Gap Analysis
The complete capability matrix showing what every agentic commerce protocol handles versus defers -- and where the legal layer is missing.
The Capability Matrix
| Capability | MPP | ACP | UCP | x402 | AP2 | Visa TAP | Mastercard | ALC |
|---|---|---|---|---|---|---|---|---|
| Payment challenge/response | Yes | -- | -- | Yes | -- | -- | -- | -- |
| Payment authorization (scoped) | Yes | Yes | Yes | -- | Yes | Yes | Yes | -- |
| Merchant accept/decline | -- | Yes | Yes | -- | Yes | -- | -- | -- |
| Cryptographic consent proof | -- | -- | Partial | -- | -- | Yes | -- | Yes |
| Terms identified by hash | -- | -- | -- | -- | -- | -- | -- | Yes |
| Explicit terms acceptance | -- | -- | Partial | -- | -- | -- | -- | Yes |
| Terms bound to payment | -- | -- | -- | -- | -- | -- | -- | Yes |
| Terms versioning | -- | -- | -- | -- | -- | -- | -- | Yes |
| Dynamic negotiation | -- | -- | -- | -- | -- | -- | -- | Yes |
| On-chain agreement record | -- | -- | -- | -- | -- | -- | -- | Yes |
| Party identity (who agreed) | -- | Partial | Partial | -- | Partial | Partial | Partial | Yes |
| Escrow / conditional release | -- | -- | -- | -- | -- | -- | -- | Yes |
| Dispute resolution | -- | -- | -- | -- | -- | -- | -- | Yes |
Reading the Matrix
The pattern is consistent across every column: payment and authorization capabilities are well-served. Legal capabilities -- the bottom half of the table -- are universally absent.
- Terms identified by hash: No protocol content-addresses its terms documents. Terms are typically prose at a URL, with no integrity guarantee.
- Explicit terms acceptance: Only UCP partially addresses this through its cryptographic mandate model, but UCP explicitly declares enforcement as out-of-scope.
- Terms bound to payment: No protocol creates a provable link between a specific payment and the specific terms that governed it.
- Terms versioning: No protocol tracks which version of terms was in effect for a given transaction.
- Dispute resolution: No protocol provides a mechanism for resolving disputes. All assume this is handled externally.
By Protocol Category
Payment Protocols (MPP, x402)
Handle: Value transfer, challenge-response flows, credential presentation, settlement.
Defer: Terms publication, acceptance, versioning, disputes, enforceability.
Commerce Protocols (ACP, UCP, AP2)
Handle: Checkout lifecycle, consent collection, payment orchestration, multi-step purchase flows.
Defer: Terms binding to specific transactions, explicit acceptance with cryptographic proof, agreement integrity, dispute resolution.
Identity Protocols (Visa TAP, Mastercard Agent Pay)
Handle: Agent registration, PKI certificates, authorization verification, KYA.
Defer: What the agent agreed to, under what terms, with what authority to accept those specific terms.
Authorization Protocols (Tempo Keychain, EIP-7702)
Handle: Spending limits, session keys, delegation scope (financial).
Defer: Legal scope -- what terms an agent can accept, liability boundaries, dispute resolution preferences.
The Legal Authorization Gap
Current agent authorization models capture financial scope but not legal scope:
| Model | Financial Scope | Legal Scope |
|---|---|---|
| Tempo Account Keychain | Token spending limits, expiry | None |
| ACP Shared Payment Tokens | Payment amount, merchant | None |
| UCP Cryptographic Mandates | Transaction terms (price, items) | Partial (checkout only) |
| EIP-7702 Delegations | Function call permissions | None |
What is missing: an authorization model that captures the human's intent about which legal terms the agent may accept. Examples of legal scope:
- "Agent may accept standard SLAs but not indemnification clauses exceeding $X"
- "Agent may agree to data processing terms that comply with GDPR"
- "Agent may not accept arbitration clauses -- all disputes must be in courts of jurisdiction Y"
- "Agent may negotiate price and delivery terms but liability terms are fixed per template Z"
This is the terms policy -- analogous to financial spending limits but for legal terms. The Agent Legal Context protocol provides this through the tokenizer and terms validation resolver.
The Conclusion
Every protocol category defers terms, disputes, and enforceability. This is not a flaw in any individual protocol -- it is a missing layer in the stack.
The Agent Legal Context protocol provides that layer. It uses existing extension mechanisms in each protocol. It requires no core specification changes. It scales from zero-effort (Tier 1 implicit acceptance) to full legal infrastructure (Tier 3 negotiated terms).
The gap is structural. The solution is complementary.
Protocol Integration
Protocol-by-protocol integration tables showing exactly how ALC embeds into MPP, ACP, UCP, x402, Visa TAP, A2A/MCP, AP2, and Mastercard Agent Pay.
Trust in Depth
The four-layer trust framework from the Fisher/McCormack white paper, and how it composes into robust trust for agentic commerce.