The Protocol Convergence

II. The Stack Thesis

The internet did not converge on a single protocol. It converged on a stack: TCP/IP for transport, HTTP for application, TLS for security, DNS for naming. Each layer solved a different problem. Competition existed within layers — HTTP vs Gopher, SSL vs TLS — but the architecture was always layered. The agentic commerce protocol landscape is following the same pattern.

Google’s developer guide makes this explicit. The six protocols it describes map to three functional stages: gather information (MCP for tools, A2A for agents), complete transaction (UCP for commerce, AP2 for payments), and present results (A2UI for widgets, AG-UI for streaming). This is not a competitive landscape. It is a layered architecture where each protocol owns a distinct function.

The AXD Institute identifies five functional layers in the emerging agentic commerce stack:

The critical insight is that competition exists within layers, not across them. UCP and ACP compete for the commerce layer. Visa TAP and Mastercard VI compete for the payment layer. But UCP does not compete with Visa TAP, and MCP does not compete with ACP. They solve different problems at different layers of the stack.

III. The Commerce Layer: UCP vs ACP

The most consequential competition in the stack is at Layer 3: commerce. Google’s Universal Commerce Protocol and OpenAI’s Agentic Commerce Protocol both aim to standardise how AI agents interact with merchants. But their architectures, philosophies, and trajectories diverge significantly.

UCP is modular and merchant-controlled. Built on JSON-LD and Schema.org standards, it organises capabilities under a dev.ucp.* namespace: product data feeds, Cart (March 2026), Catalog (March 2026), and Identity Linking (March 2026). UCP is designed to be surface-agnostic — it works across Google AI Mode, Gemini, and any platform that implements the standard. Its coalition includes over 20 companies: Shopify, Etsy, Target, Walmart, Wayfair, Best Buy, Visa, Mastercard, American Express, Adyen, Stripe, Macy’s, Home Depot, Flipkart, and Zalando.

ACP is checkout-focused and platform-specific. Developed by OpenAI and Stripe under an Apache 2.0 licence, it was designed to power ChatGPT’s Instant Checkout feature. But as the AXD Institute documented in The Consumer Trust Ceiling, that feature failed — Walmart reported conversions at one-third the rate of click-through transactions. OpenAI has since pivoted ACP from direct checkout to discovery and app-based commerce. As an OpenAI spokesperson told Retail TouchPoints in March 2026: “Our priority at the moment is making discovery and decision-making moments world-class.”

The AXD reading of this competition is that UCP and ACP are converging on different functions within the same layer. UCP owns the full commerce lifecycle — discovery through checkout through returns. ACP is retreating to discovery and product data. The question is whether ACP can expand back into checkout through its app-based model (Instacart, Target, DoorDash operating as ChatGPT apps), or whether UCP’s broader coalition and merchant-controlled architecture will become the default standard.

Joe Doran, CPO of Botify, offered a timeline to Retail TouchPoints: “This time next year, we can expect that the two-horse race between Google and OpenAI will have a clear winner.” The AXD Institute is less certain. The commerce layer may sustain two protocols indefinitely, particularly if Shopify continues to bridge both — a dynamic explored in Section VI.

IV. The Payment Layer: Fragmentation as Feature

If the commerce layer has a two-horse race, the payment layer has a stampede. At least five distinct protocols compete to solve how AI agents authorise and execute payments: Visa’s Trusted Agent Protocol (TAP), Mastercard’s Verifiable Intent (VI), Google’s Agent Payments Protocol (AP2), Stripe/Paradigm’s Machine Payments Protocol (MPP), and Coinbase’s x402.

The fragmentation is not accidental. It reflects genuinely different approaches to the same problem: how do you prove that an AI agent has been authorised by a human to spend money?

Visa TAP approaches this as a web-interaction problem. Built on RFC 9421 (HTTP Signatures), it uses Agent Recognition Headers, Linked Consumer Identity Objects, and eight-minute operational windows. The merchant verifies the agent at the edge. The trust anchor is web-layer programme participation and public key registries. TAP is designed for real-time web interaction — the agent navigates a merchant’s site and proves its identity at the HTTP layer.

Mastercard VI approaches it as a credential-chain problem. Built on SD-JWT (Selective Disclosure JSON Web Tokens), it uses a three-layer model: L1 (issuer identity), L2 (user intent plus agent key), and L3 (agent fulfilment for autonomous operations). The issuer — the financial institution — is the trust anchor. VI includes eight registered constraint types for machine-checkable authorisation limits. Where TAP asks “is this agent real?”, VI asks “is this agent authorised to do this specific thing?”

AP2 is Google’s payment complement to UCP, designed to work within the same stack. MPP takes a blockchain-native approach, using Stripe’s infrastructure on the Tempo mainnet for agent micropayments. x402 embeds payment directly into HTTP status codes — a 402 response triggers an automatic payment flow.

The AXD Institute reads this fragmentation as a feature, not a bug. The payment layer is where delegation design meets financial regulation. Different jurisdictions, different risk profiles, and different transaction types require different authorisation models. A consumer purchasing groceries through an agent needs different trust infrastructure than a B2B procurement agent placing a six-figure order. The payment layer will likely sustain multiple protocols precisely because the trust requirements are heterogeneous.

V. The Communication Layer: Complementary by Design

The lower layers of the stack are the most settled. MCP, donated by Anthropic to the Linux Foundation in December 2025, has become the de facto standard for connecting agents to external tools and data sources. Its analogy — “USB-C for AI” — captures the function precisely. MCP is a universal connector, not a commerce protocol. It handles how an agent accesses a product database, queries an inventory system, or calls a pricing API.

Google’s A2A protocol, also donated to the Linux Foundation, handles agent-to-agent communication. Where MCP connects agents to tools (vertical integration), A2A connects agents to other agents (horizontal integration). Its task lifecycle states — submitted, working, completed — map directly to the delegation design patterns documented in the AXD Practice. An agent that delegates a sub-task to another agent is performing delegation, and A2A provides the protocol-level infrastructure for that delegation.

IBM’s Agent Communication Protocol (ACP — distinct from OpenAI’s commerce-focused ACP) occupies similar territory to A2A, with an emphasis on multimodal content exchange and developer-friendly REST APIs. The two may eventually consolidate, but for now they serve slightly different architectural preferences.

The key observation is that the communication layer is complementary by design. Google’s developer guide explicitly positions MCP and A2A as working together: MCP gathers information from tools, A2A coordinates between agents, and neither attempts to handle commerce or payments. This is the clearest evidence that the industry is building a stack, not choosing a winner.

VI. The Shopify Bridge

One company occupies a unique position in the protocol convergence: Shopify. It co-developed UCP with Google. It is a launch partner for ChatGPT’s ACP-powered commerce. Its Catalog is now open to any brand via a new “Agentic plan” — even non-Shopify stores. Shopify enables native commerce on Google surfaces (UCP), ChatGPT (ACP), and Microsoft Copilot simultaneously.

Shopify is becoming the merchant-side protocol adapter. A merchant that integrates with Shopify gains access to both UCP and ACP without implementing either protocol directly. This is analogous to how Stripe abstracted payment gateway complexity — merchants integrated once with Stripe and gained access to Visa, Mastercard, American Express, and dozens of local payment methods. Shopify is doing the same for agentic commerce protocols.

The AXD implication is significant. If Shopify succeeds as the protocol adapter, the UCP-vs-ACP competition becomes less consequential for merchants. They integrate with Shopify and let Shopify handle protocol translation. The competition shifts from “which protocol do merchants adopt?” to “which agent surface do consumers use?” — Google AI Mode or ChatGPT. The protocol becomes infrastructure. The surface becomes the battleground.

This has a direct parallel in the AXD framework. When McKinsey observes that “competitive advantage shifts away from owning the interface toward being reliably evaluable, negotiable, and executable across agent ecosystems,” they are describing the same dynamic. The protocol layer becomes invisible. What matters is whether your products, prices, and trust signals are legible to agents — regardless of which protocol carries the data.

VII. Trust Architecture Across the Stack

The stack architecture creates a new challenge for trust architecture. In a single-protocol world, trust is designed once. In a multi-layer stack, trust must be designed at each layer and maintained across layers.

Consider a complete agentic purchase. At Layer 1, the agent connects to a merchant’s product database via MCP. Trust question: is the data source authentic? At Layer 2, the agent coordinates with a price-comparison agent via A2A. Trust question: is the collaborating agent trustworthy? At Layer 3, the agent builds a cart and initiates checkout via UCP. Trust question: does the agent have authority to purchase this item at this price? At Layer 4, the agent authorises payment via Visa TAP. Trust question: has the human delegated financial authority for this specific transaction?

Each layer has its own trust boundary, its own verification mechanism, and its own failure mode. A trust failure at any layer cascades. If the MCP data source is compromised, the agent builds a cart with incorrect prices. If the A2A collaborator is malicious, the agent receives manipulated recommendations. If the UCP checkout is intercepted, the transaction is redirected. If the TAP authorisation is forged, the payment is fraudulent.

The AXD Institute’s Trust Calibration Framework was designed for single-protocol trust assessment. The stack architecture requires an extension: cross-layer trust propagation. Trust established at one layer must be verifiable at the next. The agent that authenticates via MCP must carry that authentication into A2A coordination, UCP checkout, and TAP payment. If trust is re-established independently at each layer, the system is fragile. If trust propagates across layers, the system is resilient.

This is where the Visa TAP and Mastercard VI approaches diverge most consequentially. TAP’s eight-minute operational windows create temporal trust boundaries — trust expires and must be re-established. VI’s credential chain creates persistent trust — the SD-JWT carries authorisation across interactions. The AXD position is that both models are necessary: temporal trust for high-risk transactions, persistent trust for routine operations. The stack must support both.

VIII. What This Means for AXD

The protocol convergence has four implications for Agentic Experience Design.

First, trust architecture must be stack-aware. Designing trust for a single protocol is insufficient. The Trust Architect must understand how trust propagates across layers — from MCP data verification through A2A agent authentication through UCP checkout authorisation through TAP/VI payment delegation. The Trust Calibration Framework needs a cross-layer dimension.

Second, delegation design must account for protocol heterogeneity. A human who delegates a purchase to an agent is not delegating to a single protocol. They are delegating across a stack. The Delegation Designer must specify constraints that are enforceable at each layer: spending limits at the payment layer, product category restrictions at the commerce layer, data source requirements at the tool layer. Mastercard VI’s eight registered constraint types offer a model for how protocol-level constraints can encode delegation boundaries.

Third, observability must span the stack. When an agentic purchase fails, the Observability Lead must trace the failure across layers. Did the MCP connection return stale data? Did the A2A coordination introduce a malicious recommendation? Did the UCP checkout timeout? Did the TAP authorisation expire? Protocol-level logging at each layer enables the kind of agent legibility that the AXD framework requires. Without cross-layer observability, failures are opaque.

Fourth, the protocol layer is becoming invisible. As Shopify demonstrates, merchants will increasingly interact with the protocol stack through adapters, not directly. The protocols become infrastructure — essential but invisible, like TCP/IP. What remains visible is the agent surface (Google AI Mode, ChatGPT, Copilot) and the trust experience (delegation, observability, recovery). This is the domain of AXD. As the protocols converge into a stack, the design discipline that governs the human experience of that stack becomes more important, not less.

McKinsey estimates that agentic commerce could orchestrate three to five trillion dollars globally by 2030. That commerce will flow through a multi-layer protocol stack, not a single protocol. The organisations that thrive will be those that design trust, delegation, and observability across the entire stack — not those that bet on a single protocol winning. The convergence is not producing a winner. It is producing an architecture. And that architecture needs to be designed.