There's an interesting asymmetry emerging in how agentic payments are being built, and it's worth understanding what it says about the system.
The authorization layer is converging. The resolution layer is not.
AP2 built out Cart, Intent, and Payment Mandates as machine-readable attestations of delegated intent. Visa is working on agent verification and signed intent validation. Mastercard published Verifiable Intent. OpenAI and Stripe are both building delegated payment specs that scope permissions at the PSP level.
There is real coordination happening around what a signed authorization object should look like, which means the schema itself is becoming portable. That is meaningful progress.
Diagram: Authorization can travel as a clean portable artifact across the stack, while resolution still breaks into separate institutional decision points.
That part of the stack is increasingly legible. A signed mandate can express what the user delegated, under what constraints, and to which actor. It can travel across agent, merchant, PSP, and issuer contexts without having to reinvent consent every time.
Proving that someone authorized something is mathematically tractable. That is why the authorization layer is the part standardizing first.
When a transaction actually needs to clear through the rail, you run into merchant acceptance criteria, fraud detection, issuer authorization, challenge flows, refunds, chargebacks, fulfillment disputes, and final settlement. These are all distinct problems with different risk surfaces and different stakeholders.
A signed mandate can attest that a user authorized an agent under specific constraints. It cannot eliminate SKU ambiguity, account takeover risk, or disagreement over what happens when authorization was valid but execution failed anyway. Those are institutional problems, not clean cryptographic ones.
What makes this interesting is that it is probably not a flaw in the design. It may just be the nature of the problem. Deciding who bears the cost when execution fails is an economic and legal question. That operates on a different timescale and a different logic than proving consent.
Historically, consent happened at the checkout surface, with the user present and aware. Now consent can be committed upstream as an attested object and carried downstream through the execution path.
That gives the stack better auditability and more precise scope control over what an agent is permitted to do. It does not mean every downstream actor has to accept the mandate automatically.
AP2 even allows merchants to reject an Intent Mandate if it seems too loose and bring the user back into the session. The system is not saying, "trust this mandate completely." It is saying, "here is verifiable evidence of what the user authorized, and you can use that to make your own decision about whether to accept it."
That is probably the right design. Each actor in the flow has its own risk profile and policy constraints. The merchant needs to know whether fulfillment is feasible. The issuer needs to know whether the transaction falls within fraud thresholds. The network needs to know whether the transaction conforms to its rules.
A portable authorization artifact does not eliminate those concerns. It gives each actor better visibility into what the user actually consented to.
I suspect the market structure will reflect that asymmetry. Authorization will continue to standardize because it is a well-defined problem with clear incentives to align. Resolution will remain fragmented because institutions have different liability models and different risk appetites.
That does not mean the system breaks. It means the interesting competition happens at the boundaries where authorization meets policy: credential issuance, registry membership, merchant acceptance criteria, issuer thresholds for what kind of signed intent they will honor, challenge routing, and how networks interpret the same mandate.
The upgrade in agentic payments is real. Users can delegate more precisely. Agents have more legible permission boundaries. The stack has better evidence about what was actually authorized.
But we should probably expect the resolution layer to stay institutional for quite a while, and that is fine. The goal was never to remove trust from the system. The goal is to make trust more explicit and more verifiable.