China's JD.com Releases First Autonomous Payment Protocol for AI Agents, Ranging from L0 to L5

2026-06-12 15:22

Favorite

en.Wedoany.com Reported - JD.com has released the first protocol specifically designed for autonomous payments by AI agents in China—the Agent Autonomous Payment Protocol (JD A2P2 Protocol). The protocol aims to ensure fund security when users delegate consumption to AI, with every transaction being queryable and traceable.

The JD A2P2 Protocol, for the first time, classifies the autonomy of agent payments into six levels from L0 to L5, providing an evolutionary path for different levels of autonomy in various scenarios. L0 requires human confirmation for every payment, while L5 enables fully autonomous payment by the agent. The protocol focuses on two intermediate levels, L3 and L4: L3 allows the agent to autonomously initiate payment requests within a single task, with the system deciding whether to approve based on user-set boundaries; L4 grants the agent more authorization, allowing it to complete payments autonomously as long as the payment amount, scenario, user, and other factors fall within preset parameters.

The protocol introduces a "Mandate," which converts user natural language instructions into machine-verifiable task credentials. For example, if a user requests, "Order a bouquet of flowers for a friend for no more than 200 yuan," the system will understand the intent before deducting funds and verify the amount, category, and payee in real-time. If the agent attempts to purchase flowers costing 300 yuan, the system will directly reject the request or require user confirmation.

In terms of fund security, the JD A2P2 Protocol pioneers the Agent Runtime Identity (ARI) mechanism, which binds the real user, agent identity, and the agent's runtime environment in real-time at the moment of payment. When an agent initiates a deduction request, the system immediately verifies: whether the funds are ultimately borne by the user, whether the execution is by the uniquely authorized version of the agent, and whether the agent is currently running on a trusted device without malicious program injection. The request proceeds only if all three conditions are met. If the agent is "hijacked," ARI will detect the abnormal runtime environment and intercept the request immediately.

The JD A2P2 Protocol also designs an isolation layer for "fund carriers." The user's main account is not directly accessed by the agent; instead, a strictly restricted "dedicated account" is established, with hard limits on the maximum amount, usage scenarios, validity period, and allowed payees. Even if the agent is maliciously controlled, it cannot bypass these restrictions or access the user's main account. Users can view how much money has been allocated to each agent and where it has been spent at any time, and can revoke authorization at any time.

In terms of payment settlement and governance auditing, the JD A2P2 Protocol provides a solution. The payment and settlement layer immediately binds the payment result with the preceding mandate, ARI identity, decision ruling, and execution token, forming a complete evidence chain. To address the issue of key facts of agent payments being scattered across different architectural layers and incomplete traditional log checks, the protocol introduces a "certificate chain" as a unified fact anchor, ensuring that every AI transaction is verifiable, manageable, and auditable.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com