Key Takeaways
- European think tank CEPA published a policy analysis titled "Who Controls the AI Shopping Cart?", raising geopolitical risks around AI-driven commerce
- Europe's strong payment infrastructure (instant payments, open banking) could be a strategic asset in the AI agent era, but authentication regulations pose a bottleneck
- E-commerce businesses must prepare for a world where AI agents determine "what to buy and how to pay," prioritizing payment diversification and regulatory monitoring
The Geopolitics of Shopping Control
Artificial intelligence will reshape what we purchase and how we pay.
cepa.orgAI already searches, compares, and recommends. Now it is moving toward buying, booking, and paying. On April 14, 2026, Padraig Nolan, a Fellow at the Center for European Policy Analysis (CEPA), published an analysis that reframes this shift as a geopolitical issue.
The core question is straightforward: when AI gains the power to shape what gets bought and how payments happen, who is building those systems? American companies like OpenAI, Google, and Meta are laying the foundations for AI agents, while Europe faces the risk that purchasing decisions and transaction execution are delegated to systems built elsewhere.
Europe's Payment Infrastructure as a Strategic Asset
That said, Europe is not entirely at a disadvantage. Nolan emphasizes the robust infrastructure Europe has built in instant payments and open banking (Pay-by-Bank).
Concrete progress is already underway. Santander has completed Europe's first end-to-end live payment executed by an AI agent in partnership with Mastercard. Visa is testing its Trusted Agent Protocol in European markets. Nexi has also partnered with Google Cloud to build infrastructure enabling AI agents to execute secure, authorized payments.
Europe's payment networks can serve not merely as processing pipes but as strategic assets for securing commerce sovereignty in the AI agent era.
The Structural Dilemma of Authentication Regulation
The biggest barrier, however, is not technology but regulation. Europe's Strong Customer Authentication (SCA) rules require users to actively approve each transaction. This is reasonable in a world where humans click buttons, but fundamentally incompatible with AI agents acting autonomously within pre-set rules.
If an AI agent is allowed to act, what counts as approval? Does the user approve each payment, or give permission once? And if something goes wrong, who is responsible?
Regulators have yet to provide clear answers. The EU AI Act reaches full enforcement in August 2026, but contains no provisions specifically addressing agentic commerce. Existing regulations including PSD3, GDPR, and the Consumer Rights Directive overlap without clearly resolving who bears liability when an AI agent makes an unauthorized purchase.
Meanwhile, the private sector is not waiting. Mastercard has introduced Verifiable Intent, an open standard that cryptographically records and verifies what a user has authorized their AI to do. Visa is deploying tokenization-based frameworks. Industry is establishing de facto standards before regulation catches up.
A Future Where AI Chooses How You Pay
One point in Nolan's analysis that deserves particular attention is how AI agents could transform payment method selection itself.
Today, consumers choose between credit cards, wallets, and bank transfers at checkout. In a world where AI agents handle purchases, this choice happens earlier, determined by AI judgment. The payment method that is cheapest, fastest, and easiest for AI to use gets selected automatically.
This means the rules of competition change for card networks, digital wallets, Pay-by-Bank, and potentially even a digital euro. For e-commerce businesses, the breadth of supported payment methods may become directly tied to customer acquisition.
What E-Commerce Businesses Should Do Now
CEPA's analysis takes a macro policy perspective, but the practical implications for e-commerce businesses are clear. Building payment infrastructure to accept transactions from AI agents, particularly tokenization readiness, is a high-priority investment. At the same time, businesses need to monitor developments around SCA regulation relaxation or reform to determine the right timing for AI commerce deployment in European markets.
The battle over who controls the AI shopping cart is not just a concern for tech companies. Whether Europe can balance regulation with industry cooperation will shape the geopolitics of commerce going forward.
Summary
CEPA's analysis offers a crucial perspective by framing agentic commerce not merely as a technological innovation but as a geopolitical issue that will shape commerce sovereignty between nations. In an era where AI agents handle both purchasing and payment, who builds those systems and under which regulatory frameworks they operate directly impacts consumer choice and national economic autonomy.
For Europe, the key lies in leveraging its strengths in instant payments and open banking infrastructure while urgently reforming SCA regulations for the AI agent era. For e-commerce businesses, building readiness to accept AI agent transactions, including tokenization capabilities, and continuously monitoring the evolving regulatory landscape centered on Europe will be the factors that determine the next competitive advantage.
