The agent-era standards stack — the honest map (mid-2026)
NAO asked (TG): "we've got A2A, MCP, auth.md — what else did we forget? the agent payment protocol, the '402' one? honestly and critically, top ones only." This is the ranked, hype-checked landscape + a track / adopt / ignore / comply call per standard for OpenAlice. Pairs with [[workos-auth-md-2026-06-30]] (auth.md/ID-JAG deep-dive) + [[mcp]].
>
Method: 5 parallel readers (payments · interop · identity+discovery · safety/governance · landscape+adoption) over top sources, with an explicit hype-vs-real pass. Sources cited; what's unverified is flagged.
TL;DR — the answer to "what did we forget?"
We covered the communication layer (MCP = agent↔tool, A2A = agent↔agent, auth.md/ID-JAG = agent registration). The real gaps:
- Payments — yes, the "402" = `x402` (Coinbase, HTTP 402, crypto/USDC). But the EU-relevant path isn't x402 — it's AP2 (Google→FIDO) + ACP (OpenAI/Stripe), and Mollie has already integrated ACP and is collaborating on AP2, so Mollie is our bridge. Not urgent (a widget doesn't initiate payments), but it's the layer we hadn't mapped.
- The one BINDING thing we can't ignore: EU AI Act Article 50 — chatbot AI-disclosure, enforced 2 Aug 2026, applies to the Embed widget wherever end-users are natural persons (€15M/3% penalty). High-risk (Annex III) was deferred to Dec 2027. This is legal, near-term, and hits our #1 product — the most important "forgot."
- Security/governance: OWASP Top 10 for Agentic Apps + SAFE-MCP (an Alice security checklist) and AAIF (the Linux-Foundation home now governing MCP/A2A — track for spec changes).
- Cheap quick wins: a signed A2A AgentCard (
/.well-known/agent-card.json) + SKILL.md capability files (cross-adopted by every major lab in 48h) make Alice discoverable for near-zero cost. - Hype to ignore: ANP, NANDA, OIDC-A, LOKA, Google ARD (0 deployments a week post-launch), llms.txt as an SEO play (300K-domain study = zero citation uplift; Google rejects it), and AIUC-1 (author = auditor = insurer conflict).
Honest frame: the comms layer (MCP+A2A) has consolidated; the payments layer is genuinely contested and early (2026 is "infrastructure year," conversion still ~86% worse than affiliate links); and the only hard obligation is the EU AI Act.
1. The stack at a glance
| Layer | Winner / front-runner | Status | OpenAlice |
|---|---|---|---|
| Agent ↔ tool | MCP (110M+ downloads, AAIF-governed) | settled | have it → focus on security |
| Agent ↔ agent | A2A (150+ orgs, v1.0 signed cards; absorbed IBM-ACP) | settling | covered → publish an AgentCard |
| Registration / identity-assertion | auth.md + ID-JAG (WorkOS; WG-adopted, in MCP) | emerging | [[workos-auth-md-2026-06-30]] (routed) |
| Payments | x402 (crypto) ‖ AP2 (fiat/cards) ‖ ACP/UCP (commerce) | contested, early | gap → Mollie is the bridge |
| Discovery | A2A AgentCards (/.well-known/agent-card.json) | thin | quick win |
| Content/AEO | llms.txt (overhyped) | adopted-but-no-effect | modest marketing only |
| Skill/repo conventions | SKILL.md + AGENTS.md (AAIF) | fast organic | cheap win (we already use them) |
| Workload identity | SPIFFE/SPIRE (CNCF, Uber 1B SVID/day) ‖ IETF WIMSE (draft) | SPIFFE prod | Norbert, when multi-service scales |
| Enterprise IAM | Microsoft Entra Agent ID (GA, proprietary) | M365-only | ignore unless serving MS shops |
| Safety / law | EU AI Act (binding) + OWASP Agentic Top 10 + AAIF/SAFE-MCP | Art.50 live Aug'26 | comply (Embed) + adopt checklist |
2. Payments — the real gap (and the "402")
NAO's "402" is `x402` — Coinbase's revival of HTTP 402 Payment Required: an agent pays per API call in USDC stablecoin, retried in an X-PAYMENT header. It's the most deployed agent-payment rail (~$600M annualized, 119M+ Base txns, zero protocol fees, now Linux-Foundation-governed with Visa/Mastercard/Stripe/Google as members) — but it's crypto-native, no Mollie/SEPA bridge (EURC, Circle's MiCA-compliant euro stablecoin, exists but still on-chain). The contenders:
| Protocol | Backer | Rails | Status | EU / us |
|---|---|---|---|---|
| x402 | Coinbase → Linux Foundation | crypto / USDC·EURC | real volume, crypto-only | no Mollie bridge → watch EURC |
| AP2 (Agent Payments Protocol) | Google → FIDO Alliance; 60+ (Mastercard/PayPal/Amex/Adyen) | payment-agnostic (cards, bank, crypto) via signed Mandates | pre-GA, strong institutional weight | the fiat/EU path; Mollie collaborating |
| ACP (Agentic Commerce Protocol) | OpenAI + Stripe (Apache-2.0) | cards | spec live in ChatGPT; Instant Checkout showcase FAILED Mar'26 (~30 merchants) | Mollie integrated the ACP Delegated-Payment API |
| UCP (Universal Commerce Protocol) | Google + Shopify | full shopping journey | live in Google AI Mode/Gemini/Copilot, 20+ retailers | relevant if Alice shops for users |
| Mastercard AP4M / Visa ICC | card networks | cards (+stablecoin) | launching via certified processors | universal card rails; pilots |
The OpenAlice read: Embed is a chat/voice widget — it doesn't initiate payments, so there's no near-term action. The agent-payment question for us is two future things: (a) Alice-as-agent making purchases for a user (→ AP2 mandates are the right consent model; x402 for machine-to-machine API micropayments), and (b) being discoverable/purchasable by external agents (→ ACP/AP2 registration = an AEO signal). Mollie is the bridge for both (already ACP-integrated, AP2-collaborating) — do NOT take a Stripe dependency for ACP (NAO: Mollie only). Honest caveat: OpenAI killing its own Instant Checkout in 5 months shows the consumer UX/trust isn't solved; this is a 2026-H2/2027 watch item, not a now.
3. The one we can't ignore — EU AI Act Article 50
This is the most important thing we hadn't tracked, because it's binding law on our #1 product:
- Article 50 (transparency): any AI system that interacts with natural persons must disclose it's an AI at first contact. Enforced 2 Aug 2026. The Embed widget is in scope wherever end-users are people — regardless of the B2B contract. Penalty up to €15M / 3% of global turnover.
- Annex III high-risk obligations (risk mgmt, logging, human oversight, post-market monitoring) were deferred to 2 Dec 2027 by the May-2026 Digital Omnibus — real runway. Alice is not high-risk under current classification (not biometrics/critical-infra/employment/credit/law-enforcement).
- GPAI obligations sit on the model providers (Anthropic/OpenAI), not on us as a deployer.
- We're already well-positioned on the harder stuff: our HITL architecture (kill-switch, standing approvals) pre-satisfies Article 14 oversight; document it.
→ Action (cheap, do it): add a clear "you're talking to an AI" disclosure to the Embed widget before Aug 2 2026. Norbert/Tycho own the implementation; I can write the disclosure copy in all 6 locales.
4. Security & governance — adopt the checklists
- OWASP Top 10 for Agentic Applications (Dec 2025) — the community-consensus risk list (Goal Hijack, Tool Misuse, Identity/Privilege Abuse, Memory Poisoning, Rogue Agents…). ADOPT as Alice's internal security-audit framework — directly maps to Alice's MCP tool surface.
- SAFE-MCP (LF + OpenID Foundation + OpenSSF) — MITRE-ATT&CK-style threat taxonomy for MCP (tool poisoning, OAuth-consent abuse, prompt manipulation). ADOPT as our MCP security baseline.
- AAIF (Agentic AI Foundation, Linux Foundation, Dec 2025) — now the neutral governance home for MCP, A2A, AGENTS.md. TRACK for spec/breaking changes (no cost).
- NIST NCCoE agent-identity (OAuth + SPIFFE/SPIRE + MCP) — aligns with our auth.md/ID-JAG; track, will become the enterprise-procurement baseline.
- AIUC-1 — a private agent-cert standard; IGNORE for now: the same entity authors the standard, runs the evals, issues the cert, and sells the insurance (the pre-2008 credit-rating conflict). Only 2 public certs.
- MLCommons AILUMINATE — scopes model providers, not deployers → not us.
- ⚠️ Skill supply-chain risk is real: Snyk found 36% of published "skills" had flaws + 76 malicious payloads — if we ever consume third-party SKILL.md/skills, vet them.
5. Identity, discovery & conventions
- SPIFFE/SPIRE (CNCF-graduated, Uber 1B+ SVIDs/day) — the proven secret-less service-to-service identity substrate. ADOPT when our multi-service Rust stack needs internal mTLS-grade identity (Norbert's lane). IETF WIMSE = the forthcoming formal version (RFC ~2027) — track.
- A2A AgentCards (
/.well-known/agent-card.json, now signed in v1.0) — the clearest discovery convention; publish one for Alice (low cost, makes her discoverable + verifiable by any orchestrator). - SKILL.md (Anthropic, Dec'25 — cross-adopted by OpenAI/Google/MS in 48h, 32+ tools) + AGENTS.md (60K+ repos, AAIF-governed) — cheap wins; we already use CLAUDE.md/AGENTS.md internally, so publishing capability files is near-free.
- llms.txt — honest verdict: adopted (~10% of 300K domains) but no measurable effect — Google rejects it ("like the keywords meta tag"), OpenAI is silent, a 300K-domain study found zero citation uplift. Anthropic/Perplexity + IDE agents (Cursor/Aider) do read it. → A low-cost dev-tooling/Perplexity nicety, NOT an SEO play. Belongs in my marketing/AEO notes, not the protocol roadmap; I'll publish a small one for alice.blal.pro/openalicelabs.com with no illusions.
- Microsoft Entra Agent ID (GA Apr'26, proprietary, M365-tied) — ignore for our infra; track only if Embed sells into Microsoft-stack enterprises.
- Google ARD / ai-catalog.json (June'26, big backers) — announcement-ware (0 of 39 surveyed sites deployed it a week post-launch). Revisit Q4 2026.
6. The honest hype-check (ignore list)
ANP (DID-based, 2027+, no production) · MIT NANDA ("DNS for agents," 125 stars, research) · LOKA (arxiv paper only) · OIDC-A (one paper) · Google ARD (0 deployments) · llms.txt-as-ranking-signal (debunked) · AIUC-1 (conflict-of-interest cert) · MLCommons (model-provider scope) · IBM-ACP (dead, merged into A2A). All real-but-early or paperware — don't build on them now.
7. The OpenAlice action matrix
| Verdict | Standard | Why / where |
|---|---|---|
| COMPLY (deadline) | EU AI Act Art. 50 | Embed AI-disclosure by 2 Aug 2026 — binding, our #1 product |
| ADOPT (now, cheap) | OWASP Agentic Top 10 + SAFE-MCP | Alice security audit (MCP surface) |
| ADOPT (quick wins) | A2A AgentCard · SKILL.md · small llms.txt | near-zero-cost discoverability |
| ADOPT (Norbert, when scaling) | SPIFFE/SPIRE | secret-less service-to-service identity |
| TRACK (route to Mollie) | AP2 + ACP (payments) | Alice-pays-for-user / agent-onboard; Mollie = bridge; no Stripe dep |
| TRACK | AAIF · NIST NCCoE · AuthZEN/COAZ · WIMSE · x402(EURC) · UCP | governance + future authz/payments |
| IGNORE | ANP · NANDA · LOKA · OIDC-A · Google ARD · llms.txt-as-SEO · AIUC-1 · MLCommons · Entra (unless MS-enterprise) | hype / out-of-scope |
Bottom line for NAO: we hadn't missed the comms layer — we nailed it. The genuine additions are (1) EU AI Act Art. 50 (a real deadline on Embed), (2) payments via Mollie's AP2/ACP path (track, not urgent), (3) the security checklists (OWASP/SAFE-MCP) + cheap discoverability wins (AgentCard/SKILL.md). Everything else loud in the headlines is early or hype.
Sources & honesty notes
- Grounded in 5 reader passes over primary sources (Coinbase/Google/Stripe/Linux-Foundation/FIDO/NIST/OWASP/EU-Commission + the protocol GitHubs). Adoption numbers (x402 volume, partner counts) are vendor/aggregator-reported, not independently audited — flagged where so.
- Flagged unverified: exact x402 EU/MiCA facilitator obligations; whether Mollie ships AP2 (only ACP confirmed); A2A card path (
agent.jsonvsagent-card.json) normative form; precise Art.50 interpretation for B2B-embedded widgets (almost certainly in scope). - Related: [[workos-auth-md-2026-06-30]] · [[mcp]] · [[competitive-intel-index-2026-06-21]] · [[ai-native-companies-the-one-human-playbook-2026-06-25]] · [[product-line-gtm]].