Shopify has spent two decades building the infrastructure layer beneath modern commerce, and the company is now moving from cart to protocol — from helping merchants complete transactions to helping define the rules by which AI agents, payment networks, and merchants will transact in the first place. From a single snowboard shop’s frustration with existing software, the company grew into the operating system for more than two million merchants, processing $378 billion in gross merchandise volume in 2025 and generating $11.6 billion in annual revenue.1
The past twelve months mark a structural inflection. Shopify has moved simultaneously into enterprise B2B commerce, AI-native platform design, and the foundational governance of how AI agents will transact across the entire internet. In each of these moves, the company’s strategic intent is clear, the capital is committed, and the clock is running. What has not yet happened — in any of them — is a binding agreement among the people who must act together before the relevant windows close.
B2B gross merchandise volume grew 96% year-over-year in 2025, but the sales architecture built to capture that growth collapsed under the weight of a commission fraud scandal that destroyed the cross-functional trust between sales, product, and finance at the moment it was needed most.2 Shopify co-developed the Universal Commerce Protocol with Google to define how AI agents will transact — and immediately found itself in a protocol war against a competing standard backed by Stripe and OpenAI, a war that neither side can win through mandate alone.3 A Q1 2026 earnings report that sent the stock down 15% in a single session placed the entire executive team on a ticking clock to demonstrate returns on AI investment before institutional patience runs out.4 And the General Counsel was elevated to Chief Operating Officer — not because the role is smaller, but because the company’s most dangerous risks are now legal, regulatory, and structural.5
Read individually, each of these developments is a story of strategic ambition. Read together, they describe a company whose challenges are no longer primarily analytical. The analysis is done. The strategy is set. What is unresolved, in challenge after challenge, is whether the people who control the real constraints have ever been in a room structured to force the trade-offs that polite alignment has repeatedly deferred.
Shopify was built on the conviction that commerce should be accessible to anyone. That conviction produced something remarkable: a platform so well-designed that a merchant could go from idea to first sale in an afternoon, and a developer ecosystem so productive that third-party applications outnumber Shopify’s own product features by a significant margin. The company’s growth story is, in structural terms, a story about removing friction — between merchants and their customers, between developers and the platform’s infrastructure, between Shopify and the financial systems that process the transactions it enables.
What the current period requires is something different. Shopify is no longer primarily removing friction from existing commercial relationships. It is attempting to define the rules of an entirely new commercial environment — one in which AI agents, not human shoppers, initiate the majority of product searches, price negotiations, and checkout sequences. That is a governance challenge, not a product challenge. And governance challenges have a different shape than the problems platform engineering is built to solve.
The transition is visible in the organizational choices Shopify has made under pressure. Removing middle-management layers to accelerate AI-justified headcount decisions eliminates not just cost but the informal coordination architecture that holds cross-functional teams together.5 Rebuilding an enterprise sales motion after a commission fraud scandal requires more than new compensation structures — it requires restoring the cross-functional trust between sales, solution engineering, and product development that the scandal destroyed.2 Defending a 67% Shop Pay capture rate in the face of a federal antitrust lawsuit requires legal, product, and finance to make a choice — proactive voluntary unbundling or contested litigation — that no single function can make for the others.6
Across Shopify’s current challenge portfolio, the same structural condition recurs: multiple constraint owners, none able to mandate the others; broad agreement in principle that has not hardened into binding commitments; a real clock; and a strategy that has not yet converted into coordinated action. That is not a failure of analysis. It is the natural consequence of strategic ambition at a scale and in an environment where the binding constraint has shifted from knowing to deciding.
The developments of the past year, read together, reveal a pattern. In each challenge, Shopify holds part of the answer. Several other parties hold the rest. And there is a clock running. The following tiles name each challenge, the structural condition that keeps it open, and the trigger that makes it live now.
In late 2025, Shopify’s Chief Revenue Officer, Vice President of Global Partnerships, and Global Head of Commercial Operations all departed following the discovery of a commission fraud scandal in which a group of salespeople inflated merchant revenue projections by “at least tens of millions of dollars” to secure outsized payouts under an intent-based compensation structure.2 The resulting firings and deployment of AI auditing tools over the salesforce shattered the cross-functional trust between sales, solution engineering, and product development at precisely the moment Shopify’s B2B push requires those functions to work in close coordination on deals averaging 272 days in length.7 A new enterprise sales architecture has not yet been designed, let alone agreed upon.
In spring 2026, Shopify and Google co-announced the Universal Commerce Protocol, an open-source standard designed to allow AI agents to search, negotiate, and complete transactions across any participating merchant platform.3 Within weeks, Stripe and OpenAI announced the competing Agentic Commerce Protocol, backed by Salesforce and PayPal.8 Neither standard can succeed through unilateral declaration. Each requires merchants, payment processors, developers, and platform partners to adopt it voluntarily. The outcome will determine how AI-driven GMV flows for the next decade, and Shopify does not control the variable that will decide it.
First-quarter 2026 results triggered a 15% single-session stock decline when forward guidance indicated rising operating expenses at 35%–36% of revenue alongside decelerating revenue growth.4 The market’s reaction places Shopify’s executive team on an explicit ticking clock: demonstrate measurable return on AI infrastructure investment before institutional patience — and the share price that supports the company’s acquisition currency — erodes further. A $3 billion share repurchase expansion announced June 2, 2026 signals awareness of that pressure.9 It does not resolve it.
When General Counsel Jessica Hertz was elevated to Chief Operating Officer following Kaz Nejatian’s departure to run Opendoor, the move signaled a fundamental shift in corporate priorities.5 Operations is no longer governed primarily by product velocity; it is now governed by risk management, regulatory compliance, and ecosystem governance. That shift creates a structural friction between engineering teams historically incentivized to ship fast and an operational framework mandated to minimize platform risk. The friction is not a problem to be solved — it is a tension to be managed, which requires an explicit and jointly authored set of operating agreements between functions that have not historically needed them.
B2B gross merchandise volume on Shopify grew 96% in 2025, but the enterprise market that growth represents requires a fundamentally different operating model than the SMB market Shopify was built for.2 Enterprise B2B purchasing involves complex negotiated pricing, role-based permissions, multi-layered approval workflows, and deep integration with legacy ERP systems that were designed decades before Shopify existed. The company has not yet committed to how much of that integration it will build natively versus delegate to a fragmented ecosystem of third-party system integrators — a decision that will determine whether Shopify’s B2B ambition is realized or quietly absorbed by Adobe Commerce and SAP.
The Winter ’26 “Renaissance” platform release bundled over 150 updates, including Sidekick’s evolution into an active business co-pilot capable of executing multi-step tasks, and SimGym, a simulation environment that deploys AI shoppers with human-like personas to test merchant storefronts before design changes go live.10 These tools are technologically sophisticated. They require merchants to manage AI personas, interpret simulation data, and use prompt engineering rather than drag-and-drop interfaces. Most of Shopify’s merchant base is not equipped to do any of those things. The adoption gap between a feature release and ecosystem behavior change is the constraint, and no Shopify product team can close it alone.
As AI agents take on autonomous purchasing authority through protocols like UCP and ACP, the verification problem that human visual browsing once resolved disappears. Seventy-one percent of organizations currently admit they lack the AI and machine-learning depth to defend against agent-linked fraud.11 Shopify’s Chief Information Security Officer, Andrew Dunbar, and the risk management, payments, and product engineering teams must agree on what “trusted merchant” means in an environment where no human ever sees the storefront. The first major fraud event on the Shopify network conducted through an AI agent will not wait for that agreement to be reached.
In May 2026, a federal judge in the U.S. District Court of Minnesota refused to dismiss a monopoly lawsuit brought by Buy Now, Pay Later provider Sezzle, which alleges that Shopify abuses its market position to coerce merchants into using Shop Pay Installments.6 Shopify’s Merchant Solutions revenue, which is driven heavily by payments and Shop Pay utilization, constitutes the vast majority of topline growth. If litigation or regulatory intervention forces the company to provide neutral placement for all third-party payment providers, the margin structure that currently supports Shopify’s valuation faces permanent compression.
Shopify’s AI-first operating mandate required internal departments to justify human headcount against AI alternatives, producing an aggressive flattening of middle-management layers across customer support and operational functions.5 Middle management is not overhead. It is the connective tissue that aligns cross-functional teams, coaches junior execution staff, and translates strategic mandates into field action. Removing it while simultaneously executing the most operationally complex transition in the company’s history — enterprise B2B, AI platform, protocol governance — creates a post-flattening coordination vacuum that no org chart redesign has yet filled.
Shopify’s developer community is the external infrastructure on which both its merchant-facing product and its enterprise integration capability depend. Community feedback following the Winter ’26 release highlighted arbitrary platform limitations — such as a cap of 1,000 new product variants per day despite an expanded 2,048 variant capacity — as signs that engineering velocity and developer-facing communication are not well-coordinated.12 More structurally, if third-party developers conclude that building on Shopify’s platform carries more risk than building on competing infrastructure, the ecosystem that differentiates Shopify from every direct competitor begins to erode from the outside in.
Ten challenges, one structure. In each, the analysis is done and the strategy is set; what is unresolved is whether the constraint owners will commit, together, to a single plan before the clock runs out. The signals repeat so consistently across commercial, technical, and governance domains that they describe a property of Shopify’s current moment rather than a feature of any one initiative.
The forums Shopify already runs — all-hands communications, executive leadership reviews, product advisory councils, partner summits — do the work those formats are built to do. They build shared awareness, confirm where alignment exists at a high altitude, and create the conditions for more specific work to proceed. These are genuine contributions. They are also the limit of the format.
A well-run leadership alignment session confirms that the enterprise sales rebuild is important, that the protocol war must be won, and that margin pressure is real. It does not put the head of sales, the head of product, the head of finance, and the newly appointed COO in a room with a structured mandate to resolve the specific trade-offs that none of them can resolve from their individual functions. The people who must implement the resulting decisions — the solution engineers who close 272-day deals, the payment integrations team whose take-rate is at legal risk, the developer relations leads whose ecosystem credibility is eroding — are rarely present. Agreement reached without them tends to be agreement that looks clean at the leadership level and fragments at the implementation level.
There is a practical self-test for when a different instrument is required. If the same coordination question appears on successive leadership agendas — enterprise sales architecture needs to be rebuilt, the agentic protocol position needs to be finalized, the legal and product teams need to agree on Shop Pay’s future — with the same structural tensions unresolved, that recurrence is the signal. It points not to any failure of the analysis but to the natural boundary of the format being used.
The next instrument is a structured, decision-forcing process. It convenes the internal team alongside the external village that controls the constraints — not to share information but to resolve trade-offs that sequential consultation has prepared but cannot complete. It runs through a disciplined three-stage sequence: Analyze, which forces a shared and honest map of who actually controls what; Diverge, which generates options across the organizational and ecosystem boundaries that the map exposes; and Converge, which forces the trade-offs and ends not with a recommendation for leadership to consider later, but with a plan that the people who must honor it made together, in the room.
Two of Shopify’s live challenges show what that sequence produces at each stage.
This is a structural challenge Mind Meeting Group has resolved in the eCommerce domain. In 2019, MMG was engaged by Cymax Group — a Vancouver-based eCommerce company targeting $500 million in revenue — to address a fundamental organizational failure: three formerly independent business units (Cymax direct retail, Freight Club, and Channel Gate) were operating as silos, routing all significant decisions through the CEO rather than resolving them laterally, and were unable to build a coherent value proposition for the external vendor ecosystem the company’s growth depended on. The structural condition was the same one Shopify’s protocol challenge presents now: multiple constraint owners with different incentives, a competitive window that would not stay open, and no shared mechanism for the constraint owners to commit together to a direction. The workshop produced a prioritized strategic roadmap through structured leadership voting, a vendor tiering framework, a critical hiring roadmap, and EMT-level behavioral commitments that broke the silo pattern — outputs that sequential internal planning had not produced in the years preceding the engagement.
The Cymax engagement is instructive for Shopify precisely because the obstacle was never a shortage of ideas. Every leader at Cymax understood what needed to happen. What was absent was a process structured to force the specific trade-offs among the people who owned the constraints. The UCP challenge requires the same move, across a far more complex external ecosystem.
The Analyze stage is not a briefing document prepared by Shopify’s strategy team and delivered to participants. It is a structured process in which the constraint owners themselves surface what each party actually controls and where the dependencies between them run.
In the Universal Commerce Protocol challenge, that map has a specific and uncomfortable shape. Shopify controls the protocol’s design and its own merchant implementation. Google’s endorsement brings distribution reach. But neither party controls what determines whether UCP becomes the dominant standard: the adoption decisions of independent payment processors, third-party platform developers, enterprise merchants with existing Stripe integrations, and the AI model providers whose agents will ultimately route transactions. Every one of those parties has a rational institutional reason to wait and see which standard wins before committing — which means that without a structured mechanism to move them simultaneously, the default outcome is not a Shopify victory. It is fragmentation.
Analyze also makes legible what the protocol war looks like from the perspective of each constraint owner. A global payment processor that already has deep Stripe integrations does not experience the UCP-versus-ACP choice as a principled standards debate. It experiences it as a switching-cost calculation. An enterprise merchant with a 272-day sales cycle and a live ERP integration does not want to bet on the wrong standard. A developer building agentic commerce tooling needs to know, before they invest six months in a protocol integration, that the standard they are building for will still exist when they ship. Analyze ends the ambiguity about what each party would need before committing — which is the precondition for designing the offer that produces that commitment.
Dimensions of this challenge:
| Dimension | Why it cannot be solved alone |
|---|---|
| Merchant adoption incentive | Shopify cannot mandate that its merchants adopt UCP; adoption requires economic incentives and tooling support that product, partnerships, and merchant success must jointly design. |
| Payment processor alignment | Global processors with existing Stripe integrations require a switching-cost framework that Shopify commercial and technical teams must author together with the processors, not for them. |
| Developer ecosystem commitment | Developers will not invest in UCP tooling without Shopify’s API roadmap commitments, which product and engineering must resolve before external commitments can be made. |
| Competitive positioning vs. ACP | Shopify’s protocol offer must differentiate against ACP without triggering antitrust exposure — a trade-off that legal, product, and commercial must resolve together. |
| Geographic rollout sequencing | UCP is currently limited to preview modes in the US and Canada; the roadmap for international activation involves regulatory localization that no single team owns end-to-end. |
| Governance and trust verification | A protocol standard requires an independent governance mechanism that participating parties trust; Shopify cannot self-govern a standard it co-authors without undermining the neutrality that adoption requires. |
With the constraint map shared and agreed, the Diverge stage generates options that cross every boundary the map exposed — options that no single function would propose from its own institutional position. Teams are constituted to mix Shopify product and platform leads, merchant success leadership, commercial partnership directors, external payment processor representatives, enterprise merchant technical teams, and independent developer community voices who do not ordinarily share a design table. Their task is to generate options for the adoption problem, not to evaluate or defend institutional positions.
From that configuration, options emerge that bilateral negotiations between Shopify and individual partners would not produce. A shared economic framework that explicitly prices the switching cost for Stripe-integrated processors and structures a migration pathway that makes the transition commercially rational — rather than asking processors to absorb the cost of the choice. A developer commitment program that pre-funds UCP tooling development by external developers, reducing the adoption risk for the community whose output will determine whether the protocol has a functional ecosystem when it matters. A governance model for UCP that places independent merchant and developer representatives on the protocol’s standards committee — making the neutrality visible, not just asserted. A phased international activation roadmap co-designed with regulators in the EU and Asia-Pacific markets, so that geographic expansion does not encounter the localization barriers that have already stalled the preview rollout.
The options that matter most are the ones that only appear when the people who own the constraints generate them together. The payment processor who understands exactly what their compliance team needs before they can recommend a standards migration is the same person who, in a Diverge session, can sketch the technical and commercial framework that would meet that requirement. That insight is not available in sequential commercial negotiations.
The Converge stage forces the trade-offs and produces a 30/60/90-day plan with named owners. The hard trade-off here is governance. Shopify co-authored the UCP and has every incentive to maintain control of its development. But a standard that Shopify governs is not, in the eyes of the payment processors and platform developers whose adoption is required, a neutral standard. It is a Shopify standard. Converge puts the commercial leadership, the legal team, the partnership directors, and the external constraint owners in a room with a process that does not adjourn until the governance model is designed and the specific commitments that make it credible are made by the people who must honor them.
In the first thirty days, the governance structure for UCP is agreed, with named independent representation from merchant and developer communities. By sixty days, the switching-cost framework for priority payment processors is published, and the developer commitment program is launched with committed funding. By ninety days, the international activation roadmap is co-authored with the first two target regulatory jurisdictions. The output is not a standards document for consideration. It is the thing itself — the agreements that determine whether UCP becomes the infrastructure of AI commerce or a well-intentioned proposal that Stripe’s ecosystem absorbed.
The village that must be in the room:
| Stakeholder | Role in the problem | Why their absence stalls the solution |
|---|---|---|
| Shopify platform and product leadership (Mani Fazeli) | Owns the UCP technical architecture and API roadmap commitments | Without product in the room with authority to commit, every commercial commitment made to partners will encounter a technical constraint on the way back to execution. |
| Shopify legal and COO (Jessica Hertz) | Owns the governance model and antitrust exposure from co-authoring a competitive standard | Absent, the governance trade-off — control versus neutrality — is never forced, and UCP’s credibility with independent adopters remains unresolved. |
| Shopify commercial partnerships leadership | Designs the economic framework that makes adoption commercially rational for payment processors and enterprise merchants | Without partnerships present, any protocol governance decision lacks the commercial architecture that converts agreement into adoption. |
| Google platform and commerce leadership | Co-author of UCP and the distribution partner whose AI reach makes the standard viable at scale | Google’s absence signals to all other participants that the co-sponsorship is nominal, not operational, and removes the single most powerful adoption lever from the room. |
| Priority payment processor representatives (including Adyen) | Must integrate UCP into existing infrastructure at material switching cost | Their constraints, unsurfaced by Shopify in advance, will surface individually in commercial negotiations and serially delay the adoption curve that makes the standard real. |
| Enterprise merchant technical leads | Must implement UCP within existing ERP and agentic commerce infrastructure | Without them, the technical specification is designed for a merchant profile that does not match the enterprise customers whose transaction volume makes the standard commercially significant. |
| Independent developer community representatives | Build the third-party tooling ecosystem without which UCP is a protocol without an implementation layer | Their absence ensures the developer commitment program is designed for a community that was not consulted, and will be adopted accordingly. |
Mind Meeting Group has facilitated the resolution of analogous coordination challenges in financial services — most notably in strategic workshops conducted under contract to Syntegrity Group for BMO and Scotiabank, where internal risk, technology, compliance, and commercial functions needed to reach binding decisions on governance frameworks that no single function could design alone. In each case, the binding constraint was not a shortage of analysis. Both institutions had extensive risk management research. What was absent was a process that forced the specific trade-offs among the functions and external partners who owned the relevant constraints. The room resolved what the working groups had prepared.
The AI agent trust challenge at Shopify has the same structure. The research is available. The risk is well-understood. What is unresolved is who owns what, and who will commit to what, before the first major fraud event makes the absence of a framework the story.
The trust problem in agentic commerce has a specific and underappreciated shape. In traditional e-commerce, a human shopper exercises visual judgment at every stage: they see the storefront, assess brand signals, read reviews, and choose whether to complete the transaction. That visual verification layer performs an enormous amount of fraud filtering without anyone designing it to do so. When an AI agent replaces the human shopper, none of that filtering happens. The agent executes a transaction based on structured data and protocol signals. A merchant with fraudulent intent does not need to deceive a human — they need to deceive a protocol.
Seventy-one percent of organizations currently lack the AI and machine-learning depth to defend against agent-linked fraud.11 Shopify’s CISO owns the security architecture. The payments team owns the transaction verification layer. The product engineering team owns the protocol design and the merchant onboarding experience through which fraudulent actors would enter the ecosystem. The risk management team owns the framework for what counts as a “trusted merchant” in an environment where traditional storefront cues are absent. None of those functions can define the trust standard alone — and in the absence of an agreed standard, each is currently optimizing for its own metrics rather than for the system’s security.
Analyze surfaces the specific points at which those functions’ decisions interact and conflict. The product team’s incentive to minimize merchant onboarding friction runs directly against the CISO’s need for verification depth. The payments team’s incentive to maximize Shop Pay capture conflicts with the legal team’s need to demonstrate platform neutrality to antitrust regulators. The risk team’s framework for trusted-merchant status has not been co-designed with the developer community that builds the agent tooling through which fraudulent transactions would flow. Naming those conflicts is not the same as resolving them — but naming them in a shared setting, with the people who own each constraint present, ends the institutional ambiguity that allows each function to proceed as if the conflict belongs to someone else.
Dimensions of this challenge:
| Dimension | Why it cannot be solved alone |
|---|---|
| Merchant verification standard | Defining what counts as a trusted merchant in an agent commerce environment requires product, risk, legal, and payments to agree on a single standard no single function can set for the others. |
| Protocol-level fraud signals | Embedding fraud detection into UCP’s transaction architecture requires Shopify’s CISO, the UCP technical team, and external AI agent developers to co-design detection mechanisms before the protocol goes to production scale. |
| Take-rate vs. neutrality tension | The payments team’s incentive to maximize Shop Pay capture creates a conflict with legal and regulatory requirements for platform neutrality that only a jointly authored framework can resolve. |
| Agent identity and authorization | No industry standard currently exists for verifying the identity and authorization scope of an AI agent initiating a transaction; Shopify cannot define this unilaterally without ceding the governance role to a competitor. |
| Merchant revolt threshold | The sensitivity threshold at which merchant fraud controls generate false positives and merchant revolt must be jointly calibrated by risk, product, and merchant success — not set by security alone. |
| Cross-platform intelligence sharing | The fraud patterns that will emerge in agentic commerce will appear across multiple platforms simultaneously; an intelligence-sharing framework with other commerce infrastructure providers requires legal, commercial, and technical alignment that Shopify’s functions have not co-designed. |
Diverge generates options by mixing Shopify’s CISO, payments product leadership, risk management team, legal counsel, merchant success representatives, external AI model provider technical teams, and independent security researchers who do not ordinarily share a design table. Teams work from the constraint map — not from their individual institutional positions — and generate options for the trust architecture problem as a system-level challenge.
From that configuration, options emerge that bilateral conversations between the CISO and individual product teams would not produce. A shared merchant verification standard co-designed with the AI agent developer community, so that the protocol-level signals that trigger fraud detection are visible to developers before they build — rather than discovered when their tools trigger false positives at scale. A cross-platform fraud intelligence consortium, modeled on the financial services sector’s existing fraud network infrastructure, that allows Shopify to share agent-linked fraud signals with other commerce platforms without exposing proprietary transaction data. A tiered trust framework for merchants operating in agent-accessible catalogs — one that is publicly documented, consistently applied, and co-authored with merchant advisory input — that satisfies the legal need for demonstrated platform neutrality while maintaining effective fraud controls. A behavioral pattern library for AI agent transactions, built from Shopify’s existing transaction dataset and updated continuously, that allows the risk team to identify anomalous agent behavior before it reaches payment processing.
As in any Diverge stage, not every option will be adopted. The value is that the process generates the options that no single function would propose alone — because no single function owns the full upside of a system-level trust architecture.
Converge forces the trade-offs. The hardest trade-off in this challenge is the one between the payments team’s take-rate imperative and the legal team’s platform neutrality requirement. Both are legitimate organizational interests. Both are currently unresolved. Every day they remain unresolved is a day in which the antitrust litigation progresses with Shopify’s internal communications on file and no binding framework in place to demonstrate neutrality.
The Converge stage puts the payments leadership, the legal team, the COO, and the risk management team in a room with a structured process that does not adjourn until the neutrality framework is designed and each party has committed to specific behavioral changes they will carry back into their functions. That is not a negotiation. It is a decision — and decisions require a process that forces them.
In the first thirty days, the merchant trust standard is drafted and circulated to a representative merchant advisory group for input. By sixty days, the cross-platform fraud intelligence consortium structure is agreed, with two initial platform partners committed. By ninety days, the behavioral pattern library is operational and the take-rate versus neutrality framework is formally adopted, with legal, payments, and risk co-owning the governance. The output is not a risk management brief. It is the architecture that determines whether Shopify leads the governance of agent commerce or inherits the consequences of not doing so.
The village that must be in the room:
| Stakeholder | Role in the problem | Why their absence stalls the solution |
|---|---|---|
| Chief Information Security Officer (Andrew Dunbar) | Owns the security architecture and the technical fraud detection framework for the Shopify platform | Without the CISO present with authority to commit to a specific technical standard, any governance framework agreed in the room lacks the enforcement mechanism that makes it real. |
| Payments product and risk leadership | Own the Shop Pay architecture, the transaction verification layer, and the merchant fraud monitoring infrastructure | Payments’ take-rate incentive and the risk team’s fraud threshold framework must be jointly calibrated — absent either, the framework will be optimized for one objective at the cost of the other. |
| Legal and COO (Jessica Hertz) | Own the regulatory compliance posture and the antitrust exposure that the payments architecture currently creates | Without legal present at the trade-off, the neutrality framework will be designed by the functions with the strongest financial incentive to preserve the status quo. |
| Merchant Success leadership | Represent the merchant community whose trust in Shopify’s platform depends on fraud controls that are effective without generating excessive false positives | Absent, any fraud control framework will be designed for security without a calibrated understanding of the merchant experience threshold at which controls become barriers to commerce. |
| External AI agent developer representatives | Build the tooling through which agent-linked fraud would flow if the trust architecture fails | Without developers present, the protocol-level fraud signals are designed for a threat model that developers did not help specify — and will generate the false-positive patterns that predictably accompany security frameworks designed without the implementors. |
| Cross-platform security and payments partners | Operate adjacent commerce infrastructure and face identical fraud exposure from agent-linked attacks | Their absence ensures that the intelligence-sharing framework Shopify needs to build is designed for a network that has not been consulted, and will require months of separate bilateral negotiation to activate. |
None of this displaces the reviews, all-hands sessions, partner summits, and cross-functional leadership processes that Shopify already runs. Those processes do their jobs: they build shared awareness, confirm high-level alignment, and create the conditions in which a more targeted instrument becomes both possible and necessary. The decision-forcing process described here is a complement, deployed at the specific point where coordination — not analysis — has become the binding constraint.
The recurrence test is useful here. If the enterprise sales architecture question, the protocol governance question, the Shop Pay neutrality question, and the post-flattening coordination question keep reappearing on successive leadership agendas — with the same structural tensions, the same unresolved trade-offs, the same acknowledgment that alignment is needed — that pattern is the signal. It does not indicate that Shopify’s internal processes are failing. It indicates that those processes have done the work they were built to do, and that the next step requires a different tool.
Shopify’s challenge portfolio has one feature that makes the transition unusually tractable. In every one of the ten challenges described above, the constraint owners are known by name. Jessica Hertz holds the operational governance mandate. Mani Fazeli holds the B2B product architecture. Andrew Dunbar holds the security framework. The payment processors and developer community representatives who must adopt the Universal Commerce Protocol are not abstractions — they are named companies with named decision-makers. The clarity of the constraint map is itself a product of Shopify’s operational sophistication, and it means that the village each decision-forcing process needs to convene is already visible.
What remains is to get that village into a room structured to force the trade-offs that open questions represent.
Shopify has built something genuinely difficult to replicate: a commerce operating system with two million merchants, a developer ecosystem that compounds its own capability, a payments infrastructure processing hundreds of billions in annual volume, and the institutional relationships required to co-author the standards that will govern how AI agents transact. The competitive moat is real. The strategic position is strong.
The question 2026 is asking is whether the coordination infrastructure keeps pace with the ambition. Not eventually — before the agentic commerce standard is captured by the ecosystem Stripe and OpenAI are assembling while Shopify’s protocol governance remains unresolved; before the enterprise sales rebuild settles into a structure whose compensation and trust architecture were never jointly authored by the functions that must operate inside it; before the first AI agent fraud event on the Shopify network makes the absence of a trust framework the company’s defining story for the quarter; before the antitrust discovery process makes the absence of a neutrality framework the company’s defining story for the decade.
These are not hypothetical risks. They are the natural next consequences of strategic ambition at scale in an organization where the constraint owners have not yet been in the same room. The system is reachable. The evidence is strong. The windows are open but they are not staying open.
The remaining work is to get the right people into a process that produces what analysis alone has not: committed action, owned by the people who must carry it.
Mark McCarvill is the founder of Mind Meeting Group, a Vancouver-based strategy and facilitation firm. He has led more than 100 strategic workshops across pharmaceutical, government, not-for-profit, and commercial sectors, working with seven of the global top-twelve pharmaceutical companies and facilitating the alignment of more than 3,000 leaders and stakeholders.
Mind Meeting Group’s work includes a hyper-growth strategy engagement with Cymax Group, where a fragmented eCommerce leadership team aligned around a unified operating model, vendor segmentation, and a leadership roadmap. It also includes strategic workshops conducted under contract to Syntegrity Group for BMO and Scotiabank, where complex cross-functional and risk-governance questions required structured alignment across business, technology, and control functions.
Mind Meeting Group specializes in complex, multi-stakeholder challenges where the answer is knowable but not yet executable — and where the right process, not more analysis, is what converts strategy into committed action.