UK retailers raise severe concerns over rising agentic AI shopping risks
58 per cent of UK online retail merchants believe AI-initiated transactions have already reached their platforms.
UK retailers are increasingly seeing AI agents carry out transactions on their platforms, but many remain unclear over who is liable when purchases go wrong, according to new research from The Payments Association.
The challenge is not simply "how do AI agents pay?" but how do organisations establish trust, authority, accountability and evidence when AI agents act on behalf of individuals?
Opens in new window or tab
The problem
AI agents are already making purchasing decisions and completing transactions on behalf of consumers, but the trust infrastructure has not kept pace.
Retailers cannot reliably determine:
Whether an AI agent was genuinely authorised to act.
What permissions the individual gave the agent.
Whether the agent acted within those permissions.
Which party is liable if something goes wrong.
How to distinguish legitimate AI agents from fraud or malicious automation.
What evidence exists to resolve disputes after the event.
Current payment, fraud and authentication systems were designed around human users, not autonomous software acting under delegated authority. As agentic commerce grows, retailers need more than payment authorisation—they need verifiable proof of authority, permission and accountability.
The solution
DataPal provides the trust and governance layer for agentic commerce by creating trusted, auditable data relationships between individuals, AI agents and organisations.
Using technologies such as MyKey, MyTerms and DataPal's permission and audit infrastructure, organisations can:
Verify the identity of both the individual and the AI agent acting on their behalf.
Record machine-readable permissions defining exactly what an AI agent is authorised to do.
Verify that transactions fall within those agreed permissions before execution.
Produce a complete, tamper-evident audit log showing who requested what, what was agreed, what data was shared and what actions the AI agent performed.
Enable clear allocation of responsibility between the individual, the AI agent provider, the merchant and payment providers.
Support emerging "Know Your Agent" frameworks with verifiable credentials, trusted permissions and cryptographic proof.
Rather than relying solely on trust in the AI model itself, DataPal creates verifiable trust in the relationship between the individual, their AI agent and the organisation.
In short, DataPal provides the missing trust infrastructure that allows AI-powered commerce to scale safely, with transparent permissions, auditable decisions and accountable digital interactions.
If you would like to find out more, arrange a Proof of Concept (PoC) or discovery session for your business then please contact us.

