Concepts¶
The pages in this section teach the vocabulary that every Compliance page later relies on. They are written for software engineers and architects who have never touched financial regulation, GDPR articles, the EU AI Act, NHS DSPT, or any of the rest of it. No prior exposure assumed.
You don't need to read every page — but you should know where each lives, because the Compliance section will hyperlink back here every time it uses a term that isn't pure CS vocabulary.
Already convinced? Skip to Why Regulus for the narrative, or Show me — the diff for the audit-event proof.
Pages¶
Foundations (read these first):
- What is regtech? — the engineer's version of the field's definition and why it matters for AI agents.
- What is AI governance? — the broader discipline that compliance sits inside. The audience the Governance section is written for.
- What is GRC? — three letters, three disciplines, and where Regulus fits relative to the GRC tooling landscape (ServiceNow IRM, OneTrust, MetricStream).
- Frameworks vs regulations — why Regulus separates them in code and in docs.
Regulator-facing vocabulary:
- EU vs UK landscape — one-page map of regulators and laws. Pin this open while you read anything else.
- Controller, processor, deployer — the three roles a developer keeps tripping over.
- Security model — the canonical
Principal+Claimsshape every IdP adapter mints; the trust boundaries; what Regulus refuses to do. - Risk tiers — EU AI Act's pyramid, PRA SS1/23's model risk tiers, and how Regulus maps both.
- Audit trails — what auditors actually look at, in engineering terms.
- Data residency — why the LLM endpoint's location is a legal question.
- Dual control / 4-eyes — the banking primitive that the EU AI Act and PRA both demand for AI.
- Glossary — every acronym, one line each.