Agent Mandate: What It Is in 2026

An Agent Mandate is the cryptographic primitive at the heart of agentic commerce trust. It answers a simple question with auditable certainty: did the consumer actually authorize this AI agent to do this specific thing?

The Mandate concept was popularized by Google's Agent Payments Protocol (AP2) launch in September 2025 but the pattern is now used across multiple agentic commerce protocols including Visa TAP, Mastercard Agent Pay, and UCP.

A typical Mandate scopes:

• Amount caps. Maximum per-transaction and aggregate spend.
• Merchant categories. Which categories the agent can transact in (e.g., grocery, apparel) or specific merchants.
• Time window. When the authorization is valid (single-use, recurring within a window, expiry date).
• Frequency. One-shot vs recurring vs unlimited within scope.
• Required confirmations. What thresholds require fresh consumer approval.

The Mandate is signed by the consumer (typically through their wallet, bank app, or payment provider) and travels with the transaction so merchants and payment networks can verify it cryptographically.

Three flows define how Mandates operate:

1. Mandate creation. The consumer creates and signs a Mandate through a trusted source (their issuing bank, payment provider, or wallet). The Mandate is cryptographically tied to the consumer's payment credentials but does not expose them to the agent. Modern implementations support biometric signing (Face ID, fingerprint) for low-friction creation.

2. Mandate presentation. When the agent is ready to transact (e.g., after the consumer has selected a product through a UCP or ACP shopping flow), it presents the Mandate alongside the transaction request. The Mandate travels with the payload.

3. Mandate verification. The merchant's payment processor and the card network independently verify the Mandate's cryptographic signature, that the agent making the request is the one the Mandate authorizes, and that the transaction (amount, merchant, time) falls within the Mandate's scope. If anything is out of scope, the transaction is declined at the network level before it reaches the merchant.

The pattern is the same across protocols even when implementation details differ. AP2 specifies an open Mandate format. Visa TAP and Mastercard Agent Pay use Mandate-style primitives integrated with their tokenization frameworks.

Without Mandates, AI agents shopping on a consumer's behalf operate in a trust vacuum. The merchant doesn't know if the agent had authorization. The network doesn't know if the spend is in-scope. The consumer doesn't have an audit trail. Disputes default to whoever speaks loudest.

Mandates change that pattern at three layers:

1. Consumer. Fine-grained control over what the agent can do, with revocable authorization. The consumer can pre-authorize "buy household replenishment items up to $100/month for 6 months" without exposing card credentials.
2. Merchant. Auditable evidence of consumer authorization. Disputes have a cryptographic record. Higher-value agent transactions become safe to accept.
3. Network. Real-time fraud signals. A transaction that doesn't match its Mandate is denied at network authorization time, before it reaches the merchant. Mismatch patterns feed cross-network agent-fraud detection.

The Mandate is what unlocks transaction sizes beyond the small-amount cap that networks otherwise impose on agent payments. Without it, agent commerce is stuck at low-trust micro-purchases. With it, recurring orders, subscriptions, replenishment, and high-cart agent purchases all become safe to clear.