Legal Requirements Compliance using NLP and Knowledge Graphs

Different new directives on information and software technologies have been recently published by the European Union, such as the Artificial Intelligence Act (AI Act), the Cyber- Resilience Act, the Network and Information Security Directive 2 (NIS2), and the Digital Service Act. Since the enactment of the General Data Protection Regulation (GDPR), the legal compliance have been performed with expensive certifications and reviews made by consultants of various documents (e.g. the Data Protection Assessment), but now the use of new technologies might accelerate the compliance process by using tools to transform complex legal texts into machine-readable knowledge representations. In our work, we construct the knowledge graphs from the regulatory texts and other relevant documents (such as the Software Requirements Specification) and we aim at assessing the compliance by identifying matches between the two graph representations, with the development of an auditor-oriented compliance tool. We plan to leverage on large-language models (LLMs) to assist in aligning requirement specifications across multiple regulatory frameworks. By highlighting the pitfalls of diverse tools during the experimental analysis, we aim to emphasize the necessity of refining legal text processing workflows to enable transparent, efficient, and legally sound compliance report.