Four payment protocols and an open agent-identity standard shipped across 2025 and 2026. None of them ship the receipt a regulated transaction actually needs. This is the gap, the deadline that forces it, and the architecture — KYARA — that closes it.
Across 2025 and into early 2026, agentic commerce stopped being a slide. Five stacks shipped. The receipt didn't.
Across 2025 and into early 2026, agentic commerce stopped being a slide. Mastercard Agent Pay shipped on 29 April 2025. Google AP2 shipped on 16 September 2025 with sixty-plus partners — issuers, networks, merchants, infrastructure vendors. OpenAI and Stripe shipped ACP on 29 September 2025. Visa shipped Trusted Agent Protocol on 14 October 2025. Four distinct payment-and-commerce protocols, one shared assumption: the agent is a real actor, the rail will carry its transactions, the network will tell you who issued the token.
One layer down, in March 2026, Vouched donated MCP-I to the Decentralized Identity Foundation, where it now advances under the new name KYA-OS — Know Your Agent Operating System — stewarded by DIF's Trusted AI Agents Working Group. KYA-OS is the open agent-identity-and-delegation standard underneath the protocols: DIDs, Verifiable Credentials, three assurance tiers. It belongs in the same category as the four payment protocols — agentic transaction infrastructure — and it is real, governed, and shipping.
What none of them ship — what none of them claim to ship — is the receipt a regulator can audit, a court can enter into evidence, or a counterparty can verify when something goes wrong. The four payment protocols cover payment authorisation and agent identity at the rail. KYA-OS covers agent identity and delegation at the protocol layer. None of them cover disclosure, specific consent, creditworthiness or suitability assessment, or a cryptographic artefact that proves all four happened in the right order at the right time, anchored to a regulated trust chain a court already recognises.
That layer has a working title. We call our shape of it KYARA — Know Your Agent Receipt Authority. And the deadline that forces it into production is already on the calendar — 20 November 2026, the application date of the EU Consumer Credit Directive recast [Directive (EU) 2023/2225, Art. 48].
This piece is about the gap between what the four payment protocols and KYA-OS delivered and what regulated commerce actually needs. It is also about who has the parts on the shelf to close it.
Payment authorisation. Agent identity at the rail. That is the wedge each of the four addresses — and they address it competently.
Google AP2 is the open standard with the most aggressive partner roster — sixty-plus issuers, networks, merchants, and infrastructure vendors at launch. It defines a cryptographic mandate from principal to agent as a Verifiable Credential, DID-based agent identity, and a payment-time check the rail performs against the mandate.
Mastercard Agent Pay and Visa Trusted Agent Protocol are network overlays. They tokenise the agent's mandate inside the existing card-network rails and add an agent identifier to the transaction. They inherit forty years of card-network dispute, chargeback, and liability machinery; they do not rewrite it.
ACP — the OpenAI and Stripe collaboration — is the lightweight option. Implicit mandate (the Stripe customer relationship), session-scoped agent identity, minimal cryptographic ceremony. Designed to be the easiest option an LLM-side product team can ship against.
KYA-OS (formerly MCP-I), donated by Vouched to the Decentralized Identity Foundation in March 2026 and stewarded by DIF's Trusted AI Agents Working Group, sits one layer down. It specifies how an agent presents its identity to a Model Context Protocol server — and, per its expanded scope as an identity-and-delegation standard for the full range of agentic protocols, beyond MCP — with three tiers of assurance: L1 bearer-token, L2 DID plus VC delegation, L3 enterprise lifecycle.
Four payment-and-commerce protocols plus one adjacent identity-and-delegation framework. Five things, two categories. They ship. They will carry agent-initiated transactions in production through 2026 and 2027. The category they together define is agentic transaction infrastructure. It is a real category. It is not the category this piece is about.
Four things are missing. None are accidental. All four are required for a regulated transaction to clear an audit.
Disclosure. Every regulated regime requires the consumer to receive specific, regime-shaped information before being bound. SECCI for consumer credit. IPID for insurance. Suitability summary for MiFID II investment. On durable medium, in good time, in language the consumer can plausibly read. Digital delivery is permitted; non-delivery is not. The four payment protocols carry no disclosure surface. They authenticate the rail; they do not render information that a directive requires the consumer to receive before consenting.
Specific consent. Not blanket. Not nested in terms of service. Not bundled with a marketing opt-in. Under CCD2 Article 18, each fresh creditworthiness assessment implies a fresh consent object — this consumer, this assessment, this counterparty, this decision. AP2's mandate is forward-looking authorisation. It pre-authorises the agent across a scope. It does not — and does not claim to — capture the consumer's specific, fresh confirmation at the moment a regulated decision fires. That is a different artefact at a different time, and the directive cares about the difference.
Creditworthiness or suitability assessment. CCD2 Article 18 is explicit: the assessment must rest on relevant, sufficient, proportionate information, verified where necessary through independently verifiable documentation. Pure behavioural scoring is specifically insufficient. IDD demands its own suitability test. MiFID II demands its own. Each regime sets its own evidence standard, and each names the actor responsible. The four payment protocols perform none of these. They are correct not to — that is not their layer. But the layer above them is real, and it is empty.
The receipt. Not a transaction log. Not a server-side record an issuer can edit, lose, or fail to produce. A cryptographically signed, regulator-verifiable, third-party-reproducible artefact that proves the three bullets above happened in the correct order, at the correct time, for the correct consumer, by the correct agent, against the correct counterparty. Selectively disclosable, so a regulator can verify the claims they need without seeing the claims they do not. Outlasting the company that issued it. Outlasting the agent that triggered the transaction. Outlasting the protocol the rail used.
That layer has a working title. We call our shape of it KYARA — Know Your Agent Receipt Authority. The way KYC asks whether a human is who they say they are and may transact, KYARA asks an analogous set of questions about a software agent acting on behalf of a principal — and records the answers in a receipt anchored to a regulated trust chain. KYARA is not KYA-OS. KYA-OS is the open agent-identity protocol the agent rides on, governed by DIF. KYARA is the regulated trust-receipt architecture the evidence rides on, anchored to qualified trust services. The two are designed to compose: KYA-OS authenticates the agent at the protocol layer; KYARA records that the regulated transaction happened correctly, with consent and assessment intact, in a form a regulator can verify against eIDAS-grade trust chains.
KYC asks: is this human who they say they are, and may they transact? KYARA inherits the structure, then adds three questions that only apply because the actor is software.
Identity. Who operates this agent? Not the agent's own DID — the legal entity behind it. A registered service, a company, a person with a contract. An agent without an operator is an unattributed actor: you cannot serve process, you cannot enforce contract, you cannot recover damages, you cannot revoke trust. Identity in KYARA is operator identity. The agent itself is a tool the operator wields.
Provenance. What model, what version, what build? Reproducible, auditable, attestable. If the same agent identity behaves differently in two transactions, the counterparty needs to know whether the model changed, the prompt changed, the policy changed, or the data changed. Provenance is what makes that diff possible six months later when the consumer files a complaint and the regulator asks what happened.
Authority. What mandate does this agent hold from its principal? Scope, ceiling, expiry. Counterparties allowed. Categories allowed. Spend per transaction. Spend per period. The shape of authority is what separates the agent acted within mandate from the agent overran what the human authorised. Both look identical at the rail. They are not the same event.
Behavioural envelope. What is the agent allowed to do, and how is that enforced at the action point? Not at the prompt. Not at the policy document. Not at the marketing brochure. At the wire — at the moment the agent presents itself to a counterparty, the envelope is what the counterparty can verify, in real time, before honouring the action. The envelope is the operational surface of the mandate; the mandate is the legal surface of the envelope. They are paired.
The shape is the same as KYC twenty years ago: a question that did not exist becomes a question every regulated counterparty asks, and an infrastructure stack assembles around it. The primitives that answered KYC then — qualified trust services, eIDAS-grade identity, regulated wallets, multi-bureau orchestration — are the same primitives that answer KYARA now. The actor is different. The plumbing is not.
Most agentic transactions will never reach for an eID. The consumer is known to the counterparty, the channel is trusted, the receipt is what is missing. But the flows that do reach for eID — large-ticket credit, regulated investment, cross-border identity assurance — already have a rail. The qualified trust service providers that operate it have started signalling the next step: Namirial — IDCanopy's infrastructure partner — published MCP-direction product signal in early 2026 alongside the qualified-signature, ID Austria, SPID, and CIE infrastructure it already operates across regulated EU identity flows.
KYARA rides this stack. It does not replace it.
One signed cryptographic record per regulated transaction. Enough fields to reconstruct what happened from any audit angle without trusting the issuer's own database.
A KYARA receipt is the answer the four questions resolve into. One signed cryptographic record per regulated transaction, issued by IDCanopy, carrying enough fields to reconstruct what happened from any audit angle without trusting the issuer's own database.
What the receipt carries:
ccd2_credit, idd_insurance, mifid_suitability — extensible).A KYARA receipt is a digital certificate proving that a regulated transaction happened correctly. It is signed by IDCanopy, verifiable by anyone with the link, and contains pointers to all the underlying evidence — who the agent was, what the consumer agreed to, what assessment was performed, what the outcome was. It uses the same cryptographic family as the digital-signature certificates already in production for qualified electronic signatures, eIDs, and EU wallets, and anchors into the same qualified trust-service infrastructure. The receipt itself is an audit artefact, not a personal signature — the consumer's consent is captured separately, typically via eID, with transactional re-consent for repeat actions. What the receipt inherits from this stack is a verifiable trust chain, not a vendor-only database. It does not store consumer data; it stores proofs that auditors can check without ever seeing the data itself.
Each field is a citation in the audit narrative the receipt tells. The full set is structured the way a Verifiable Credential is — a W3C standard already in production for KYC, qualified electronic signatures, and EUDI Wallet pilots. KYARA reuses the format. It does not invent a parallel one.
Three claims hang on the receipt being the primitive, not the verification:
Anyone with the URL can verify. Receipt verification is a public endpoint. Regulators bookmark it. Consumer wallets call it natively. Counterparties cache the result. The verification is not a service one company operates; it is a property of the artefact.
The receipt outlives the issuer. The signature chain anchors to qualified trust-service infrastructure and the W3C Verifiable Credentials ecosystem, not to any single vendor relationship. A receipt issued today is cryptographically valid tomorrow regardless of which companies are still in business.
The receipt is portable across protocols. AP2 can carry the URN in mandate metadata. Agent Pay and TAP can embed it in transaction tags. ACP can attach it to a Stripe PaymentIntent. The four payment protocols disagree on much; the receipt format is one of the few things they can converge on without anyone giving up territory.
This is what makes "regulated trust layer for agentic commerce" a concrete claim and not a slogan. The cryptographic primitives, the qualified-trust-service infrastructure, the W3C Verifiable Credentials format, and the protocol stack underneath — all of these exist in production today. The receipt format and the operator registry that bind them into a coherent regulated layer are what IDCanopy is building. Without that binding, the layer does not exist.
The agentic-commerce stack ships through forcing functions. CCD2 is the first. The application date is 20 November 2026. It is not a soft target.
The Consumer Credit Directive recast — Directive (EU) 2023/2225 — applies on 20 November 2026 [Art. 48]. The application date is locked. National transpositions arrive on staggered timetables: France in September 2025, Germany on 17 April 2026, Austria and Italy drafting through Q2 and Q3, Spain and the Benelux in consultation. The asymmetry between a single locked deadline and fourteen national rulebooks is itself the buying trigger. A creditor or merchant carrying products into multiple markets cannot wait for clarity; the first market that enforces is the first market that levies penalties.
CCD2 is the directive that closes the buy-now-pay-later carve-out CCD1 left open. Pay-in-3, Pay-in-4, 6-, 12-, and 24-month plans — all in scope. Consumer credit €200 to €100,000, up from CCD1's €75,000 ceiling. Revolving credit, credit cards with deferred-payment features, overdrafts, peer-to-peer consumer lending, crowdfunding credit. Consumer leasing with a purchase option or acquisition obligation. The "large online supplier, no-interest, no-fee credit" CCD1 carve-out is materially narrowed [Art. 2]. Every product in that list reaches 20 November 2026 carrying the same compliance envelope.
What the directive demands is what the four payment protocols cannot supply.
Article 18 — creditworthiness assessment. The assessment must rest on relevant, sufficient, and proportionate information, verified where necessary through independently verifiable documentation. Pure behavioural scoring is specifically insufficient. A creditor that grants credit on a thin file the consumer plausibly cannot repay is exposed, under Article 18(6) read with national transposition, to supervisory penalties, consumer remedies, and challenges to the enforceability of the credit agreement. The precise shape of those consequences — whether a contract becomes voidable, whether interest can be reclaimed, the size of the supervisory penalty band — depends on each member-state's transposition. The exposure is uniform across the EU; the remedy is jurisdictional.
Articles 10–12 — pre-contractual disclosure. SECCI on durable medium, sufficiently in advance, with adequate explanation. Digital delivery is permitted; non-delivery is a separate violation surface from the substantive lending breach.
Article 18 read with GDPR — specific consent. Specific consent for the creditworthiness assessment — not a blanket clause, not bundled with marketing. Each fresh assessment implies a fresh consent object, specific to subject, purpose, scope, and retention. The consumer retains the right to know what was accessed and to contest.
Articles 37–46, with Directive 2020/1828 — supervisory exposure. BaFin, FMA, ACPR, Banca d'Italia gain supervisory powers tuned for CCD2. BaFin precedent under CCD1 already sits in the €250k–€5M band for material violations; nobody expects CCD2 enforcement to be lighter. CCD2 breaches are representative-action-eligible under 2020/1828 — a private-litigation surface most BNPL legal teams remain underweight on.
There is also a wallet problem. CCD2 demands the consumer be identified, the consent be specific, the assessment be bound to a verifiable consumer identity. The European Digital Identity Wallet — the regime's long-run answer — does not reach mass availability by 20 November 2026. Germany launches its EUDI wallet in production on 2 January 2027; other member states pilot through 2026 and 2027. A creditor that ships its CCD2 envelope only when EUDI is universal misses two years of the regime. The interim primitive is PoPEye — Point-Of-Purchase Evidence-Yielding Engine — a wallet-independent way to anchor consumer identity at the moment of purchase, scope the consent specifically, and pipe both into the KYA receipt as verifiable evidence the assessment binds to. PoPEye is wallet-additive: when EUDI matures, PoPEye yields the surface. Until then, the regime ships anyway.
A creditor reaching 20 November 2026 without a working consent + assessment + receipt envelope — agent-side and consumer-side — is reaching the deadline without a defence. That is why the layer ships first under CCD2.
The CCD2 implementation is reusable. The same primitives — mandate, regime template, evidence routing, human-in-the-loop gate, receipt — apply to the Insurance Distribution Directive, to MiFID II suitability, to the agent-mandate framework expected under PSD3, to the Financial Data Access framework (FIDA), to Article 50 deployer obligations under the EU AI Act. Each new regime adds a template, a regime-specific decision adapter, a regime-tagged receipt. None requires architectural change. The forcing function for one regime builds the layer that serves the next five.
What CCD2 demands is what every regulated regime will demand, with different paperwork. KYARA is the layer that does not rotate.
Anyone can spin up an agent. Not anyone can transact through a regulated layer. The gate is the registry. The anchor is Namirial. The pattern is the one the internet already trusts.
The registry. Anyone can spin up an agent. Not anyone can transact through a regulated layer. The registry is KYB-grade verification of the legal entity that operates the agent: registered company, declared agent inventory (model, version, capabilities, hosting, key custodian), Code of Conduct binding the operator to behavioural commitments — mandate revocation honoured within five minutes, no dark-pattern delegation, incident reporting — Liability Acceptance, and an issued Operator DID with an Agent Issuer Certificate. Counterparties — banks, BNPL creditors, insurers, investment platforms — can refuse any agent whose operator is not registered or in good standing. The registry is the gate.
The certificate authority. The architecture is the familiar Certificate Authority pattern. A TLS certificate proves a server is what it claims to be; the chain anchors to a root the browser trusts; the browser does not need to trust each individual server, only the chain. KYA repeats the pattern for agents. IDCanopy operates the operator registry — the agent-side gate, KYB rules, declared inventory, accreditation lifecycle. The Certificate Authority function itself — the qualified-signature root, the cryptographic anchor every counterparty traces back to, the regulated trust authority — sits with Namirial, the qualified trust-service provider whose existing institutional stack the chain attaches to. Counterparties verify the chain, not any single intermediary. The architecture is familiar; that is what makes the layer adoptable, and what makes its trust posture institutional rather than vendor-bound.
The trust anchor. The chain has to anchor somewhere a regulator already trusts, and the answer is qualified trust-service providers under eIDAS. Namirial — eIDAS-certified, qualified trust-service provider with native coverage across the European regulated identity stack — anchors the cryptographic chain underneath the KYA layer. Receipts and operator certificates ride on signing infrastructure that traces, by an unbroken chain, to a QTSP root the European regulatory framework has already certified. Interoperability with national rails — ID Austria, SPID, CIE, FranceConnect+ on the horizon — is an asset of the stack, not a constraint on it. This is what makes "the receipt outlives the issuer" not a marketing claim but a property of the cryptographic architecture.
The network effect. Two-sided. Once a few dozen operators are registered with IDCanopy, counterparties accept IDCanopy receipts as a baseline trust signal — if it carries an IDCanopy chain, it has cleared the operator gate. Once counterparties accept the receipt as baseline, operators have a strong reason to register specifically with IDCanopy. The flywheel resists displacement once both sides exist. This is the same dynamic the human-KYC orchestration layer went through ten years ago; the operators who own the gate then are still operating it now.
The window. Twelve to eighteen months. The KYARA gap was named publicly across 2025 and early 2026 as the four payment protocols and KYA-OS shipped without it. Sumsub, Trulioo, and Signicat have positioned around adjacent surfaces — generic agentic-commerce identity (Sumsub, Trulioo), EU eID (Signicat). DIF KYA-OS owns the open agent-identity protocol and is not in the regulated-receipt-authority business. None of them has assembled the operator registry, the receipt format, and the qualified trust anchor underneath in one shipping regulated product. The first vendor that does sets the integration baseline: counterparties standardise on the receipt format they already accept, operators register where their counterparties already accept it, the qualified trust anchor underneath creates procurement comfort, and the schema embeds into transaction and audit workflows. After that, switching costs shift from technical to compliance and process — the kind that compound rather than reverse.
The KYARA primitives — mandate, consent envelope, evidence routing, signed receipt — describe more than agentic commerce. They describe any regulated multi-party data flow that needs proof of consent, scope, and outcome. The European data spaces initiative under the European Data Strategy — Gaia-X, the European Health Data Space, the Common European Mobility Data Space, agricultural and industrial data spaces — has the same shape. Cross-border data interchange in tourism, supply-chain provenance, public-administration data sharing, scientific research collaboration — same shape. None of these is KYARA's market today. All of them describe regulated environments where a cryptographic receipt of consent and outcome solves a real problem the architecture already covers. The layer that ships first under CCD2 is the layer that, on a longer horizon, has a path to becoming infrastructure for regulated data exchange in the broader sense. We name it here once because the architecture supports it. We do not make it the centre of the claim, and we do not sell what is not yet built.
The CCD2 deadline is what forces the registry, the certificate authority, and the trust anchor into production by November. Everything after CCD2 is built on what gets shipped before November.
The four protocols shipped without a receipt. KYA-OS shipped the open agent-identity standard underneath. That is what exists. The question is who patches the gap and on whose terms.
The four payment protocols shipped without a receipt. KYA-OS shipped the open agent-identity protocol underneath them. That is what exists.
What does not exist is the layer that binds them to a regulated trust chain — the receipt a regulator can audit, a court can enter into evidence, a counterparty can verify when something goes wrong. That is the bug.
It will be patched. The question is who patches it and on whose terms.
20 November 2026 is the application date of CCD2. It is not a soft target. It is the date on which a directive that closes the BNPL hole and forces every regulated credit decision in fourteen jurisdictions through the same compliance envelope becomes enforceable across the European Union. Wallets are not ready. Standards bodies are converging but not converged. The four payment protocols do not converge — they compete. KYA-OS sits below them as an open protocol, not a regulated trust authority. Inside that gap, the regime ships anyway.
The layer has a working title. KYARA — Know Your Agent Receipt Authority. The four questions it answers — operator identity, provenance, authority, behavioural envelope — are answerable today, not in five years. The receipt format is a Verifiable Credential, a W3C standard already in production for KYC, qualified electronic signatures, and EUDI Wallet pilots. The signature chain anchors to qualified trust-service infrastructure operated by Namirial, IDCanopy's infrastructure partner — eIDAS-certified, regulated, in production across the EU identity market today. The protocol layer underneath — KYA-OS — has its open standard at DIF. The cryptographic primitives, the QTSP infrastructure, the receipt format — all of these exist. The regulated trust-receipt architecture above them, with the operator registry that binds them, does not exist yet.
That is what IDCanopy is building.
Whoever ships the operator registry, the certificate authority, and the receipt format first by 20 November 2026 sets the integration baseline every counterparty subsequently verifies against. The architecture is not theoretical — the directive demands it; the deadline forces it into production. The first to operate the chain becomes the default integration target: the trust anchor counterparties standardise on, the registry operators join because their counterparties already accept it, the schema regulators recognise as audit-shaped. Not a monopoly — a flywheel that compounds across the regime's lifecycle rather than across a quarter or a year.
The protocols shipped without the receipt.
That is the bug.
This is the patch.
A short pointer block for this private read. Citations are illustrative, not exhaustive — primary sources available on request.
agentic-commerce-protocol/agentic-commerce-protocol, 29 September 2025.developer.visa.com, 14 October 2025.blog.identity.foundation/kya-os/.