The Rise of AI in Commerce: From Clicks to Agents

AI is widely regarded as the next major business trend, constantly finding new ways for application and achieving remarkable results across diverse sectors. Today, we focus on the transformative relationship between AI and the world of (e-)commerce. Industry giants like Mastercard have identified AI-driven commerce as a defining trend for the coming years (link). This shift involves massive capital; McKinsey research estimates that between $3 to $5 trillion will flow through AI agents globally by 2030 (link).

This evolution introduces a complex new category of questions for both merchants and clients. As Large Language Models (LLMs) become increasingly adept at comprehending user requests, businesses must adapt to an environment where AI takes on increasingly complex tasks.

• Merchants must anticipate that an AI agent, not just a human, will be purchasing. Agents primarily rely on structured, machine-readable metadata. Sellers must prepare machine-readable product catalogs, adjust the purchasing process and resolve questions about whether they can sell the given product to the Agent.
• Payment networks must prepare for the fact that authorized Agents will be making purchases and optimize fraud risk.

1. Changing User Behavior: The End of Traditional UX?

AI is fundamentally changing how we behave online. The traditional search engine model is shifting as users direct complex queries to AI agents for comprehensive resolution.

• From Specifics to Ambiguity: In the future, reliance on explicit user requirements will decrease. Agents will handle ambiguous prompts like “I think my trousers are a little bit worn” or “I may need a bigger size”.
• The Autonomous Household: In fully autonomous homes, AI will manage routine tasks, such as automatically refilling the fridge when the milk supply drops below two liters.
• The Irrelevance of “Puppies”: Traditional human-centric UX metrics—time spent on a page, interactions, or the use of emotional “love brands” and “puppies” in pictures to evoke feelings—will be of no use to AI agents. While these remain critical in hybrid environments, they lose all relevance in purely agent-driven transactions.

2. The Supplier Revolution: Infrastructure and Logistics

Future e-commerce platforms must serve two masters: human consumers and AI agents. This requires a full-spectrum adaptation, from sourcing products based on trusted reviews to managing delivery logistics and completing payments.

The Seller’s Checklist

Sellers must anticipate that an AI agent, not just a human, will be the purchaser. This necessitates several changes:

• Problem management: AI will automate processes like change, incident, and in general problem management. For example, an Agent could automatically initiate a change based on collected data: “Based on collected feedback, please do not use our product with this setting or together with this product.”
• Machine-Readable Data: Agents primarily rely on structured metadata, though they can interpret images via multimodal capabilities.
• Structured Catalogs: AI agents do not need aesthetically pleasing pages; they demand highly structured product catalogs (feeds).
• Identity Management: Merchants must resolve under which identity an AI purchases and whether they are legally permitted to sell a specific product to an agent.
• Direct-to-Consumer Shift: This setup favors direct manufacturers who can populate their own data feeds. Traditional e-shops will face extreme pressure to create “managed services” or bundled packages to justify their place in the revenue stream.

Infrastructure and Support

Support systems, such as payment networks, must prepare for authorized agents and optimize for new fraud risks. Banking and e-commerce are already served by some of the most advanced AI fraud detection systems. However, new challenges arise: How many units can an agent buy? Can it buy restricted goods like alcohol? Who is responsible if an agent “hallucinates” and buys nonsense?. Even logistics must be optimized by AI, deciding between options like pick-up from a storage box or a courier delivery.

3. The Metadata-Rich Partnership

The future of commerce suggests that buyers will acquire not just a product, but its rich, associated metadata. This enables a continuous partnership where the product’s value is sustained by an intelligent digital layer.

This model envisions a Personal AI Agent acting as a proactive proxy. This agent will engage in complex dialogues with the producer’s AI to manage the entire product lifecycle:

• Parameter Negotiation and Optimization: The personal AI could engage in real-time negotiation with the producer’s agent to fine-tune product parameters, such as performance settings, energy consumption profiles, or material specifications, ensuring the product perfectly matches the buyer’s unique needs and preferences.
• Contextual Data Sharing: Securely and selectively share the buyer’s specific usage settings, environmental data, or integration requirements (e.g., smart home protocols, other connected devices) to optimize the product’s operation within its ecosystem.
• Lifecycle Management: Handling software updates, monitoring security vulnerabilities, and managing upgrades based on usage analysis.
• Proactive Feedback: Relaying operational data back to the producer for immediate, data-driven improvements, patches or service adjustments.
• Obsolescence: Notifying the user of new versions and managing trade-ins or retirement of old items.
• Security Configuration and Vulnerabilities: Monitoring the product’s security posture, applying necessary configurations, and immediately addressing reported vulnerabilities with the producer’s agent.
• Accessories and Ecosystem Integration: Suggesting and managing compatible accessories or complementary products based on AI-driven usage analysis.
• Upgrades and Enhancements: Tracking available feature upgrades, assessing their value based on the buyer’s usage, and managing the upgrade process.

4. Regulation: The EU AI Act

The idea of fully autonomous households automatically reordering products sounds convenient — but legally, it opens a number of unanswered questions. EU consumer law is built around the assumption that a human actively makes an informed purchasing decision. 

• How do rules like explicit consent, pre-contractual information, or the 14-day withdrawal right apply if no human actually “clicked buy”?
• What about responsibility? Who is liable if an AI agent makes a mistake (misunderstands context, exceeds a spending limit, or orders the wrong product)? The user for giving ambiguous instruction? The AI provider for misunderstanding the request? The merchant who enabled automated purchasing?
• What about behavioral influence? Highly personalized and predictive systems may optimize convenience, but they can also blur the line between smart assistance and subtle manipulation — especially if they exploit financial vulnerability, habits, or cognitive biases. Most everyday agent-based shopping scenarios currently fall into a regulatory grey zone in consumer law and data protection rules. 

No matter the direction of development, AI solutions must respect certain boundaries. The EU AI Act (link) introduces a risk-based regulatory framework, classifying systems based on the threat they pose to safety and fundamental rights.

Importantly, most AI systems used in e-commerce will not fall into the high-risk category. However, certain practices may still trigger obligations.

Risk Classification Table

Risk Level	Description	E-Commerce Examples
Unacceptable	Banned systems for being fundamentally incompatible with EU values.	AI systems using manipulative techniques that materially distort a person’s behavior and cause significant harm. AI systems exploiting vulnerabilities of specific groups (e.g., children, elderly, or economically vulnerable persons) in a harmful way. Certain forms of social scoring, where individuals are evaluated over time and treated unfairly in unrelated contexts. Specific uses of real-time remote biometric identification in public spaces.
High-Risk	Heavily regulated but allowed.	AI used in credit scoring and access to essential financial services AI used in employment decisions (recruitment, evaluation, termination) AI used in education and exam scoring AI used in law enforcement, migration, or border control AI used to determine access to essential public or private services
Limited Risk	Requires transparency	Chatbots, deepfakes, and AI-generated product descriptions or images. Users must be informed that they are interacting with AI or consuming AI-generated content — unless this is obvious from the context. This category is highly relevant for e-shops.
Minimal Risk	No specific mandatory obligations.	Standard recommendation engines, inventory optimization, and demand forecasting.

Key Obligations for High-Risk Systems

Providers and deployers of high-risk AI must comply with strict requirements, including:

1. Risk Management: A continuous process to identify, analyze, and mitigate risks throughout the AI system’s lifecycle.
2. Data Governance: Training, validation, and testing data must be relevant, representative, and sufficiently free of bias.
3. Technical Documentation: Extensive documentation must be available enabling authorities to assess compliance.
4. Transparency and Instructions for Use: Clear information about system capabilities, limitations, and intended use.
5. Human Oversight: The system must allow for human supervision and intervention.
6. Cybersecurity: Meeting high standards for technical performance and security. 

Non-compliance can result in fines up to 15 million EUR or 3% of global turnover.

General Purpose AI (GPAI)

The EU AI Act sets requirements for GPAI models, specifically requiring providers to:

• Documentation: Draw up technical documentation, including the training/testing process and evaluation results.
• Information for Downstream Users: Provide documentation to downstream providers integrating the GPAI model, detailing its capabilities and limitations to ensure compliance.
• Copyright Compliance: Establish a policy to respect the Copyright Directive.
• Training Data Transparency: Publish a sufficiently detailed summary about the content used for training the model.

Models exceeding $10^{25}$ FLOPS in training compute are categorized as “systemic” and face additional scrutiny.

5. How we can help

AI is reshaping commerce — but successful transformation requires more than technology. It demands strategic clarity, regulatory confidence, and operational control.

At Next Studio Consulting, we help organizations turn AI from a compliance challenge into a competitive advantage. We assist in

• assessing AI use cases and develop Agent-based commerce strategy,
• classifying regulatory risk under the EU AI Act, 
• designing governance and oversight frameworks, and
• defining practical implementation roadmaps tailored to retail and B2B environments.

Our goal is simple: enable innovation without exposing your business to unnecessary legal, operational, or reputational risk. In a future where AI agents negotiate, decide, and transact autonomously, trust, transparency, and control will define market leaders. We help you build all three.

Following articles will focus on preparing the implementation roadmap and implementation requirements. The last article of this series will cover current activities of major AI players. We are going to explore available AI-commerce protocols, timing of deployments, structure of the feeds, etc.