Rethinking Legal Compliance Automation: Opportunities with Large Language Models

TL;DR

This paper explores how Large Language Models can improve legal compliance automation by analyzing broader legal contexts and providing explanations, addressing limitations of current methods with promising preliminary results.

Contribution

It proposes a novel compliance analysis approach leveraging LLMs that considers broader legal contexts and offers explainability, advancing automation capabilities.

Findings

Improved accuracy in compliance analysis with LLMs.

Enhanced ability to justify compliance decisions.

Preliminary results on GDPR-related data processing agreements.

Abstract

As software-intensive systems face growing pressure to comply with laws and regulations, providing automated support for compliance analysis has become paramount. Despite advances in the Requirements Engineering (RE) community on legal compliance analysis, important obstacles remain in developing accurate and generalizable compliance automation solutions. This paper highlights some observed limitations of current approaches and examines how adopting new automation strategies that leverage Large Language Models (LLMs) can help address these shortcomings and open up fresh opportunities. Specifically, we argue that the examination of (textual) legal artifacts should, first, employ a broader context than sentences, which have widely been used as the units of analysis in past research. Second, the mode of analysis with legal artifacts needs to shift from classification and information extraction to more end-to-end strategies that are not only accurate but also capable of providing explanation and justification. We present a compliance analysis approach designed to address these limitations. We further outline our evaluation plan for the approach and provide preliminary evaluation results based on data processing agreements (DPAs) that must comply with the General Data Protection Regulation (GDPR). Our initial findings suggest that our approach yields substantial accuracy improvements and, at the same time, provides justification for compliance decisions.