TLDR: AI shopping agents don’t just follow your instructions. They also follow platform defaults, ranking systems, developer incentives, and merchant pressures. Governance is the layer that decides whose rules bind the agent before it spends your money, and right now that answer is still unsettled.
Follow the series: Part 1 • Part 2 • Part 3 • Part 4 • Part 5 • Part 6 • Part 7 (this)
In autumn 2025, a stationery brand called Bobo Design Studio woke up to orders it never expected.
Its products had appeared inside the Amazon app, listed by an AI agent that had scraped them from the brand’s own website and started selling them to Amazon shoppers, without the brand’s consent.
The founder said she’d been forced to act as a dropshipper on a platform she’d chosen to avoid. More than 180 other sellers reported the same thing, with over 500,000 products scraped and listed.
That’s the issue under Layer 7. Authority drew the permission line, and Liability set who pays when things break. Governance asks who the agent works for, and who governs what it does before it acts.
There’s a stack of decisions resting above every purchase, and little of it reaches the buyer: defaults chosen on your behalf, ranking functions you can’t inspect, and competing interests that rarely point the same way.
Under current law, the company behind your AI agent owes duties to its shareholders, not a fiduciary duty to you. Regulators have begun pointing out this risk, and researchers are sketching alternatives.
But the agents are buying now, and the rules to bind them are arriving slower than the technology.
Defaults are the first governance layer
The first governance decision in agentic commerce takes the form of a default, set on the buyer’s behalf. You’ve likely encountered such defaults before:
- Payment providers like PayPal turn on auto-conversion for multi-currency transactions, which nets them a 2% fee
- Platforms like WooCommerce and Apple automatically default payments to WooPay or Apple Pay
Defaults are framed as convenience, but they ultimately serve the platform setting them. It pays to scrutinize and actively set or change any defaults you encounter when shopping.
Of course, this isn’t always possible; sometimes by design.
Start with which agent you can use at all. Amazon runs a closed garden: its own assistant, Rufus, and its Buy for Me feature work inside Amazon, while the company has blocked dozens of outside agents from its store. So the platform, not the shopper, picks which agent reaches the catalogue.
Then there’s the logic the agent runs on. Picture an agent told to buy a phonograph under a fixed budget. It finds two identical sellers and picks the pricier one, because its developer trained it to weight a value the buyer never chose (e.g., a stated commitment to ending animal cruelty). The agent does its job and overrides the buyer’s instruction.
Scale these defaults across millions of people and transactions and you get undue influence over people’s money and choices.
Fighting to be the agent’s pick
When an agent recommends a product, something decided that product should win. That something is a ranking function, and a whole craft has grown up around bending it.
Where brands once fought to rank high on a results page (SEO), they now fight to be the answer an AI agent selects (Agentic Engine Optimisation).
By March 2026, traffic reaching US retail sites from AI sources converted 42% better than non-AI traffic, a reversal from a year earlier, when it converted 38% worse. So brands now clamour to be the product an agent picks.
But the function doing the picking is opaque. The factors that decide which product wins vary by AI platform: data quality, pricing, availability, engagement signals.
The platform sets the weights, the merchant optimises against them, and the buyer sees a final recommendation without understanding the tuning behind it.
The loyalty problem
There’s a body of law built for this. When one party acts for another, agency law imposes a duty of loyalty: the agent puts the principal’s interests first, discloses conflicts, and hands over every benefit of its actions. AI shopping agents meet almost none of that test.
By default, these systems don’t show the single-minded loyalty the law expects of a human agent, at least not toward the user. There’s a structural reason.
The developer has no inherent fiduciary relationship with the end user: it owes duties to its shareholders, perhaps to the business deploying its model, but not to the person whose money the agent spends. Only the deploying firm carries a duty to that person.
So a split has opened between two kinds of agents. Researchers call them platform agents, loyal to the company that runs them, and agent advocates, loyal only to the user, and they warn that platform profit incentives push development toward the first.
There’s one exception: a person who builds their own agent, wired to the services they pick, is also its developer, and the loyalty problem mostly dissolves. But that’s a rare case, and not how most people will meet agentic commerce.
The conflict-of-interest stack
The conflicts above aren’t the only ones. They’re three rows in a longer table, and the buyer stands at the centre of all of them.
| Parties in tension | What each optimises for | Who absorbs the cost |
| Developer vs user | Training objectives | User: hidden preference weighting, toggled defaults in settings |
| Deployer vs user | System-prompt incentives | User: restricted or weighted options |
| Platform vs user | Ranking function, catalogue fees | User: recommendation tilted by placement |
| Merchant vs deployer | Margin vs transaction volume | Merchant: loses the customer relationship |
| Merchant vs platform | Net margin vs price visibility | Merchant: funds the volume and the price win |
| User vs taxman | Delegated cross-border buying | User: unplanned compliance burden |
Take the merchant again. Amazon expects Buy for Me to drive over $10 billion in annual sales, and the brands pulled into it gain orders while losing the customer relationship in one motion.
Underneath that runs a pricing squeeze. Agents read price as a ranking signal, so a merchant who wants to remain visible cuts prices and gives up margin to hold its place. The buyer collects the savings, the platform collects the volume, and the merchant funds both.
Then there’s the least visible party at the table, the taxman. When an agent buys across borders and folds discounts, points, and split payments into one automated checkout, the records that VAT and sales tax depend on scatter.
No jurisdiction has written rules for this. The US consumer-protection rule for electronic transfers, Regulation E, gives no clear framework for agentic purchases, and state legislators are only beginning to ask how autonomous buying changes the law.
What agentic commerce governance looks like now
In March 2026, the UK’s Competition and Markets Authority published a policy paper alongside its consumer-law guidance, warning that an agent built to find the best deal might not prove a faithful servant, and could steer buyers toward pricier or less suitable options, with personalisation making the steering harder to spot.
It also warned that highly adaptive agents could amplify the manipulative design tricks known as dark patterns, especially when tuned for engagement or conversions.
Researchers are targeting the same problem from the other side. The agent-advocate proposal from earlier argues that some consumer interactions should be handled only by agents loyal to the user.
A newer paper on the agentic web, from researchers at Vanderbilt, Johns Hopkins, and elsewhere, argues that agents could cut switching costs and walk people around walled gardens, but only with governance built in; without it, platform agents harden the imbalance that already exists.
It all comes down to governance
Run back through the series and a shape appears. Execution settled what an agent could buy, Infrastructure carried the transaction, Preferences tried to specify it, and Judgement made the call the rules couldn’t. Authority drew the permission line, and Liability set who pays when it breaks.
Each handles a piece, but none governs the agent itself.
Governance asks who writes the rules the agent follows, who watches it run, who answers across the chain of developer, deployer, merchant, platform, and bank, and who keeps the power to switch it off.
But these seven layers don’t exhaust the subject. We must still grapple with harder questions, like the tax problem, for example, or the multi-agent problem: when your buying agent talks to a merchant’s selling agent, which talks to a logistics agent, who governs the chain?
And there’s B2B, where a single delegated purchase (buy 20 new laptops for Finance) carries institutional weight.
Picture an employee asking a workplace agent to order equipment, and the agent clearing the requisition with Finance, buying through a corporate account, and reconciling the invoice back to Finance, every step a person once handled now folded into a workflow.
Those are the next chapters. The agents are already transacting, but governance is still being built.