The National AI Governance Playbook · Part II · Chapter 4
Two governance regimes
The four functions of AI governance fall into two regimes with different logics: one governs the model and holds across sectors, the other governs use and is rebuilt in each sector. This chapter sets out the two regimes, the interface between them, and what the split settles about how a national program is structured, funded and led.
By Myriam Ayada · MindXO · July 2026
In brief
The four functions of Chapter 3 group into two regimes with different logics. The safety and security regime governs the model, holds across sectors, and runs on technical and evidentiary force; it carries standard-setting, evaluation and assurance, and is built once as a shared national capability. The usage-based regime governs use within a sector, runs on legal force, and is rebuilt in each sector on a common frame; it carries use-regulation. The two meet at one interface, where the evidence the first produces becomes the basis on which the second acts. Keeping the regimes distinct, and defining that interface, is the architectural choice the rest of the design depends on.
Why the functions fall into two groups
Chapter 3 separated national AI governance into four functions and noted that three of them behave alike. Standard-setting, evaluation and assurance all attach to the model and its evidence: they ask what a model is, how it behaves, and whether a deployed system still matches the claims made for it, and the answers hold whether the model runs in a bank or a hospital. Use-regulation attaches to something else. It asks whether a particular use is lawful and fair in a particular sector, and the answer changes with the sector.
That single difference, what each function attaches to, is what divides the four into two regimes, because it settles who can govern, with what kind of authority, and how often the work repeats. A function that attaches to the model can be built once and shared; a function that attaches to a use has to be rebuilt wherever the use occurs. The two regimes that follow are not a matter of preference or administrative taste. They are the shape the four functions take once grouped by their object.
The safety and security regime
The safety and security regime is the part of the system that governs the model itself. It gathers three of the four functions, standard-setting, evaluation and assurance, because all three attach to the model and its evidence rather than to any particular use of it. Its object is a model's properties and behaviour: what it is capable of, how it fails, whether it is secure, and whether a deployed system still matches the claims made for it. Because those properties do not change with the sector, the regime is horizontal. It is built once and drawn on by every sector that regulates a use, rather than rebuilt inside each one.
Its authority is technical and evidentiary rather than legal. Standard-setting carries force by reference, when a standard is written into a contract or a rule; evaluation carries the force of evidence, which obliges no one by itself; assurance carries force through accreditation, when an accredited opinion is required before a system may be deployed. None of the three can fine or prohibit. The regime's natural home is a small number of national bodies, the standards body and the committees behind it, the evaluation capability, and the accreditation authority, treated in Part IV, and its cadence follows model releases and capability jumps rather than the review calendar of any one sector.
- Object
- A model's properties, behaviour and security, and whether a deployed system still matches its claims.
- Functions
- Standard-setting, evaluation and testing, assurance.
- Force
- Technical and evidentiary; by reference, by evidence, by accreditation. No power to fine or prohibit.
- Home
- A few national bodies: the standards body, the evaluation capability, the accreditation authority.
- Cadence
- Follows model releases and capability jumps.
The regime's product is a shared reference and a flow of evidence. On its own it settles nothing about whether a given use is permitted, because it holds no legal power to permit or forbid. That is the work of the second regime, and the two are joined at the point where evidence becomes decision.
The usage-based regime
The usage-based regime governs how AI is used, one sector at a time. It holds the fourth function, use-regulation, and it is deliberately vertical, because the same model carries different risks and different duties in a bank, a hospital and a power grid. Its object is a use in context: not the model, but what an organisation does with it, to whom, and under which existing law. Its authority is legal and binding, the power to require, inspect, sanction and prohibit, and that power already sits with the supervisors of each sector, who hold the inspection rights, the sanction regimes and the sector knowledge the function needs.
Because it is rebuilt in each sector's terms, its central design problem is coherence. Sectoral rules drift apart without a shared national frame to hold definitions, thresholds and reporting in common, the coherence question of Chapter 6, and they arrive in an order that has to be chosen, the sequencing question of Chapter 7. What the regime cannot supply for itself is the technical basis for its judgements. A sector regulator can require that a deployed system be safe and secure; it cannot, sector by sector, define what that means or generate the evidence that it holds. It draws both from the first regime.
- Object
- A use in context: what an organisation does with a model, to whom, under which law.
- Functions
- Use-regulation, one sector at a time.
- Force
- Legal and binding; require, inspect, sanction, prohibit.
- Home
- The existing supervisors of each sector, on a shared national frame.
- Cadence
- Follows sector risk and the supervisory calendar.
Sheet 04 of 13, two regimes and the interface between them: a horizontal safety and security regime spans every sector and carries standard-setting, evaluation and assurance under technical and evidentiary force, built once and shared. Below it, a usage-based regime governs use one sector at a time, carrying use-regulation under legal force in finance, health, energy and public services, enforced by each sector's own regulator and rebuilt on a common frame. Between them runs the interface: evidence and assurance pass down from the horizontal regime into each sector, while legal authority acts within each sector.
The interface between the regimes
The two regimes are not independent, and the single most consequential decision in the architecture is the interface between them. The safety and security regime produces the reference points, the test evidence and the accredited assurance; the usage-based regime decides, on that basis, what is permitted in each sector and enforces the decision. Evidence flows one way, from the horizontal capability into every sector that needs it; authority flows the other, from each sector's law back onto the systems the evidence describes.
Where the interface is defined, a sector regulator can require an accredited assurance against a national standard without having to author the standard or run the test itself, and the same evidence serves finance, health and energy at once. Where it is left undefined, one of two failures follows. Either each sector builds its own testing and its own definitions, which duplicates the scarcest capability in the system and lets the sectoral rules drift apart; or the central body is pushed to hold sectoral powers it has no basis for, and use-regulation is centralised away from the supervisors who understand the sector.
Naming what each side owes the other, what the horizontal capability must publish and what a sector regulator may require of it, is therefore not administrative detail. It is the load-bearing joint of the architecture, and the place a design is most often left blank.
What the split settles
Once the two regimes are distinct, several decisions that look separate turn out to be the same decision, and a few that look joined come apart.
- Funding follows the regime, not the program. The horizontal regime is capital- and talent-intensive and mostly central, with its cost incurred upfront; the vertical regime runs through supervisory machinery that already exists, so its cost is mainly training and coordination. The two carry different funding logics, taken up again in Chapters 10 and 12.
- One home is possible above the line, not below it. The horizontal functions can share a single institutional home; sectoral use-regulation cannot be pulled into it without stripping the sector supervisors of powers only they can exercise. A body may host the safety and security regime; it must not absorb the usage-based one.
- Coherence is a frame, not a centre. What holds the vertical regime together is a shared national frame of definitions, thresholds and reporting, not a single regulator, so the sectors stay aligned without being merged. Chapter 6 returns to it.
- The horizontal capability comes first. Credible sectoral rules depend on a reference and evidence the sectors do not each produce, so the safety and security regime is a precondition for the usage-based one, a sequencing point developed in Chapter 7.
Common failure mode. One regulator for everything. A single AI regulator asked to run both regimes cannot hold every sector's inspection powers and knowledge, so it either under-regulates use or centralises use-regulation away from the sector supervisors. Worse, the body that produces the evidence becomes the body that acts on it, and the independence that gives evaluation its credibility, established in Chapter 3, is lost. The interface disappears precisely where it does the most work.
The two regimes give Part II its structure. Chapter 5 follows them down into the full policy and regulatory chain, from a principle at the top to a control a deployed system must pass, and locates each regime's instruments along it.
Three questions for every government
- Which functions belong to the horizontal safety and security regime, and which stay with the sector regulators?
- Where is the interface defined, and what does each side owe the other, what the horizontal capability publishes and what a sector regulator may require of it?
- What holds the sectoral rules coherent with the national frame without centralising them?
Selected public sources
- ISO/IEC 42001, AI management systems, ISO/IEC, 2023
- AI Risk Management Framework and Generative AI Profile, NIST, 2023 and 2024
- Regulation (EU) 2024/1689 (AI Act), European Union, 2024
- A pro-innovation approach to AI regulation, white paper and government response, United Kingdom, 2023 and 2024
- Introduction to AI assurance, UK Department for Science, Innovation and Technology, 2024