Regulus¶
Where Google ADK ends, regulated builds begin.
Google ADK ships AI agents. Regulus ships AI agents your regulator accepts.
60s · 5min · 15min¶
60s regulus init my-agent --profiles=eu-ai-act,uk-gdpr,fca-sysc
--frameworks=nist-ai-rmf,iso-42001
5min cd my-agent && gradle wrapper && ./gradlew bootRun
15min hit /chat → see policy + privacy + audit + GRC envelope
→ Install the CLI to make this real.
→ Why Regulus for the full story.
→ Show me — the diff for the audit-event proof.
Choose your path¶
| You are… | Start here |
|---|---|
| An engineer new to Regulus | Why Regulus → Show me → Install the CLI |
| A security architect / enterprise IT | Security model → Security architecture → Production hardening |
| A governance leader (CISO / CAIO / CRO / 2L / 3L) | Governance overview → Three Lines of Defence → GRC integration |
| Preparing for ISO 42001 certification | ISO/IEC 42001 → Audit walkthrough → Program operating model |
| New to regulatory vocabulary | What is regtech? → What is AI governance? → Glossary |
What Regulus is — and isn't¶
Is: A BasePlugin suite + service extensions + compliance profiles +
governance frameworks + GRC adapters for ADK 1.x. Pure Java; Spring Boot
starter optional. Distributes via Maven Central, Gradle Plugin Portal,
and a single-binary CLI.
Isn't: A replacement for ADK, a no-code agent builder, an LLM provider, a legal opinion, or a substitute for your DPO / SMF holder / clinical safety officer.
What it costs you not to use Regulus¶
A rough table for a senior backend engineer with no prior regtech, no existing tooling. The point isn't the precision — it's the visibility of the unbuilt cost.
| Control | Build it yourself | Regulus |
|---|---|---|
| Enterprise SSO → policy/audit identity model | ~5 engineer-weeks | IdentityAdapter SPI + OIDC adapter |
| PII redaction + tests + audit | ~3 engineer-weeks | One plugin |
| Dual-control kill switch (Identity-gated) | ~4 engineer-weeks | One plugin + KillSwitchAuthorizer |
| Audit pipeline + retention + erasure | ~6 engineer-weeks | One plugin + compactor |
| Tamper-evident audit chain + offline verifier | ~3 engineer-weeks | Opt-in flag + regulus audit verify |
| Cross-org A2A request signing (RFC 9421) | ~4 engineer-weeks | A2ARequestSigner SPI |
| Residency proof + fail-closed startup | ~2 engineer-weeks | One plugin |
| EU AI Act Annex III classification | ~5 engineer-weeks | One plugin |
| NIST AI RMF / 600-1 control mapping | ~6 program-weeks | One framework binding |
| ISO 42001 Statement of Applicability | ~3 program-weeks per cycle | Generated artefact |
| GRC tool integration (any one vendor) | ~4-8 engineer-weeks | One adapter |
Full breakdown at Compliance → Time saved.
Where to read next¶
- New to regtech? What is regtech?
- New to ADK? ADK quickstart
- Want the regulation map? EU vs UK landscape
- Asking "how does SSO fit?" Security model → Security architecture
- Want the plugin reference? Plugins overview
- Want the regulation reference? Compliance overview
- Want the governance reference? Governance overview