Why Regulus exists
A runtime shouldn't be the compliance layer.
Google ADK is the best-designed agent runtime shipping in 2026. By design, it's a runtime — not a control plane. That's what Regulus is.
The control-plane / data-plane split applies one layer up
Google already ships a control plane for the data layer. Org Policy, VPC-SC, Assured Workloads, Sovereign Controls for EU, Cloud Audit Logs — the entire substrate is built around the idea that the policy decision plane is a separate concern from the workload that runs inside it. That works for a Cloud Function or a GKE pod. It runs out at the agent.
An LLM agent makes decisions. It reads from session state, picks a tool, formats arguments, dispatches, reads the result, decides what to do next. None of those decisions are visible to VPC-SC, Org Policy, or Cloud Audit Logs. Cloud Audit Logs show you who invoked the agent. They don't show you the agent's reasoning, the tool calls it made, or the policy that blocked one.
The same control-plane / data-plane split applies one layer up. Org Policy + VPC-SC + Assured Workloads handles the data plane. The agent's decision plane — the policy engine, the model-risk tier, PII redaction, the kill switch, the residency check that fails closed — is the part that has to land before 2 August 2026, when the GPAI Code of Practice is enforceable and the AI Office expects evidence on demand.
The PDF anti-pattern
Most teams shipping Vertex AI agents into regulated EU and UK environments are solving the compliance layer with PDFs. A Notion page mirroring GDPR Article 5. A spreadsheet mapping NIST AI RMF GOVERN-1.1 to internal controls. A Confluence runbook describing the kill switch.
None of it executable. None of it landing in Cloud Audit Logs in a shape your auditor can reconcile. The result is a stalled pilot. The agent works. The compliance evidence is hand-typed. Internal audit asks one question — "who confirmed the high-risk credit decision at 11pm on a Friday?" — and three weeks disappear.
What Regulus is
Regulus is the EU + UK compliance plane for Google ADK. Drop-in
BasePlugin implementations and service extensions
against ADK's official extension contracts. Doesn't fork the
runtime. Stays compatible when Google ships ADK 1.3.
- 8 ADK
BasePlugins. Policy, privacy, audit, dual-control kill switch, model-risk tiering, fail-closed data residency, governance evidence, identity expiry guard. Each plugs into the documented callback seams. - 6 service extensions. Vertex + Firestore sessions and memory, GCS artifact store, retention-aware event compactor, compliance-aware base computer, and A2A envelope with RFC 9421 HTTP Message Signatures for cross-org calls.
- 10 regulation profiles. EU AI Act, GDPR, UK GDPR, DORA, NIS2, FCA SYSC, PRA SS1/23 + SS2/21, NHS DSPT, EHDS. Compose them — strictest retention wins, intersected residency, union of audit fields, strongest immutability.
- 6 governance frameworks. NIST AI RMF + 600-1 GenAI Profile + planned Agent Interop Profile (Q4 2026), ISO/IEC 42001 with a Statement-of-Applicability generator, ISO/IEC 23894, ISO/IEC 23053.
- 4 GRC adapters. ServiceNow IRM, OneTrust AI Governance, MetricStream, generic HMAC-signed webhook. Every event lands with framework citations attached.
Where Google ADK ends, regulated builds begin
The phrase isn't accidental. Google ships the runtime; the runtime is excellent. ADK rightly doesn't try to be the compliance tool. Regulus is one answer to the question of who builds the layer between "agent runs" and "regulator accepts." Others will exist. Regulus's bet is that the plugin SPI seams are stable enough to build on, and the regulator's clauses are explicit enough to encode.
See the audit envelope side-by-side with what ADK emits on its own →