Modern software has been an integral part of everyday activities in many disciplines and application contexts. Introducing intelligent automation by leveraging artificial intelligence (AI) led to break-throughs in many fields. The effectiveness of AI can be attributed to several factors, among which is the increasing availability of data. Regulations such as the general data protection regulation (GDPR) in the European Union (EU) are introduced to ensure the protection of personal data. Software systems that collect, process, or share personal data are subject to compliance with such regulations. Developing compliant software depends heavily on addressing legal requirements stipulated in applicable regulations, a central activity in the requirements engineering (RE) phase of the software development process. RE is concerned with specifying and maintaining requirements of a system-to-be, including legal requirements. Legal agreements which describe the policies organizations implement for processing personal data can provide an additional source to regulations for eliciting legal requirements. In this chapter, we explore a variety of methods for analyzing legal requirements and exemplify them on GDPR. Specifically, we describe possible alternatives for creating machine-analyzable representations from regulations, survey the existing automated means for enabling compliance verification against regulations, and further reflect on the current challenges of legal requirements analysis.

翻译：现代软件已成为众多学科和应用场景中日常活动不可或缺的组成部分。通过利用人工智能实现智能自动化，已在多个领域取得突破性进展。人工智能的有效性可归因于多个因素，其中数据可用性的持续提升尤为关键。欧盟《通用数据保护条例》等法规的出台，旨在确保个人数据得到保护。凡涉及个人数据收集、处理或共享的软件系统均须符合此类法规要求。开发合规软件的关键在于落实适用法规中的法律需求，这是软件开发流程中需求工程阶段的核心任务。需求工程关注待建系统的需求规范与维护，包括法律需求。描述组织处理个人数据政策的法律协议，可作为除法规之外的额外来源用于挖掘法律需求。本章将探讨多种法律需求分析方法，并以GDPR为例进行阐释。具体而言，我们将介绍从法规中构建机器可分析表示形式的可行方案，梳理现有实现法规合规性验证的自动化手段，并深入探讨当前法律需求分析面临的挑战。