Pillar 4 is where Defensibility is operationalised. It is the pillar regulators, insurers, acquirers, professional conduct bodies, and adversarial counsel query directly. Functions that build Pillar 4 well can produce the contemporaneous evidence, the methodology, the governance trail, and the named accountability chain that any AI-influenced decision rests on, within twenty-four hours of any request that could plausibly result in adversarial scrutiny. Functions that build Pillar 4 poorly cannot, and the operating fact of cannot is the institutional exposure that ISO/IEC 42001 and the EU AI Act now name.
Pillar 4 pairs an inventory frame (the Risk Taxonomy 2026, the nine canonical classes of legal AI risk) with an operating frame (the Five Defensibility Elements) and produces a one-page artefact (the Defensibility Posture Statement) backed by a documentation cache (the Evidence Register). The four work as a unit; partial Pillar 4 implementations consistently fail when stress-tested.
The four capability domains
4.1 Risk Taxonomy 2026 — the inventory side
The Risk Taxonomy 2026 names the nine classes of legal AI risk: hallucination, confabulated execution, regulatory non-compliance, client confidentiality breach, data leakage, accountability dilution, action irreversibility, model drift, and cascade failure. Each class carries a defined mechanism, defined evidence (what the Evidence Register holds), defined mitigation, and named accountable owner. The Taxonomy is updated annually against regulator, insurer, and case-law developments. Functions operating without a taxonomy address risk anecdotally; functions with the Taxonomy address risk against a complete inventory.
4.2 The Five Defensibility Elements — the operating side
Decision traceability records every material AI-influenced decision with input, output, model version, prompt, timestamp, and reviewer. Methodology transparency articulates in writing why each AI system was selected and what its known limitations are. Evidence framework maintains an Evidence Register catalogued per AI system in use and refreshed quarterly. Governance posture names accountable owners who can describe the function's AI use without preparation. Continuous learning captures failure modes and folds them into subsequent operating cycles. The five elements operate continuously rather than at audit moments.
4.3 Defensibility Posture Statement (DPS)
The DPS is the one-page institutional artefact that captures the function's defensibility position. It names the function's AI use, the Five Elements as currently operated, the accountable owners, the Evidence Register pointer, and the next review date. The DPS is the document the General Counsel must be able to produce within twenty-four hours of any regulator, insurer, board member, or acquirer request. Producing the DPS on demand is itself the test: functions that need a week to assemble the DPS have signalled that the operating posture is reconstructed rather than maintained.
4.4 Evidence Register
The Evidence Register is the supporting documentation cache that the DPS points to. It is organised per AI system and contains: vendor due diligence outputs, model and prompt version history, decision traceability logs, training and competency records for practitioners using the system, incident logs and remediation records, and a quarterly attestation from the system owner. The Register is the substrate on which any Pillar 4 audit operates; absence of the Register is the absence of the operating posture.
Common failure modes
Pillar 4 fails in four characteristic patterns. Retrospective reconstruction: evidence is assembled in response to a request rather than maintained continuously; the assembly process itself signals the absence of the operating posture. Vendor-substitution: the function relies on vendor-provided documentation in place of its own evidence; vendor documentation answers vendor questions and does not satisfy the deployer-side burden under EU AI Act high-risk obligations. Partial taxonomy: risk is addressed against a subset of classes (typically hallucination and confidentiality) and the other seven classes accumulate latent exposure. Quiet shadow AI: practitioners use unsanctioned tools that fall outside the AI BoM; the AI Inventory and Risk Register understate actual exposure.
What Bands 4 and 5 look like at Pillar 4
At Band 4, Pillar 4 produces a current DPS, an operating Evidence Register refreshed quarterly, the Five Elements visibly in operation, and the Risk Taxonomy mapped to active AI systems. At Band 5 (Defensible), the DPS carries attestation from the General Counsel within the past twelve months, the Evidence Register is producible on request within twenty-four hours, the function can name every active AI system without consulting a vendor list, and the AI BoM accounts for every retrieval, prompt, and model component touching production work.
Interlock with adjacent pillars
Pillar 4 receives substrate from Pillar 1 (mandate scopes what is governed) and Pillar 2 (retrieval architecture produces audit trails). It governs Pillar 5 (autonomy bands and use-case promotion gates) and Pillar 6 (vendor selection criteria and AI BoM inventory). It is benchmarked by Pillar 7 (Defensibility lens of the Maturity Stack) and operated continuously by Pillar 8 (lifecycle discipline produces refresh evidence). Pillar 3 talent investment determines whether the operating bench can actually describe the posture under questioning. Pillar 4 is the pillar that determines whether the function is institutionally credible or institutionally exposed.