Towards Viewpoint-centric Artifact-based Regulatory Requirements Engineering for Compliance by Design

TL;DR

This paper introduces an artefact model for regulatory requirements engineering aimed at integrating compliance by design into software development, addressing industry challenges of complexity and cross-functional coordination.

Contribution

It proposes the AM4RRE artefact model to systematically support regulatory requirements engineering and facilitate compliance by design in software engineering.

Findings

Initial artefact model synthesis presented

Highlights the need for systematic regulatory RE approaches

Calls for empirical evaluation and industry feedback

Abstract

Processing regulations and resulting requirements to achieve regulatory compliance in software engineering (SE) is a developing challenge due to the continuously growing amount, complexity, and expanding scope of regulations. Despite the growing amount of newly suggested regulatory requirements engineering (RE) approaches by the research community, industry remains under pressure to assure their integration into their RE and overall software development life cycle (SDLC) practices to facilitate a seamless and legally valid compliance by design. As of today, we still have limited empirical understanding of how this can be achieved. Such integration should avoid additional burdens and address the demands of legal knowledge intensity, cross-functional communication and consistency between different involved viewpoints. Intermediary results of this doctoral study showed that regulatory RE has peculiarities distinguishing it from the engineering of other requirements. Oftentimes, organizations establish standalone regulatory RE processes on the organizational level. However, software development teams usually approach compliance by design in an ad-hoc manner, rather than in a systematic way. Among other, because of the complexity of the coordination between the involved viewpoints. The goal of this paper is to report and get feedback about the synthesis and future evaluation of our Artefact Model for Regulatory Requirements Engineering (AM4RRE) for a integrated compliance by design. We hope this paper will spark discussions about regulatory RE and help us refine plans for the final stage of the doctoral study.