Topic

Three Lines Of Defense

The three lines of defense is a governance model that separates risk management and compliance responsibilities across first-line business operations, second-line oversight functions, and third-line independent audit. In AI governance, this framework helps organizations ensure that AI system owners manage risks, compliance teams monitor adherence to policies, and internal audit independently verifies controls over AI development and deployment. Implementing this structure prevents conflicts of interest and strengthens accountability for responsible AI practices across the enterprise.

1 item

ResearchEU2026-06-26

Board Oversight Gaps Exposed: Diligent's AI Governance Guide Maps Three Lines of Defense, Fairness Audits, and EU AI Act Alignment for Directors and Audit Leaders

Diligent has published a practitioner-focused guide titled 'AI Governance: A Guide for Boards, Risk and Audit Leaders' that outlines how organizations should structure board oversight of AI, apply a three-lines-of-defense model, conduct fairness and bias audits, and assess third-party AI risk. The guide explicitly maps recommendations to the EU AI Act, NIST AI RMF, and OECD AI Principles. It provides concrete steps for defining leadership accountability and establishing cross-functional AI ethics committees.

board oversight three lines of defense EU AI Act bias audits third-party AI risk