Legal Requirements Analysis

• URL: http://arxiv.org/abs/2311.13871v3
• Date: Sat, 17 Feb 2024 11:55:24 GMT
• Title: Legal Requirements Analysis
• Authors: Sallam Abualhaija and Marcello Ceci and Lionel Briand
• Abstract summary: We explore a variety of methods for analyzing legal requirements and exemplify them on representations. We describe possible alternatives for creating machine-analyzable representations from regulations.
• Score: 2.3349787245442966
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Modern software has been an integral part of everyday activities in many disciplines and application contexts. Introducing intelligent automation by leveraging artificial intelligence (AI) led to break-throughs in many fields. The effectiveness of AI can be attributed to several factors, among which is the increasing availability of data. Regulations such as the general data protection regulation (GDPR) in the European Union (EU) are introduced to ensure the protection of personal data. Software systems that collect, process, or share personal data are subject to compliance with such regulations. Developing compliant software depends heavily on addressing legal requirements stipulated in applicable regulations, a central activity in the requirements engineering (RE) phase of the software development process. RE is concerned with specifying and maintaining requirements of a system-to-be, including legal requirements. Legal agreements which describe the policies organizations implement for processing personal data can provide an additional source to regulations for eliciting legal requirements. In this chapter, we explore a variety of methods for analyzing legal requirements and exemplify them on GDPR. Specifically, we describe possible alternatives for creating machine-analyzable representations from regulations, survey the existing automated means for enabling compliance verification against regulations, and further reflect on the current challenges of legal requirements analysis.

Related papers

• RegNLP in Action: Facilitating Compliance Through Automated Information Retrieval and Answer Generation [51.998738311700095]
  Regulatory documents, characterized by their length, complexity and frequent updates, are challenging to interpret. RegNLP is a multidisciplinary subfield aimed at simplifying access to and interpretation of regulatory rules and obligations. ObliQA dataset contains 27,869 questions derived from the Abu Dhabi Global Markets (ADGM) financial regulation document collection.
  arXiv  Detail & Related papers  (2024-09-09T14:44:19Z)
• LegiLM: A Fine-Tuned Legal Language Model for Data Compliance [5.256747140296861]
  LegiLM is a novel legal language model specifically tailored for consulting on data or information compliance. It has been fine-tuned to automatically assess whether particular actions or events breach data security and privacy regulations. LegiLM excels in detecting data regulation breaches, offering sound legal justifications, and recommending necessary compliance modifications.
  arXiv  Detail & Related papers  (2024-09-09T02:06:52Z)
• InternLM-Law: An Open Source Chinese Legal Large Language Model [72.2589401309848]
  InternLM-Law is a specialized LLM tailored for addressing diverse legal queries related to Chinese laws. We meticulously construct a dataset in the Chinese legal domain, encompassing over 1 million queries. InternLM-Law achieves the highest average performance on LawBench, outperforming state-of-the-art models, including GPT-4, on 13 out of 20 subtasks.
  arXiv  Detail & Related papers  (2024-06-21T06:19:03Z)
• Rethinking Legal Compliance Automation: Opportunities with Large Language Models [2.9088208525097365]
  We argue that the examination of (textual) legal artifacts should, first employ broader context than sentences. We present a compliance analysis approach designed to address these limitations.
  arXiv  Detail & Related papers  (2024-04-22T17:10:27Z)
• Towards an Enforceable GDPR Specification [49.1574468325115]
  Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
  arXiv  Detail & Related papers  (2024-02-27T09:38:51Z)
• A Multi-solution Study on GDPR AI-enabled Completeness Checking of DPAs [3.1002416427168304]
  General Data Protection Regulation (DPA) requires a data processing agreement (DPA) which regulates processing and ensures personal data remains protected. Checking completeness of DPA according to prerequisite provisions is therefore an essential to ensure that requirements are complete. We propose an automation strategy to address the completeness checking of DPAs against stipulated provisions.
  arXiv  Detail & Related papers  (2023-11-23T10:05:52Z)
• The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
  The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
  arXiv  Detail & Related papers  (2023-11-03T12:51:37Z)
• A Research Agenda for Artificial Intelligence in the Field of Flexible Production Systems [53.47496941841855]
  Production companies face problems when it comes to quickly adapting their production control to fluctuating demands or changing requirements. Control approaches aiming to encapsulate production functions in the sense of services have shown to be promising in order to increase flexibility of Cyber-Physical Production Systems. But an existing challenge of such approaches is finding production plans based on provided functionalities for a set of requirements, especially when there is no direct (i.e., syntactic) match between demanded and provided functions.
  arXiv  Detail & Related papers  (2021-12-31T14:38:31Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.