Scenario 01
A procurement agent places a £500k order — twice the authorised limit.
When your agent acts outside your firewall — placing orders, committing to terms, accessing a counterparty's system — Pacta is the signed record that proves what was authorised, by whom, and what happened. In a form neither party can alter.
MANDATE #A-2291 · STATUS: ACTIVE ───────────────────────────────────────────── Authorised: Acme Corp procurement agent Scope: Purchase orders ≤ £50,000 Counterparty: Supplier Co API Valid: 2026-Q3 · CFO approval > £20k Co-signed: 2026-01-14 09:41 UTC ───────────────────────────────────────────── AUDIT ENTRIES: 3 · CHAIN: VERIFIED ✓
Scenario 01
A procurement agent places a £500k order — twice the authorised limit.
Scenario 02
A legal agent commits to a clause the partner never approved.
Scenario 03
A finance agent triggers a payment outside the agreed window.
When those actions go wrong, every party asks three questions simultaneously: What exactly did the agent do? Who authorised it — and to what scope? Can you prove it in a form a regulator will accept?
| Exists today | Missing |
|---|---|
| Microsoft, Okta — intra-org governance | Cross-company scope |
| Google A2A, MCP — transport protocols | Accountability, not just transport |
| DocuSign — contract signing | Mandates for agents, not humans |
| Splunk, Datadog — audit logging | Independently verifiable, bilateral, court-admissible |
Sample mandate
Acme Corp's procurement agent is authorised to place orders up to £50,000 with Supplier Co, valid for Q3 2026, requiring CFO approval above £20,000. Mandate #A-2291 is co-signed by both parties. Every action taken under it is logged to an append-only record neither party can alter.
01 —
Amount limits, time windows, action types. The mandate defines the boundary precisely.
02 —
Co-signed by both companies. Not a database record. A verifiable proof that holds up under regulatory scrutiny.
03 —
Append-only audit chain. No entry can be altered or deleted. Court-admissible.
Not an agent builder. Not an orchestration platform. Not an identity provider. The accountability layer that makes agent-to-agent commerce possible.
01 —
Both parties define and co-sign what the agent is authorised to do — scope, limits, time window, approval thresholds. This happens once, before the agent acts.
02 —
Agent calls are routed through Pacta. Every action is checked against the signed mandate in real time. Out-of-scope actions are rejected before they reach the counterparty.
03 —
Every action is written to an audit record neither party can alter. Export a compliance report at any time — for your PI insurer, a regulator, or a dispute.
You don't need your counterparty on Pacta to begin. Route your outbound agent calls through Pacta and immediately have a tamper-evident record of every action your agents take. When your counterparty joins, you both have the same record.
Asset managers deploying agents against external trading or data APIs. Firms subject to PS 7/24 oversight evidencing requirements. Any firm where agents trigger financial transactions outside the firewall.
Firms deploying AI on client matters with external counterparty interactions. Practices facing PI insurer questions about automated action oversight. Firms that need matter-level liability evidence for agent actions.
1 line
Of code to route an agent through Pacta
Zero trust
Gateway never proxies without a valid, active mandate
Offline
Every audit entry verifiable without trusting Pacta
Existing tools govern agents inside your organisation (Microsoft, Okta) or move data between them (Google A2A, MCP). Neither solves what happens at the boundary — when your agent acts in another company's system, under terms both parties agreed to, and something goes wrong.
| Capability | Pacta | Microsoft / Okta | Google A2A |
|---|---|---|---|
| Cross-company scope | ✓ | Intra-org only | Protocol, no accountability |
| Tamper-evident audit record | ✓ | ✗ | ✗ |
| Bilateral co-signed mandates | ✓ | ✗ | ✗ |
| Compliance exports (FCA/SRA-ready) | ✓ | Partial | ✗ |
| Vendor-agnostic | ✓ | MSFT stack only | ✓ |
Pacta is not a competitor to these products. It is the layer they all lack.
"Our PI insurer asked us last quarter to evidence human oversight of every automated action touching client matters. We had nothing to show them. If the SRA asks next, a spreadsheet isn't going to cut it."
Head of Compliance, SRA-regulated UK law firm (80+ solicitors)
Pacta is in pilot for FCA and SRA-regulated firms. 90-day free pilot. No IT overhaul required.
Thanks — we'll be in touch within 24 hours.