kb://research/agent-standards-landscape-2026-06-30stable2026-06-30

The agent-era standards stack (2026) — what OpenAlice should track, adopt, ignore, or comply with

researchagenticstandardspaymentsx402ap2mcpa2aeu-ai-actsecuritymarket-intel

The agent-era standards stack — the honest map (mid-2026)

NAO asked (TG): "we've got A2A, MCP, auth.md — what else did we forget? the agent payment protocol, the '402' one? honestly and critically, top ones only." This is the ranked, hype-checked landscape + a track / adopt / ignore / comply call per standard for OpenAlice. Pairs with [[workos-auth-md-2026-06-30]] (auth.md/ID-JAG deep-dive) + [[mcp]].

>

Method: 5 parallel readers (payments · interop · identity+discovery · safety/governance · landscape+adoption) over top sources, with an explicit hype-vs-real pass. Sources cited; what's unverified is flagged.

TL;DR — the answer to "what did we forget?"

We covered the communication layer (MCP = agent↔tool, A2A = agent↔agent, auth.md/ID-JAG = agent registration). The real gaps:

  1. Payments — yes, the "402" = `x402` (Coinbase, HTTP 402, crypto/USDC). But the EU-relevant path isn't x402 — it's AP2 (Google→FIDO) + ACP (OpenAI/Stripe), and Mollie has already integrated ACP and is collaborating on AP2, so Mollie is our bridge. Not urgent (a widget doesn't initiate payments), but it's the layer we hadn't mapped.
  2. The one BINDING thing we can't ignore: EU AI Act Article 50 — chatbot AI-disclosure, enforced 2 Aug 2026, applies to the Embed widget wherever end-users are natural persons (€15M/3% penalty). High-risk (Annex III) was deferred to Dec 2027. This is legal, near-term, and hits our #1 product — the most important "forgot."
  3. Security/governance: OWASP Top 10 for Agentic Apps + SAFE-MCP (an Alice security checklist) and AAIF (the Linux-Foundation home now governing MCP/A2A — track for spec changes).
  4. Cheap quick wins: a signed A2A AgentCard (/.well-known/agent-card.json) + SKILL.md capability files (cross-adopted by every major lab in 48h) make Alice discoverable for near-zero cost.
  5. Hype to ignore: ANP, NANDA, OIDC-A, LOKA, Google ARD (0 deployments a week post-launch), llms.txt as an SEO play (300K-domain study = zero citation uplift; Google rejects it), and AIUC-1 (author = auditor = insurer conflict).

Honest frame: the comms layer (MCP+A2A) has consolidated; the payments layer is genuinely contested and early (2026 is "infrastructure year," conversion still ~86% worse than affiliate links); and the only hard obligation is the EU AI Act.

1. The stack at a glance

LayerWinner / front-runnerStatusOpenAlice
Agent ↔ toolMCP (110M+ downloads, AAIF-governed)settledhave it → focus on security
Agent ↔ agentA2A (150+ orgs, v1.0 signed cards; absorbed IBM-ACP)settlingcovered → publish an AgentCard
Registration / identity-assertionauth.md + ID-JAG (WorkOS; WG-adopted, in MCP)emerging[[workos-auth-md-2026-06-30]] (routed)
Paymentsx402 (crypto) ‖ AP2 (fiat/cards) ‖ ACP/UCP (commerce)contested, earlygap → Mollie is the bridge
DiscoveryA2A AgentCards (/.well-known/agent-card.json)thinquick win
Content/AEOllms.txt (overhyped)adopted-but-no-effectmodest marketing only
Skill/repo conventionsSKILL.md + AGENTS.md (AAIF)fast organiccheap win (we already use them)
Workload identitySPIFFE/SPIRE (CNCF, Uber 1B SVID/day) ‖ IETF WIMSE (draft)SPIFFE prodNorbert, when multi-service scales
Enterprise IAMMicrosoft Entra Agent ID (GA, proprietary)M365-onlyignore unless serving MS shops
Safety / lawEU AI Act (binding) + OWASP Agentic Top 10 + AAIF/SAFE-MCPArt.50 live Aug'26comply (Embed) + adopt checklist

2. Payments — the real gap (and the "402")

NAO's "402" is `x402` — Coinbase's revival of HTTP 402 Payment Required: an agent pays per API call in USDC stablecoin, retried in an X-PAYMENT header. It's the most deployed agent-payment rail (~$600M annualized, 119M+ Base txns, zero protocol fees, now Linux-Foundation-governed with Visa/Mastercard/Stripe/Google as members) — but it's crypto-native, no Mollie/SEPA bridge (EURC, Circle's MiCA-compliant euro stablecoin, exists but still on-chain). The contenders:

ProtocolBackerRailsStatusEU / us
x402Coinbase → Linux Foundationcrypto / USDC·EURCreal volume, crypto-onlyno Mollie bridge → watch EURC
AP2 (Agent Payments Protocol)Google → FIDO Alliance; 60+ (Mastercard/PayPal/Amex/Adyen)payment-agnostic (cards, bank, crypto) via signed Mandatespre-GA, strong institutional weightthe fiat/EU path; Mollie collaborating
ACP (Agentic Commerce Protocol)OpenAI + Stripe (Apache-2.0)cardsspec live in ChatGPT; Instant Checkout showcase FAILED Mar'26 (~30 merchants)Mollie integrated the ACP Delegated-Payment API
UCP (Universal Commerce Protocol)Google + Shopifyfull shopping journeylive in Google AI Mode/Gemini/Copilot, 20+ retailersrelevant if Alice shops for users
Mastercard AP4M / Visa ICCcard networkscards (+stablecoin)launching via certified processorsuniversal card rails; pilots

The OpenAlice read: Embed is a chat/voice widget — it doesn't initiate payments, so there's no near-term action. The agent-payment question for us is two future things: (a) Alice-as-agent making purchases for a user (→ AP2 mandates are the right consent model; x402 for machine-to-machine API micropayments), and (b) being discoverable/purchasable by external agents (→ ACP/AP2 registration = an AEO signal). Mollie is the bridge for both (already ACP-integrated, AP2-collaborating) — do NOT take a Stripe dependency for ACP (NAO: Mollie only). Honest caveat: OpenAI killing its own Instant Checkout in 5 months shows the consumer UX/trust isn't solved; this is a 2026-H2/2027 watch item, not a now.

3. The one we can't ignore — EU AI Act Article 50

This is the most important thing we hadn't tracked, because it's binding law on our #1 product:

  • Article 50 (transparency): any AI system that interacts with natural persons must disclose it's an AI at first contact. Enforced 2 Aug 2026. The Embed widget is in scope wherever end-users are people — regardless of the B2B contract. Penalty up to €15M / 3% of global turnover.
  • Annex III high-risk obligations (risk mgmt, logging, human oversight, post-market monitoring) were deferred to 2 Dec 2027 by the May-2026 Digital Omnibus — real runway. Alice is not high-risk under current classification (not biometrics/critical-infra/employment/credit/law-enforcement).
  • GPAI obligations sit on the model providers (Anthropic/OpenAI), not on us as a deployer.
  • We're already well-positioned on the harder stuff: our HITL architecture (kill-switch, standing approvals) pre-satisfies Article 14 oversight; document it.

Action (cheap, do it): add a clear "you're talking to an AI" disclosure to the Embed widget before Aug 2 2026. Norbert/Tycho own the implementation; I can write the disclosure copy in all 6 locales.

4. Security & governance — adopt the checklists

  • OWASP Top 10 for Agentic Applications (Dec 2025) — the community-consensus risk list (Goal Hijack, Tool Misuse, Identity/Privilege Abuse, Memory Poisoning, Rogue Agents…). ADOPT as Alice's internal security-audit framework — directly maps to Alice's MCP tool surface.
  • SAFE-MCP (LF + OpenID Foundation + OpenSSF) — MITRE-ATT&CK-style threat taxonomy for MCP (tool poisoning, OAuth-consent abuse, prompt manipulation). ADOPT as our MCP security baseline.
  • AAIF (Agentic AI Foundation, Linux Foundation, Dec 2025) — now the neutral governance home for MCP, A2A, AGENTS.md. TRACK for spec/breaking changes (no cost).
  • NIST NCCoE agent-identity (OAuth + SPIFFE/SPIRE + MCP) — aligns with our auth.md/ID-JAG; track, will become the enterprise-procurement baseline.
  • AIUC-1 — a private agent-cert standard; IGNORE for now: the same entity authors the standard, runs the evals, issues the cert, and sells the insurance (the pre-2008 credit-rating conflict). Only 2 public certs.
  • MLCommons AILUMINATE — scopes model providers, not deployers → not us.
  • ⚠️ Skill supply-chain risk is real: Snyk found 36% of published "skills" had flaws + 76 malicious payloads — if we ever consume third-party SKILL.md/skills, vet them.

5. Identity, discovery & conventions

  • SPIFFE/SPIRE (CNCF-graduated, Uber 1B+ SVIDs/day) — the proven secret-less service-to-service identity substrate. ADOPT when our multi-service Rust stack needs internal mTLS-grade identity (Norbert's lane). IETF WIMSE = the forthcoming formal version (RFC ~2027) — track.
  • A2A AgentCards (/.well-known/agent-card.json, now signed in v1.0) — the clearest discovery convention; publish one for Alice (low cost, makes her discoverable + verifiable by any orchestrator).
  • SKILL.md (Anthropic, Dec'25 — cross-adopted by OpenAI/Google/MS in 48h, 32+ tools) + AGENTS.md (60K+ repos, AAIF-governed) — cheap wins; we already use CLAUDE.md/AGENTS.md internally, so publishing capability files is near-free.
  • llms.txt — honest verdict: adopted (~10% of 300K domains) but no measurable effect — Google rejects it ("like the keywords meta tag"), OpenAI is silent, a 300K-domain study found zero citation uplift. Anthropic/Perplexity + IDE agents (Cursor/Aider) do read it. → A low-cost dev-tooling/Perplexity nicety, NOT an SEO play. Belongs in my marketing/AEO notes, not the protocol roadmap; I'll publish a small one for alice.blal.pro/openalicelabs.com with no illusions.
  • Microsoft Entra Agent ID (GA Apr'26, proprietary, M365-tied) — ignore for our infra; track only if Embed sells into Microsoft-stack enterprises.
  • Google ARD / ai-catalog.json (June'26, big backers) — announcement-ware (0 of 39 surveyed sites deployed it a week post-launch). Revisit Q4 2026.

6. The honest hype-check (ignore list)

ANP (DID-based, 2027+, no production) · MIT NANDA ("DNS for agents," 125 stars, research) · LOKA (arxiv paper only) · OIDC-A (one paper) · Google ARD (0 deployments) · llms.txt-as-ranking-signal (debunked) · AIUC-1 (conflict-of-interest cert) · MLCommons (model-provider scope) · IBM-ACP (dead, merged into A2A). All real-but-early or paperware — don't build on them now.

7. The OpenAlice action matrix

VerdictStandardWhy / where
COMPLY (deadline)EU AI Act Art. 50Embed AI-disclosure by 2 Aug 2026 — binding, our #1 product
ADOPT (now, cheap)OWASP Agentic Top 10 + SAFE-MCPAlice security audit (MCP surface)
ADOPT (quick wins)A2A AgentCard · SKILL.md · small llms.txtnear-zero-cost discoverability
ADOPT (Norbert, when scaling)SPIFFE/SPIREsecret-less service-to-service identity
TRACK (route to Mollie)AP2 + ACP (payments)Alice-pays-for-user / agent-onboard; Mollie = bridge; no Stripe dep
TRACKAAIF · NIST NCCoE · AuthZEN/COAZ · WIMSE · x402(EURC) · UCPgovernance + future authz/payments
IGNOREANP · NANDA · LOKA · OIDC-A · Google ARD · llms.txt-as-SEO · AIUC-1 · MLCommons · Entra (unless MS-enterprise)hype / out-of-scope

Bottom line for NAO: we hadn't missed the comms layer — we nailed it. The genuine additions are (1) EU AI Act Art. 50 (a real deadline on Embed), (2) payments via Mollie's AP2/ACP path (track, not urgent), (3) the security checklists (OWASP/SAFE-MCP) + cheap discoverability wins (AgentCard/SKILL.md). Everything else loud in the headlines is early or hype.

Sources & honesty notes

  • Grounded in 5 reader passes over primary sources (Coinbase/Google/Stripe/Linux-Foundation/FIDO/NIST/OWASP/EU-Commission + the protocol GitHubs). Adoption numbers (x402 volume, partner counts) are vendor/aggregator-reported, not independently audited — flagged where so.
  • Flagged unverified: exact x402 EU/MiCA facilitator obligations; whether Mollie ships AP2 (only ACP confirmed); A2A card path (agent.json vs agent-card.json) normative form; precise Art.50 interpretation for B2B-embedded widgets (almost certainly in scope).
  • Related: [[workos-auth-md-2026-06-30]] · [[mcp]] · [[competitive-intel-index-2026-06-21]] · [[ai-native-companies-the-one-human-playbook-2026-06-25]] · [[product-line-gtm]].