Towards Viewpoint-centric Artifact-based Regulatory Requirements Engineering for Compliance by Design

A new research paper by Oleksandr Kosenkov, titled "Towards Viewpoint-centric Artifact-based Regulatory Requirements Engineering for Compliance by Design," addresses the critical challenge of building legally compliant software, particularly AI systems. The work introduces the Artefact Model for Regulatory Requirements Engineering (AM4RRE), a framework designed to systematically integrate complex regulations—such as the EU's GDPR and AI Act—directly into the software development lifecycle (SDLC). The core problem it tackles is the disconnect between legal experts, who understand the regulations, and development teams, who must implement them, often resulting in costly, last-minute, and ad-hoc compliance efforts.

The AM4RRE model is 'viewpoint-centric,' meaning it formally structures the different perspectives (legal, business, technical) involved in compliance and defines the specific artifacts (documents, models, code) each needs to produce and share. This aims to replace chaotic, organization-level processes with a coordinated, team-based methodology for 'compliance by design.' The research, shared as a preprint on arXiv, is part of an ongoing doctoral study seeking feedback before final evaluation. Its significance lies in providing a concrete blueprint for companies to navigate the growing maze of AI and data regulations efficiently, reducing legal risk and rework by baking compliance into the initial design phases rather than treating it as an afterthought.