The most dangerous space on a UXO site isn't underground. It's between the lines.
Why the Three Lines Model breaks at the seams — and what the gaps look like on a real construction site.
By Capreae Consulting | Infrastructure Risk Advisory
Every site manager I have ever worked with can describe their site's risk hierarchy from memory. There's the principal contractor. The H&S team. The client's assurance function. Three lines. Three colours on the org chart. Everyone in a hard hat knows their box.
Then a piling rig finds something it shouldn't, and the entire diagram dissolves into a row about whose risk it actually was.
The Three Lines Model — the framework the Institute of Internal Auditors updated in 2020 to replace the older "Three Lines of Defence" — is a perfectly serviceable governance tool. It is not the model that fails. What fails is the space between the lines. That space is where most UXO findings, most cost overruns and most near-miss reports are quietly born.
This blog is about that space. It is written for the people who actually walk the site — principal contractors, site agents, project managers, SHE leads — and what the model looks like when you stop drawing it on a slide and start standing in it in steel toe-capped boots.
What the lines look like on a UXO site
Forget the org chart for a second. Here is what each line actually does on a working day.
First line. The principal contractor, the UXO subcontractor, the piling crew, the muck-away driver. They are the people whose hands are physically on the risk. When a magnetometer pings on something that shouldn't be there, they are the ones who decide whether to stop, mark up, withdraw or carry on. They own the risk because they own the action.
Second line. The H&S advisor, the principal designer, the technical assurance manager. They wrote the method statement the first line is following, they audit it weekly, and they sign off the Permit to Excavate. When the first line wants to deviate, the second line is supposed to say no.
Third line. Independent assurance reporting to the client's board or sponsor. Not on site daily. Doesn't write method statements. Doesn't sign permits. Their job is to look at what the other two lines are actually doing — not what the paperwork says — and tell the governing body the truth.
That's the theory. Now the practice.
Where the gaps open up
Across UK infrastructure, the same seams keep splitting under load. Five examples that anyone who has run a UXO-affected site will recognise.
The handover gap between desk study and intervention. The UXO desk study was completed two years ago, by one company, against a design that has since changed twice. The intervention team mobilises against the current design but inherits a risk picture built against the old one. Nobody is contractually obliged to reconcile the two. The first line assumes the second line did. The second line assumes the third line will. The third line is reviewing quarterly summaries.
The handover gap between contractors. The earthworks contractor finishes, demobilises and goes home. The piling contractor mobilises six weeks later, into ground that was cleared to a depth that suited earthworks. They drive piles to a depth that doesn't. Whose risk is the difference between the two? It is technically the principal contractor's. In practice, it is whoever was on site that morning.
The handover gap at shift change. A suspicious find is reported at 16:50 on a Friday. The day team marks it up, brackets it off and stands down. The night security crew does not know what the markings mean. The Monday morning crew assumes the find has been dealt with and works around it. Three shifts. One risk. No owner.
The change-of-intent gap. The project's spatial footprint shifts during construction. A cable trench moves 30 metres. A welfare cabin moves 50. A new access road is added. None of the changes triggered a re-survey because none of them, individually, met the threshold in the procedure. Cumulatively, they put plant onto ground that was never assessed.
The "it's fine, we've already paid for it" gap. A UXO clearance certificate was issued for a site footprint in 2022. The certificate had assumptions baked into it — depth, intrusive method, surrounding land use. None of those assumptions are still true in 2026. The certificate, however, is still in the file. The site team treats the certificate as the truth. Nobody has been asked to update it.
These are the gaps. Every single one of them sits between the lines, which is precisely why every single one of them is so often un-owned.
Why the model is supposed to fix this — and how it usually doesn't
The Three Lines Model, properly configured, is meant to make gaps like these visible and accountable. The second line should be challenging the first line on its handover protocols. The third line should be testing whether the second line's challenge is actually happening. The governing body should be receiving a clear picture of where the seams are weakest.
That only works if three things are true.
One: the lines are actually independent. When the same supplier provides the UXO desk study, the intervention work, the site assurance and the post-completion report, there is no friction in the system. Nobody is asking awkward questions of anyone else because everyone is paid out of the same lump sum.
Two: the lines have permission to disagree. A second-line H&S advisor who is sub-contracted by the principal contractor has limited freedom to escalate. A third-line assurer who relies on the same client for repeat work has limited freedom to write the report straight. The model only works when the lines are structurally able to deliver unwelcome findings.
Three: somebody owns the seams. This is the bit almost nobody does. Every Three Lines configuration on a UXO project should have a written, named, role-specific owner for the major handover points: design to construction, contractor to contractor, shift to shift, certificate to current operation. Without that, the model is three boxes and two empty spaces.
What good looks like on the ground
When the model is working properly on a UXO-affected site, you can see it in operational behaviours, not in documentation.
The site team treats the UXO method statement as a live document, not a tender attachment. When the design changes, the method changes. When the method changes, the second line knows about it within hours, not weeks.
The principal contractor briefs every shift on the current UXO risk picture, not just the inducted one. New plant operators are inducted before the keys go in the ignition, not after.
The second line walks the site. Not the offices, not the welfare cabin, not the meeting room. The site. They look at what's actually happening against what the permit says should be happening, and they report the gap to the third line in writing.
The third line lands on site without warning. They do not write to the principal contractor a fortnight in advance asking for "convenient dates." They turn up, they verify, they leave, and they report to the governing body on what they found — including the absence of things they expected to find.
And someone, somewhere, owns the gap between every line. By name. In writing.
The one question worth asking on a Monday morning
If you run, manage or sit above a UXO-affected project, there is one question worth asking your team at the start of the week.
"If a find were reported in the next hour, on a change of intent that nobody re-surveyed, on a Sunday handover that nobody briefed — who, by name, would own the consequences?"
If you get a name, your Three Lines Model is doing its job.
If you get a pause, you have found the gap.
That gap is where Capreae works.
Capreae Consulting provides independent assurance and operational scrutiny for infrastructure programmes with latent explosive risk. We don't write your method statements. We test whether the ones you have survive contact with the ground.