1. Executive Summary
Companies are investing heavily in AI assistants. Across 100 brands and 17 sectors of the UK economy, 76 have deployed chatbots, 66 proactively tell customers they are talking to AI, and 81 offer live chat. The investment is real, and for the most part it is working. When a customer contacts a brand today, there is a good chance they will interact with an AI that is named, branded, and capable of resolving their query.
None of these brands has designed for what happens when the customer brings their own AI.
That is the finding of this research. Not one brand out of 100 — across retail, banking, telecoms, utilities, insurance, travel, SaaS, fintech, healthcare, government, logistics, media, property, charity, and the regulators overseeing all of it — has published any specification for how to receive an autonomous AI agent acting on behalf of a customer. No brand has declared what its own AI is authorised to commit to in that interaction, what data can be exchanged, what the rules are when something goes wrong, or how the customer’s AI should identify itself.
This is not a technology gap. Fifty-seven of these brands already have the technical infrastructure — bots, APIs, or both — to make AI-to-AI service interactions work today. The gap is a design gap. Every pound of investment has been spent on one side of the interaction: the side where a human talks to a brand’s AI. The other side — where a customer’s AI talks to the brand — has no design at all.
That other side is not theoretical. Consumer AI agents are already navigating customer support, passing identity verification, and requesting resolutions on behalf of their users. Shopify has published protocol tooling explicitly designed for developer agents to operate in commercial environments. Xero’s support AI handles the majority of first-contact queries as an agentic platform. Vodafone’s chatbot runs on generative AI with explicit disclosure. The infrastructure exists on both sides. The interaction design exists on neither.
The asymmetry shows up in every metric:
- 76 brands have deployed AI assistants. Zero have declared what those assistants are authorised to commit to when contacted by another AI.
- 66 brands tell customers they are talking to AI. Zero ask whether the customer contacting them is also an AI.
- 42 brands have developer APIs. Zero have published a specification for how a customer’s AI agent should use them.
- 81 brands have live chat. Zero have a receiving protocol for when an AI agent opens that chat window on a customer’s behalf.
The headline finding is the readiness cliff: 73% of brands have capable AI infrastructure, and 0% have designed for the moment a customer’s AI arrives. The open standard that addresses this gap — defining how AI agents identify themselves, what they are authorised to do, and what happens when things go wrong — is The Service Handshake v1.1.
Key Statistics at a Glance
| Metric | Count | Percentage |
|---|---|---|
| Brands audited | 100 | — |
| Sectors covered | 17 | — |
| Mode 2 maturity: Green | 73 | 73% |
| Mode 2 maturity: Amber | 25 | 25% |
| Mode 2 maturity: Red | 2 | 2% |
| Mode 4 candidates | 57 | 57% |
| Brands with bots | 76 | 76% |
| AI disclosure visible | 66 | 66% |
| Developer APIs present | 42 | 42% |
| Live chat deployed | 81 | 81% |
| Mode 3/4 Service Handshake Ready | 0 | 0% |
2. Methodology
This audit is a light-touch observational assessment of publicly accessible customer service infrastructure, conducted in Q1 2026. All 100 brands were evaluated against the same dimensions using unauthenticated browser sessions. Where authenticated access was required to reach a support channel, that authentication dependency is recorded as a finding — it is not bypassed.
What Was Assessed
- Mode 2 maturity: Whether a brand’s human-to-bot interaction is operational, mature, and clearly disclosed. Rated Green (fully operational with clear AI disclosure), Amber (partial implementation, inconsistent disclosure, or channel dependency on authentication), or Red (no digital support capability identified on public surfaces).
- Bot presence and disclosure: Whether a bot exists, and whether AI identity is disclosed proactively before or at the start of interaction.
- Chat provider: The technology stack powering the chat interface, where identifiable through URL patterns, widget branding, disclosed integrations, or published case studies.
- Developer API availability: Whether a public-facing developer API exists that could support programmatic or agent-initiated contact.
- Live chat accessibility: Whether a live chat channel is publicly reachable without requiring authentication.
- Mode 4 candidacy: Whether the brand has the infrastructure foundations — bot, API, or both — that would make Mode 4 implementation tractable. This is a capability signal, not a readiness certification.
- Mode 3/4 Service Handshake readiness: Whether the brand has published any declaration of how it intends to receive consumer AI agents, what those agents can do, what data they can access, and what the fallback rules are. Assessed against the declaration framework in The Service Handshake v1.1.
What Was NOT Assessed
- Authenticated support experiences (except where login dependency itself is a finding)
- Internal system architecture not visible from public interfaces
- Quality of existing bot interactions (containment rates, CSAT, resolution rates)
- Back-end API capabilities beyond what is documented in public developer portals
- Compliance with any regulatory framework other than what is observationally apparent
- Any claim about future readiness based on vendor roadmaps or press releases
- Sentiment quality, tone calibration, or accessibility compliance of deployed bots
All observations are based on what is publicly visible in Q1 2026. Where technology was inferred from URL patterns, widget structure, or published integrations, this is noted explicitly. No brand was contacted during the audit process. All findings are entirely observational.
3. Aggregate Exposure Map
The Exposure Map visualises Mode 3/4 exposure across all 100 brands and 17 sectors, using the cell structure defined in The Service Handshake v1.1. Each cell represents a brand’s current readiness state. Green cells indicate Mode 2 operational maturity. Amber cells indicate gaps in digital CX infrastructure. Red cells indicate no AI CX capability whatsoever on public surfaces. The uniform absence of any Mode 3/4 declarations — across all 100 cells — is the structural finding.
At double the original sample size, five structural patterns are now visible with greater statistical confidence than the original 49-brand audit.
CX Platform vendors are the most complete Mode 2 sector and the most exposed on Mode 3/4. All six — Freshdesk, Help Scout, Intercom, Salesforce, Tidio, Zendesk — score Green, have bots, disclose AI, maintain developer APIs, and provide live chat. They are 6/6 Mode 4 candidates. Their exposure is therefore the most acute: they are the companies whose products power every other sector in this audit. When a UK retailer’s Zendesk-backed bot fails to receive a consumer agent gracefully, the accountability chain runs through Zendesk’s own design choices. That Zendesk itself has no receiving protocol for its own support surface is the sharpest instance of the design gap.
UK Telecoms is the highest-performing non-platform sector. Five of five brands score Green. All five have named bots, all five disclose AI, all five have live chat, and all five are Mode 4 candidates. BT, Sky, Three, Virgin Media, and Vodafone have collectively invested in the most sophisticated consumer-facing AI infrastructure of any regulated sector in this audit. Vodafone’s SuperTOBi on Azure OpenAI is the leading technical example of a publicly named, generative AI-powered brand agent. The sector’s complete absence of Mode 3/4 design is therefore the starkest gap between technical capability and protocol readiness.
UK Banking is the sector with the deepest named-bot investment. All eight banks have bots, all eight disclose AI, and six of eight are Mode 4 candidates. The named-bot roster — Cora+ (NatWest), Arti (Nationwide), Sandi (Santander), TSB Smart Agent — represents genuine commitment to AI-mediated service. Yet no bank has published a Service Handshake declaration. A consumer agent arriving at NatWest’s Cora+ with a complaint or a balance enquiry finds a bot that can talk but no declared protocol for what that bot is authorised to do with an agent-originated request.
UK Utilities is the most critical vulnerability sector. Ten brands, four with no public bot at all (E.ON, EDF, Ecotricity, Octopus US), and a sector profile that spans the most vulnerable consumer demographics in the economy — households in fuel poverty, elderly customers managing energy contracts, people with payment difficulties. British Gas and OVO have real infrastructure. ScottishPower and SSE have bots. But the energy sector’s Mode 3/4 exposure is not primarily about technical readiness: it is about the Dadbot scenario. A family member’s AI agent calling an energy supplier on behalf of a vulnerable relative is not a speculative future. The infrastructure to receive that call safely does not exist in any of the ten brands assessed.
The new sectors reveal a previously invisible pattern: the API–declaration gap. UK Fintech (Monzo, Revolut, Starling) is 3/3 Mode 4 candidates, all with mature developer APIs — and 0/3 with AI disclosure on public surfaces (all support is gated). UK Banking is 5/8 with developer APIs and 0/8 with any Mode 3/4 design. UK Healthcare (Bupa, NHS) is 2/2 Mode 4 candidates with developer APIs and no declarations. These sectors have built exactly the technical prerequisite for Mode 4 — the API layer — without building the semantic layer that would make Mode 4 safe and legible. The Service Handshake v1.1 exists precisely to close this specific gap: organisations that have the pipes but not the protocol.
4. The Readiness Cliff
The most important visualisation in this report is the gap between two numbers: 73% Mode 2 capability, and 0% Mode 3/4 readiness. That gap is the readiness cliff.
The Mode 2 investment story told by 100 brands is substantial. Seventy-six deployed bots. Sixty-six proactively disclose AI. Eighty-one offer live chat. Forty-two have developer APIs. Named bot characters — Fin, Zea, Agentforce, Freddy, TOBi, Cora, Arti, Sandi, JAX, Rita, Ezra, Billie, Theo, Rafeeq, Molli — represent genuine brand investment in AI-mediated service identity. The sector-wide rollout of conversational AI over the past four years has changed consumer expectations at scale.
The Mode 3/4 story is a blank. No brand across any of the 17 sectors has published a Service Handshake Declaration. No brand has documented how a consumer AI should identify itself upon arrival. No brand has specified what goals a consumer AI is permitted to pursue, what data it may access, what it cannot commit the brand to, or what the fallback is when agent and brand AI reach a conflict or a resolution beyond the agent’s authority.
This is not a future problem waiting for future agents. The Service Handshake v1.1 documents interaction categories already occurring: AI shopping agents initiating returns without declaring their nature, consumer agents committing brands to resolutions those brands have no authority to honour, and brand AI making commitments that create legal liability regardless of whether those commitments were sanctioned. The legal precedent is established. In Moffatt v. Air Canada (2024 BCCRT 149), Air Canada was held liable for its chatbot’s unauthorised discount promise on the grounds that the organisation is responsible for all representations made by its automated systems — regardless of whether those systems had authority to make them. One hundred brands have AI systems making commitments across 81 live chat channels. Not one has published a protocol for what those systems are and are not authorised to commit to when the party on the other side of the interaction is another AI.
The readiness cliff is structural, not incidental. It exists because Mode 2 was designed for a human-to-brand-AI interaction that is now mature and familiar. Mode 3 (consumer AI to brand AI) and Mode 4 (brand AI to consumer AI, agent-layer interaction) require a fundamentally different design decision: the publication of a receiving protocol. That protocol does not yet exist at any of the 100 brands in this audit. The Service Handshake v1.1 provides it.
5. Sector-by-Sector Analysis
CX Platforms (6 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Freshdesk (Freshworks) | Yes | Freddy AI | Yes | Green | Yes |
| Help Scout | Yes | AI Assistant | Yes | Green | Yes |
| Intercom | Yes | Fin | Yes | Green | Yes |
| Salesforce | Yes | Agentforce | Yes | Green | Yes |
| Tidio | Yes | Lyro AI Agent | Yes | Green | Yes |
| Zendesk | Yes | Zea | Yes | Green | Yes |
The CX Platform sector is the most complete on every Mode 2 dimension: 6/6 Green, 6/6 bots deployed, 6/6 AI disclosed, 6/6 developer APIs, 6/6 live chat, 6/6 Mode 4 candidates. No sector in this audit comes closer to the technical prerequisites for Mode 3/4 readiness — and no sector’s absence of an actual declaration is more consequential.
Intercom’s Fin is the most explicitly agent-era framed bot in the entire audit. Intercom markets Fin as a first-class AI Agent, positions its platform around the concept of AI agent resolution, and its developer documentation covers the tooling required for integration at scale. Zendesk’s Zea identifies as an AI agent from the first message and provides direct escalation paths with explicit authority scoping. Salesforce has renamed its core AI product Agentforce — the terminology is not marketing; it signals a fundamental repositioning of what the platform does. Yet none of these organisations has published a declaration of what Fin, Zea, or Agentforce is authorised to do when a consumer AI agent — rather than a human — is the party initiating contact.
Freshdesk’s Freddy AI and Tidio’s Lyro represent the mid-market end of the spectrum: capable bots with real containment rates and clear escalation design, embedded in platforms with robust API documentation. Help Scout’s Beacon is notable for its explicit OpenAI integration and its published AI transparency documentation — the closest any platform comes to a Mode 3/4 adjacency, yet still without a Service Handshake Declaration. monday.com (SaaS) uses Ada for support — itself a CX platform product — meaning the platform-within-a-platform dynamic of this sector ripples outward.
The design paradox is sharpest here. These companies have designed the future of CX for thousands of their customers. They are selling agentic AI infrastructure. They have not yet designed the receiving layer for their own surfaces. When a consumer agent contacts Intercom’s support channel to resolve a billing dispute, Fin answers — but there is no published specification of what Fin is authorised to resolve on behalf of Intercom versus what it will hallucinate an answer to, because Intercom has not published one. The Service Handshake v1.1 closes this gap. The sector that most needs to adopt it first is the one selling it to everyone else.
UK Retail (15 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Amazon UK | Yes | Amazon Virtual Assistant | Yes | Green | Yes |
| ASOS | No | ASOS AI Assistant | Yes | Green | No |
| Argos | No | Argos Virtual Assistant | Yes | Green | Yes |
| Asda | No | Unknown | No | Amber | No |
| Boots | No | Boots AI Assistant | Yes | Green | Yes |
| Currys | No | Currys Virtual Assistant | Yes | Green | Yes |
| John Lewis & Partners | No | N/A | No | Green | No |
| Marks and Spencer | No | Rafeeq | No | Green | Yes |
| Morrisons | No | N/A | No | Amber | No |
| Next | No | NEXT Bot | Yes | Green | Yes |
| PrettyLittleThing | No | Madison | No | Amber | No |
| Sainsbury's | No | Virtual Assistant | Yes | Green | No |
| Tesco | No | Little Helper | Yes | Amber | No |
| Very.co.uk | No | Very Assistant | Yes | Green | Yes |
| Waitrose & Partners | No | N/A | No | Amber | No |
UK Retail is the largest and most heterogeneous sector in this audit at 15 brands. The sector spans 9 Green and 6 Amber ratings, with 7 Mode 4 candidates and 8 that are not. Amazon UK represents the most sophisticated infrastructure in the retail sector by some distance. Its proprietary virtual assistant handles an enormous volume of return, tracking, and account queries before human escalation. Combined with the AWS developer ecosystem, Amazon is the clearest Mode 4 candidate in retail — and simultaneously the most opaque in terms of what a consumer AI agent would actually encounter if it arrived at Amazon’s support surface on a user’s behalf. The authentication wall is total: almost all specific support requires login, which is both a security design choice and a Mode 3/4 friction point.
The Marks and Spencer / Rafeeq finding is significant beyond its Mode 2 rating. Rafeeq does not explicitly disclose its AI identity in the audit session, creating a transparency gap even at the entry point, let alone at the Mode 3/4 layer. ASOS, by contrast, names its assistant “ASOS AI Assistant” with explicit AI disclosure — but has no developer API, making Mode 4 implementation technically harder even where the will might exist.
Tesco’s WhatsApp-first model (Little Helper) and PrettyLittleThing’s social messaging strategy (Apple Messages for Business, Facebook Messenger, WhatsApp) represent the most divergent infrastructure choices in the sector. Both route all chat-like support through Meta-controlled channels, creating a Mode 3/4 surface that is entirely outside the brand’s direct API governance. A consumer agent attempting to contact either brand would need to traverse Meta’s messaging infrastructure — an interaction surface with its own identity and authority constraints that no Service Handshake Declaration currently addresses.
The John Lewis and Waitrose pair (both John Lewis Partnership brands) reveals an intra-group paradox. John Lewis has live chat with no bot and no AI disclosure. Waitrose has WhatsApp as its primary digital channel with no chatbot. The two brands serving the premium end of the UK grocery and department store market have the least agentic infrastructure of any brands in their sub-segments. For a group that has made substantial investment in digital experience, the Mode 2 gap is a design choice — and the Mode 3/4 gap is therefore not merely absent but entirely structurally unprepared.
UK Retail (Home/DIY) (6 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| AO.com | No | AO Assistant | Yes | Green | Yes |
| B&Q (diy.com) | No | B&Q DIY Assistant | Yes | Green | Yes |
| Halfords | No | N/A | No | Green | No |
| IKEA UK | Yes | Billie | Yes | Green | Yes |
| Screwfix | No | Screwfix Virtual Assistant | Yes | Green | Yes |
| Wickes | No | Wickes Virtual Assistant | Yes | Green | No |
The Home/DIY subsector presents a clean Mode 2 picture: six of six brands score Green, five have named or identified bots, and four disclose AI. This is a sector that has invested consistently in digital support infrastructure — partly because its customers are engaged in high-stakes, project-based purchases where support quality directly affects order value.
IKEA’s Billie is the standout in the sector. Built on a custom Ingka Group implementation, Billie handles approximately 47% of enquiries without human escalation. More significantly, IKEA has a developer API, making it the only Home/DIY brand with the full Mode 4 infrastructure stack: bot plus API plus live chat plus AI disclosure. The bot’s strategy — freeing store staff from routine support to focus on design consulting — is the clearest example in the sector of AI being used to reposition human labour rather than simply replace it. None of this translates to Mode 3/4 readiness. Billie has no published receiving protocol.
B&Q’s dual-bot strategy is unusual and worth noting: the brand operates a product advice bot (“Hello B&Q DIY Assistant”) and a separate Zendesk customer support widget. This separation of assistance mode from support mode is structurally interesting — it implies a clearer internal sense of what each bot is authorised to do. The Mode 3/4 opportunity here is precise: a consumer AI shopping for kitchen tiles could plausibly interact with the DIY assistant layer, while a consumer AI managing a returns dispute would encounter the support layer. Neither layer has a declared protocol for either scenario.
Screwfix’s virtual assistant and AO.com’s digital support represent the mid-tier of the sector: capable, bot-first, with clear escalation paths. Halfords and Wickes are the least technically sophisticated: Halfords has live chat with no evident bot or AI disclosure; Wickes uses an open-source chat implementation, one of the few such deployments identified across the entire 100-brand audit. Both are Mode 2 Green but structurally further from Mode 4 candidacy than their sector peers.
UK Utilities (10 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| British Gas | No | Help Finder Bot / Cosmo | Yes | Green | Yes |
| E.ON UK / E.ON Next | No | N/A | No | Amber | No |
| EDF Energy | No | N/A | No | Amber | No |
| Ecotricity | No | N/A | No | Amber | No |
| Octopus Energy | Yes | N/A | No | Amber | Yes |
| Octopus Energy US | No | N/A | No | Amber | No |
| OVO Energy | Yes | OVO Digital Assistant | Yes | Green | No |
| ScottishPower | No | ScottishPower Chatbot | Yes | Green | Yes |
| SSE | No | Nero | No | Green | Yes |
| Thames Water | No | Virtual Assistant | Yes | Green | No |
UK Utilities is the sector with the highest stakes for Mode 3/4 design failure and the most uneven Mode 2 baseline. Four of ten brands have no public-facing bot whatsoever. Five are Amber. The Dadbot scenario — a family member’s AI agent calling an energy supplier on behalf of a vulnerable, elderly, or financially distressed relative — is not speculative. It is already structurally plausible in Q1 2026, and not one of these ten brands has a receiving protocol for it.
British Gas is the technical leader in the sector: its Help Finder Bot (internally referenced as Cosmo) is a sophisticated custom implementation with high containment ambitions and clear escalation paths. The bot’s design reflects the complexity of energy customer journeys — billing disputes, meter reading submissions, direct debit amendments, and vulnerability flags — all of which have direct Mode 3/4 implications. A consumer AI managing a household’s energy account on behalf of its user would need to know, from a published declaration, what Cosmo is authorised to do: can it process a payment arrangement? Can it flag a vulnerability status? Can it commit to a resolution? The answer to all three is currently undocumented.
Octopus Energy is the most paradoxical entry in the sector. The brand is widely cited as a CX innovation leader — its Kraken platform is licensed by third parties, and its developer API is mature. Yet the public-facing support surface has no bot, no live chat, and no AI disclosure. The Mode 4 candidacy is based entirely on API infrastructure. Octopus is the clearest example in the entire audit of a brand that has built the back-end prerequisite for Mode 4 without building the front-end layer that Mode 3/4 agents would actually encounter.
E.ON, EDF, and Ecotricity represent the traditional utility support model: phone, email, WhatsApp where available. Their Mode 2 gaps are not unique in the sector, but their vulnerability exposure is elevated relative to sectors with more digitally-native customer demographics. SSE’s segmented implementation — separate platforms for Airtricity and SSE/Me — and the internally documented bot name “Nero” suggests more AI infrastructure than the public surface reveals. This hidden infrastructure pattern — organisations with internal AI deployment that is invisible to a public audit — is a Mode 3/4 risk the Service Handshake cannot address until organisations publish declarations that surface what exists.
UK Telecoms (5 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| BT | Yes | BT Digital Assistant | Yes | Green | Yes |
| Sky UK | Yes | Sky Virtual Assistant | Yes | Green | Yes |
| Three UK | No | Three Digital Assistant | Yes | Green | Yes |
| Virgin Media | No | Terri BOT | Yes | Green | Yes |
| Vodafone UK | Yes | TOBi / SuperTOBi | Yes | Green | Yes |
UK Telecoms is the highest-performing non-platform sector in this audit. Five of five brands score Green. Five of five have named bots with explicit AI disclosure. Five of five have live chat. Three of five — BT, Sky, Vodafone — have developer APIs. Five of five are Mode 4 candidates. The sector’s collective investment in AI-mediated customer service is the most consistent in the audit.
Vodafone’s SuperTOBi deserves special attention. The transition from TOBi (built on IBM Watson and Microsoft LUIS) to SuperTOBi (powered by Azure OpenAI’s Generative AI) is publicly documented and represents the most advanced generative AI deployment in a UK consumer-facing telecoms support role. The chat widget explicitly references generative AI usage and data processing. TOBi is not just a bot — it is a named brand asset with years of consumer recognition. Yet there is no declaration of what TOBi is authorised to do when the party initiating contact is a consumer AI rather than a human. The Service Handshake v1.1 gap is maximally visible here: the most capable bot in the sector has the least protection against agentic contact it was not designed to handle.
Sky’s announcement of 2,000 call centre job cuts in favour of chatbot and digital support expansion signals a sector-wide directional commitment that goes beyond current infrastructure. Sky’s Virtual Assistant is already handling significant volume. The strategic intent is to increase that volume substantially. Mode 3/4 design is therefore not an optional future consideration for Sky — it is a near-term operational necessity. As Sky’s bot handles a larger proportion of consumer interactions, the proportion of those interactions that originate from consumer agents rather than humans will increase proportionally.
Virgin Media’s Terri BOT and Three UK’s digital assistant represent the mid-tier of the sector: capable, named, disclosed, with clear escalation paths. BT’s infrastructure is the most straightforward in the sector and benefits from BT’s developer portal — making BT one of the cleaner Mode 4 candidates in terms of the gap between what exists and what would need to be built.
The telecoms sector’s Mode 3/4 exposure is acute precisely because telecoms brands manage the communication infrastructure that consumer agents will use to contact other brands. A consumer AI using a mobile network to contact a retailer, then being asked to verify identity with the network provider, creates a multi-agent interaction chain that none of the five brands has published a protocol for handling.
SaaS (8 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| HubSpot | Yes | HubBot | Yes | Green | Yes |
| monday.com | Yes | Amy / Tim | Yes | Green | Yes |
| Pylon | Yes | N/A | No | Green | Yes |
| Shopify | Yes | Virtual Help Centre Assistant | Yes | Green | Yes |
| Slack | Yes | Agentforce | Yes | Green | Yes |
| Stripe | Yes | Assistant | Yes | Green | Yes |
| Xero | Yes | JAX | Yes | Green | Yes |
| Zoom | Yes | ZVA | Yes | Green | Yes |
SaaS is 8/8 Green, 8/8 Mode 4 candidates, 8/8 with developer APIs — the most technically complete sector in the audit on every dimension except Mode 3/4 readiness, where it is 0/8. Four have live chat accessible without login (HubSpot, monday.com, Slack, Zoom). Four gate live support behind authentication (Shopify, Stripe, Xero, Zoom for account-specific support). All eight have substantial developer ecosystems.
Shopify’s Universal Commerce Protocol (UCP) and Model Context Protocol (MCP) tooling is the most significant structural development in the entire 100-brand audit. Shopify has published tooling specifically designed to allow developer agents to interact with commercial infrastructure. This is not Mode 2 infrastructure. This is Mode 3 infrastructure — it is designed for agent-to-system interaction. Yet Shopify has not published a Service Handshake Declaration for its own support surface. The protocol stack exists for outbound commerce; the receiving layer for inbound agent support contact does not. This is the Protocol Stack finding stated in concrete form.
Xero’s JAX — built on Anthropic Claude and described as an “agentic AI platform” — is the most explicitly agent-architecture support deployment in the SaaS sector. JAX is not merely a chatbot. It is described as a superagent capable of reasoning across Xero’s support knowledge base, initiating workflows, and escalating with context. JAX handles the majority of first-contact support interactions. Yet JAX has no declared receiving protocol for when the party initiating the Xero Central support session is another AI. The irony is precise: an agentic AI system serving as Xero’s support front-end has no specification for what it does when it encounters another agent.
Stripe’s custom RAG-based Assistant demonstrates a different architectural choice: rather than licensing a platform, Stripe built a purpose-specific AI system for documentation retrieval and support triage. The result is high accuracy on Stripe-specific queries but limited accessibility (live human support requires login). Stripe’s developer API is among the most mature and well-documented in the audit — making it a strong Mode 4 candidate while simultaneously being the most self-contained support surface to receive agent-initiated contact.
monday.com’s dual-provider strategy — Qualified for sales on the homepage, Ada for support in the help centre — creates two distinct bot personalities (Amy and Tim) with presumably different authority scopes. This is architecturally sophisticated and, from a Service Handshake perspective, potentially an advantage: the brand has already conceptually separated sales-context from support-context interaction. That separation is exactly the kind of authority scoping that a Mode 3/4 declaration would formalise.
UK Fintech (3 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Monzo | Yes | AI Assistant | Yes | Green | Yes |
| Revolut | Yes | Rita | Yes | Green | Yes |
| Starling Bank | Yes | N/A | No | Green | Yes |
UK Fintech presents the cleanest Mode 4 candidate profile in the audit: three of three brands are Green, three of three have developer APIs, three of three are Mode 4 candidates. And three of three gate all interactive support behind authentication. The sector’s Mode 3/4 exposure is entirely structurally different from telecoms or retail: there is no public-facing chat surface to receive an agent at all. Every meaningful interaction requires login.
Monzo’s in-house AI Assistant — built after retiring its Intercom implementation in favour of bespoke software — is designed around the in-app experience, with AI escalation to human COps (Customer Operations) through a structured triage. Monzo’s developer API (the Monzo API) is well-documented, OAuth-compliant, and explicitly designed for integration. The combination of a mature in-app AI and a documented API is the technical profile closest to Mode 4 readiness in the sector — yet there is no declaration of what the AI Assistant is authorised to do, what a consumer agent can initiate, or what the fallback rules are.
Revolut’s Rita (Revolut’s Intelligent Troubleshooting Assistant) is the named AI asset of the sector’s fastest-growing brand. Rita operates within Revolut’s proprietary app-based chat infrastructure — encrypted end-to-end, mobile-first, and entirely inaccessible to a consumer agent operating on the public web. The Mode 4 candidacy is therefore conditional: it requires either an API-mediated interaction or an authenticated app session, neither of which is currently documented for agent use.
Starling Bank presents the most technically mature developer API in the sector — its Starling Bank API is widely regarded as a reference implementation for open banking integration — yet has no named bot, no AI disclosure on its public surface, and no live chat accessible without login. Starling’s Mode 4 candidacy is entirely API-based, meaning Mode 4 interaction would need to occur at the API layer rather than the conversational layer. The Service Handshake v1.1 supports this architecture — a machine-readable declaration could be published alongside the API documentation without requiring a conversational interface at all.
UK Banking (8 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Barclays | Yes | Barclays Digital Assistant | Yes | Green | Yes |
| Halifax | Yes | Virtual Assistant | Yes | Green | No |
| HSBC UK | Yes | Virtual Agent | Yes | Green | Yes |
| Lloyds Bank | No | Virtual Assistant | Yes | Green | No |
| NatWest | Yes | Cora / Cora+ | Yes | Green | Yes |
| Nationwide | Yes | Arti | Yes | Green | Yes |
| Santander UK | No | Sandi | Yes | Green | Yes |
| TSB Bank | No | TSB Smart Agent | Yes | Green | Yes |
UK Banking is 8/8 Green, 8/8 with bots, 8/8 with AI disclosure — the only sector in this audit to achieve full marks on both bot deployment and transparency. The named-bot roster (Cora+, Arti, Sandi, Smart Agent, Digital Assistant, Virtual Agent) represents the deepest investment in branded AI identity of any sector. Five of eight have developer APIs. Six of eight are Mode 4 candidates. Zero of eight have published any Mode 3/4 design.
NatWest’s Cora+ is the most technically sophisticated bank bot in the audit. Built on IBM’s Watsonx generative AI platform and supplemented by strategic collaboration with OpenAI for agentic features, Cora+ represents a genuine generative AI deployment in a regulated banking context. Cora handles an enormous volume of first-contact interactions including account queries, payment support, and fraud reporting. The Watsonx implementation means NatWest has, in effect, already navigated the internal governance challenge of deploying generative AI in a regulated environment. That governance framework has not been extended to cover what Cora should do when it encounters a consumer agent. The gap is not technical. It is design.
Nationwide’s Arti is notable for one specific feature: the bot discloses that it will summarise the conversation for human colleagues when escalating. This is a nascent form of context handoff — precisely the mechanism that The Service Handshake v1.1 formalises for Mode 3/4 transitions. Nationwide is the closest thing in the banking sector to an organisation that has thought about agent-to-agent context continuity, even if it has not done so in a Mode 3/4 frame.
Halifax and Lloyds Bank are the two non-Mode-4 candidates in the sector, primarily because their support is gated behind authentication and neither has a public developer API. Both are Lloyds Banking Group brands. The group’s choice to gate digital support entirely behind login creates a Mode 3/4 surface that is, structurally, inaccessible to a consumer agent operating on behalf of a customer who has not delegated authenticated access. The Service Handshake Declaration for these brands would need to address the authentication delegation question before any agentic contact pattern could be designed.
Santander’s Sandi and TSB’s Smart Agent both have 24/7 availability and clear escalation paths, but neither has a developer API, limiting their Mode 4 candidacy to their conversational surface rather than a programmatic interface. Barclays and HSBC, both with developer APIs, have the strongest structural case for Mode 4 implementation in the traditional banking segment.
UK Insurance (6 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Admiral | Yes | A.V.A. | Yes | Green | Yes |
| Aviva | No | Aviva Chatbot | Yes | Green | Yes |
| AXA UK | No | N/A | No | Amber | No |
| Compare the Market | No | AutoSergei | No | Amber | No |
| Direct Line | No | Direct Line VA | Yes | Green | No |
| Vitality | No | N/A | No | Amber | No |
UK Insurance is the vulnerability blind spot of this audit. The sector scores only 3/6 Green, 2/6 Mode 4 candidates, 3/6 AI disclosure, and 1/6 developer APIs. It is, by most Mode 2 metrics, the weakest regulated consumer sector in the study — behind banking, telecoms, and fintech by a significant margin. The gap is particularly acute because insurance consumers are disproportionately likely to be in vulnerable circumstances when they make contact: at claim time, in bereavement, in accidents, or in financial hardship.
Admiral’s A.V.A. is the sector’s most complete infrastructure: explicit AI disclosure, live chat, a developer API, and clear product-based contact segmentation. A.V.A. greets users on product-specific contact pages and explicitly declares it is not a human. Admiral is the only insurance brand in the audit with a developer API, making it the sole credible Mode 4 candidate in the sector from a technical standpoint.
Aviva’s chatbot is the second Mode 4 candidate by infrastructure profile: bot present, AI disclosed, live chat available. But Aviva has no developer API, meaning Mode 4 interaction would need to be conversational — a consumer agent arriving at Aviva’s chat widget — with no programmatic alternative. The claims scenario is the critical use case: an AI agent managing a household’s insurance portfolio, contacting Aviva to initiate a claim on behalf of a user who is incapacitated, needs a protocol for what the bot is authorised to accept, what it is not authorised to commit to, and what the handoff to a human looks like.
AXA’s fragmented structure — separate support channels for Car, Health, Business, and other product lines — means there is no unified Mode 3/4 surface to design for. Compare the Market uses AutoSergei (a reference to the comparethemarket.com brand mascot) as its virtual assistant, but without AI disclosure and with no developer API. The brand is structurally a comparison portal — its Mode 3/4 exposure is interesting because a consumer AI using Compare the Market would, in effect, be using a comparison service to contact underlying insurance brands, creating a three-layer agent chain none of the platforms have designed for.
Vitality’s support implementation is the most unusual in the sector: it uses an interactive FAQ and guided help platform rather than a traditional chat widget. There is no AI chatbot, no live chat, and no AI disclosure. Vitality is the only insurance brand in the audit where Mode 2 maturity is Amber not because of inconsistent delivery but because of a fundamental structural choice to avoid conversational AI entirely in the support layer. Direct Line’s Virtual Assistant has live chat and AI disclosure but no developer API, leaving it in the Mode 2 Green but Mode 4 not-candidate category.
UK Travel (8 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Airbnb | Yes | AI Assistant | Yes | Green | Yes |
| Booking.com | Yes | Helpbot AI | Yes | Green | Yes |
| British Airways | Yes | Chatbot | Yes | Green | Yes |
| easyJet | No | Virtual Advisor | Yes | Green | Yes |
| Ryanair | No | Molli | No | Amber | No |
| Trainline | Yes | Juno / Cleo | No | Amber | Yes |
| TUI UK | Yes | Theo | Yes | Green | Yes |
| Uber | Yes | Unknown | Yes | Green | Yes |
UK Travel has the highest Mode 4 candidate rate of any consumer-facing sector in this audit at 7/8. The sector has invested in conversational AI at a scale matched only by telecoms and SaaS — and for structurally similar reasons: complex, high-stakes transactions with time-sensitive escalation requirements (flight changes, booking amendments, accommodation disputes) that benefit from AI-mediated first-contact resolution.
Booking.com’s Helpbot AI is the most globally scaled bot in the travel sector. Operating across the Partner Hub and traveller-facing surfaces in dozens of languages, Helpbot AI is a proprietary virtual agent that handles an enormous range of booking queries. Booking.com also has a developer API oriented around its Partner connectivity ecosystem. Combined, these make Booking.com one of the strongest Mode 4 candidates in the sector — and one of the most consequential for a Service Handshake Declaration, given the volume of bookings it handles.
British Airways represents the sector’s closest parallel to the Moffatt v. Air Canada precedent. BA’s chatbot explicitly discloses its AI identity. The Moffatt ruling — in which Air Canada was held liable for its chatbot’s unauthorised promise of a bereavement discount — is directly applicable to BA’s situation: a consumer agent interacting with BA’s chatbot about a cancellation, delay compensation, or schedule change creates a liability exposure that no Service Handshake Declaration currently mitigates. British Airways is operationally obligated to address this question in the near term.
TUI UK’s Theo is the most integrated AI in the traditional package holiday sector. The support infrastructure is segmented by holiday type with dedicated phone lines and a chat-first strategy for digital interactions. Theo handles both informational and transactional queries — the latter creating the same authority-scoping question that a Service Handshake Declaration would directly address.
Ryanair’s Molli is the sector outlier: present but without AI disclosure, the only travel bot that does not proactively identify itself as AI. Molli requires name and email before any interaction begins — a pre-authentication step that is itself a Mode 3/4 friction point for an agent that cannot provide human personal data. Trainline’s Juno and Cleo (virtual assistants for specific membership programmes) are similarly limited in scope and accessibility.
Uber’s support infrastructure is the most complex in the sector by user type. Separate surfaces for riders, drivers, and Uber Eats — each with different levels of AI integration, live chat access, and API connectivity — create a Mode 3/4 landscape that is, in practice, highly fragmented. Uber’s engineering blog documents sophisticated internal AI infrastructure for support routing. None of this is surfaced in a public declaration.
UK Delivery/Logistics (5 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Deliveroo | Yes | Rider Support AI Agent | Yes | Green | Yes |
| DPD UK | No | DPD Chatbot | No | Green | Yes |
| Evri (formerly Hermes) | No | Ezra | Yes | Green | No |
| Just Eat | No | N/A | No | Amber | No |
| Royal Mail | No | N/A | No | Amber | No |
UK Delivery/Logistics is 3/5 Green, 2/5 Mode 4 candidates. The sector’s Mode 3/4 relevance is high: parcel tracking, delivery rescheduling, and returns management are among the most frequent consumer AI use cases in early-adoption agent deployments. A consumer agent that can proactively contact a logistics provider on a user’s behalf to redirect a parcel, raise a claim for a lost item, or rebook a failed delivery is a straightforward Mode 4 scenario — and none of the five brands has any infrastructure for receiving it.
Deliveroo’s bifurcated infrastructure (Zendesk for customers, Sierra for riders) is notable because Sierra is an AI-native support platform specifically designed for the autonomous agent era. Deliveroo’s rider support surface therefore already uses infrastructure that has Mode 4 thinking built into its product design — even if Deliveroo has not published a declaration for either surface. The consumer side (Zendesk) is more conventional but still Mode 4 candidate-capable given Deliveroo’s developer API.
DPD UK’s chatbot — accessible primarily via the DPD app and contact surfaces rather than the public homepage — has no visible AI disclosure. DPD is one of six brands across the audit that have a bot without AI transparency at the point of first contact. The innovation materials on DPD’s website describe the chatbot ambition, but the public audit surface found limited accessibility. The developer API question is unresolved from a public surface audit.
Evri’s Ezra is one of the more capable logistics bots: named, disclosed, with clear escalation to human advisors. But Evri has no developer API, making its Mode 4 candidacy conversational-only. Royal Mail is the most surprising gap: the UK’s national postal service has no live chat, no bot, and no AI disclosure. For an organisation that manages last-mile delivery for a significant proportion of UK e-commerce, the absence of any agentic support infrastructure is a material operational risk as consumer agent adoption grows.
UK Media (6 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| BT Sport / TNT Sports | Yes | BT Digital Assistant | Yes | Green | No |
| Disney+ | No | Virtual Assistant | No | Amber | No |
| Netflix | No | N/A | No | Green | No |
| NOW (formerly NOW TV) | No | NOWBot | No | Green | No |
| Spotify | No | AI-Powered Tool | Yes | Green | No |
| The Guardian | No | N/A | No | Amber | No |
UK Media is the only sector in this audit with zero Mode 4 candidates — and the only sector where even the Green-rated brands have no developer API accessible for support integration. The sector’s Mode 3/4 exposure is therefore structurally different from banking or telecoms: there is no technical pathway to Mode 4, because the API layer does not exist in the support context for any of these brands.
Netflix is the largest brand in the sector by global user scale, and its support infrastructure reflects that scale: sophisticated triage (attempting article resolution before human chat), AI-powered search, and live chat available without login. Yet Netflix has no AI disclosure, no named bot, and no developer API for support interaction. The brand logo appears in the chat widget interface instead of a named bot persona — a design choice that treats AI identity as incidental to the Netflix brand rather than as a distinct and disclosable element.
Spotify’s AI-powered help search is explicitly disclosed as AI-driven on the public surface — one of the few media brands to do so — but live chat requires login. BT Sport/TNT Sports shares BT’s underlying infrastructure and discloses the bot clearly, but the BT developer API does not appear to extend to the Sports/TNT support surface specifically. NOW’s NOWBot is named but not disclosed as AI. The Guardian’s live chat requires a full pre-chat form with name, email, and subject before any interaction begins — one of the highest-friction onboarding barriers in the audit, and a direct Mode 3/4 obstruction for an agent that cannot supply personal details.
The media sector’s Mode 4 absence is not primarily a technical failure — Spotify, Netflix, and Disney+ all have sophisticated internal AI capabilities — it is a support architecture choice. Media support interactions are typically subscription management, billing, and technical issues rather than transactions with financial or legal consequences. The Mode 3/4 urgency is therefore lower here than in banking, insurance, or utilities. That said, as streaming subscription management becomes a task delegated to household AI agents, the media sector will face the same agentic contact pattern as every other sector — without any current infrastructure for receiving it.
UK Healthcare (2 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Bupa UK | Yes | BV (Bupa Virtual Assistant) | Yes | Green | Yes |
| NHS | Yes | N/A | No | Green | Yes |
UK Healthcare is 2/2 Green, 2/2 Mode 4 candidates, 2/2 developer APIs — a small sector with a disproportionately large Mode 3/4 significance. Health-adjacent AI agents — tools managing medication reminders, appointment booking, condition monitoring, or insurance claims on behalf of patients — are among the earliest consumer agent use cases in active development. Neither Bupa nor the NHS has published a receiving protocol for them.
Bupa’s BV (Bupa Virtual Assistant) is proactively disclosed as AI, handles triage before live chat escalation, and is backed by both live chat and a developer API. The healthcare context adds a specific The Service Handshake v1.1 dimension: consumer AI agents interacting with health insurers on behalf of patients create data sensitivity requirements that no current Mode 3/4 declaration addresses. What data can a consumer AI disclose to BV on a patient’s behalf? What can BV commit to on Bupa’s behalf? Neither question has a published answer.
The NHS presents the most complex Mode 3/4 surface in the healthcare sector by virtue of its scale and structural complexity. NHS.uk serves as the informational portal; NHS England handles administrative enquiries; HMRC is the closest structural parallel for the API ecosystem. The developer resources are real and documented — the NHS API platform is a substantive infrastructure. But the webchat available on specific NHS surfaces (available 9am-5pm Monday to Friday) has no named bot, no AI disclosure, and no protocol for what happens when a consumer agent contacts the service outside those hours, or requests something that requires clinical authority to commit to.
UK Government (3 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Department for Work and Pensions (DWP) | No | N/A | Yes | Amber | No |
| GOV.UK | No | HMRC Digital Assistant | Yes | Green | No |
| HM Revenue & Customs (HMRC) | Yes | HMRC Digital Assistant | Yes | Green | Yes |
UK Government is more technically capable than its reputation in CX innovation suggests — but less uniform than the sector’s public commitment to digital-first service implies. HMRC is the standout: a sophisticated custom Digital Engagement Platform, a clearly disclosed digital assistant, live chat, and a mature HMRC Developer Hub with a documented API ecosystem. GOV.UK serves the portal function with HMRC’s digital assistant as its primary chat implementation. DWP has no public bot or live chat, but is among the very few brands in the audit to proactively disclose AI use in its service delivery — a transparency commitment without a corresponding agentic infrastructure.
HMRC’s Mode 4 candidacy is the most significant government finding in the audit. The HMRC Developer Hub documents APIs for tax calculations, VAT returns, self-assessment submissions, and a range of compliance-related interactions. A consumer AI agent managing a self-employed individual’s tax obligations — submitting quarterly returns, querying tax codes, managing payment plans — is not a speculative future. It is a direct extension of current Making Tax Digital (MTD) policy, which already requires digital record-keeping and submission for many taxpayers. HMRC’s MTD API infrastructure is designed for software agent interaction. The Service Handshake Declaration that would complete the Mode 3/4 picture — specifying what the HMRC Digital Assistant is authorised to commit to, what a consumer agent can submit, and what the fallback is when submission fails — does not yet exist.
The DWP’s transparency-without-infrastructure position is unique in the audit. The department explicitly acknowledges AI in its service delivery — a significant commitment given the sensitivity of Universal Credit and benefits administration — but provides no live chat, no bot, and no developer API on its public surface. The political sensitivity of AI in welfare decision-making explains some of this caution. The Mode 3/4 implications are nevertheless real: as consumer agents assist vulnerable individuals with benefits navigation, the DWP will face agent-initiated contact through whatever channels are available — currently phone and online account only.
UK Property (3 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| OpenRent | No | N/A | No | Amber | No |
| Rightmove | Yes | N/A | No | Amber | No |
| Zoopla | No | N/A | No | Amber | No |
UK Property is 0/3 Green, 0/3 Mode 4 candidates, and 0/3 AI disclosure. The sector is the weakest on Mode 2 metrics of any sector assessed, behind even Charity/Advocacy. All three brands score Amber — not because they have partial bot implementations but because they have no consumer-facing conversational AI whatsoever. Rightmove (with a Freshdesk backend for its estate agent customers) has a developer API; Zoopla uses Zendesk as a help desk tool; OpenRent uses a contact form. None offers live chat to end users.
This is a significant finding given the scale of consumer interaction with property portals. Rightmove serves tens of millions of monthly visits from individuals making among the most consequential financial decisions of their lives — buying, renting, or selling property. A consumer AI agent that could search listings, enquire about properties, or manage rental applications on a user’s behalf would naturally route through Rightmove or Zoopla. The absence of any agentic interface — chat, API for consumer interaction, or otherwise — means those agents would encounter a static search interface designed for human browsers, not for agent-mediated transactions.
The property sector’s Mode 3/4 exposure is therefore structural rather than operational: the gap is not between Mode 2 capability and Mode 3/4 readiness, but between any conversational capability and the agent-interaction pattern. This is a sector that needs to build Mode 2 before it can contemplate Mode 4.
UK Charity/Advocacy (4 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Age UK | No | Virtual Assistant | Yes | Green | No |
| Council Tax Support | No | N/A | No | Red | No |
| Macmillan Cancer Support | No | Macmillan Support Bot | Yes | Amber | No |
| Shelter UK | No | N/A | No | Amber | No |
UK Charity/Advocacy is 1/4 Green, 2/4 Amber, 1/4 Red, and 0/4 Mode 4 candidates. The sector has no developer APIs and limited digital support infrastructure by comparison with commercial sectors. This is partly a resource constraint — charities and advocacy organisations do not have the engineering budgets of telecoms or SaaS companies — and partly a deliberate human-first design philosophy that reflects the vulnerability of the populations these organisations serve.
Age UK’s Virtual Assistant is the most technically complete in the sector: hosted on Age UK’s own domain, clearly disclosed as AI, available with live human escalation during business hours (Monday to Friday, 9am to 5pm). The service is designed for a demographic that includes many of the most digitally excluded consumers in the UK. The Mode 3/4 implication is specific: a family member’s AI agent contacting Age UK on behalf of an elderly relative is precisely the Dadbot scenario. Age UK’s target demographic is the one most likely to have support interactions mediated by a trusted family member’s AI — and Age UK has no protocol for receiving such interactions.
Macmillan Cancer Support’s bot collects name and email before routing to a human advisor. The triage is explicit and transparent. Macmillan is also notable for having published an AI policy document — one of very few organisations in the audit to have done so proactively. That policy covers Macmillan’s internal use of AI for metadata and site search, not the Mode 3/4 receiving question. But the existence of an AI policy is a meaningful signal: Macmillan has governance infrastructure that is closer to a Service Handshake Declaration than most commercial brands.
Shelter UK’s webchat is a human-first service focused on housing advice in crisis situations. The service intentionally avoids automated AI triage in the support layer — advisers are the first contact point. Council Tax Support is the second Red in the audit (after Ofgem): a research and information portal with no digital support infrastructure of any kind.
Public/Regulatory (2 brands)
| Brand | Developer API | Bot Name | AI Disclosure | Mode 2 Maturity | Mode 4 Candidate |
|---|---|---|---|---|---|
| Citizens Advice | No | Citizens Advice Bot | Yes | Green | No |
| Ofgem | No | N/A | No | Red | No |
The Public/Regulatory sector — two organisations, two radically different technology postures. Citizens Advice uses a triaging bot that explicitly identifies itself, asks structured questions to route the user to the right adviser, and offers email fallback when live channels are unavailable. Ofgem has no live chat, no bot, no developer API, and no AI disclosure. The contrast is the sharpest binary in the audit.
Citizens Advice’s Mode 3/4 exposure is significant given its role. The organisation serves the population most likely to have complex, multi-agency needs managed by family members or, increasingly, AI agents: individuals navigating benefits, housing, debt, and consumer rights. A consumer AI agent contacting Citizens Advice on behalf of a user facing an urgent housing situation needs to know: what can the bot commit to? What hours are human advisers available? What is the fallback if the bot cannot resolve the query? None of these questions have published answers.
Ofgem’s digital absence is notable because the organisation’s regulatory remit covers the energy sector that is, in this audit, the most critical for Mode 3/4 design. Ofgem sets the consumer vulnerability framework that energy companies must comply with. An Ofgem that has no digital engagement channel and no AI infrastructure is an Ofgem that cannot itself model the Mode 3/4 design standard it might eventually require of regulated entities.
6. Mode 4 Candidate Ranking
Fifty-seven of the 100 brands in this audit meet the threshold criteria for Mode 4 candidacy: the presence of sufficient technical infrastructure — bot capability, API access, or both — to make Mode 4 implementation tractable. Candidacy is a capability signal, not a readiness assessment. The following ranking describes the top 20 Mode 4 candidates by infrastructure sophistication, judged across four dimensions: API maturity, bot capability, live chat accessibility, and AI transparency.
Tier 1: Full-stack infrastructure (API + named bot + live chat + AI disclosure)
- Intercom — The most complete Mode 4 infrastructure in the audit. REST API, webhooks, SDKs, Fin agent with explicit AI identity, live chat accessible without login. Intercom has built the enabling infrastructure for Mode 4 for its customers. Its own Service Handshake gap is therefore the most precise in the study.
Tier 2: Strong infrastructure with one gap
- Monzo — Bespoke AI Assistant, mature OAuth API, explicit disclosure. The authentication wall limits public-surface Mode 4 access, but the API infrastructure for delegated agent access is more complete than almost any other brand in the audit.
7. Cross-Cutting Findings
1 AI Disclosure Is Standard; AI Reception Is Not
Sixty-six of 100 brands proactively disclose AI at the point of first contact. The market has moved decisively on the transparency question — naming bots, labelling AI interactions, and in some cases (Macmillan, DWP) publishing explicit AI policies. This is Mode 2 disclosure, designed for humans who need to know they are talking to an AI. It does not address Mode 3/4 reception: what a brand’s AI does when the party initiating contact is itself an AI. No brand across all 100 has published the receiving side of this disclosure. The 66% who disclose AI to humans have not extended that transparency to the question of what happens when an AI arrives.
2 The Dadbot Scenario Has No Receiving Infrastructure
The “Dadbot” scenario — a family member’s AI agent managing an energy contract, insurance policy, or banking account on behalf of a vulnerable relative — is the highest-stakes Mode 3/4 interaction pattern identified in this audit. The sectors most relevant to this scenario — UK Utilities, UK Banking, UK Insurance, UK Healthcare, UK Charity/Advocacy — collectively show the weakest Mode 3/4 readiness against their Mode 2 investment. British Gas, Aviva, NatWest, Bupa, and Age UK all have Mode 2 infrastructure capable of handling the Dadbot scenario technologically. None has a declared protocol for what that bot is authorised to do, what data the agent can provide, or what the fallback is when the agent’s authority is unclear. The Service Handshake v1.1 exists to provide exactly this: a framework for declaring what AI systems are and are not authorised to commit to, specifically in the context of agent-mediated interactions on behalf of potentially vulnerable individuals.
3 The Protocol Stack Has a Missing Layer
Shopify’s UCP and MCP tooling is the clearest evidence that the protocol layer for agent-to-system commerce interaction is already being built by market leaders. Shopify has designed infrastructure for developer agents to transact within commercial environments. The missing layer is the support-surface declaration: what happens when a consumer agent that has just completed a Shopify-mediated transaction needs to contact Shopify’s own support channel? The agentic commerce stack is being built from the transaction end. The receiving protocol for support contact is the missing middle layer. This is not a Shopify-specific observation — it is a structural finding across every brand that has built API infrastructure without a parallel Service Handshake Declaration. Forty-two brands in this audit have developer APIs. Zero have declarations. The API–declaration gap is the protocol stack’s missing layer.
4 CX Platform Vendors Haven’t Designed for Their Own Product’s Future
The CX Platform sector is the most acute instance of a finding that recurs across multiple sectors: organisations whose products define the Mode 3/4 design challenge for their customers have not designed Mode 3/4 receiving infrastructure for their own surfaces. Zendesk sells the tools that UK retailers use to receive consumer interactions. Zendesk’s own support surface has no Service Handshake Declaration. Intercom sells Fin as the future of AI-mediated customer service. Intercom’s own support surface has no protocol for receiving a consumer AI agent that arrives to resolve a billing dispute with Intercom. Salesforce markets Agentforce as the enterprise standard for agentic service. Salesforce’s own support surface — powered by Agentforce — has no Mode 3/4 declaration. The vendors leading the market towards agent-era CX are, uniformly, the vendors most conspicuously absent from the Service Handshake readiness picture.
5 Fintech and Banking Are API-Ready but Declaration-Absent
UK Fintech (Monzo, Revolut, Starling) and UK Banking collectively represent the most mature developer API ecosystem in the consumer-facing sectors of this audit. Open Banking mandates, PSD2, and the competitive dynamics of the sector have produced API infrastructure that is technically capable of supporting Mode 4 interaction. The authorisation layer — OAuth, token scoping, delegated access — is already present in these APIs. The semantic layer — what is the AI assistant authorised to commit to on behalf of the bank, and what can a consumer agent request? — is entirely absent. The banks that have built the most complete technical infrastructure for agent interaction are the furthest from having designed what that interaction should look like from a governance perspective. The Service Handshake v1.1 is a governance document as much as a technical one: it provides the semantic layer that completes the API-ready stack.
6 UK Travel Has Built the Bot Layer Without the Agent Layer
Seven of eight UK Travel brands are Mode 4 candidates — the highest rate of any consumer-facing sector. Booking.com, Airbnb, British Airways, TUI, easyJet, Uber, and Trainline all have the infrastructure prerequisites for Mode 4 interaction. The travel sector has invested heavily in AI-mediated booking assistance, itinerary management, and disruption handling — use cases that are directly relevant to consumer agent delegation. Yet not one of these brands has published a receiving protocol. The travel sector is building the bot layer (seven named or identified bots) without building the agent layer (zero Service Handshake declarations). The Moffatt v. Air Canada precedent is a travel sector precedent. The liability exposure for UK travel brands is therefore the most directly precedented of any sector in the audit.
7 Government Digital Services Are More Ready Than Their Reputation Suggests
HMRC’s Mode 4 candidacy is the most significant government finding in this audit. The HMRC Developer Hub, Making Tax Digital API, and Digital Engagement Platform combine to create a government service surface that is technically more Mode 4 capable than many commercial brands. The GOV.UK ecosystem’s approach to AI disclosure — proactive across all departments that use it — is also more consistent than most commercial sectors. DWP’s explicit AI acknowledgement in its public communications, even without a digital support infrastructure, reflects a governance culture that is more AI-aware than the commercial property or charity sectors. The gap between government’s actual digital infrastructure and its public reputation for digital laggardness is sharper than this audit expected.
8 The Insurance Sector Is the Vulnerability Blind Spot
UK Insurance’s 2/6 Mode 4 candidate rate is the lowest of any regulated consumer sector in this audit. The sector handles consumer interactions that are disproportionately concentrated in moments of acute vulnerability: at claim time, in bereavement following a life insurance event, in accidents, in medical crises. The insurance CX interaction is, structurally, one of the highest-stakes in the consumer economy — and the sector has invested the least in the infrastructure that would enable Mode 3/4 design. AXA’s fragmented product support structure, Compare the Market’s comparison-portal architecture, Vitality’s guided-help-only approach, and Direct Line’s no-API posture collectively define a sector that has not made the conversational AI investments necessary to even begin Mode 3/4 readiness. The Dadbot scenario is most acute in insurance — and most undesigned for.
8. Implications for The Service Handshake
Implication 1: The Demand Signal Is Structural, Not Speculative
The 100-brand audit at double the original sample size confirms that Mode 3/4 readiness is at zero across every sector — including sectors with the most sophisticated technical infrastructure in UK consumer services. This finding is not the result of sectors being unaware of agent-era interaction: Shopify is actively publishing agent tooling, Vodafone is running SuperTOBi on Azure OpenAI, Xero has JAX on Anthropic Claude, and NatWest has Cora+ on Watsonx. These are not organisations unaware of the AI agent trajectory. They are organisations that have built Mode 2 comprehensively and have not yet designed Mode 3/4. The demand signal for The Service Handshake v1.1 is therefore structural: it arises from a design gap that is visible across the most technically sophisticated brands in every sector, not from ignorance or inaction.
The 10 new sectors included in this audit — UK Banking, UK Insurance, UK Travel, UK Healthcare, UK Government, UK Charity/Advocacy, UK Property, UK Media, UK Delivery/Logistics, and Public/Regulatory — each contribute distinct dimensions to this structural demand. Banking’s API-declaration gap shows that technical readiness does not automatically produce protocol readiness. Travel’s Moffatt exposure shows that the liability is already legal, not merely hypothetical. Healthcare and charity’s Dadbot relevance shows that the most vulnerable consumer populations are the least protected against agentic contact mishandling. Government’s surprising technical capability shows that the public sector has Mode 4 infrastructure without Mode 4 design. Together, the 17 sectors tell a consistent story: the demand signal for a receiving protocol exists everywhere, and the supply of that protocol exists nowhere.
Implication 2: Adoption Topology Favours Platform Partners
The CX Platform sector’s position in this audit — 6/6 Mode 4 candidates, 0/6 Service Handshake ready, powering the support infrastructure of every other sector — defines the adoption topology for The Service Handshake v1.1. Zendesk is present in this audit as a vendor (its own support surface), as the infrastructure provider for Deliveroo, Next, B&Q, Zoopla, Trainline, and others, and as the foundational technology layer for dozens of brands not in this audit. If Zendesk publishes a Service Handshake Declaration template and makes it a native feature of Zendesk-powered support surfaces, the declaration can propagate to hundreds of brands without each brand needing to design independently. The same is true of Salesforce (present at John Lewis, British Airways, Sainsbury’s, Slack, The Guardian, AXA, and dozens more), LivePerson (HSBC, Sky, Nationwide, Thames Water), Genesys (Admiral, Three UK, Virgin Media, Direct Line, OVO), and Sprinklr (BT, Netflix, Macmillan).
The adoption leverage is platform-first. A Service Handshake integration at the CX platform layer — where declarations are templated, governed, and published as part of the platform’s default configuration — creates network effects that brand-by-brand adoption cannot achieve. The 57 Mode 4 candidates in this audit represent the natural first-wave for direct outreach. The CX platform vendors who power those 57 brands represent the leverage point for scale.
Implication 3: Regulatory Timing Is Actionable
The Moffatt v. Air Canada precedent (2024 BCCRT 149) has established that organisations are liable for AI system commitments regardless of whether those systems had authority to make them. The UK Consumer Duty (effective 2023) requires financial services firms to deliver good outcomes for consumers, including in automated service interactions. Ofgem’s vulnerability frameworks for energy suppliers create obligations that extend, in principle, to AI-mediated interactions. The FCA’s AI/ML guidelines for financial services are in active development. GDPR’s data subject rights apply to automated decision-making in ways that directly intersect with Mode 3/4 interaction design.
The 10 new sectors in this audit include four regulated sectors — Banking, Insurance, Healthcare, Government — where regulatory obligations already exist for consumer data handling, vulnerability protection, and service quality. The Service Handshake Declaration for these sectors is not merely a design best practice; it is, increasingly, a compliance prerequisite for organisations that cannot demonstrate what their AI systems are authorised to commit to. The regulatory timing window for proactive declaration — before regulators mandate a format — is open now. It will not remain open indefinitely.
9. Recommendations
For Brands
Immediately: Conduct an internal audit of what your named AI assistant is actually authorised to commit to. Not what it is technically capable of saying — what it has governance authority to commit to on behalf of your organisation. The gap between those two things is your Moffatt exposure.
Near term: Publish a Service Handshake Declaration using the framework in The Service Handshake v1.1. This is a machine-readable and human-readable document specifying: what goals an inbound consumer AI is permitted to pursue, what data it may access and provide, what your AI is authorised to commit to, what is out of scope, and what the fallback protocol is when confidence or authority is insufficient.
Regulated sectors (Banking, Insurance, Healthcare, Government): Frame the Service Handshake Declaration as a regulatory compliance document, not merely an innovation initiative. The Consumer Duty, FCA AI guidelines, and Data Subject rights under GDPR all create obligations that a Service Handshake Declaration directly addresses. The absence of a declaration is increasingly a regulatory risk position, not merely a design gap.
Vulnerable consumer sectors (Utilities, Banking, Insurance, Charity): Prioritise the Dadbot scenario explicitly in your Service Handshake design. Specify what a family member’s delegated AI agent is permitted to do on a vulnerable customer’s behalf, how it should identify itself, what verification is required, and what the human escalation path looks like when the interaction involves vulnerability signals.
CX Platform vendors: This recommendation is the most urgent in the audit. Publish your own Service Handshake Declaration for your own support surface. Then build Service Handshake Declaration tooling into your platform as a native feature — template generation, governance workflows, and publication infrastructure. The CX platform that ships Mode 3/4 readiness as a default capability will define the standard for the market you power.
For CX Platform Vendors
The findings across 100 brands confirm that Zendesk, Salesforce, LivePerson, Genesys, Sprinklr, Intercom, and Freshworks collectively power the support surfaces of the majority of UK consumer brands. The Service Handshake standard is vendor-neutral and open (CC BY 4.0). Platform adoption of The Service Handshake v1.1 as a native platform feature — declaration templates, structured data schemas for mode specifications, API endpoint documentation for agent-readable declarations — would create network effects that individual brand adoption cannot achieve. The recommendation is to treat Service Handshake compliance as a platform feature, not a customer-specific integration.
For Regulators
FCA and PRA: The banking and insurance sector findings confirm that the API-declaration gap is a regulatory gap, not merely a design gap. UK banks with mature developer APIs and named AI assistants (NatWest Cora+, Nationwide Arti) have no published authority framework for what those assistants can commit to. The Consumer Duty’s good outcomes requirement extends, in principle, to AI-mediated commitments. Guidance on AI assistant authority scoping — aligned with the Service Handshake framework — would provide the regulatory clarity that banks have the infrastructure to act on but lack the regulatory mandate to prioritise.
Ofgem: The energy sector’s Mode 2 gaps (E.ON, EDF, Ecotricity) and the Dadbot vulnerability scenario together constitute a specific regulatory risk area. Ofgem’s vulnerability frameworks should explicitly address AI-mediated interactions on behalf of vulnerable consumers, and the regulator’s own digital absence — no bot, no live chat, no developer API — undermines its capacity to model the standard it may eventually need to set.
ICO: The 66% AI disclosure rate across 100 brands is encouraging but incomplete. The ICO’s guidance on automated decision-making under GDPR should be extended to address Mode 3/4 interactions explicitly — specifically, the data rights implications of AI-to-AI interactions where a consumer agent provides personal data to a brand AI without a human intermediary.
Scaling This Research
This audit of 100 brands across 17 sectors establishes a baseline methodology that is extensible to additional sectors and geographies. Priority extensions include: financial services beyond UK Banking and Fintech (investment platforms, mortgage brokers, credit reference agencies); UK local government (council services, planning portals, housing applications); retail banking in the US and EU (where regulatory contexts differ materially); healthcare providers beyond Bupa and NHS (private GP networks, telehealth platforms, pharmacy chains); and the global travel sector (American carriers, global OTAs, hotel chains). The Service Handshake Declaration gap is expected to be universal across geographies until a major market event — regulatory mandate, high-profile Moffatt-equivalent ruling, or platform adoption — creates the first wave of adoption.
10. Appendix: Full Brand Technology Stack
The complete 100-brand dataset. Horizontally scrollable on mobile devices.
| Brand | Sector | Mode 2 | Chat Provider | Bot Name | AI Disclosure | Live Chat | Dev API | Mode 4 |
|---|---|---|---|---|---|---|---|---|
| Freshdesk | CX Platform | Green | Freshchat | Freddy AI | Yes | Yes | Yes | Yes |
| Help Scout | CX Platform | Green | Help Scout Beacon | AI Assistant | Yes | Yes | Yes | Yes |
| Intercom | CX Platform | Green | Intercom | Fin | Yes | Yes | Yes | Yes |
| Salesforce | CX Platform | Green | Agentforce | Agentforce | Yes | Yes | Yes | Yes |
| Tidio | CX Platform | Green | Tidio | Lyro AI Agent | Yes | Yes | Yes | Yes |
| Zendesk | CX Platform | Green | Zendesk | Zea | Yes | Yes | Yes | Yes |
| Amazon UK | UK Retail | Green | Amazon (custom) | Amazon Virtual Assistant | Yes | Login required | Yes | Yes |
| ASOS | UK Retail | Green | Microsoft Azure OpenAI | ASOS AI Assistant | Yes | Yes | No | No |
| Argos | UK Retail | Green | Unknown | Argos Virtual Assistant | Yes | Yes | No | Yes |
| Asda | UK Retail | Amber | Salesforce | Unknown | No | No | No | No |
| Boots | UK Retail | Green | Synthetix | Boots AI Assistant | Yes | Yes | No | Yes |
| Currys | UK Retail | Green | Emplifi / Vyntelligence | Currys Virtual Assistant | Yes | Yes | No | Yes |
| John Lewis | UK Retail | Green | Salesforce | N/A | No | Yes | No | No |
| Marks and Spencer | UK Retail | Green | Google Cloud CCAI | Rafeeq | No | Yes | No | Yes |
| Morrisons | UK Retail | Amber | N/A | N/A | No | No | No | No |
| Next | UK Retail | Green | Zendesk | NEXT Bot | Yes | Yes | No | Yes |
| PrettyLittleThing | UK Retail | Amber | Mission Labs | Madison | No | Yes | No | No |
| Sainsbury's | UK Retail | Green | Salesforce | Virtual Assistant | Yes | Yes | No | No |
| Tesco | UK Retail | Amber | WhatsApp / Meta | Little Helper | Yes | No | No | No |
| Very.co.uk | UK Retail | Green | IBM Watson / Salesforce | Very Assistant | Yes | Login required | No | Yes |
| Waitrose | UK Retail | Amber | N/A | No | No | No | No | |
| AO.com | UK Retail (Home/DIY) | Green | Engageware / custom | AO Assistant | Yes | Yes | No | Yes |
| B&Q | UK Retail (Home/DIY) | Green | Zendesk | B&Q DIY Assistant | Yes | Yes | No | Yes |
| Halfords | UK Retail (Home/DIY) | Green | Salesforce | N/A | No | Yes | No | No |
| IKEA UK | UK Retail (Home/DIY) | Green | Custom (Ingka Group) | Billie | Yes | Yes | Yes | Yes |
| Screwfix | UK Retail (Home/DIY) | Green | NICE CXone | Screwfix VA | Yes | Yes | No | Yes |
| Wickes | UK Retail (Home/DIY) | Green | Rocket.chat | Wickes VA | Yes | Yes | No | No |
| British Gas | UK Utilities | Green | Custom (Vite) | Help Finder Bot | Yes | Yes | No | Yes |
| E.ON UK | UK Utilities | Amber | N/A | N/A | No | No | No | No |
| EDF Energy | UK Utilities | Amber | N/A | N/A | No | No | No | No |
| Ecotricity | UK Utilities | Amber | N/A | N/A | No | No | No | No |
| Octopus Energy | UK Utilities | Amber | N/A | N/A | No | No | Yes | Yes |
| Octopus Energy US | UK Utilities | Amber | N/A | N/A | No | No | No | No |
| OVO Energy | UK Utilities | Green | Genesys Cloud | OVO Digital Assistant | Yes | Yes | Yes | No |
| ScottishPower | UK Utilities | Green | Zendesk | ScottishPower Chatbot | Yes | Yes | No | Yes |
| SSE | UK Utilities | Green | NICE CXone / Genesys | Nero | No | Yes | No | Yes |
| Thames Water | UK Utilities | Green | LivePerson | Virtual Assistant | Yes | Yes | No | No |
| BT | UK Telecoms | Green | Sprinklr | BT Digital Assistant | Yes | Yes | Yes | Yes |
| Sky UK | UK Telecoms | Green | LivePerson | Sky Virtual Assistant | Yes | Yes | Yes | Yes |
| Three UK | UK Telecoms | Green | Genesys Cloud | Three Digital Assistant | Yes | Yes | No | Yes |
| Virgin Media | UK Telecoms | Green | Amazon Connect | Terri BOT | Yes | Yes | No | Yes |
| Vodafone UK | UK Telecoms | Green | Microsoft Azure OpenAI | TOBi / SuperTOBi | Yes | Yes | Yes | Yes |
| HubSpot | SaaS | Green | HubSpot | HubBot | Yes | Yes | Yes | Yes |
| monday.com | SaaS | Green | Qualified / Ada | Amy / Tim | Yes | Yes | Yes | Yes |
| Pylon | SaaS | Green | Pylon | N/A | No | No | Yes | Yes |
| Shopify | SaaS | Green | Custom / UCP+MCP | Virtual Help Centre Asst | Yes | Login required | Yes | Yes |
| Slack | SaaS | Green | Salesforce Agentforce | Agentforce | Yes | Yes | Yes | Yes |
| Stripe | SaaS | Green | Custom (RAG) | Assistant | Yes | Login required | Yes | Yes |
| Xero | SaaS | Green | Custom / Anthropic | JAX | Yes | Login required | Yes | Yes |
| Zoom | SaaS | Green | Zoom Virtual Agent | ZVA | Yes | Yes | Yes | Yes |
| Monzo | UK Fintech | Green | Custom (proprietary) | AI Assistant | Yes | Login required | Yes | Yes |
| Revolut | UK Fintech | Green | Custom (proprietary) | Rita | Yes | Login required | Yes | Yes |
| Starling Bank | UK Fintech | Green | Custom (proprietary) | N/A | No | Login required | Yes | Yes |
| Barclays | UK Banking | Green | Custom / proprietary | Barclays Digital Asst | Yes | Yes | Yes | Yes |
| Halifax | UK Banking | Green | Nuance (Lloyds Group) | Virtual Assistant | Yes | Login required | Yes | No |
| HSBC UK | UK Banking | Green | LivePerson | Virtual Agent | Yes | Yes | Yes | Yes |
| Lloyds Bank | UK Banking | Green | Custom (authenticated) | Virtual Assistant | Yes | Login required | No | No |
| NatWest | UK Banking | Green | IBM Watsonx | Cora / Cora+ | Yes | Yes | Yes | Yes |
| Nationwide | UK Banking | Green | LivePerson | Arti | Yes | Yes | Yes | Yes |
| Santander UK | UK Banking | Green | Enterprise (proprietary) | Sandi | Yes | Yes | No | Yes |
| TSB Bank | UK Banking | Green | IBM Watson | TSB Smart Agent | Yes | Login required | No | Yes |
| Admiral | UK Insurance | Green | Genesys PureCloud | A.V.A. | Yes | Yes | Yes | Yes |
| Aviva | UK Insurance | Green | Nuance | Aviva Chatbot | Yes | Yes | No | Yes |
| AXA UK | UK Insurance | Amber | Salesforce | N/A | No | Yes | No | No |
| Compare the Market | UK Insurance | Amber | Salesforce | AutoSergei | No | Yes | No | No |
| Direct Line | UK Insurance | Green | Genesys PureCloud | Direct Line VA | Yes | Yes | No | No |
| Vitality | UK Insurance | Amber | Stonly | N/A | No | No | No | No |
| Airbnb | UK Travel | Green | Custom (proprietary) | AI Assistant | Yes | Login required | Yes | Yes |
| Booking.com | UK Travel | Green | Custom (proprietary) | Helpbot AI | Yes | Yes | Yes | Yes |
| British Airways | UK Travel | Green | Salesforce | Chatbot | Yes | Yes | Yes | Yes |
| easyJet | UK Travel | Green | Hubtype | Virtual Advisor | Yes | Yes | No | Yes |
| Ryanair | UK Travel | Amber | Custom / unknown | Molli | No | Yes | No | No |
| Trainline | UK Travel | Amber | Zendesk | Juno / Cleo | No | No | Yes | Yes |
| TUI UK | UK Travel | Green | Smartagent | Theo | Yes | Yes | Yes | Yes |
| Uber | UK Travel | Green | Custom (proprietary) | N/A | Yes | Login required | Yes | Yes |
| Deliveroo | UK Delivery/Logistics | Green | Zendesk / Sierra | Rider Support AI Agent | Yes | Yes | Yes | Yes |
| DPD UK | UK Delivery/Logistics | Green | Custom (proprietary) | DPD Chatbot | No | Yes | No | Yes |
| Evri | UK Delivery/Logistics | Green | SmartAgent / Amazon Connect | Ezra | Yes | Yes | No | No |
| Just Eat | UK Delivery/Logistics | Amber | Zendesk / Custom | N/A | No | Login required | No | No |
| Royal Mail | UK Delivery/Logistics | Amber | N/A | N/A | No | No | No | No |
| BT Sport / TNT Sports | UK Media | Green | Sprinklr | BT Digital Assistant | Yes | Yes | Yes | No |
| Disney+ | UK Media | Amber | Custom (Disney) | Virtual Assistant | No | Yes | No | No |
| Netflix | UK Media | Green | Sprinklr | N/A | No | Yes | No | No |
| NOW (NOW TV) | UK Media | Green | Custom (proprietary) | NOWBot | No | Yes | No | No |
| Spotify | UK Media | Green | Custom (proprietary) | AI-Powered Tool | Yes | Login required | No | No |
| The Guardian | UK Media | Amber | Salesforce | N/A | No | Yes | No | No |
| Bupa UK | UK Healthcare | Green | Microsoft Dynamics 365 | BV | Yes | Yes | Yes | Yes |
| NHS | UK Healthcare | Green | Unknown / Custom | N/A | No | Yes | Yes | Yes |
| DWP | UK Government | Amber | N/A | N/A | Yes | No | No | No |
| GOV.UK | UK Government | Green | Custom (DEP) | HMRC Digital Assistant | Yes | Yes | No | No |
| HMRC | UK Government | Green | HMRC DEP | HMRC Digital Assistant | Yes | Yes | Yes | Yes |
| OpenRent | UK Property | Amber | Custom (contact form) | N/A | No | No | No | No |
| Rightmove | UK Property | Amber | Freshdesk | N/A | No | No | Yes | No |
| Zoopla | UK Property | Amber | Zendesk | N/A | No | No | No | No |
| Age UK | UK Charity/Advocacy | Green | Custom | Virtual Assistant | Yes | Yes | No | No |
| Council Tax Support | UK Charity/Advocacy | Red | N/A | N/A | No | No | No | No |
| Macmillan Cancer Support | UK Charity/Advocacy | Amber | Sprinklr | Macmillan Support Bot | Yes | Yes | No | No |
| Shelter UK | UK Charity/Advocacy | Amber | Twilio / Ciptex | N/A | No | Yes | No | No |
| Citizens Advice | Public/Regulatory | Green | Amazon Connect | Citizens Advice Bot | Yes | Yes | No | No |
| Ofgem | Public/Regulatory | Red | N/A | N/A | No | No | No | No |
State of Dual CX is published by Neos Wave. The Service Handshake v1.1 is an open standard available under CC BY 4.0 at https://doi.org/10.5281/zenodo.19046746. All audit observations are based on publicly accessible information gathered in Q1 2026. No brands were contacted during the audit process.
↑ Back to top