The headline is dry enough to skip. In late April, Google released version 0.2 of the Agent Payments Protocol and donated the whole thing to the FIDO Alliance for community governance, with a contributor list that reads like a payments-industry seating chart: Mastercard, PayPal, American Express, Coinbase, Adyen, Worldpay, Revolut, JCB, UnionPay. Sixty-plus organizations agreeing on a spec. The kind of news that gets a nod and a scroll.

It deserves more than that, because of what the design quietly admits. For two years the question about agent commerce was framed as can we let a bot pay? — as if the obstacle were the money moving. It never was. Cards have moved money for autonomous systems for decades; your Netflix subscription renews without a human present and no one calls it a breakthrough. The actual hard problem only shows up after the spend, and AP2 is engineered around it with unusual honesty.

Three signatures, in order

AP2's core is not a payment rail. It's a chain of evidence built from three signed objects the protocol calls mandates, each carried as a verifiable credential:

Read in order, they are not a checkout flow. They are a deposition taken in advance. Each mandate is a tamper-evident statement of who agreed to what, when — assembled and signed before the transaction clears, so that when something goes wrong there is already a cryptographic record of exactly how much latitude the human gave and how far the agent strayed from it.

The protocol's real output isn't a payment. It's an admissible answer to "who said you could buy that?"

That's why the receipt comes first. In normal commerce the receipt documents a thing you chose to do. In agent commerce the human wasn't watching the screen, so the consent has to be captured up front and frozen, or it can't be reconstructed at all. AP2 inverts the usual sequence: it manufactures the proof of authorization as the opening move, because the authorization is the only part a court, an issuer, or a chargeback system will ever care about.

The tell is "Human Not Present"

If you want the thesis in one feature, look at what v0.2 added: a Human Not Present mode, for agents executing pre-authorized purchases while you're asleep, and Verifiable Intent — a tamper-proof log of user-authorized agent actions, co-developed with Mastercard and donated to FIDO alongside the protocol.

A whole sub-spec, built by a card network, whose entire job is to log intent in a way that survives a dispute. Card networks do not spend engineering quarters on philosophy. They spend them on liability. "Human Not Present" is payments-speak for the exact scenario where, today, the merchant or the issuer eats the loss because no one can prove the cardholder agreed. AP2 exists to move that loss to wherever the signed mandates say it belongs.

This reframes the whole project. Agent commerce isn't blocked on capability — the agents can already browse, compare, and check out. It's blocked on accountability: in a world where a model buys the wrong flight, ships to the wrong address, or gets prompt-injected into ordering forty laptops, somebody has to be holdable to the consequence. You cannot scale a payment type where every disputed charge is an unanswerable he-said-she-said between a consumer, a merchant, and a stochastic process. AP2 is the industry building the paper trail that makes the disputes resolvable, and therefore makes the volume insurable, and therefore allowed.

Why give it away

Which explains the part that looks like generosity. Google didn't open-source AP2 because standards bodies are nice. It handed governance to FIDO because no single company wants to own the trust layer for autonomous spending. Owning that spec means owning the question of who's liable when it fails — and that is precisely the hot potato everyone in the contributor list would rather hold jointly than alone. A neutral alliance diffuses the blame the same way it diffuses the governance. The donation is the liability getting distributed before the lawsuits are.

For builders, the practical read is short. If you're wiring an agent to spend money, the part that will matter in production is not the checkout call — it's whether you can produce, on demand, a signed record of what the user actually authorized. Treat the mandate chain as the real product surface. The payment is the easy part; it was always the easy part. What's being standardized this year is the receipt you'll need when the agent buys the wrong thing — and it does, eventually, buy the wrong thing.