CCOSIGNET

Compliance mapping

Dynamic linking for AI agent payments

If you build in payments, you already know the design principle behind PSD2 Strong Customer Authentication (SCA) dynamic linking: an approval should be bound to the exact transaction details. Cosignet uses a similar payload-binding pattern for agent actions, generalized from "amount and payee" to "any agent action." This page explains the analogy, and states plainly where it ends.

Scope. Cosignet provides verifiable approval evidence only; it does not determine legal applicability, certify compliance, replace regulated controls, or substitute for legal, compliance, or audit advice.

Read this first: Cosignet is not an SCA provider, is not a certified PSD2 or SCA solution, and does not make your payment flows PSD2 compliant. What follows is an architectural analogy only, plus verifiable evidence. It is described honestly and is not a statement of regulatory conformity.

What dynamic linking is

Under PSD2, when a payer authorizes a payment, SCA requires that the authentication code be dynamically linked to the specific amount and the specific payee. Two properties follow, and they are the whole point:

In other words, the approval is not a generic "yes." It is a "yes to exactly this," and it is cryptographically useless for anything else. That is what makes it strong.

Primary sources: PSD2 (Directive (EU) 2015/2366) and the SCA Regulatory Technical Standards (Commission Delegated Regulation (EU) 2018/389, Article 5, dynamic linking), on EUR-Lex. Confirm applicability to your payment flows with your own counsel.

The generalization

An AI agent action is a payment's more general cousin. A payment is "move amount to payee." An agent action is "run this operation with these parameters": deploy this commit, delete this bucket, wire this treasury movement, send this message. The risk shape is identical: something consequential is about to happen, and you want a human's authorization bound to the exact thing, not a vague thumbs-up that an attacker or a confused agent could repoint.

Cosignet does dynamic linking for the general case. The approver's passkey signs over:

challenge = nonce ‖ SHA-256(payload)

The payload is the full, exact description of the action. Because the passkey signature covers the SHA-256 of that payload, the same two SCA properties hold:

Side by side

Why a fintech reader cares

When an agent initiates or triggers a payment, the interesting compliance question is not "did the API call succeed." It is "was there a strong, non-repudiable authorization bound to the exact transaction, and can we prove it later." Dynamic linking answers the first half. Cosignet adds the second half: every payload-bound approval is recorded in an append-only, independently verifiable transparency log, so the authorization can be reconstructed and checked by a third party without trusting Cosignet. See how that supports DORA ICT traceability.

Where the analogy ends

To be exact about the limits:

Related reading

Bind approvals to the exact agent action

Free to start, no credit card.

Informational, not legal advice. This page draws a design analogy between PSD2 SCA dynamic linking and Cosignet's payload binding. It is not a legal opinion, and Cosignet is not a certified PSD2 or SCA solution. Verify all regulatory references against the primary sources linked above and confirm applicability with your own counsel.