The Agentic Economy's Governance Gap

AI agents are becoming economic actors faster than the identity, authorization and settlement layer beneath them. For a board, AI strategy and financial-infrastructure strategy are no longer two budgets in two rooms. They are one decision. This is a read on the gap, as of June 2026.

Most enterprise AI is still funded as a productivity story. The pitch is faster code, faster research, faster service. That framing holds until the moment an agent can move money. At that moment the agent stops being a tool and becomes a counterparty. It transacts, it commits the firm, and it does so at machine speed and machine volume.

The capability arrived first. The governance did not. Across 2025 and into 2026, the rails that let agents pay each other matured at the pace of the technology sector, while the controls that decide who authorizes those payments, on whose books they settle, and how they are unwound moved at the pace of risk and audit committees. That distance is the agentic economy's governance gap.

We see it most clearly in the boardroom. An AI initiative is approved as an operating-efficiency program. Somewhere inside it sits an agent with payment capability. The board has, in effect, approved a financial-infrastructure strategy it has not yet named, priced or governed.

The Standards Landscape Moved Into Neutral Hands

The reason this is now a board-level question, and not a research-lab curiosity, is that the connective tissue for agent commerce has been formalized under neutral, foundation-level governance rather than left to a single vendor.

Google launched the Agent2Agent (A2A) protocol in April 2025 as an open way for AI agents from different vendors to discover one another and coordinate work. In June 2025 it announced the donation of A2A to the Linux Foundation, placing the standard under neutral stewardship rather than corporate control. By the protocol's one-year mark on April 9, 2026, the Linux Foundation reported more than 150 supporting organizations, up from more than 50 a year earlier, and native integration into three major cloud platforms: Microsoft (Azure AI Foundry and Copilot Studio), Amazon Web Services (Amazon Bedrock AgentCore) and Google Cloud.

Communication is one layer. Payment is another. In September 2025, Google announced the Agent Payments Protocol (AP2) with more than 60 partners spanning payments and technology, including Mastercard, American Express, PayPal, Coinbase, Adyen, Worldpay, JCB and UnionPay International. AP2 is notable less for who signed it than for what it standardizes. It builds trust through cryptographically signed Mandates, carried as W3C Verifiable Credentials, that record a user's intent and the exact terms of a transaction. It is payment-method agnostic, treating stablecoins and real-time bank transfers as first-class alongside cards.

A third effort completes the picture. The x402 protocol, originally built by Coinbase, Cloudflare and Stripe, was placed under the Linux Foundation through a dedicated x402 Foundation announced on April 2, 2026, with backing that now includes AWS, Google, Microsoft, Visa, Mastercard and Circle. It revives the long-dormant HTTP 402 status code so that an API endpoint can quote a price and an agent can pay it without a human in the loop.

Read together, these are not three competing apps. They are the beginnings of an agent payment stack: identity and coordination, signed authorization, and native settlement. The autonomous agent as counterparty is no longer hypothetical.

Why This Is a Financial Decision, Not an IT One

The instinct in many firms is to route all of this to the technology function. That instinct is half right and structurally incomplete.

The technology function can stand up an agent, connect it to a model, and wire it to one of these protocols. What it cannot do alone is answer the questions a financial institution would ask of any new counterparty with spending authority. Who is liable when an agent transacts in error. Whose balance sheet absorbs a settlement that should not have happened. What the audit trail looks like when a regulator or a counterparty disputes a payment a machine initiated.

These are treasury, risk, audit and board questions. They are the same questions a firm asks before granting a new employee a corporate card or a new vendor net-30 terms, asked of a participant that operates without fatigue, at scale, and without an intuitive sense of when something is wrong.

This is why we treat AI strategy and financial-infrastructure strategy as a single board-level decision. The AI budget that funds an agent with payment capability is, in part, a financial-infrastructure budget. Splitting them across two committees produces a predictable failure: capability is approved in one room while the governance that should constrain it is debated, if at all, in another.

Four Readiness Principles

The useful response is not to slow the technology. It is to set a readiness bar that any agent must clear before it touches company money, and to make that bar explicit before capability scales. Four principles define it. None of them is about how intelligent the model is.

1. Verifiable identity. An agent must be able to prove who it is and on whose behalf it acts, using a verifiable credential rather than a shared key or a copied token. Shared secrets do not survive scale: they cannot be cleanly revoked, attributed, or audited. The standards now forming, with their signed credentials and mandates, point in this direction. The institutional test is whether your firm can say, with cryptographic certainty, which agent did a thing and under whose authority.

2. Authorization limits enforced in real time. A spending limit written in a policy deck is not a control. It is a hope. The limit has to be enforced at the moment of the transaction, by the rails, not reconstructed afterward from logs. The relevant question is whether an agent that tries to exceed its mandate is stopped before settlement, not flagged after it.

3. A reconstructable audit trail. When a transaction is questioned, the firm must be able to replay it step by step: what the agent was asked to do, what it decided, what it was authorized to do, and what it actually did. Signed mandates make this tractable in principle. The institutional bar is higher than retention of logs. It is whether the record would satisfy an auditor or stand up in a dispute.

4. Settlement finality. A payment that appears complete but can reverse days later onto your balance sheet is a liability disguised as a transaction. Finality is the difference between a settled position and an open one. Boards should know, for any agent-initiated payment, whether and when it becomes irreversible, and who carries the exposure in the window before it does.

These four principles are deliberately rail-agnostic. They hold whether an agent settles on cards, on bank rails, or on stablecoin infrastructure. They are the questions, not the answers. The answers depend on a firm's specific stack, counterparties and risk appetite, and they are where independent diligence earns its place.

The Questions a Board Should Be Asking

Translated into the language of an investment or risk committee, the readiness bar becomes a short list of questions worth putting on an agenda before the next AI capability ships.

Who authorizes what an agent can settle, and is that authority encoded in the rails or only in a document. On whose infrastructure does the agent transact, and have we evaluated that infrastructure as we would any other financial counterparty. Can we prove, after the fact, exactly who authorized any given action. And can we unwind a transaction if the agent was wrong, or are we relying on finality cutting against us.

A board that can answer these confidently has governed its agentic strategy. A board that cannot has funded one without governing it. The gap between those two states is not technical sophistication. It is whether the firm treated the decision as financial infrastructure from the start.

The Institutional Risk Lens

The pattern beneath all of this is familiar to anyone who has watched financial infrastructure evolve. Capability tends to outrun control, and the cost of the gap is paid not when the technology is adopted but when something goes wrong inside it. The institutions that fared best in prior cycles were not the fastest adopters or the most cautious abstainers. They were the ones that adopted with the control layer specified in advance.

The agentic economy is following the same arc, compressed in time. The rails are consolidating under neutral governance, which is constructive: standards held by foundations rather than single vendors reduce lock-in and concentration risk. But neutral rails do not absorb a firm's liability. They standardize the plumbing. The governance of what flows through it remains the firm's own responsibility, and increasingly the board's.

For boards, CFOs, CIOs and treasurers, the practical implication is one of sequencing and ownership, not of speed. The decision to deploy agents that can transact belongs in the same conversation as the decision about the infrastructure beneath them, with one owner accountable for both. Two budgets in two rooms is how the gap opens.