Strategic Framework

The Agentic Commerce Framework

A structural taxonomy of autonomous buying. Six levels. One trajectory. From the human at the keyboard to the algorithm that needs no keyboard at all.

By Frank Meltke, contraco  |  May 2026

Level 0
Pure Manual
Human-driven orchestration
Level 1
Intent Matching
Algorithmic recommendation
Level 2
Data Routing
Contextual automation
Level 3
Delegated Execution
Semi-autonomous transaction
Level 4
Advanced Buy
Cross-ecosystem autonomous
Level 5
Closed Loop
Predictive, self-directed
The Taxonomy

Six Levels of Autonomous Buying

This framework traces the transition of AI from passive research assistant to fully authorized transactional proxy capable of managing enterprise-grade risk or consumer budgets without human initiation.

Autonomy Framework for Agentic Commerce Transactions, Level 0 to Level 5, based on SAE-J3016

A visual summary of the same six-level taxonomy, based on SAE-J3016, the standard used to classify autonomous vehicle automation. The formal classification used throughout this page, Pure Manual, Intent Matching, Data Routing, Delegated Execution, Advanced Buy, and Closed Loop, is detailed level by level below.

Full Architectural Taxonomy

Level 0 to Level 5: The Complete Analysis

The detailed level-by-level breakdown, exposure profiles, and governance implications for each maturity stage are published on the contraco Agentic Exposure Audit. As digital interfaces collapse, human-centric marketing must evolve into algorithmic product placement. For a structural analysis of this shift, explore our dedicated Agentic Exposure Diagnostics ↗. The peer-reviewable academic foundation behind this framework is published on SSRN: Agentic Commerce Governance Framework™ ↗.

Go to Agentic Exposure Audit ↗
The Underlying Reality

Moving up this ladder is less about improving the underlying model and more about the maturity of the infrastructure beneath it.

Reaching Level 4 requires three pillars to align simultaneously. Most organizations currently building "agentic" procurement capabilities are working on only one of the three. That gap is where transformation stalls.

01
Machine-Legible Feeds
Real-time, structured data pipelines from merchants. Not brittle web-scraping. Not cached product catalogs. Live, schema-consistent, API-native data that an agent can trust to make financial commitments. Google's Conversational Attributes (GML 2026) formalize this: supplemental product-level data feeds that enable agents to answer contextual questions beyond core attributes. Merchants without structured feeds will not exist to an agent at Level 4.
02
Persistent Identity Vaults
Deeply trusted, tokenized payment networks that allow secure, machine-driven financial settlement without exposing card numbers, routing codes, or credentials to the agent layer itself. Google's Agent Payments Protocol (AP2), announced at Google I/O 2026, is this pillar going live: cryptographically bounded spend authorization that lets an agent settle a transaction without ever holding the underlying credential. Most corporate identity providers, including Microsoft Entra, were built around human single sign-on and conditional access policies; they have no native concept of a delegated, spend-bounded machine identity. That gap, not the model's capability, is what AP2-style protocols exist to close.
03
Virtualized Cart Protocol
The architectural ability to decouple the frontend purchase experience from individual, siloed merchant checkout funnels. A universal basket that spans vendor boundaries is not a UX feature; it is a system integration challenge. Google's Universal Cart, rolling out summer 2026, is the first mainstream deployment of this protocol across Search, Gemini, YouTube, and Gmail simultaneously.

Most enterprise security architecture was built around a human at a keyboard: a session ID, a browser fingerprint, a web application firewall tuned to flag scripted traffic. An authorized agent transacting at Level 3 or above is, by design, scripted traffic moving at machine speed. It does not hold a session the way a browser does, and it does not pause for a CAPTCHA. The three pillars above are not optional refinements to agentic commerce; they are the only architecture that lets a machine buyer through the front door without security teams quietly disabling the controls built to keep automated traffic out. Skip them, and the outcome is not "no agentic commerce." It is agents bypassing tokenization and API boundaries entirely, because procurement pressure moves faster than security review.

Strategic Implications

What This Means for Your Organization

Where you sit on this ladder today determines what investments will actually generate ROI versus what will only add technical complexity without unlocking capability. It also determines who is exposed when something goes wrong: liability for an agent's actions does not stay theoretical once that agent has executed a transaction.

For Procurement Leaders

The transition from Level 2 to Level 3 is the most consequential decision in agentic commerce adoption. It is not a technology decision. It is a trust and governance decision. Before granting any agent Level 3 authorization, the organization must have:

  • A clear spend-mandate policy that an agent can parse as hard constraints
  • Tokenized payment rails that do not expose credentials to the model
  • Escalation triggers that return control to humans when bounds are exceeded
  • Audit logging that captures every transactional decision the agent makes
  • Legal counsel sign-off on who is liable when an agent executes a binding purchase outside its mandate; that liability does not disappear because no human clicked the button

For Technology Strategists

The model is not the bottleneck. Every major frontier model today is capable of executing Level 3 transactions if the surrounding infrastructure exists. Investment should be directed at:

  • Merchant API normalization (structured, reliable data contracts)
  • Identity and payment vault architecture separate from the agent layer
  • Cross-vendor cart protocol that does not depend on screen-scraping
  • Anomaly detection and spend-control systems that operate at transaction speed

For Brand and Channel Teams

At Levels 4 and 5, the human never sees a product page. The agent selects, compares, and transacts entirely within structured data feeds. This fundamentally reorders what "brand visibility" means:

  • Schema compliance becomes a distribution channel requirement, not an SEO nicety
  • Agent-optimized product data structures will determine search ranking
  • Trust signals move from visual design to verified data provenance
  • Price and availability accuracy become real-time brand equity factors

For Transformation Advisors

The organizations that will struggle are those treating agentic commerce as an AI feature rather than an infrastructure program. The contraco perspective, developed across 28 years of watching organizations misread the requirements of each digital wave:

  • Start by accurately diagnosing which level your infrastructure can actually support today
  • The gap between Level 2 and Level 3 has ended more pilots than any capability limitation
  • Governance architecture must precede technical deployment, not follow it
  • The closed loop at Level 5 is not a destination; it is a regulated utility to be managed

Travel is one of the clearest live cases of this ladder in motion. See the questions every operator needs to answer now →

Know exactly where you stand.
Then move deliberately.

contraco works with organizations navigating the transition between levels. Not to accelerate for its own sake, but to ensure the infrastructure, governance, and human readiness are in place before the commitment is made.

Start the Conversation Explore the Resonance Method™ →