Towards legal compliance by correlating Standards and Laws with a semi-automated methodology

Interdisciplinary Research Group in Socio-technical Cybersecurity

Towards legal compliance by correlating Standards and Laws with a semi-automated methodology

Cesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio Robaldo
Abstract:
Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of compliance in favour of the implementing party, provided there is a clear correspondence between the provisions of a specific standard and the regulation’s requirements. However, identifying such correspondences is a complex process which is complicated further by the fact that the established correlations may be overridden in time e.g., because newer court decisions change the interpretation of certain legal provisions. To help solve these problems, we present a framework that supports legal experts in recognizing correlations between provisions in a standard and requirements in a given law. The framework relies on state-of-the-art Natural Language Semantics techniques to process the linguistic terms of the two documents, and maintains a knowledge base of the logic representations of the terms, together with their defeasible correlations, both formal and substantive. An application of the framework is shown by comparing a provision of the European General Data Protection Regulation with the ISO/IEC 27018:2014 standard.
Authors:
Cesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio Robaldo
Publication date:
2017
Published in:
Communications in Computer and Information Science
Reference:
Bartolini, C., Giurgiu, A., Lenzini, G., & Robaldo, L. (2016, November). Towards legal compliance by correlating standards and laws with a semi-automated methodology. In Benelux Conference on Artificial Intelligence (pp. 47-62). Springer, Cham.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette
info-irisc-lab@uni.lu