problem at the wrong layer. The more productive question is: "does my infrastructure provider already abstract this complexity for me?"

If convergence is happening through abstraction rather than consolidation, then the readiness question for B2B leaders is not "which protocol do I back?" but "how flexible is my current infrastructure across each layer?"

Here is a four-question diagnostic that maps to the protocol stack. For each layer, the question reveals whether your business is positioned to adapt as standards evolve, or whether you are exposed to protocol risk.

1. Discovery: Can agents find and accurately interpret your business?

This is the most immediately actionable layer. Regardless of which discovery protocol your buyers' agents use, the underlying requirement is the same: your product data, pricing, and service descriptions need to be structured, current, and machine-readable. If your catalogue lives in PDFs, behind login walls, or in unstructured HTML, no protocol can help. The practical first step is ensuring your product data is available in structured formats (schema markup, clean APIs, or merchant feeds) that any protocol can consume.

For B2B companies with complex pricing matrices, promotional rules, or customer-specific terms, Azoma's Agentic Merchant Protocol is worth watching. AMP's focus on how catalogues are "understood, reasoned over, and acted upon by machines" addresses a B2B-specific problem that the broader discovery protocols do not explicitly handle.

2. Authentication: Can your systems verify that an incoming agent is legitimate?

This is the most fragmented layer and the one where waiting is most defensible. Visa, Mastercard, and Cloudflare have each published competing authentication frameworks, and no dominant standard has emerged. The practical risk is low in the near term because most agent-initiated transactions still require human-in-the-loop authorisation, as Edgar, Dunn & Co noted in their April 2026 market sizing. But the risk increases as agents gain more autonomous purchasing authority.

The immediate action is understanding your current fraud and bot detection capability. Can your systems distinguish between a legitimate procurement agent acting on behalf of a buyer and an automated scraper? If not, that gap will matter before the authentication standards settle.

3. Payments: Can an agent acting on behalf of your customer actually pay you?

This is where the choice of infrastructure provider matters most. If you use Stripe, you already have access to Shared Payment Tokens (for ACP-based checkout) and the Machine Payments Protocol (for cross-rail agent payments). If you use PayPal or Braintree, you have access to Agent Payments Protocol mandates. If your business operates in cryptocurrency-adjacent markets, x402 may be relevant.

The key question is not which payment protocol to adopt but whether your payment processor supports the protocols your customers' agents are likely to use. For B2B companies where procurement compliance matters, AP2's mandate architecture deserves particular attention. Its cryptographically signed Intent, Cart, and Payment mandates create the kind of audit trail that procurement teams and compliance frameworks require: proof of what was authorised, what was selected, and what was confirmed before payment.

4. Settlement: Do your transactions settle on infrastructure that supports agent-initiated flows?

For most B2B companies, this layer requires the least immediate action. FIS has built agentic commerce support into its processing infrastructure in partnership with Visa and Mastercard, meaning transactions from AI agents can settle on existing card rails with standard clearing windows, interchange structures, and chargeback frameworks. Reports of live agentic payment processing on production networks suggest that settlement infrastructure is moving toward production-readiness.

The practical implication: if your payment processor is a major provider (Stripe, Fiserv, Adyen, or similar), the settlement layer is likely being handled for you. The risk sits with smaller or regional processors that may not yet support agent-initiated transaction types.

The protocol landscape creates a specific kind of strategic risk that B2B leaders need to name clearly: the risk is not choosing wrong. The risk is building inflexibly.

Early estimates suggest that agentic commerce lock-in may become a significant cost. Unlike traditional ecommerce platform switching, where the main expense is data migration and re-integration, agentic commerce switching also requires rebuilding AI model understanding and decision logs. That additional complexity could make single-protocol lock-in substantially more expensive than the platform switching costs most B2B companies are used to managing.

My read of the current landscape is that B2B companies face a timing question, not a picking question. The infrastructure layer is maturing faster than most B2B leaders realise. FIS's bank-level agentic commerce offering was expected to be available by end of Q1 2026. Fiserv has adopted both card network frameworks. Stripe's Agentic Commerce Suite is processing real transactions for major retailers. The settlement infrastructure exists. The discovery protocols are live. The authentication layer is still forming, but the rest of the stack is increasingly production-grade.

The window to make readiness decisions without urgency is still open, but it is narrowing. The NIST AI Agent Standards Initiative, announced in February 2026, signals that regulatory standardisation is coming. EMVCo, which manages global card payment specifications, is actively working on how its standards can support agentic payments. When these formal standards arrive, the companies that have already built flexible infrastructure will adapt quickly. The companies that have not started will face both the integration cost and the competitive disadvantage of being late.

Three priorities, in order.

First, audit your infrastructure partners. The most important protocol decision you make may be the one your payment processor or ecommerce platform has already made for you. If you use Stripe, Shopify, PayPal, FIS, or Fiserv, you likely have more protocol coverage than you realise. Understand what your existing providers support before evaluating new integrations.

Second, make your business machine-readable at the discovery layer. Regardless of which protocols consolidate, every agent needs structured, accurate, current product data to work with. This is the highest-return investment you can make right now, and it does not require choosing a protocol. Clean up your catalogue data. Implement schema markup. Ensure your APIs expose the information an agent would need to evaluate your business.

Third, avoid long-term single-protocol commitments. The landscape will look different in twelve months. NIST, EMVCo, and ISO working groups are all actively developing standards. Negotiate for protocol-agnostic integrations with your technology vendors. Build on infrastructure that supports multiple protocols rather than locking into one.

The protocol question is real. But the answer, for most B2B companies, is not to pick a winner. It is to build the flexibility that makes picking unnecessary.