The Problem
Every agentic commerce protocol defers the legal layer. None handle terms, acceptance, disputes, or enforceability.
As of March 2026, over twenty agentic commerce protocols enable AI agents to discover services, negotiate prices, authorize payments, and execute transactions autonomously. None of these protocols address what happens when a transaction goes wrong.
This gap is structural, not accidental.
What Legal Context Means
The companion white paper, "Identity, Trust, and the Legal Foundations of Agentic Commerce" (Fisher & McCormack, 2026), defines what legal context means for the agentic era:
- Jurisdiction — every transaction must be connected to a governing legal framework
- Terms — recorded permanently, independently verifiable, controlled by neither party
- Temporal obligations — liability allocation, performance standards, breach remedies, implied warranties, and method of recourse that extend beyond the moment of exchange
- Evidentiary integrity — a neutral, independently verifiable record
- Intent — connection back to human deliberation and consent
Today, none of this is discoverable. An agent transacting with a service has no standard way to find the legal context governing that transaction.
The Gap Analysis
| Capability | MPP | ACP | UCP | x402 | AP2 | Visa TAP | Mastercard Agent Pay | LCP |
|---|---|---|---|---|---|---|---|---|
| Payment challenge/response | Yes | -- | -- | Yes | -- | -- | -- | -- |
| Payment authorization (scoped) | Yes | Yes | Yes | -- | Yes | Yes | Yes | -- |
| Merchant accept/decline | -- | Yes | Yes | -- | Yes | -- | -- | -- |
| Cryptographic consent proof | -- | -- | Partial | -- | -- | Yes | -- | Yes |
| Terms identified by hash | -- | -- | -- | -- | -- | -- | -- | Yes |
| Explicit terms acceptance | -- | -- | Partial | -- | -- | -- | -- | Yes |
| Terms bound to payment | -- | -- | -- | -- | -- | -- | -- | Yes |
| Terms versioning | -- | -- | -- | -- | -- | -- | -- | Yes |
| Dynamic negotiation | -- | -- | -- | -- | -- | -- | -- | Yes |
| On-chain agreement record | -- | -- | -- | -- | -- | -- | -- | Yes |
| Party identity (who agreed) | -- | Partial | Partial | -- | Partial | Partial | Partial | Yes |
| Escrow / conditional release | -- | -- | -- | -- | -- | -- | -- | Yes |
| Dispute resolution | -- | -- | -- | -- | -- | -- | -- | Yes |
Every row defers terms, disputes, and enforceability to "someone else." That someone else does not exist today.
The Structural Cause
The omission is not oversight. Each protocol category was designed to solve a specific problem:
Payment protocols (MPP, x402) solve the question: "How does an agent pay for a service?" They handle challenge-response flows, credential presentation, and settlement on stablecoin rails.
Commerce protocols (ACP, UCP, AP2) solve the question: "How does a multi-step purchase work?" They handle cart assembly, checkout lifecycle, consent collection, and payment orchestration.
Identity protocols (Visa TAP, Mastercard Agent Pay) solve the question: "How do you know who the agent is?" They handle agent registration, PKI certificates, and authorization verification.
Authorization protocols (Mastercard Verifiable Intent, AP2 mandates, TAP signatures) solve the question: "What is the agent allowed to do?" They handle spending limits, delegation scope, and consumer authorization chains.
None of them solve: "What were the terms? Did the agent accept them? What happens if something goes wrong?"
Why This Matters Now
The urgency is driven by converging forces:
- The GENIUS Act (signed July 18, 2025, effective ~November 2026) establishes the federal framework for payment stablecoins. Trillions in bank deposits will flow onto blockchain settlement rails -- every transaction will need legal context.
- Tempo mainnet launched March 18, 2026 -- Stripe's stablecoin settlement layer is live, with sub-second finality and sub-millidollar fees. The payment rails are operational. The legal layer is not.
- NIST AI Agent Standards Initiative (February 2026) covers security, identity, authorization, and interoperability -- but has no mention of legal context, dispute resolution, or terms enforcement.
- eIDAS 2.0 mandates EUDI Wallet for every EU citizen by end of 2026 -- identity infrastructure is arriving, but agreement context is not.
What Is Missing
A system that lets agents pay but provides no mechanism for resolving problems when payments go wrong, services fall short, or obligations are not met is fundamentally incomplete. Consider what is missing:
- No terms binding -- An agent pays for a service. Six months later, a dispute arises. Which terms were in effect? There is no protocol-level proof.
- No acceptance record -- An agent accepts an SLA on behalf of its principal. Can anyone verify that the acceptance happened, by whom, under what authority?
- No dispute resolution -- A service fails to deliver. The payment has settled. Now what? Every protocol assumes this is someone else's problem.
- No agreement integrity -- Terms change. The vendor updates their website. The old terms are gone. There is no immutable record of what was agreed.
The Trust in Depth white paper (Fisher and McCormack, 2026) frames this precisely: "A transaction is a moment. An agreement is a relationship that extends in time." Deterministic payment execution is necessary but insufficient. The legal layer -- terms, disputes, enforceability -- is what transforms a transaction into an agreement.
The Discoverability Problem
Before any of the above can be solved, there is a more fundamental problem: legal terms have no standard location.
Today, legal terms are scattered:
/terms,/tos,/legal/terms-of-service,/about/legal- A PDF buried three clicks deep
- A footer link to a different domain
- Nowhere at all
An agent visiting a new service has no idea where to find the terms. A human barely knows. There is no convention.
/.well-known/legal-context.json creates the convention: legal terms are always in the same place.
This is the foundation. Everything else -- hashing, verification, on-chain anchoring, dispute resolution -- can be built on top of discoverability. But without it, nothing else is possible. Discoverability requires zero technology beyond a web server serving a JSON file.
The Opportunity
The gap is not a flaw in any individual protocol. It is a missing layer in the stack. The Legal Context (LCP) protocol provides that layer -- complementing, not competing with, every existing protocol.
See The Standard for how it works.