Digital commerce enters a new phase. PayPal and Google Cloud have announced a joint solution that allows merchants to deploy “agentic commerce” experiences within their own channels: conversational assistants capable of guiding customers from product discovery to checkout, with verifiable transactions based on open standards. This proposal combines Google Cloud’s Conversational Commerce Agent—or custom agents built with their Agent Development Kit (ADK)— with payments managed by the PayPal Agent via AP2 (Agent Payments Protocol), a new open layer of payments built on A2A (Agent2Agent) and MCP (Model Context Protocol).
The goal is clear: to provide merchants with a quick way to adopt fully integrated conversational shopping—without losing control of customer relationships and maintaining authority over tone, branding, and user journey. For buyers, the promise is a seamless, personalized, and secure experience where the assistant understands complex requests, suggests relevant products, completes the purchase within an embedded checkout, offers payment method recommendations, and even presents “buy now, pay later” options when applicable.
How it works: two agents collaborating within the same purchase scenario
In this new framework, merchants can choose to adopt Google Cloud’s conversational agent or develop their own agent using ADK. This commerce agent acts as a digital salesperson: engaging naturally, understanding complex inquiries, filtering catalogs, and answering questions about sizes, compatibility, or return policies. When the customer moves toward purchase decision, the merchant’s agent coordinates with the PayPal Agent via the A2A protocol to incorporate context—such as purchase history with user consent—and refine recommendations.
At checkout time, AP2 comes into play. Rather than just API calls, AP2 establishes a shared, secure language between agents to initiate and authorize payments with verifiable proofs of user intent. The checkout occurs within the same conversational interface: the PayPal Agent offers suitable payment methods, checks installment eligibility if relevant, and with the customer’s consent, authenticates and approves the transaction within a trusted environment. Agent coordination is transparent to the customer; for merchants, it means less friction and higher conversion rates.
AP2 in detail: from “inferences” to cryptographic proof of intent
AP2 emerges as an open, payment-method agnostic protocol designed by Google in collaboration with a broad consortium of payment and tech companies. Its aim is to overcome a key challenge for AI agents acting on behalf of users: how to reliably trust that a purchase command is authentic, authorized, and non-repudiable.
AP2’s solution rests on two key components:
- Mandates: immutable digital contracts, cryptographically signed, that prove user intent. Instead of inferring that the user wanted to buy, the system provides deterministic evidence linking identity, context, and transaction.
- Verifiable Digital Credentials (VDCs): mandates are signed with VDCs, creating a non-repudiable audit trail and clarifying each party’s responsibility (user, merchant, payment network).
AP2 defines, among others, two illustrative mandates:
- Cart Mandate: the basic credential issued when the user is present. Generated by the merchant and signed by the user—typically via their device—linking the authorization to a specific purchase.
- Payment Mandate: a separate credential shared with the payment network and issuer to document the agentic nature of the transaction and its mode (“Human Present” vs. “Not Present”). It provides signals for risk assessment and trust-building.
The practical outcome is a paradigm shift: from inferencing (system “believes” the user wanted to pay) to proof (system “demonstrates” user consent). This reduces agent error risk, improves dispute resolution, and clarifies accountability among merchant, network, and issuer. With a PayPal Agent compatible with AP2, merchants can be assured that the user was present and signed the operation, while payment networks gain additional signals to evaluate the transaction.
A2A + MCP: complementary standards enabling agent collaboration
The technical framework is rounded out with A2A (Agent2Agent) and MCP. MCP focuses on providing secure access to tools and context for an agent, while A2A allows agents from different organizations—such as the merchant and payments—to communicate, cooperate, and delegate tasks. AP2 builds on these standards with a common language for payments: defining how an agent initiates a charge, how it’s authorized, what evidence is stored, and who bears responsibility.
This approach has significant practical implications. Merchants can keep their “front-facing” agent, matching their brand tone and business logic, and connect it on demand to a PayPal Agent for payments without reinventing security, compliance, and fraud prevention measures. Looking ahead, open standards aim for interoperability: the same mandates and credentials should work across various payment methods and networks, not just PayPal.
Customer trust as a core focus: control, risk, and fraud
The advent of agents capable of acting on behalf of users in purchasing raises concerns about misunderstandings, misuse, or fraud if not carefully designed. Google Cloud and PayPal highlight this concern at the core of their announcement. With signed mandates, VDCs, and an immutable audit trail, the system encourages thorough documentation at every step. The Humans Present / Not Present distinction along with signals of agent intervention enable networks and issuers to adjust risk controls dynamically.
The architecture also reinforces granular consent: the merchant’s agent can provide context (like prior purchases) only with user permission, and payment authorization is limited to a specific transaction via the Cart Mandate. Operationally, merchants retain ownership of the customer experience, preserving the customer relationship and reducing reliance on external platforms, while gaining valuable first-party data for loyalty and post-sale support.
What’s in it for merchants: quick deployment, experience ownership, and improved conversions
A key advantage described in the announcement is its “almost out-of-the-box” character. Instead of building a complex system of agents, protocols, and fraud controls from scratch, merchants can adopt Google Cloud’s conversational agent or develop their own via ADK and connect it to PayPal Agent for verified payments. Brand consistency is maintained: the merchant defines the tone, look & feel, and conversational strategy, with the assistant integrated into their digital surfaces (website, app, in-site chat, etc.).
From a business perspective, reducing friction—such as guided search, doubt resolution, and seamless payment—generally leads to higher conversion rates. Additionally, recommending payment methods and offering “pay in installments” options within the conversational flow can maximize ticket size where appropriate, without redirecting users externally. For technical teams, leveraging open standards simplifies future integrations and minimizes dependency on a single provider.
Unanswered questions and proposal maturity
The ecosystem is evolving rapidly, and AP2 is quite new. Its adoption is still in early stages; several industry players in payments, card networks, wallets, and merchants are participating in its development and testing. Meanwhile, the A2A protocol is gaining traction as an interoperability pathway among agents.
For merchants, the challenge extends beyond the technical: it involves rethinking processes (customer service, sales, returns, KYC/AML as needed) to make effective use of these agents; training staff in conversational writing and observability; and implementing safeguards for outlier cases (e.g., escalating to a human when ambiguity or risk signals are detected). Managing consent and privacy, especially when handling historical purchase data, also requires clear policies and transparency.
What’s next
PayPal and Google Cloud present this solution as a rapid adoption pathway for merchants reluctant to build the entire framework themselves. Practically, the next step is to contact Google Cloud to assess use cases, scope, and launch the conversational agent, along with activating the PayPal Agent in accordance with AP2. If market feedback is positive, pilots are likely to emerge in retail, travel, vertical marketplaces, and digital services, where chat-based shopping and conversational checkout are becoming standard and can make a real difference.
The overall picture painted by the announcement hints at a new operational standard for AI-enabled commerce: agents talking to each other via A2A, accessing tools through MCP, demonstrating intent with AP2, and closing sales in a single conversation, with the merchant steering the experience.
FAQs
What exactly is the “Agent Payments Protocol (AP2)” and what is its purpose?
AP2 is an open protocol defining how AI agents initiate and authorize payments securely, verifiably, and auditablely. It relies on cryptographically signed mandates and verifiable digital credentials to create non-repudiable evidence of user intent and the agentic nature of the transaction.
How does A2A differ from MCP, and why are both important for agentic commerce?
MCP focuses on giving an agent secure access to tools and contextual information; A2A enables inter-organizational communication, cooperation, and delegation among agents (like between a merchant’s agent and a payment agent). AP2 builds on these to normalize payment interactions. Together, MCP + A2A + AP2 support end-to-end conversational shopping.
What are the benefits of integrating PayPal Agent with Google Cloud’s conversational assistant for merchants?
It allows for rapid deployment of a conversational checkout with verifiable intent proofs, payment method suggestions, installment eligibility checks, and full experience ownership—including tone, design, and first-party data—based on open standards. This reduces friction and can enhance conversion rates.
In what ways does AP2 aid in fraud prevention and dispute resolution?
By replacing inferences with cryptographic proofs (mandates and VDCs), AP2 tracks who authorized what, when, and how, separates Humans Present / Not Present, and provides risk signals to networks and issuers. This traceability simplifies accountability and facilitates clearer resolution in disputes.