UCP Compliance Checklist for Merchants 2026

Who this is for: Merchants implementing UCP in 2026 who need to confirm their setup meets PCI DSS, GDPR, agent identity, and audit trail requirements before going live — or before a compliance audit.

Why Compliance Is the Agentic Commerce Bottleneck

AI agents executing purchases on behalf of users introduce compliance complexity that traditional ecommerce never had to solve. The agent is not the customer. The agent may operate across jurisdictions. The agent may retry failed transactions automatically. And crucially, the agent leaves a data trail that regulators in healthcare, financial services, and the EU are already scrutinizing.

This checklist covers the four compliance domains that matter most for UCP merchant implementations in 2026: payment security, data privacy, agent identity, and audit trail. Use it before go-live and review it quarterly — the regulatory landscape is moving faster than the protocol itself.

Section 1: Payment Security (PCI DSS)

• ☐ Confirm your payment processor is PCI DSS Level 1 certified. For UCP transactions via Google Pay, Google handles the payment token — your responsibility is ensuring your processor accepts and logs Google Pay tokens correctly.
• ☐ Raw card data never touches your UCP endpoint. The /.well-known/ucp endpoint should return capabilities and pricing only — never card numbers, CVVs, or full payment credentials. Audit your endpoint response to confirm.
• ☐ Agent transactions are tagged at the processor level. Configure your payment processor to flag transactions originating from an AI agent (identifiable via the UCP agent-origin header) so they can be segregated in your PCI audit logs.
• ☐ Tokenized payments only for agent-initiated orders. Agents should never receive a one-time card number. Verify your checkout flow issues payment tokens (Google Pay token, Stripe PaymentIntent) rather than raw credentials.
• ☐ Chargeback policy covers agent errors. Define and document what happens when an AI agent places a duplicate order or orders the wrong item. Your dispute process must account for non-human actors.
• ☐ 3DS / SCA configured for agent transactions. For EU merchants, confirm your payment processor handles Strong Customer Authentication for agent-initiated purchases — some agents cannot complete interactive 3DS challenges.

Section 2: Data Privacy (GDPR / CCPA / US State Laws)

• ☐ Your /.well-known/ucp endpoint returns no PII. Product data, pricing, and availability only. Customer data must not be exposed through the discovery endpoint.
• ☐ Consent chain is documented for agent purchases. When an AI agent buys on behalf of a user, you must be able to demonstrate that the user consented to: (a) the agent having purchase authority, and (b) their data being shared with your store. This chain must be logged, not assumed.
• ☐ Data residency confirmed for your MCP server (if deployed). If you’re using MCP alongside UCP, verify that your MCP server processes and stores data in the correct jurisdiction. EU merchant data must not transit US servers without an adequacy decision or SCCs.
• ☐ Right to erasure covers agent-placed orders. A user’s GDPR erasure request must also erase orders placed by their AI agent. Confirm your order management system can identify and delete agent-sourced orders by user ID.
• ☐ Privacy policy updated to reference AI agent purchases. Most 2024-era privacy policies don’t mention AI agents. Add a section explaining that purchases may be completed by authorized AI agents acting on behalf of registered users.
• ☐ CCPA opt-out applies to agent behavioral data. If your site tracks user behavior to train or improve AI agent recommendations, California users must be able to opt out of that data sale/sharing.

Section 3: Agent Identity and Authorization

This is the compliance frontier that most merchants haven’t addressed yet. Regulators in financial services and healthcare are beginning to require that merchants verify who — or what — is placing orders.

• ☐ Your UCP implementation validates the agent’s identity header. UCP-compliant agents include an agent-origin identifier in requests. Log this header on every transaction so you can audit which agent placed which order.
• ☐ Agent authorization scope is defined per user. A user should be able to grant an agent “buy under $50 without confirmation” but not “buy anything without limit.” Confirm your checkout flow respects purchase authority limits set by users.
• ☐ Agent credentials expire. Any token or OAuth grant that authorizes an agent to act on a user’s behalf should have a defined expiry. Indefinite agent authorization is a security and compliance liability.
• ☐ Suspicious agent behavior triggers review. Implement rate limiting and anomaly detection on your UCP endpoint. An agent placing 50 orders in 60 seconds is a red flag — your system should pause and alert, not just process.
• ☐ Third-party agents are not given the same trust as first-party. If you accept UCP orders from agents you didn’t build, implement a trust tier: verified agent partners get full access; unknown agents get read-only product data only until verified.

Section 4: Audit Trail Requirements

Regulated industries (see our guide on agent commerce in regulated industries) face formal audit trail requirements. But every merchant benefits from logging agent transactions separately — it makes fraud investigation, chargeback resolution, and compliance reporting dramatically faster.

• ☐ Every UCP transaction logs: agent ID, user ID, timestamp, product SKUs, price at time of order, and agent authorization scope. This is the minimum audit record for agent commerce.
• ☐ Agent order logs are stored for the same retention period as human orders. Don’t create a two-tier system where agent orders are purged faster. Regulators will ask for them.
• ☐ Order mutations by agents are versioned. If an agent modifies a cart (adds items, applies a coupon, changes shipping), each mutation is timestamped and attributed to the agent, not the user. This matters for dispute resolution.
• ☐ Failed agent transactions are logged, not silently dropped. An agent that fails to complete a purchase should generate a failed-attempt log entry. Repeated failures on the same user/SKU combination are a signal worth investigating.
• ☐ Your ERP receives agent-tagged orders. The order record in your ERP should flag the agent source. See the UCP ERP integration guide for how to implement this in SAP, NetSuite, and Dynamics 365.

Section 5: Go-Live Readiness

• ☐ Google agent-readiness verification completed. Google requires merchants to pass a verification step before UCP purchases go live in AI Mode. This is not self-serve — factor 3–5 business days into your timeline.
• ☐ Sandbox testing completed with agent-simulated transactions. Run at least 20 simulated agent transactions covering: successful purchase, out-of-stock handling, price change mid-session, auth token expiry, and duplicate order attempt.
• ☐ Customer-facing disclosure in place. Users should know that AI agents can purchase on their behalf and understand how to revoke that authorization. Add this to your account settings and terms of service.
• ☐ Incident response plan covers agent malfunction. What happens if an agent places 500 orders in error? You need a documented process: order hold, agent token revocation, user notification, and refund SLA.
• ☐ Legal reviewed agent commerce terms. Your terms of service, returns policy, and merchant agreement with your payment processor should all reference agent-initiated transactions. Most standard agreements predate agentic commerce and have gaps.

Compliance by Industry: Elevated Requirements

For healthcare, financial services, and pharma-specific implementation guides, see Agent Commerce in Regulated Industries: Compliance Frameworks.

Related Resources

• UCP Merchant Implementation Guide
• UCP vs ACP vs MCP: Protocol Comparison
• UCP ERP Integration Guide
• Agentic Commerce Payments: Authentication and Authorization in 2026
• Agentic Commerce in Europe: GDPR Implementation Guide