Show me your material third-party register.

regulus third-party register export --format ss2-21 produces the register. The Model Registry is the source; the export applies the SS2/21 field overlay.

What's your concentration risk on LLM providers?

The concentration metric in the Model Registry shows % of inference per provider. Configurable thresholds (typically 40% / 60% / 80%) trigger CONCENTRATION_THRESHOLD_BREACH events with the date and exposure level.

Walk me through your exit plan for the primary LLM provider.

The Model Registry has an exit-runbook reference per provider. The runbook is your governance artefact; the audit chain shows the most recent exit drill — date, failover region, time-to-recovery, alternative provider used.

PRA SS2/21 — what Regulus delivers for ADK agents

Who does it apply to?

UK PRA-regulated firms with material outsourcing or third-party arrangements.
Any PRA-regulated firm using a public LLM provider (OpenAI, Anthropic, Google Vertex AI) — these are third-party providers under SS2/21.
Firms running agents on third-party agent runtimes — Vertex AI Agent Engine is a third-party service even though it's GCP-native.

Two-minute explainer

PRA Supervisory Statement SS2/21 became effective on 31 March 2022. It sets PRA expectations for how UK PRA-regulated firms manage outsourcing and third-party arrangements. For agentic AI builders, SS2/21 matters because the LLM provider, the cloud provider, and any third-party API the agent calls are third parties under the statement.

Material outsourcing is the threshold concept. SS2/21 distinguishes material arrangements — those that, if disrupted, would have a material adverse impact on the firm’s safety, soundness, or operational resilience — from non-material. Most regulated firms running agentic AI workflows in production will classify their LLM provider as a material arrangement: the agent doesn’t work without the model.

Once classified as material, several obligations attach:

Pre-contract due diligence. Documented assessment of the provider’s capability, control environment, and operational resilience.
Concentration risk monitoring. Over-reliance on a single provider is a regulator concern. SS2/21 doesn’t prescribe a single threshold; it expects the firm to define one. The Regulus Model Registry’s concentration metric is the runtime view.
Exit planning. A documented exit strategy that’s regularly rehearsed. Regulus’s kill-switch plugin doubles as the exit-drill mechanism — engaging the switch on the primary LLM provider exercises the runbook.
Sub-outsourcing transparency. If your LLM provider sub-outsources any material function (e.g. compute capacity), that needs to be identified. Most LLM providers’ sub-outsourcing chain is opaque; Regulus tracks what’s disclosed but can’t conjure transparency from nothing.
Ongoing monitoring. Continuous monitoring of the third party’s performance against the SLA, incident handling, and audit rights. The audit chain captures the firm’s side of the relationship.

The Regulus pra-ss2-21 profile is intentionally narrower than the SS1/23 profile — most of SS2/21 is governance-side documentation, not runtime evidence. What Regulus delivers: the material-arrangement register, the concentration metric, the exit-drill audit trail, and the ongoing-monitoring substrate. The actual contract terms, the SLA text, the audit-right enforcement letters — those live in your procurement and vendor-management systems.

The profile composes naturally with pra-ss1-23 (model risk is a specific case of third-party risk where the third party is an LLM), with dora (DORA’s ICT third-party register has overlapping field expectations), and with fca-sysc (FCA SUP 16 reporting on outsourcing runs in parallel for dual-regulated firms).

What it actually requires of an engineer

Material third-party arrangements need explicit identification. The Model Registry tracks LLM provider as a third-party with the SS2/21 metadata.
Concentration risk is a real obligation. Over-reliance on a single LLM provider — measured as % of inference, % of revenue dependency, % of critical operations — triggers concentration-risk monitoring.
Exit planning must be evidenced. What's the alternative model provider? Can the agent fail over? How fast? Document the runbook; the audit chain captures exit-drill events.
Reverse-stress-test scenarios apply to LLM providers. If your primary LLM provider went offline / changed pricing / changed terms, what's the operational impact? Regulus emits the data points; the analysis is governance.

What Regulus does for you

Regulus control	Delivers
`RegulusModelRiskPlugin`	Third-party register entries — every LLM provider is a registered third party with material-arrangement classification, concentration metric, and exit-runbook reference.
`RegulusGovernanceEvidencePlugin`	Quarterly third-party register export with SS2/21 fields — material-arrangement classification, concentration metric % per provider, exit runbook reference, sub-outsourcing chain.
`RegulusKillSwitchPlugin`	Exit-drill capability — engaging the kill switch on a primary LLM provider exercises the failover runbook. Audit chain captures the drill event with the failover region, time-to-recovery, and the alternative provider.
`RegulusIdentityExpiryGuard`	Third-party access credentials must rotate within the SS2/21 control framework. Expired LLM-provider credentials fail closed.

Saves you ~8 engineer-weeks

Estimate based on the following honest assumptions:

Material-arrangement classification logic (2 weeks).
Concentration metric calculation + monitoring (2 weeks).
Exit-drill automation + audit (2 weeks).
Quarterly register export in SS2/21 format (2 weeks).

What an auditor will ask

The questions you'll see in a real walkthrough — and where to point them.

Show me your material third-party register.

regulus third-party register export --format ss2-21 produces the register. The Model Registry is the source; the export applies the SS2/21 field overlay.
What's your concentration risk on LLM providers?

The concentration metric in the Model Registry shows % of inference per provider. Configurable thresholds (typically 40% / 60% / 80%) trigger CONCENTRATION_THRESHOLD_BREACH events with the date and exposure level.
Walk me through your exit plan for the primary LLM provider.

The Model Registry has an exit-runbook reference per provider. The runbook is your governance artefact; the audit chain shows the most recent exit drill — date, failover region, time-to-recovery, alternative provider used.

What this doesn't cover

Non-AI outsourcing — Regulus profiles AI agent third-party dependencies; other outsourcing (back-office processing, market-data vendors) is your operational-risk function's scope.
Cloud-provider outsourcing as an organisational arrangement — Regulus tracks the AI side; the broader GCP outsourcing arrangement is at the firm level.
Cross-border data flows — covered by GDPR / UK GDPR residency, not SS2/21.

Citations

Activate this profile in your agent

regulus init my-agent --profiles=pra-ss2-21

Install the CLI All 10 regulations