#3 The Agentic Protocol Stack
How AI Agents Are Learning to Talk, Trade, and Act
Artificial intelligence is entering a new phase. Until recently, AI systems were judged mainly by how well they generated text, images, or code. Today, the focus is shifting toward something more ambitious: AI agents that can act, talk to other agents, use tools, make purchases, and complete tasks on behalf of people and organisations. This shift has exposed a major gap: while we have powerful models, we lack shared rules for how agents interact with the world. Just as the early internet needed protocols like HTTP and TCP/IP, the emerging agentic internet needs its own standards. In 2025–2026, a new set of protocols has begun to define this space. You may have heard of A2A, UCP, or AP2. But the real picture is bigger and more fragmented than it first appears. This article explains the full agentic protocol stack and what it means for developers, businesses, and society.
Think of an AI agent as a digital assistant that can look up information, call software tools, communicate with other agents, and even place orders or make payments on a user’s behalf. Each of these actions may seem straightforward in isolation, but without shared standards, every interaction requires a custom, one-off integration between systems. This approach quickly becomes fragile, expensive, and impossible to scale. Protocols exist to solve this exact problem. They define how an agent discovers what another system is capable of, how it makes requests in a safe and well-structured way, how user authorisation is verified, and how responsibility is assigned when something goes wrong. These challenges are not about building better AI models; they are about building reliable infrastructure that allows AI agents to operate safely and consistently in the real world.
Instead of a single master protocol, the industry is converging on a modular infrastructure stack. This ecosystem is best understood through five specific categories of interaction. While there is healthy competition inside some layers particularly in how agents talk to one another the layers themselves are complementary, each addressing a different gap in the chain of autonomous delegation.
1) MCP: Tool and context access
The Model Context Protocol (MCP) standardizes how an AI model or agent connects to external tools, files, databases, and services. Its purpose is to eliminate the need for bespoke, model-specific integrations every time a new tool is introduced. By defining a common interface for capability access, MCP turns tools into reusable, plug-and-play components. A helpful way to think about MCP is as the USB-C port of AI tools: it does not decide what an agent should do or who it should talk to, but it makes secure, structured access to capabilities possible. Importantly, MCP does not handle agent-to-agent communication or commerce, it focuses purely on access to tools and context.
2) A2A: Agent-to-agent interaction
Agent-to-Agent (A2A) protocols define how autonomous agents discover one another, exchange messages, and coordinate tasks. As AI systems move beyond single assistants toward multi-agent workflows, this shared interaction layer becomes essential. A2A provides a common language for collaboration, built on familiar web primitives such as HTTP, JSON-RPC, and event streams. Conceptually, A2A can be seen as email, calendars, and APIs for agents: it enables coordination without assuming a single vendor, framework, or runtime.
3) ACP: the often-missed sibling
Alongside A2A, there is ACP (Agent Communication Protocol), which represents a parallel approach to agent-to-agent communication, emerging largely from enterprise ecosystems. ACP exists because A2A is not the only plausible vision for agent collaboration. Enterprise environments often prioritise orchestration, governance, reliability, and long-running workflows, and ACP reflects those priorities. A useful mental model is to think of ACP as an enterprise-grade alternative to A2A. This mirrors earlier technology history, where multiple communication styles such as REST and gRPC coexist rather than converge into a single standard.
4) UCP: Universal Commerce Protocol
The Universal Commerce Protocol (UCP) standardises how agents interact with merchants across the full commerce lifecycle: discovering products, building carts, applying discounts, and initiating checkout. Today, commerce is tightly coupled to websites and apps designed for human interaction. UCP decouples commerce from interfaces and makes it agent-native. In simple terms, UCP enables checkout without a website. Crucially, it does this without removing control from businesses. Under UCP the merchant remains the merchant of record and the business rules, policies, and compliance logic stay server-side. UCP is designed to integrate with existing agent layers such as A2A and MCP, rather than replacing them.
5) AP2: Agentic payments and proof of intent
AP2 addresses one of the most sensitive capabilities an AI agent can be given: the ability to move money. It defines how agents initiate payments in a way that preserves verifiable user intent, creates audit trails, and enforces safeguards around spending and authorisation. Existing payment rails such as card networks, banks, and payment processors were designed for humans explicitly clicking buttons or approving transactions, not for autonomous systems acting on delegated authority. AP2 exists to bridge this gap. A useful mental model is to think of AP2 as parental controls, receipts, and legal proof combined for AI payments. It does not replace Visa, Stripe, or banking infrastructure; instead, it adds a trust and accountability layer on top, ensuring that agent-initiated transactions remain traceable, controllable, and legally defensible.
Together, these protocols form a layered stack rather than a single monolithic standard. MCP enables access to tools, A2A and ACP enable coordination between agents, and UCP enables agents to participate in commerce. The presence of overlapping approaches particularly between A2A and ACP signals that the agentic ecosystem is still evolving. As with earlier internet infrastructure, diversity at this stage is a feature, not a failure, reflecting different technical needs, governance models, and visions of how autonomous systems should operate.
Here is the full stack in one place:
This layered approach explains why no single protocol can win alone. Each solves a different problem. You might ask: Don’t we already have APIs, OAuth, and payment standards? We do, but they were not designed for autonomous delegation. Traditional technical standards are built around a set of assumptions that no longer hold in agentic systems: a human explicitly clicks “buy,” permissions are manually approved by a user, and a single system executes a clearly bounded task. Agentic systems break each of these assumptions. Tasks are often multi-step and long-running, agents may delegate subtasks to other agents, and decisions must be explainable after the fact rather than at the moment they are made. As a result, the emerging agentic protocols are not designed to replace existing standards, but to sit on top of them, extending familiar infrastructure with the additional layers of coordination, delegation, intent, and accountability that autonomous systems require.
Despite rapid progress, several important gaps remain. First, agent identity and trust are still unresolved: there is no universal way to determine who operates an agent, whether it has been certified or attested, or which domains it is authorised to act in. Without clear answers to these questions, large-scale agent ecosystems remain inherently risky. Second, consent has not yet become a true first-class object. User intent needs to be machine-readable, scoped through limits such as spending thresholds, categories, or time windows, and fully revocable. While AP2 begins to move in this direction, the approach is still early and incomplete. Finally, end-to-end accountability remains a challenge. When an agent books travel, applies a discount incorrectly, or triggers a chargeback, it is often unclear who is responsible, what evidence exists, and how liability should be shared across systems. As a result, these protocols are evolving into governance mechanisms as much as technical specifications, shaping how responsibility and trust are embedded into AI systems by design.
Based on current trajectories, three developments are especially likely. First, coexistence rather than convergence will define the agentic ecosystem: just as the web supports multiple protocols serving different needs, agent systems will rely on several overlapping standards rather than a single winner. Second, gateways and adapters will become critical infrastructure. Middleware capable of translating between A2A, ACP, UCP, and payment systems will be essential for interoperability, much like API gateways are today. Third, protocols will quietly take on a regulatory role. Instead of governments specifying technical implementations line by line, protocol rules will increasingly embed policy requirements such as spending limits, transparency, auditability, and safety by design. This evolution mirrors earlier moments in digital infrastructure, where standards like PCI-DSS shaped online payments and OAuth shaped modern identity and access management.
Agentic protocols determine who controls economic power, how trust is distributed across systems, and how much autonomy machines are ultimately allowed to exercise. They are not neutral plumbing hidden deep in technical stacks; they function as the constitutional layer of AI systems, quietly setting the rules of participation, authority, and responsibility. Understanding these protocols early is therefore essential not only for developers building agentic systems, but also for policymakers, businesses, and the public, all of whom will be affected by the constraints and freedoms these standards encode into the future of AI.
The future of AI is not just about smarter models. It is about shared rules for action. A2A, ACP, MCP, UCP, and AP2 together form the early blueprint of an agentic world, one where software doesn’t just respond, but participates. And as with the early internet, the protocols we choose today will quietly shape power, trust, and accountability for decades to come.