Skip to content

Three Lines of Defence

The dominant operating model for risk management in regulated firms. Adopted across financial services, public sector, and increasingly healthcare; reported at 88% adoption in EU financial services with a measurable benefit on incident rates.

The three lines

Line Who Role
1L Engineering, data scientists, business unit owners Owns the risk at source. Builds and runs the AI system.
2L Risk, compliance, model risk, privacy, security functions Independent oversight. Sets policy, monitors implementation, escalates.
3L Internal audit Independent assurance. Tests the design and operation of controls.

Some firms add a "0L" — board / executive committee oversight — and a "4L" — external regulator or auditor — but these are layers around the model rather than inside it.

How Regulus serves each

Line What they need What Regulus provides
1L Runtime guardrails Plugins on the ADK AppRegulusPolicyPlugin, RegulusPrivacyPlugin, etc. Inline enforcement.
2L Independent evidence, gap analysis, policy enforcement records Audit event stream + governance evidence plugin + GRC adapters; coverage matrix; ISO 42001 SoA generator; gap analysis from GovernanceProgramState
3L Immutable assurance trail; control walkthroughs Signed audit events (under profiles with Immutability.SIGNED); reproducible coverage matrix; tamper-evident retention windows

Same substrate, three views. That's the engineering value.

Pages in this section

Why the asymmetry matters

The lines aren't interchangeable, and Regulus respects that:

  • 1L has power to act. They write code, deploy agents, flip kill switches. Regulus enforces controls for them but doesn't constrain their authority.
  • 2L has power to escalate. They can't deploy; they can stop, audit, and report. Regulus' evidence is what they escalate on.
  • 3L has power to find. They can't deploy or stop; they audit the design. Regulus' immutable trail is what they audit.

Conflating the lines is what regulators call out as a governance weakness. Regulus' design intentionally distinguishes runtime mechanisms (1L surface) from evidence emission (2L surface) from immutability guarantees (3L surface).

Citations

  • The Institute of Internal Auditors — Three Lines Model (2020 update).
  • ICAEW: "Prepare for 2026 — how to manage cyber and AI risk."
  • Yields.io / various: Three Lines of Defence in Model Risk Management.