Addressing Legal Requirements in Requirements Engineering

Legal texts, such as regulations and legislation, are playing an increasingly important role in requirements engineering and system development. Monitoring systems for requirements and policy compliance has been recognized in the requirements engineering community as a key area for research. Similarly, regulatory compliance is critical in systems that are governed by regulations and law, especially given that non-compliance can result in both financial and criminal penalties. Working with legal texts can be very challenging, however, because they contain numerous ambiguities, cross-references, domain-specific definitions, and acronyms, and are frequently amended via new regulations and case law. Requirements engineers and compliance auditors must be able to identify relevant regulations, extract requirements and other key concepts, and monitor compliance throughout the software lifecycle. This paper surveys research efforts over the past 50 years in handling legal texts for systems development. These efforts include the use of symbolic logic, logic programming, first-order temporal logic, deontic logic, defeasible logic, goal modeling, and semi-structured representations. This survey can aid requirements engineers and auditors to better specify, monitor, and test software systems for compliance.

[1]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[2]  Layman E. Allen,et al.  Symbolic Logic: A Razor-Edged Tool for Drafting and Interpreting Legal Documents , 1957 .

[3]  Daniel Poulin,et al.  The other formalization of law: SGML modelling and tagging , 1997, ICAIL '97.

[4]  Marco Casassa Mont,et al.  Privacy Enforcement with HP Select Access for Regulatory Compliance , 2005 .

[5]  Erik Kamsties,et al.  Surfacing ambiguity in natural language requirements , 2001 .

[6]  Guido Governatori,et al.  Temporalised normative positions in defeasible logic , 2005, ICAIL '05.

[7]  John Mylopoulos,et al.  Annotating Accommodation Advertisements Using CERNO , 2007, ENTER.

[8]  Marie-Francine Moens Combining structured and unstructured information in a retrieval model for accessing legislation , 2005, ICAIL '05.

[9]  Kincho H. Law,et al.  Logic-based regulation compliance-assistance , 2003, ICAIL.

[10]  Barbara Kitchenham,et al.  Procedures for Performing Systematic Reviews , 2004 .

[11]  Guido Boella,et al.  Permissions and obligations in hierarchical normative systems , 2003, ICAIL.

[12]  André Valente,et al.  ON-LINE: an architecture for modelling legal information , 1995, ICAIL '95.

[13]  Claudia Soria,et al.  Automatic semantics extraction in law documents , 2005, ICAIL '05.

[14]  Daniela Tiscornia,et al.  Esplex: A rule and conceptual model for representing statutes , 1987, ICAIL '87.

[15]  Guido Governatori,et al.  On the Modeling and Analysis of Regulations , 1999 .

[16]  M. Hart,et al.  SOME FUNDAMENTAL LEGAL CONCEPTIONS AS APPLIED IN JUDICIAL REASONING , 2008 .

[17]  Insup Lee,et al.  Privacy APIs: access control techniques to analyze and verify legal privacy policies , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[18]  Francis Chantree,et al.  Identifying Nocuous Ambiguities in Natural Language Requirements , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[19]  Mario Piattini,et al.  Legal requirements reuse: a critical success factor for requirements quality and personal data protection , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[20]  Annie I. Antón,et al.  The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information , 2007, IEEE Security & Privacy.

[21]  Trevor J. M. Bench-Capon,et al.  Logic programming for large scale applications in law: A formalisation of supplementary benefit legislation , 1987, ICAIL '87.

[22]  Kincho H. Law,et al.  Legal information retrieval and application to e-rulemaking , 2005, ICAIL '05.

[23]  Guido Governatori,et al.  Induction of defeasible logic theories in the legal domain , 2003, ICAIL.

[24]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[25]  Marek J. Sergot,et al.  The British Nationality Act as a logic program , 1986, CACM.

[26]  Jolanta Cybulka,et al.  Dynamics of legal provisions and its representation , 2005, ICAIL '05.

[27]  Marek J. Sergot,et al.  Indian central civil service pension rules: a case study in logic programming applied to regulations , 1991, ICAIL '91.

[28]  N. Isaacs,et al.  Fundamental Legal Conceptions as Applied in Judicial Reasoning: And Other Legal Essays , 2010 .

[29]  Annie I. Antón,et al.  The role of policy and stakeholder privacy values in requirements engineering , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[30]  Kincho H. Law,et al.  Similarity analysis on government regulations , 2003, KDD '03.

[31]  Annie I. Antón,et al.  Ensuring compliance between policies, requirements and software design: a case study , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[32]  Fabio Massacci,et al.  Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation , 2005, Comput. Stand. Interfaces.

[33]  Kincho H. Law,et al.  REGBASE: A Distributed Information Infrastructure for Regulation Management and Compliance Checking , 2004, DG.O.

[34]  Trevor J. M. Bench-Capon Support for policy makers: formulating legislation with the aid of logical models , 1987, ICAIL '87.

[35]  William N. Robinson,et al.  Implementing Rule-Based Monitors within a Framework for Continuous Requirements Monitoring , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[36]  Barbara Paech,et al.  Detecting Ambiguities in Requirements Documents Using Inspections , 2001 .

[37]  Luiz Marcio Cysneiros,et al.  Requirements engineering in the health care domain , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[38]  Erik Kamsties,et al.  Taming Ambiguity in Natural Language Requirements , 2005 .

[39]  D. M. Sherman A Prolog model of the income tax act of Canada , 1987, ICAIL '87.

[40]  Niels Peek Representing Law in Partial Information Structures , 2004, Artificial Intelligence and Law.

[41]  Monica Palmirani,et al.  Automated extraction of normative references in legal texts , 2003, ICAIL.

[42]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[43]  Michael J. Maher,et al.  On the analysis of regulations using defeasible rules , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[44]  Travis D. Breaux,et al.  An algorithm to generate compliance monitors from regulations , 2006 .

[45]  Erik Kamsties,et al.  From Contract Drafting to Software Specification: Linguistic Sources of Ambiguity , 2003 .

[46]  Kincho H. Law,et al.  An e-government information architecture for regulation analysis and compliance assistance , 2004, ICEC '04.