As software-intensive systems face growing pressure to comply with laws and regulations, providing automated support for compliance analysis has become paramount. Despite advances in the Requirements Engineering (RE) community on legal compliance analysis, important obstacles remain in developing accurate and generalizable compliance automation solutions. This paper highlights some observed limitations of current approaches and examines how adopting new automation strategies that leverage Large Language Models (LLMs) can help address these shortcomings and open up fresh opportunities. Specifically, we argue that the examination of (textual) legal artifacts should, first, employ a broader context than sentences, which have widely been used as the units of analysis in past research. Second, the mode of analysis with legal artifacts needs to shift from classification and information extraction to more end-to-end strategies that are not only accurate but also capable of providing explanation and justification. We present a compliance analysis approach designed to address these limitations. We further outline our evaluation plan for the approach and provide preliminary evaluation results based on data processing agreements (DPAs) that must comply with the General Data Protection Regulation (GDPR). Our initial findings suggest that our approach yields substantial accuracy improvements and, at the same time, provides justification for compliance decisions.

翻译：随着软件密集型系统面临日益增长的遵守法律法规的压力，提供合规性分析的自动化支持已变得至关重要。尽管需求工程社区在法律合规分析方面取得了进展，但在开发准确且可泛化的合规自动化解决方案方面仍存在重要障碍。本文指出了当前方法的一些局限性，并探讨了如何采用利用大语言模型的新自动化策略来帮助解决这些不足并开辟新的机遇。具体而言，我们认为对（文本）法律工件的审查应首先采用比句子更广泛的上下文，句子在以往研究中被广泛用作分析单元。其次，法律工件的分析模式需要从分类和信息提取转向更端到端的策略，这种策略不仅准确，而且能够提供解释和论证。我们提出了一种旨在解决这些局限性的合规分析方法。我们进一步概述了该方法的评估计划，并基于必须遵守《通用数据保护条例》的数据处理协议提供了初步评估结果。我们的初步发现表明，我们的方法在带来显著的准确性提升的同时，也为合规决策提供了论证依据。