I hope I understood your question correctly -
For UMTS air link, the conﬁdentiality is provided for both user data and control signals, while the integrity and authenticity are only provided for control signals. Since RRC layer exists only for control signals, the integrity protection is applied at RRC layer. When RLC is implemented in non-transparent mode, the encryption is applied at RLC layer. In this case, a RLC header appears in the front of a RLC PDU to carry the necessary encryption parameters.
Otherwise, the encryption can only be applied at MAC layer since there is no RLC header to carry the necessary parameters for the encryption. The UMTS air link protection proﬁle can be summarized as follows.
• Encryption is applied to both user data and control signals. It is applied at MAC layer, if RLC is in transparent mode. If RLC is in non transparent mode, encryption is applied at RLC layer.
• Integrity protection is applied to control signals at RRC layer.
Now I hope u can deduce the reason why encryption is at RLC/MAC i.e. because data plane does not have RRC in the picture. Based on the case it is either done at RLC or MAC. And Integrity protection is done at RRC.