Interdisciplinary Research Group in Socio-technical Cybersecurity
Towards legal compliance by correlating Standards and Laws with a semi-automated methodology
Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of compliance in favour of the implementing party, provided there is a clear correspondence between the provisions of a specific standard and the regulation’s requirements. However, identifying such correspondences is a complex process which is complicated further by the fact that the established correlations may be overridden in time e.g., because newer court decisions change the interpretation of certain legal provisions. To help solve these problems, we present a framework that supports legal experts in recognizing correlations between provisions in a standard and requirements in a given law. The framework relies on state-of-the-art Natural Language Semantics techniques to process the linguistic terms of the two documents, and maintains a knowledge base of the logic representations of the terms, together with their defeasible correlations, both formal and substantive. An application of the framework is shown by comparing a provision of the European General Data Protection Regulation with the ISO/IEC 27018:2014 standard.
Cesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio Robaldo
Communications in Computer and Information Science
Bartolini, C., Giurgiu, A., Lenzini, G., & Robaldo, L. (2016, November). Towards legal compliance by correlating standards and laws with a semi-automated methodology. In Benelux Conference on Artificial Intelligence (pp. 47-62). Springer, Cham.
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg