§1Where A2A actually is, this week
The Linux Foundation published its first anniversary update on the Agent2Agent (A2A) protocol last month. The numbers are worth reading slowly. Supporting organisations grew from around 50 in April 2025 to more than 150 by April 2026. The protocol crossed v1.0 in January. Governance now sits with a technical steering committee drawn from eight major vendors, namely AWS, Cisco, Google, IBM, Microsoft, Salesforce, SAP and ServiceNow. Production deployments are reported across supply chain, financial services, insurance and IT operations.
If you were watching the agent-infrastructure space in mid-2025, A2A was still a Google-flavoured proposal looking for adopters. As of this writing it is the Linux Foundation's own characterisation, an open standard with material multi-vendor production use. The interop debate is, for practical purposes, over.
That is the thing to internalise. Agent-to-agent communication has finished going through the same arc that HTTP went through in the late 1990s and SOAP went through in the mid-2000s. The protocol war is decided, and the winner is owned by a neutral foundation with rules of engagement that most regulated buyers can hold their nose and accept.
§2What it means when interop becomes commodity
A year ago, if a vendor told a Local Authority procurement team that their agent could talk to other vendors' agents, that was a differentiator. A buyer would write it into the requirements. A competitor without it would lose the deal.
This year the position is reversed. A2A v1.0 with a public agent card is the floor. A vendor without one is an outlier, not an innovator. Like HTTPS in 2015, the line between "supports the standard" and "is current" has moved fast enough that the absence is the signal, not the presence.
For us, the practical effect is small. Workloft's seven agents (Bob, Larry, Walt, Maggie, Gary, Ruby, Otto) have been A2A-compliant since 25 April 2026 at workloft.ai/a2a/<agent>/rpc. We did the work a month before the LF anniversary numbers landed. We will keep maintaining those endpoints because they are now table stakes. We do not get to charge for them, and we never wrote a sales deck that depended on them being unique.
§3Where the moat moves
If interop is the floor, the question becomes what sits above it. Two surfaces become the real differentiator the moment everyone can talk to everyone.
The first is verifiability. An agent that speaks A2A is reachable. An agent that signs every action it takes against a resolvable identity is auditable. These are different properties and the second is much harder to fake. Workloft's stack uses did:web:workloft.ai with W3C Data Integrity Proofs, eddsa-jcs-2022 cryptosuite, anyone-can-verify in the browser. Most "A2A-compliant" agents in the 150-org count do not do this. The protocol does not require them to.
The second is governance. An agent that signs its actions can still be misgoverned. The institutional question is whether the agent's authority can be checked in real time, whether its audit standing can be revoked, whether the caller can know in the same round trip that the counterparty is currently allowed to do the thing it is being asked to do. That is the gap our AgentPass V0.1 RFC tries to close, and it is the gap MCP, A2A and AP2 explicitly leave open. None of those protocols claim to be the verification layer.
Neither verifiability nor governance lives inside A2A. They live one layer up. When the floor lifts, the ceiling does not lift with it, and that is the gap any buyer with a real risk function is now staring at.
§4What this means for regulated buyers
For an FCA-regulated firm running agents over case files, claims systems or servicing portals, the procurement question for 2026 is no longer "can this agent integrate with the rest of our agent stack". The answer is yes by default. The new question is whether the agent can produce evidence the firm can hand to a supervisor. SS1/23 still applies; A2A does not weaken model risk management; the agent that interoperates without signing is the agent the second line of defence cannot govern.
For UK Local Authorities, the practical effect is that vendor lock-in shrinks. A council can mix a sovereign agent stack (Workloft, or anyone else with comparable identity hygiene) with hyperscaler agents over A2A without rewriting integration. That is a real procurement win. It also means the DPO question is no longer "can it interoperate" but "can each agent in the composition be governed to UK GDPR Article 5(2) standards, and is that governance enforceable across the protocol boundary". The Article 13 explanation right under the EU AI Act applies regardless of which vendor's agent answered the call.
Read straight, this is good news for buyers. Interop becoming commodity removes a buying veto that was holding sensible deployments hostage. It also raises the substantive bar. Vendors that were hiding behind their A2A endpoint have nothing to hide behind anymore.
§5What Workloft already shipped at the next layer
The reason this Note reads slightly impatient is that we have already done most of the work at the layer above A2A, and we did it ahead of the bandwagon.
- 25 April 2026. All seven Workloft agents reachable at
workloft.ai/a2a/<agent>/rpc, each with a discoverable agent card. The interop floor. - 25 April 2026. Every action any agent takes is issued as an AP2 V0.1 mandate signed with our
did:webkey. The signed-action layer. - 3 May 2026. AgentPass V0.1 published as a Request for Comment, targeting the institutional counterparty-verification gap that A2A and AP2 leave open. The verifiable-counterparty layer.
- Today. The browser-side verifier at
workloft.ai/verifytakes any Workloft-issued credential and checks it against our public key without trusting our servers. The proof-by-anyone layer.
We do not raise this to claim victory. We raise it because the work to get above the interop floor was substantial, and the cost of doing it after a deal is on the table is much higher than doing it before. The compounding direction is clear.
§6What we are not claiming
A2A v1.0 reaching production is not the same as agent-to-agent commerce being safe by default. The TSC has eight members. The 150-org count includes a long tail of organisations that speak the protocol and sign nothing. The protocol does not require a verifiable identity layer underneath. Buyers who assume "A2A-compliant" means "trust me by default" will be surprised.
Interop also does not solve the sovereignty question. Hyperscaler agents calling sovereign agents over A2A will still cross a data-residency boundary. UK councils running mixed stacks need to enforce data-residency at the policy layer, not the protocol layer. That is a workflow concern, not an A2A concern. The protocol is neutral on it by design.
And we do not claim our stack passes any specific regulator's audit until a regulator has seen it. The plumbing is correct. The legal opinion is not yet sought. We have said this before, and we will say it again whenever we publish a sovereignty claim.
§7What follows from this
The A2A SIG's published roadmap covers signed agent cards (which Workloft has had since April), discovery and trust frameworks, and multi-vendor agent compositions. We are tracking the TSC output and intend to comment formally as AgentPass V0.1 moves toward W3C VC and Linux Foundation A2A SIG review across May to July.
Internally, the work continues at the layer that A2A does not touch. The Workloft Loop has been re-scoped around verifiability as a substrate property rather than a feature. Our next ship in this sequence is a route-level cost router and a regression gate that protects us from drift while the surrounding ecosystem normalises around A2A and pushes the real work upward.
For any buyer asking us to compare us against a competitor right now, the right two questions to ask are simple. Do all of the agents in the composition speak A2A v1.0 today, where the answer should be yes from anyone serious. And can the counterparty cryptographically prove who took what action and when, where the honest answer across most of the market is still no. That is the gap that defines the next twelve months of regulated AI buying.