Resources · AI Governance

Enterprise AI Governance Architecture.

A six-layer reference model for making enterprise AI predictable, auditable, and safe - across the full lifecycle from model selection through deployment, monitoring, and retirement. Open, opinionated, and mapped to the major regulatory frameworks. No gated form - read the full model here.

LuMay Six-Layer AI Governance Framework Model

Why Governance Before Deployment - Not After

Most enterprises discover their AI governance gaps at the worst possible moment: a regulatory enquiry, an auditor who wants a model registry that doesn't exist, a client who asks which version of GPT-4o processed their data. Retrofitting governance onto a deployed system is 10× harder than designing it in from the start.

LuMay's governance architecture is designed the opposite way. Every product built on the platform inherits the same six-layer governance posture automatically - not because a team remembered to configure it, but because the platform enforces it at runtime. Policy is authored centrally; enforcement is distributed across every request.

This document is the reference model. It is useful both as a standalone governance guide for AI buyers and as a specification of what LuMay delivers for enterprises deploying agents in regulated environments.

The Six-Layer Model

The model is structured as six horizontal layers, each with a clear mandate and a defined relationship to the layers above and below it. The layers are not sequential stages - they operate simultaneously. They are numbered to show hierarchy, not order of execution.

  • Layer 1 · Desired outcomes - the acceptance criteria the entire architecture exists to satisfy: predictable, auditable, safe AI.
  • Layer 2 · Governance operating model - the federated human structure that authors policy and holds accountability.
  • Layer 3 · Core governance capabilities - the ten operational controls that make governance continuous rather than point-in-time.
  • Layer 4 · Governed AI platform layers - the three-layer technical platform where governance controls are embedded at every boundary.
  • Layer 5 · Security and trust controls - the zero-trust security posture woven through every layer.
  • Layer 6 · Assurance and evidence - the outward-facing proof layer that transforms internal controls into auditable evidence.

Layer 1 · Desired Outcomes

LuMay treats AI governance as an enterprise capability, not a project activity. Three desired outcomes act as acceptance criteria for every layer beneath them, holding true across the full AI lifecycle from model selection through deployment, monitoring, and retirement:

Predictable AI

Consistent behavior across products and tenants. Policy is authored centrally and enforced at runtime, so the same rules apply regardless of which product or team is consuming the platform. Risk tiering ensures models are evaluated at appropriate levels of scrutiny before deployment. A CIO should be able to say with confidence that the agent running in product A follows the same governance policy as the agent in product B - not because two separate teams remembered to configure the same controls, but because a single policy layer governs both.

Auditable AI

Every decision, model action, and policy change is traceable. The evidence bus captures governance artifacts continuously. Audit logging and data lineage controls ensure nothing is lost. Client-facing evidence packages extend auditability outward to regulators and external stakeholders. Auditability is not a reporting feature - it is a runtime property of the platform.

Safe AI

Human-in-the-loop review is built into the platform layer. Guardrails and policy decision points enforce safety controls at runtime across all products and tenants. Incident response is a named governance body with a defined cadence - when something goes wrong, the response is structured and rehearsed, not improvised. Safety is an architectural property, not an after-the-fact review step.

Why These Outcomes Matter For External Stakeholders

  • Regulatory readiness - the framework maps directly to applicable laws and assurance expectations, meaning LuMay can produce evidence that outcomes are being achieved - not just claimed.
  • Client trust - clients receive structured evidence packages and attestations aligned to their risk and compliance requirements, providing demonstrable assurance.
  • Lifecycle coverage - governance applies from initial model selection through active deployment and eventual retirement. No gaps in the oversight chain.
  • Acceptance criteria - every control, body, and platform service in the six-layer architecture exists specifically to demonstrate these three outcomes are being met continuously.

Layer 2 · Governance Operating Model

The operating model uses a federated structure: policy is authored centrally, but enforcement occurs at runtime through platform services. This creates consistent control enforcement across multiple products and tenants while allowing each team to operate with appropriate autonomy.

Federated Structure Principles

  • Central policy authoring - all governance policy originates from a central function, ensuring consistency across the enterprise and eliminating conflicting local interpretations.
  • Runtime enforcement - policy decision points, guardrails, and evidence capture operate at runtime in platform services - not just at design-time review gates.
  • Multi-product consistency - the same controls apply regardless of which product or tenant is consuming the platform, preventing governance gaps at the product boundary.
  • Defined cadences - each governance body has a defined meeting cadence and mandate so policy changes, exceptions, risk decisions, and incidents are handled through repeatable processes.

The Five Formal Governance Bodies

Each body has a named mandate, defined membership, and meeting cadence:

  • AI Governance Council - top-level body with enterprise-wide mandate. Sets AI risk appetite, approves policy changes, and reviews significant incidents. Provides executive accountability for AI governance outcomes.
  • Architecture Review Board - reviews and approves AI system designs before deployment. Ensures architecture decisions align with governance policy, security requirements, and platform standards.
  • Fairness Review Board - assesses models and datasets for bias, discrimination risk, and fairness issues. Defines acceptable thresholds and approves models for use in high-risk or regulated contexts.
  • Vendor Risk Committee - evaluates third-party AI models, data providers, and platform components. Maintains the approved vendor register and reviews supply chain risk on a defined cadence.
  • Incident Response Team (IRT) - handles AI-related incidents through a structured, repeatable process. Ensures incidents are triaged, investigated, remediated, and documented with lessons learned fed back into policy.

Layer 3 · Core Governance Capabilities

These are the ten operational controls that make governance real. Each is a continuous function - not a point-in-time review - embedded across the AI lifecycle and enforced through platform services, tooling, and defined processes.

Data Governance

Lineage tracking, residency controls, classification, and consent management across all data used to train, fine-tune, or serve AI models. Data governance is the foundation: every other control depends on knowing where data came from, where it lives, and who has consented to its use.

Model Validation

Pre-deployment testing against accuracy, robustness, and safety thresholds. Includes red-teaming, adversarial testing, and regression suites. No model reaches the registry without passing a defined validation gate. The gate criteria are set by the Governance Council and reviewed by the Architecture Review Board for each risk tier.

Fairness Review

Bias detection across demographic groups, outcome disparity analysis, and documented approval by the Fairness Review Board before production deployment. Fairness review is required at initial deployment and on each material change to the model or its training data.

Human Oversight

Human-in-the-loop checkpoints for high-risk decisions. Escalation paths when model confidence falls below thresholds or outputs require human sign-off. The platform enforces HITL gates at the orchestration layer - they cannot be bypassed by individual product teams.

Compliance

Continuous mapping of controls to applicable regulations and standards. Automated compliance checks at deployment gates and ongoing runtime monitoring. The regulatory mapping is maintained in a live document updated as the regulatory landscape evolves.

Security

Threat modeling for AI-specific attack surfaces: prompt injection, model inversion, data poisoning, and adversarial input. Integrated with the enterprise security operations function and reviewed on a defined cadence by the Architecture Review Board.

Vendor Risk

Third-party model and data provider assessments, contractual controls, and continuous monitoring managed through the Vendor Risk Committee register. Every third-party model or data provider is assessed before onboarding and reviewed at defined intervals.

Audit Logging

Immutable logs of model inputs, outputs, decisions, and governance events. Retained per policy and available for regulatory inspection or client evidence requests. Logs are tamper-evident and stored in an append-only store. Retention periods are defined per workload tier and regulatory requirement.

Monitoring

Runtime drift detection, performance degradation alerts, and anomaly detection across model behavior, data quality, and system health. Monitoring is continuous and automated. Alerts are routed to the IRT for triage when thresholds are breached.

Incident Response

Defined playbooks for AI incidents covering triage, containment, investigation, remediation, and post-incident review with governance feedback loops. The IRT conducts quarterly tabletop exercises against the top three incident scenarios for each active risk tier.

Layer 4 · Governed AI Platform Layers

The AI platform is structured as three horizontal layers. Governance controls are embedded at each layer boundary so every product consuming the platform inherits the same governance posture without re-implementing controls independently.

Experience Layer

The outermost layer handling client-facing interactions. Includes API gateway, request routing, rate limiting, and tenant isolation. All requests pass through policy enforcement at this boundary before proceeding inward. The experience layer is where guardrails intercept out-of-policy inputs before they reach model inference.

Orchestration Layer

Coordinates multi-step AI workflows, manages model abstraction (so products are decoupled from specific model versions), and integrates the knowledge layer for retrieval-augmented generation and context management. Model versioning and rollback is enforced at this layer. Human-in-the-loop gates are executed here before consequential actions are dispatched to downstream systems.

Integration Layer

Connects the AI platform to enterprise systems, external APIs, and data sources. Platform services at this layer include the evidence bus, model registry, and audit log sink. All outbound connector calls are authenticated, authorised, and logged with an observability span.

Governance Embedded At Each Layer

  • Policy decision points (PDP) - runtime policy evaluation at layer boundaries. Every request is checked against governance policy before being passed to the next layer. PDPs return allow/deny/condition decisions, with conditions used to enforce HITL gates and risk-tier controls.
  • Guardrails - input and output filters enforced at the experience and orchestration layers to prevent policy violations before they reach model inference or external systems. Guardrail rules are authored centrally and versioned.
  • Model registry controls - only models approved through the validation and fairness review process can be registered and deployed. The registry enforces version control and retirement policy, and provides the authoritative record for audit.
  • Evidence capture - every layer emits governance events to the evidence bus: inputs, outputs, decisions, policy hits. This creates a continuous, tamper-evident audit trail without requiring individual product teams to implement logging.

Layer 5 · Security And Trust Controls

Security controls are not bolted on at the perimeter - they are woven through every layer of the platform. The zero-trust model assumes no implicit trust at any boundary, and the evidence bus ensures every security event is captured and available for audit and investigation.

Identity And Access Management

Verified identity for every human and service principal. Role-based access control enforced at all platform layers. Just-in-time access for privileged operations with full audit logging. Service-to-service authentication uses short-lived tokens with automated rotation. No standing privileged access is permitted for production systems.

Guardrails

Automated input/output filters that enforce policy at runtime. Block prompt injection, sensitive data leakage, and out-of-policy outputs before they reach users or downstream systems. Guardrail evaluations are logged to the evidence bus for every request, including cases where the guardrail was not triggered (absence of evidence is evidence).

Encryption

Encryption at rest and in transit across all platform components. Key management aligned to enterprise standards with rotation policies and hardware security module (HSM) integration where applicable. Tenant data is encrypted with tenant-specific keys, ensuring no cross-tenant data access is possible at the storage layer.

Zero-trust Architecture

No implicit trust at any network, service, or layer boundary. All requests are authenticated, authorised, and logged regardless of origin - internal or external. Lateral movement is prevented by micro-segmentation at the service level. Every service principal has the minimum permissions required for its function.

Evidence Bus

A tamper-evident event stream capturing all governance-relevant security events across the platform. Used for real-time monitoring, incident investigation, and client evidence packages. Events are written to an append-only store with cryptographic chaining so any tampering is detectable. The evidence bus is the single source of truth for all governance audits.

Risk Tiering

AI use cases are classified by risk level. Higher-risk tiers require additional validation, human oversight, and approval gates before deployment and on each material change. Risk tier assignments are reviewed by the Governance Council on a defined cadence and updated when the regulatory environment or deployment context changes.

Data Residency Controls

Enforcement of data location constraints at the platform level. Tenant data is processed and stored only in approved regions, with controls auditable against regulatory requirements. Data residency is enforced at the infrastructure layer - it is not a configuration option that can be inadvertently disabled.

Policy Decision Points

Centralised runtime policy evaluation. All platform requests pass through a PDP that evaluates the applicable governance policy and returns an allow/deny/condition decision. PDP decisions are logged with the full policy context so any decision can be reproduced and explained after the fact.

Layer 6 · Assurance And Evidence

Assurance is the outward-facing proof that governance is working. This layer transforms internal controls and audit data into structured evidence packages that clients, regulators, and auditors can use to verify that LuMay's AI operates as claimed - predictably, safely, and in accordance with applicable requirements.

Governance without evidence is a policy document. Evidence without governance is a log file. Layer 6 connects them - turning the continuous operation of Layers 1–5 into structured, reviewable, and deliverable proof.

Evidence Outputs

  • Audit-ready evidence packages - structured collections of governance artifacts: logs, validation reports, fairness assessments, policy versions, and decision records, assembled per client or regulatory requirement and available on demand. Packages are reproducible - the same package can be regenerated from the evidence bus at any future point.
  • Client attestations - formal statements attesting to the operation of specific controls during a defined period, aligned to client contractual requirements and applicable assurance frameworks.
  • Regulatory mapping - continuous mapping of platform controls to applicable laws, regulations, and standards. Updated as the regulatory landscape evolves and used to identify gaps and drive remediation.
  • Data lineage - end-to-end traceability of data from source through processing, model training or fine-tuning, and inference. Supports both regulatory obligations and client data transparency requirements.
  • Audit logging - immutable, tamper-evident logs retained per policy, available for regulatory inspection, client review, and internal forensic investigation in the event of an incident.
  • Model registry - the authoritative record of every model in use: version, validation status, approval history, risk tier, and retirement date. Provides a complete inventory for audit and change management.
  • Human-in-loop review records - documented records of human review decisions for high-risk AI outputs. Provides an auditable chain of human accountability for consequential decisions made with AI assistance.

Supported Assurance Frameworks

The LuMay governance architecture is mapped to the following frameworks and regulations. The mapping is maintained as a live document and updated as standards evolve:

  • ISO/IEC 42001 - AI management system standard. The six-layer model directly implements the management system requirements across planning, operation, performance evaluation, and improvement.
  • NIST AI Risk Management Framework (AI RMF) - Govern, Map, Measure, Manage functions. The governance bodies (Layer 2) align to the Govern function; capabilities (Layer 3) align to Map, Measure, and Manage.
  • EU AI Act - high-risk AI system requirements. The risk tiering system (Layer 5) maps directly to the Act's risk classification. Evidence packages (Layer 6) are structured to meet the Act's technical documentation requirements.
  • SOC 2 Type II - trust service criteria. Audit logging (Layer 3) and the evidence bus (Layer 5) provide the continuous operation evidence required for Type II attestation.
  • ISO/IEC 27001 - information security management. Security controls (Layer 5) are designed to meet the standard's Annex A control requirements for AI-specific attack surfaces.
  • GDPR / UK GDPR / Privacy - data residency controls (Layer 5) and data lineage (Layer 6) directly address the transparency and accountability requirements. Data governance capability (Layer 3) covers consent management and subject rights.
  • Client-specific SLAs and sector regulation - evidence packages (Layer 6) are structured to be configurable against any client-specific contractual or sector-specific regulatory requirement.

How LuMay Applies This To Every Deployment

The governance architecture described here is not a consulting deliverable or a compliance whitepaper. It is the specification of what every enterprise deploying on the LuMay platform receives as a baseline:

  • Every agent inherits the same policy enforcement, guardrails, evidence bus, and audit logging automatically at deployment - not as an add-on.
  • Risk tier assignment happens at onboarding; the platform adjusts the applicable HITL gates, validation requirements, and evidence outputs accordingly.
  • Clients receive structured evidence packages on request, at no additional configuration effort. The evidence bus has been capturing since the first API call.
  • Governance Council policy applies to every tenant and product. LuMay's clients do not need to re-implement governance separately - they inherit it by being on the platform.
Governance isn't a feature we add. It's the operating system the agents run on. Every audit question has a log entry. Every policy has an enforcement point. Every deployment has a risk tier. That's what “enterprise-ready” means in practice.

For the technical architecture underpinning the platform layers, see the Enterprise AI Framework. For the buyer's-side view of governance requirements when evaluating AI vendors, see the Enterprise Agentic AI Guide.

Want to apply the governance model to your platform?

30 minutes with a solutions architect. We'll map your current controls against the six-layer model and identify the gaps that matter most for your regulatory context.

Book a governance review →Read the AI Framework
Hi there! I'm MyLu!
Your Autonomous AI Guide