The gating questions take a generic AI agent acting for a generic principal and ask, in order, what determines whether agentic commerce on tokenised rails is operationally workable in a given jurisdiction. The instrument-by-instrument view that follows is the answer applied to each of the major tokenised money types.
The five gating questions
Can the agent hold a wallet. Yes on every major public chain, pseudonymously. On most permissioned chains, the wallet is provisioned to a participant who can grant signing authority internally without the chain caring how the delegation is implemented. See Permissioned blockchains for the chain-level mechanics.
Can the agent be the legal subject of a transaction. No. A transaction signed by the agent is, at law, a transaction by the principal acting through the agent.
Does existing agency-and-authority law accommodate this. Yes, in substance. The doctrines do not require a natural-person agent. The novel questions concern hallucination, prompt injection, and acts outside the authority. The doctrines have answers in principle, but the case law on LLM-driven agents is thin.
Does the agent satisfy KYC and anti-money laundering (AML) obligations. The verification is on the principal, not the agent. A bank onboarding a corporate principal runs KYC on the corporate, documents the authority granted to the agent, and accepts the resulting transactions as transactions of the corporate. The agent is not a separate AML subject in any current published regime. The unanswered question is whether sanctions screening obligations attach to the agent's reasoning process or only to the transaction at the chain level.
Does the operator's licence allow this. For tokenised deposits, most banking licences neither contemplate nor prohibit agent-initiated transfers; the bank's operational policies typically require human-in-the-loop above a threshold, but that is policy, not licence. For a tokenised MMF, the question is whether the smart-contract whitelist logic extends to agent-controlled wallets owned by an eligible principal. For a stablecoin issuer under MiCA, the GENIUS Act, the HK Stablecoins Ordinance, the Japanese Payment Services Act (PSA), or the MAS framework, the issuer's licence governs issuance and redemption while chain-level transfer is outside the issuer's perimeter except via blocklist powers.
The composite answer: agentic commerce is operationally workable today on almost every tokenised rail, with the regulatory perimeter mostly silent rather than hostile, and the legal hook resting on traditional agency law that has not yet been tested in significant agentic disputes.
Instrument-by-instrument
Payment stablecoins on permissionless chains. Bearer-style at the chain level, transferable to any address not on the issuer's blocklist. The most accommodating instrument for agent custody in technical terms. The agent needs a wallet, not a bank or fund account or any prior issuer relationship. Constraints sit at the issuer level: sanctions screening, blocklist powers, and source-of-funds controls when the principal interacts with the issuer for primary issuance or redemption. For micropayments, API monetisation, and machine-to-machine settlement, this is the natural instrument.
Regulated stablecoins. Same chain-level mechanics, sharper issuer perimeter. MiCA contemplates human and corporate use; agentic use is not specifically addressed. The HK Stablecoins Ordinance has intermediary custody provisions that can apply when the agent custodies tokens for a human principal. The MAS framework, covered in Stablecoin types, does not have agent-specific provisions but sits within the broader MAS Project Orchid programmable-money work. The GENIUS Act perimeter is consistent with agentic use because it places the regulatory weight on the issuer rather than the holder; chain-level transferability is preserved and the issuer's redemption obligation runs to the legal holder regardless of whether that holder is a corporate principal acting through an agent.
Tokenised money-market funds (BUIDL, FOBXX, OUSG). Permissioned transfer at the contract level, restricted to whitelisted addresses representing eligible holders. The agent can be the on-chain custodian only if its wallet is whitelisted, which requires KYC of the principal and a documented relationship with the fund's transfer agent. Operationally more demanding than the stablecoin case but technically supported by every major tokenised MMF in production. BUIDL's transfer-agent stack at Securitize is the most-cited example. Tokenised MMFs accrue yield, which makes them the natural rail for agent-routed treasury allocation.
Tokenised deposits. Bank-side perimeter. The agent or its principal holds an account at the bank, the bank's KYC and AML apply to the principal, and the chain enforces the bank's whitelist. Programmable conditional payments are technically straightforward on Kinexys, Partior, and the Project Ensemble tokenised deposit layer. The unresolved question is whether the bank's operational policies allow agent-initiated transfers without human-in-the-loop above whatever threshold the bank has set. The regulatory framework does not block agentic flows in tokenised deposits; operational gating is internal to each bank.
Wholesale CBDC (wCBDC). Restricted to institutions with central bank settlement accounts, as covered in 08 wcbdc vs tokenized deposits. Agents do not have such accounts. wCBDC is not directly accessible to agentic commerce; it is the underlying settlement layer. When an agent moves tokenised deposits between banks, cross-bank settlement may settle in wCBDC underneath, but the agent is not transacting in wCBDC.
The instrument hierarchy matters because the choice of rail determines the operational shape of the flow. A stablecoin-denominated agentic micropayment for an API call is a different product from an agent routing corporate treasury between a tokenised MMF and a tokenised deposit at quarter-end. Both are agentic commerce. They sit at different points on the perimeter.