Legal Requirements Analysis: A Regulatory Compliance Perspective

Modern software has been an integral part of everyday activities in many disciplines and application contexts. Introducing intelligent automation by leveraging artificial intelligence (AI) led to breakthroughs in many fields. The effectiveness of AI can be attributed to several factors, among which is the increasing availability of data. Regulations such as the General Data Protection Regulation (GDPR) in the European Union (EU) are introduced to ensure the protection of personal data. Software systems that collect, process or share personal data are subject to compliance with such regulations. Developing compliant software depends heavily on addressing legal requirements stipulated in applicable regulations, a central activity in the requirements engineering (RE) phase of the software development process. RE is concerned with specifying and maintaining requirements of a system-to-be, including legal requirements. Legal agreements which describe the policies organizations implement for processing personal data can provide an additional source to regulations for eliciting legal requirements. In this chapter, we explore a variety of methods for analysing legal requirements and exemplify them on GDPR. Specifically, we describe possible alternatives for creating machine-analysable representations from regulations, survey the existing automated means for enabling compliance verification against regulations and further reflect on the current challenges of legal requirements analysis. Analysing legal requirements is a core RE activity that relies to a large extent on natural language processing technologies. This chapter contributes with the necessary knowledge required for eliciting, representing and verifying legal requirements.