The Protocol Wars: How Competing Agentic AI Payment Standards Will Shape B2B Cross-Border Transactions

Agentic B2B Payments Are Here — But the Battle Over Protocols Will Decide Who Wins

The shift from human-initiated to agent-initiated B2B transactions is no longer theoretical. McKinsey's QuantumBlack projects that agentic commerce will orchestrate $3–5 trillion globally by 2030. AI agents are already filing invoices, negotiating quotes, routing cross-border payments, and paying per-API-call fees to other machines autonomously, at speed, and largely without human sign-off at each step.

The real battle is not about AI capability. It is about the protocol stack beneath it including the standards that govern how agents identify themselves, prove their authority, execute payments, and create audit trails. Whoever shapes these protocols will influence transaction routing, data access, risk controls, and the economics of agent-driven commerce for the next decade. The rules are being written right now, and most businesses are not at the table.

The Combatants: A Field Guide to the Major Protocols

The protocol landscape is best understood as three distinct layers, each solving a different problem. Conflating them is the most common strategic mistake.

1. The Commerce Layer — how agents discover and transact with merchants

Two protocols are competing for dominance here. OpenAI and Stripe's Agentic Commerce Protocol (ACP), live since September 2025 within ChatGPT, was built for conversational product discovery and transaction flows within AI-native environments. Google's Universal Commerce Protocol (UCP), announced January 2026 and backed by Walmart, Target, Shopify, and 20+ partners, provides a broader common language through which agents can discover and interact with merchant capabilities across different commerce environments — coming to Google Search AI Mode and Gemini. ACP initially optimised for depth within a single AI environment; UCP optimises for breadth across many.

2. The Authorisation Layer — how agents prove identity and authority

This layer addresses four distinct trust problems that are complementary, not competing.

• Identity: Who is this agent and who does it represent?

• Authentication: Can it prove it is who it claims?

• Authorisation: Is it permitted to perform this specific action?

• Auditability: Can every action be traced and held accountable?

Three protocols each solve a different part: Cloudflare's Web Bot Auth (developed with Microsoft, Shopify, Adyen, and Worldpay, and adopted by both Visa and Mastercard) provides infrastructure-level authentication, distinguishing legitimate agents from malicious bots at the network layer.

Visa's Trusted Agent Protocol (TAP), launched October 2025 with Cloudflare, signs agent identity into HTTP request headers verified against Visa's agent directory — solving identity and authentication. Google's AP2 introduces cryptographically signed mandates that travel from intent through cart to settlement — solving authorisation and auditability. A payment passing through all three layers is legitimate, verified, mandate-compliant, and fully auditable.

3. The Machine-to-Machine Layer: How agents pay each other

Stripe and Tempo's Machine Payments Protocol (MPP), with Visa as a design partner, is built specifically for agent-to-agent payments (primarily agents paying per-API-call fees autonomously). The Coinbase-led x402 protocol targets sub-cent machine-speed transactions and processed roughly 165 million agent transactions in its first months. Stablecoins are the natural rail here, programmable, 24/7, and low-cost, but a universally adopted standard does not yet exist.

Why B2B Is the Real Battleground

B2C gets the headlines. B2B is where volume and margin live.

B2B payment flows carry challenges that consumer protocols were never designed to handle: complex approval chains, purchase order matching, multi-party authorisation, and cross-border regulatory compliance. Forrester predicts that 20% of B2B sellers will face agent-led quote negotiations by end of 2026. Manufacturers, distributors, and wholesalers are already beginning with specific use cases — automated reordering and invoice approval — before broader adoption follows.

The deeper challenge is ERP integration. Protocols must connect to SAP, Oracle, and NetSuite, not just browser-based checkouts. Business use cases are already emerging: autonomous procurement via Google Cloud Marketplace, automatic software licence scaling, and agent-driven corporate bill pay. The infrastructure for these use cases is being assembled now and the protocols embedded in it will be difficult to displace once entrenched.

The Identity Problem: The Crux of Every Protocol War

At the heart of every protocol competition is a single unsolved problem: how does a merchant, a bank, or a payment network know that an AI agent has the authority to do what it is attempting to do?

In consumer payments, authorisation is largely binary, permitted or not. In B2B, authorisation is a structured permission matrix. A complete B2B agent mandate must specify the legal entity the agent represents, the permitted suppliers it can pay, the transaction types it can initiate, per-transaction and cumulative spend limits, the time period within which the mandate is valid, approval tiers for different transaction values, geographic restrictions on corridors and currencies, and human confirmation triggers for unusual counterparties or threshold breaches.

The protocols handle delegated authority differently. AP2's mandate system enables pre-authorised delegation with a cryptographic chain of custody. Mastercard's Agentic Tokens are scoped per agent and per session. TAP attests identity at the HTTP header level. None yet provides a complete solution for the full B2B permission matrix — which is precisely why the identity layer remains the crux of the protocol war.

The fraud surface unique to B2B compounds the stakes: invoice manipulation, vendor impersonation, and rogue agent overspends are not theoretical risks. By 2026, leading organisations are expected to standardise on transparent consent flows, granular permissions, agent action logs, secure payment authorisations, override mechanisms, and policy-driven guardrails — but the protocol that encodes and enforces this matrix most effectively will define the B2B trust standard.

The Interoperability Question — Standards or Silos?

History offers useful precedent. VHS versus Betamax. TCP/IP versus proprietary networks. EMV versus magnetic stripe. Protocol wars rarely end with one standard eliminating all others. They resolve into layered architectures where different standards handle different functions.

The likely outcome here is similar: a layered architecture in which ACP or UCP handles commerce discovery, Web Bot Auth and TAP handle authentication and identity, AP2 handles authorisation and auditability, and MPP or x402 handles machine-to-machine settlement. Google's AP2 team has committed to evolving the protocol through an open, collaborative process including standards bodies. This is a signal that interoperability, not dominance, is the end state being designed toward.

The OpenAI Instant Checkout scaling back in early 2026 reinforces this lesson. The initiative did not fail because the execution was wrong. It failed because frictionless agentic checkout requires a trust layer that was not yet in place. OpenAI's commerce strategy has since refocused on product discovery and ChatGPT-native shopping, confirming a principle that applies across the protocol landscape: execution capability deployed ahead of trust infrastructure fails not because of what it is, but because of what has not been built yet beneath it. Winning in this landscape does not mean eliminating competitors — it means becoming the default trust anchor within a layered system.

Strategic Implications for B2B Businesses

• For procurement teams: the time to define agent spend policies is before agents are executing transactions autonomously, not after. Mandate which protocols vendors must support in contracts. Map agent authorisation requirements to existing approval workflows before deployment. Build audit and compliance frameworks for autonomous agent transactions now as regulators will not wait.

• For finance and revenue operations: the risk of being invisible to agents that cannot parse your catalogue is real and growing. Prioritise the authorisation layer over the commerce layer as an agent that can find you but cannot verify it is permitted to pay you creates liability, not opportunity. B2B payment flows represent a wide-open opportunity precisely because the standards race is not yet won.

• For platform builders e. ERP, procurement software, AP/AR vendors: the race to embed protocol support natively has already begun. Stripe and Salesforce have committed to implementing Google's UCP. The first-mover advantage lies in becoming the protocol translator for legacy systems, such as the middleware layer that connects existing enterprise infrastructure to the emerging agentic payment stack.

The Protocol Layer Is the Power Layer

AI agents are coming regardless of which protocols win. The question is who sets the rules of engagement and who captures the margin that flows through the infrastructure those rules govern.

B2B commerce leaders who treat protocol selection as a technical footnote are making a strategic mistake. The companies that help businesses navigate this transition, including vendors, platform builders, payment infrastructure providers, will capture disproportionate value in a B2B commerce landscape that is being rebuilt, protocol by protocol, right now.

To get started and partner with a solutions provider that can help your business optimise payments and help you scale both locally and globally, open a SUNRATE account today or contact our sales team.