AP2 and SEPA – Payments in the AI ​​World

All eyes in the payments sector are currently turning toward AI, as the upcoming release of Google’s AP2 protocol in September 2025 makes it clear that SEPA payments are also intended to be possible via AI agents. This article provides an overview of the context.

What is AP2?

The Agent Payments Protocol (AP2) is an open standard developed by Google to enable secure and verifiable payments for autonomous AI agents. In the initial phase, “pull payments” have been implemented to facilitate e-commerce applications using credit card details; the merchant receives the credit card information and collects the purchase amount.

In principle, the interface is independent of payment methods, allowing an AI agent to operate with maximum flexibility.

The next step will also enable so-called push payments. In the case of SEPA payments, the AI ​​agent executes a transfer to the merchant. Since the AI ​​agent (or “shopping agent”) autonomously negotiates the purchase with the merchant (or merchant agent), the payment method can play a key role in closing the deal: the merchant can offer a discount for payment methods that are advantageous to them. SEPA payments are significantly less expensive for merchants than credit card payments.

Push and Pull with AP2

The question of who provides their data to whom during payment is highly relevant due to the risk of fraud.

Pull-Payments (e.g., credit card payments) are initiated by the recipient. The buyer provides their card details to the seller and otherwise remains passive. The advantage of this variant is its broad support within the initial AP2 version (V0.1) for e-commerce scenarios. A disadvantage is the complexity regarding security, as sensitive card data (PCI) must be protected via tokenization.

Push-Payments (e.g., SEPA transfers) are initiated by the payer, offering them maximum control. The buyer receives the seller’s recipient details and actively executes the payment. For AP2, they are fully scheduled only for version 1.x (e.g., real-time transfers). A challenge in the agent context is securely verifying the agent’s authority to “push” funds without direct human interaction.

ISO 20022 is not prepared for the intentions of a purchasing AI agent (and the data-poor ISO 8583 of the credit card world is even less so). An AP2 transaction defines intent and authorization, whereas SEPA governs execution.

However, AP2 is designed to provide the necessary data and authorizations so that a payment service provider can generate and execute a valid SEPA credit transfer (pain.001) from them. This functionality is an integral part of the AP2 roadmap.

So, the technological breakthrough is just around the corner. What then?

At present, few consumers can yet imagine dispatching an AI agent to independently complete a purchase. A prerequisite for this would be the conviction that their banking details are absolutely secure and that the agent will indeed secure the best deal.

If these conditions are met, credit card companies should worry about their business: the wide array of card fees charged to merchants drives up the cost of products. A SEPA payment incurs a transaction fee, meaning the overall cost can be lower.

AI agents will love SEPA!

This YouTube video also covers the topic: AP2: Das Protokoll für KI Zahlungen von Google – SEPA ready!

Should you have any technical questions regarding the implementation, we look forward to hearing from you.