Yesterday Google rolled out AP2. Key summary bullets

• I applaud Google’s efforts to advance AP with first focus on enabling a “Trusted Agent Economy”. AP2 (V0.1) on establishing the core architecture and enabling the most common use cases (cards, data payloads to support VC, human in the loop scenarios with step up). 
• Long list of supporting participants including MA and Amex. However, no other AI platforms, nor Visa, Paze, or US Banks. 
• Good detailed documentation on initial flows (see Github)
• Introduction of Verifiable Credentials (VC) as the core of AP2 with a recognition that merchants (who own risk) may also need transaction fraud data. 
• A twist on the identity provider of VC to become the [Payment] Credential provider, with initial focus on cards, Google has stated goal of designing AP2 to support stablecoin, push payment and other payment types. This “sets up” Visa and Mastercard to retain their roles as the authentication infrastructure for the internet, while also allowing for other networks (India UPI) and seperate identity providers (eID) to operate with the role.
• My read is that Google has given up hope of making AP2 work in US, as Visa’s intelligent commerce framework is further along.  How tokens, Issuers and networks work within AP2 is not a big technical effort, but there are several things missing from AP2, for example the rule sets (3DS, DAF, TAF, …etc) which the credential (and transaction) operates under. 
• The framework is solid, authentication will be a huge part of the challenge here.  Payment networks must control how authentication is performed by with their credentials. Visa and mastercard are the authentication infrastructure for the internet for a reason. Its not the technology, it is the governance, standards, enforcement and the operating rules which govern WHO OWNS THE RISK when authentication has broken. See Identity Models and Governance https://blog.starpointllp.com/?p=6470 
• Of course stablecoins could work here, but guess who owns the risk when something happened that wasn’t authorized? There is no bank to complain to.. Your automated agent made a mistake and you (the consumer) have the loss.
• AP2 will be successful as the communication protocol for between agents and stakeholders, but it requires credential providers with strong governance and operating rule constructs. Visa, MA, Amex, UPI/UIDAS and PayPal all fit that bill.  The challenge with this dependency is that the control points for progress are complex, as any change in a network requires buy in from existing stakeholders.
• Expect Google to demonstrate the technical efficacy of AP2 with Stablecoin or Crypto first, and then look to adapt AP2 needs to credential providers
• While the EU is the best market for Google to begin with, regulators are not keen on doing anything to help US big tech. My recommendation to Google is work on a US focus plan B that will involve US credential providers (ie Visa and Visa banks). AP2 can be the protocol, but most of it will need to operate within the authentication and rules of the credential provider.