SlideShare a Scribd company logo
1 of 29
Download to read offline
Data61’s Regulation as a Platform
(RaaP)
Guido Governatori
CodeX, Stanford University, 6 April 2018
www.data61.csiro.au
Motivation
“The Holy Grail is when we start to actually write regulation and legislation in
code. Imagine the productivity gains and compliance savings of instantaneous
certified compliance” Treasurer Morrison (4 November 2016)
2 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Compliance is difficult
3 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
The cost of compliance
• The cost of compliance on businesses:
$1.88 trillion USD per annum (Source: IRS)
$249 (190 in 2015) billion AUD per annum
• 1 million people employed in the compliance area in Australia (9% of workforce),
growing fast.
• In the 2013/14 financial year, the Australian Government awarded more than
66,000 contracts with an overall value of almost $49 billion AUD.
4 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
The cost of compliance
• The cost of compliance on businesses:
$1.88 trillion USD per annum (Source: IRS)
$249 (190 in 2015) billion AUD per annum
• 1 million people employed in the compliance area in Australia (9% of workforce),
growing fast.
• In the 2013/14 financial year, the Australian Government awarded more than
66,000 contracts with an overall value of almost $49 billion AUD.
Data61 Computational Law and Regulatory Technology can reduce the compliance
cost by 30%
4 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Opportunity
• Build technologies to enable Australian industry to comply easily and cost
effectively
• Leverage Australia’s strength of a strong regulatory framework to create a new AI
led regulation industry
5 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Data61 Regulation as a Platform
6 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Digital Legislation Platform
7 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Benefits of RaaP
8 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Computational Law
9 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Aims of Computational Law
To provide formal methods (logic) to:
• determine what normative positions are in force
• determine what norms have been violated or complied with
10 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
A Privacy Act
Section 1: (Prohibition to collect personal medical information)
Offence: It is an offence to collect personal medical information.
Defence: It is a defence to the prohibition of collecting personal medical
information, if an entity immediately destroys the illegally collected
personal medical information before making any use of the personal
medical information
Section 2: An entity is permitted to collect personal medical information if the entity
acts under a Court Order authorising the collection of personal medical
information.
Section 3: (Prohibition to collect personal information) It is forbidden to collect personal
information unless an entity is permitted to collect personal medical
information.
Offence: an entity collected personal information
Defence: an entity being permitted to collect personal medical information.
11 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Making Sense of the Act
• Collection of medical information is forbidden. (Forbidden A)
• Destruction of the illegally collected medical information excuses the illegal
collection. (B compensates A)
• Collection of medical information is permitted if there is an authorising court
order. (if C the Permitted A)
• Collection of personal information is forbidden. (Forbidden D)
• Collection of personal information is permitted if the collection of medical
information is permitted. (If Permitted A then Permitted D)
12 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Are We Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
13 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Are We Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
• According the legal intuition the process is not compliant
• Most exisiting compliance frameworks assess is a compliant
Data61 Regorous Business Process Compliance tool provides the right assessment.
13 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Key components of Normative Systems
A normative system is a set of clauses (norms).
14 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Key components of Normative Systems
A normative system is a set of clauses (norms).
Norms are modelled as if . . . then rules
A1, . . . , An ⇒ C
• Definitional clauses (constitutive rules: defining terms used in a legal context)
• Prescriptive clauses (norms defining “normative effects”)
obligations
permissions
prohibitions
violations
14 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Key components of Normative Systems
A normative system is a set of clauses (norms).
Norms are modelled as if . . . then rules
A1, . . . , An ⇒ C
• Definitional clauses (constitutive rules: defining terms used in a legal context)
• Prescriptive clauses (norms defining “normative effects”)
obligations
permissions
prohibitions
violations
Norms are defeasible (handling exceptions)
14 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Normative Effects
Obligation A situation, an act, or a course of action to which a bearer is legally
bound, and if it is not achieved or performed results in a violation.
Prohibition A situation, an act, or a course of action which a bearer should avoid,
and if it is achieved results in a violation.
Permission Something is permitted if the obligation to the contrary of or its
prohibition does not hold.
Obligations and prohibitions can be violated and violations can be compensated.
15 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Defeasiblity/Exceptions: Example 1
TELECOMMUNICATIONS CONSUMER PROTECTIONS CODE (C628:2012)
Section 2.1. Definitions
Complaint means an expression of dissatisfaction made to a Supplier in relation to its
Telecommunications Products or the complaints handling process itself, where a response or
Resolution is explicitly or implicitly expected by the Consumer.
An initial call to a provider to request a service or information or to request support is not
necessarily a Complaint. An initial call to report a fault or service difficulty is not a Complaint.
However, if a Customer advises that they want this initial call treated as a Complaint, the
Supplier will also treat this initial call as a Complaint.
If a Supplier is uncertain, a Supplier must ask a Customer if they wish to make a Complaint
and must rely on the Customer’s response.
16 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Defeasiblity/Exceptions: Example 2
NATIONAL CONSUMER CREDIT PROTECTION ACT 2009 (Act No. 134 of 2009)
Section 29
(1) A person must not engage in a credit activity if the person does not hold a licence
authorising the person to engage in the credit activity.
(3) For the purposes of subsections (1) and (2), it is a defence if:
(a) the person engages in the credit activity on behalf of another person (the principal);
and
(b) the person is:
(i) an employee or director of the principal or of a related body corporate of the principal;
or
(ii) a credit representative of the principal; and . . .
17 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Exceptions Formalised
r1 : If person Then creditActivity is FORBIDDEN
r2 : If ownCreditLicense Then creditActivity is PERMITTED
r3 : If person And onBehalfOfPricipal And employeeOfPrincipal
Then creditActivity is PERMITTED
r2 overrides r1,
r3 overrides r1
18 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Obligations, Violations and Sanctions
• Norms (obligations and prohibitions in force) can be violated
• Some violation can be compensated (by some sanction)
• Compensatory norms vs Contray-to-duty
19 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Obligations, Violations and Sanctions
• Norms (obligations and prohibitions in force) can be violated
• Some violation can be compensated (by some sanction)
• Compensatory norms vs Contray-to-duty
If condition Then something is FORBIDDEN
If something Then somethingelse is OBLIGED
vs
If condition Then something is FORBIDDEN compesated somethingelse is OBLIGED
19 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Sample Contract
1. The Licensor grants the Licensee a licence to evaluate the Product.
2. The Licensee must not publish the results of the evaluation of the Product without the
approval of the Licensor; the approval must be obtained before the publication. If the
Licensee publishes results of the evaluation of the Product without approval from the
Licensor, the Licensee has 24 hours to remove the material.
3. The Licensee must not publish comments on the evaluation of the Product, unless the
Licensee is permitted to publish the results of the evaluation.
4. If the Licensee is commissioned to perform an independent evaluation of the Product,
then the Licensee has the obligation to publish the evaluation results.
5. This license will terminate automatically if Licensee breaches this Agreement.
20 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Modelling the contract
Article1.0 : Default use is FORBIDDEN
Article1.1 : If getLicense then use is PERMITTED
Article2.1 : Default publish is FORBIDDEN compensated remove is OBLIGED
Article2.2 : If getApproval then publish is PERMITTED
Article3.1 : Default comment is FORBIDDEN
Article3.2 : If publish is PERMITTED then comment is PERMITTED
Article4.1 : If getCommission then publish is OBLIGED
Article4.2 : If getCommission then getLicense
Article5 : If violation then use is FORBIDDEN
Article1.1 overrrides Article1.0,
Article5 overrrides Article1.1
Article2.2 overrrides Article2.1
Article3.2 overrrides Article3.1
21 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Data61 Computational Law Applications
22 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
Applications
• Regulation as a Platform (RaaP, https://raap.d61.io)
• Regorous: Business Process Compliance
• Question Answering
23 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
References
Guido Governatori. “Representing Business Contracts in RuleML”. In: International Journal of
Cooperative Information Systems 14.2-3 (2005), pp. 181–216. doi:
10.1142/S0218843005001092.
Guido Governatori. “Thou Shalt is not You Will”. In: Proceedings of the Fifteenth International
Conference on Artificial Intelligence and Law. Ed. by Katie Atkinson. New York: ACM, 2015,
pp. 63–68. doi: 10.1145/2746090.2746105.
Guido Governatori and Mustafa Hashmi. “No Time for Compliance”. In: 2015 IEEE 19th
Enterprise Distibuted Object Computing Conference. Ed. by Sylvain Hall´e and Wolfgang Mayer.
IEEE, 2015, pp. 9–18. doi: 10.1109/EDOC.2015.12.
Guido Governatori and Duy Hoang Pham. “DR-CONTRACT: an architecture for e-contracts in
defeasible logic”. In: International Journal of Business Process Integration and Management 4.3
(2009), pp. 187–199. doi: 10.1504/IJBPIM.2009.030985.
Guido Governatori et al. “On legal contracts, imperative and declarative smartcontracts, and
blockchain systems”. In: Artificial Intelligence and Law (2018). doi:
10.1007/s10506-018-9223-3.
Florian Idelberg et al. “Evaluation of Logic-Based Smart Contracts for Blockchain Systems”. In:
Rule Technologies: Research, Tools, and Applications. Ed. by Jos´e J´ulio Alferes et al. LNCS 9718.
Switzerland: Springer, 2016, pp. 167–183. doi: 10.1007/978-3-319-42019-611.
24 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori

More Related Content

What's hot

Information technology act
Information technology actInformation technology act
Information technology actMeghana Bhogle
 
Deview2014 Live Broadcasting 추천시스템 발표 자료
Deview2014 Live Broadcasting 추천시스템 발표 자료Deview2014 Live Broadcasting 추천시스템 발표 자료
Deview2014 Live Broadcasting 추천시스템 발표 자료choi kyumin
 
Solrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJP
Solrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJPSolrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJP
Solrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJPYahoo!デベロッパーネットワーク
 
Cookpad TechConf 2016 - DWHに必要なこと
Cookpad TechConf 2016 - DWHに必要なことCookpad TechConf 2016 - DWHに必要なこと
Cookpad TechConf 2016 - DWHに必要なことMinero Aoki
 
Copyright Registration in India
Copyright Registration in IndiaCopyright Registration in India
Copyright Registration in IndiaIntepat IP
 
Important section of IT Act 2000 & IPC sections related to cyber law.
Important section  of IT Act 2000 & IPC sections related to cyber law. Important section  of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law. KOMALMALLIK
 
Tableauのつまづきポイント
TableauのつまづきポイントTableauのつまづきポイント
TableauのつまづきポイントShinji Tamura
 
Strikes & lockouts final
Strikes & lockouts finalStrikes & lockouts final
Strikes & lockouts finalNabil Faraz
 
Optimistic Rollupとは何か
Optimistic Rollupとは何かOptimistic Rollupとは何か
Optimistic Rollupとは何かSyuhei Hiya
 
A brief history of how internet of things become a thing - onmywaytoiot
A brief history of how internet of things become a thing - onmywaytoiotA brief history of how internet of things become a thing - onmywaytoiot
A brief history of how internet of things become a thing - onmywaytoiotOn my way to IoT
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 

What's hot (14)

Information technology act
Information technology actInformation technology act
Information technology act
 
internet of things
internet of thingsinternet of things
internet of things
 
Deview2014 Live Broadcasting 추천시스템 발표 자료
Deview2014 Live Broadcasting 추천시스템 발표 자료Deview2014 Live Broadcasting 추천시스템 발표 자료
Deview2014 Live Broadcasting 추천시스템 발표 자료
 
Parasitic computing
Parasitic computingParasitic computing
Parasitic computing
 
Solrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJP
Solrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJPSolrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJP
Solrで多様なランキングモデルを活用するためのプラグイン開発 #SolrJP
 
Cookpad TechConf 2016 - DWHに必要なこと
Cookpad TechConf 2016 - DWHに必要なことCookpad TechConf 2016 - DWHに必要なこと
Cookpad TechConf 2016 - DWHに必要なこと
 
Copyright Registration in India
Copyright Registration in IndiaCopyright Registration in India
Copyright Registration in India
 
Important section of IT Act 2000 & IPC sections related to cyber law.
Important section  of IT Act 2000 & IPC sections related to cyber law. Important section  of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law.
 
Tableauのつまづきポイント
TableauのつまづきポイントTableauのつまづきポイント
Tableauのつまづきポイント
 
Bonded Labour Abolition Act
Bonded Labour Abolition ActBonded Labour Abolition Act
Bonded Labour Abolition Act
 
Strikes & lockouts final
Strikes & lockouts finalStrikes & lockouts final
Strikes & lockouts final
 
Optimistic Rollupとは何か
Optimistic Rollupとは何かOptimistic Rollupとは何か
Optimistic Rollupとは何か
 
A brief history of how internet of things become a thing - onmywaytoiot
A brief history of how internet of things become a thing - onmywaytoiotA brief history of how internet of things become a thing - onmywaytoiot
A brief history of how internet of things become a thing - onmywaytoiot
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
 

Similar to Data61's Computational Law Platform Reduces Compliance Costs

Watkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics RequirementsWatkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics RequirementsAndrea Contres Moore, MBA
 
Meeting the Challenge of HMDA Compliance
Meeting the Challenge of HMDA ComplianceMeeting the Challenge of HMDA Compliance
Meeting the Challenge of HMDA ComplianceColleen Beck-Domanico
 
How to Prepare Your Firm for a Visit from the SRA
How to Prepare Your Firm for a Visit from the SRAHow to Prepare Your Firm for a Visit from the SRA
How to Prepare Your Firm for a Visit from the SRALegl
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process ComplianceGuido Governatori
 
State of Compliance 2013
State of Compliance 2013State of Compliance 2013
State of Compliance 2013Stephen Selby
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
Foreign contractor compliance
Foreign contractor complianceForeign contractor compliance
Foreign contractor complianceHienNguyen2014
 
Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...
Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...
Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...Optimum Design Associates
 
21 CFR Part 822 Post Marketing Surveillance.pptx
21 CFR Part 822 Post Marketing Surveillance.pptx21 CFR Part 822 Post Marketing Surveillance.pptx
21 CFR Part 822 Post Marketing Surveillance.pptxMayur Patil
 
Free webinar on Unique Device Identification
Free webinar on Unique Device IdentificationFree webinar on Unique Device Identification
Free webinar on Unique Device Identificationnykathlen
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramMSpadea
 
Conflict Minerals Compliance Brochure
Conflict Minerals Compliance BrochureConflict Minerals Compliance Brochure
Conflict Minerals Compliance BrochureDawgen Global
 
Mergers and acquisitions ppt @ bec doms
Mergers and acquisitions ppt @ bec doms Mergers and acquisitions ppt @ bec doms
Mergers and acquisitions ppt @ bec doms Babasab Patil
 
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19Supplier Assurance During COVID-19
Supplier Assurance During COVID-19SureCloud
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 

Similar to Data61's Computational Law Platform Reduces Compliance Costs (20)

Computational Law at Data61
Computational Law at Data61Computational Law at Data61
Computational Law at Data61
 
Watkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics RequirementsWatkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics Requirements
 
Meeting the Challenge of HMDA Compliance
Meeting the Challenge of HMDA ComplianceMeeting the Challenge of HMDA Compliance
Meeting the Challenge of HMDA Compliance
 
The UK Fintech Market
The UK Fintech MarketThe UK Fintech Market
The UK Fintech Market
 
How to Prepare Your Firm for a Visit from the SRA
How to Prepare Your Firm for a Visit from the SRAHow to Prepare Your Firm for a Visit from the SRA
How to Prepare Your Firm for a Visit from the SRA
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process Compliance
 
State of Compliance 2013
State of Compliance 2013State of Compliance 2013
State of Compliance 2013
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
Foreign contractor compliance
Foreign contractor complianceForeign contractor compliance
Foreign contractor compliance
 
Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...
Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...
Conflict Minerals: Understanding Dodd-Frank 1502 and Its Affect on Your Suppl...
 
Conflict Minerals and Your Supply Chain
Conflict Minerals and Your Supply ChainConflict Minerals and Your Supply Chain
Conflict Minerals and Your Supply Chain
 
21 CFR Part 822 Post Marketing Surveillance.pptx
21 CFR Part 822 Post Marketing Surveillance.pptx21 CFR Part 822 Post Marketing Surveillance.pptx
21 CFR Part 822 Post Marketing Surveillance.pptx
 
Free webinar on Unique Device Identification
Free webinar on Unique Device IdentificationFree webinar on Unique Device Identification
Free webinar on Unique Device Identification
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
 
Conflict Minerals Compliance Brochure
Conflict Minerals Compliance BrochureConflict Minerals Compliance Brochure
Conflict Minerals Compliance Brochure
 
In House Lawyer Seminar
In House Lawyer SeminarIn House Lawyer Seminar
In House Lawyer Seminar
 
Mergers and acquisitions ppt @ bec doms
Mergers and acquisitions ppt @ bec doms Mergers and acquisitions ppt @ bec doms
Mergers and acquisitions ppt @ bec doms
 
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 

More from Guido Governatori

Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Guido Governatori
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsGuido Governatori
 
The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?Guido Governatori
 
The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceGuido Governatori
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningGuido Governatori
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-completeGuido Governatori
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesGuido Governatori
 

More from Guido Governatori (10)

Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and Obligations
 
The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?
 
No Time for Compliance
No Time for ComplianceNo Time for Compliance
No Time for Compliance
 
The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process Compliance
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You Will
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic Reasoning
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-complete
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You Will
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks Policies
 

Recently uploaded

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesSanjay Willie
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Recently uploaded (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

Data61's Computational Law Platform Reduces Compliance Costs

  • 1. Data61’s Regulation as a Platform (RaaP) Guido Governatori CodeX, Stanford University, 6 April 2018 www.data61.csiro.au
  • 2. Motivation “The Holy Grail is when we start to actually write regulation and legislation in code. Imagine the productivity gains and compliance savings of instantaneous certified compliance” Treasurer Morrison (4 November 2016) 2 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 3. Compliance is difficult 3 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 4. The cost of compliance • The cost of compliance on businesses: $1.88 trillion USD per annum (Source: IRS) $249 (190 in 2015) billion AUD per annum • 1 million people employed in the compliance area in Australia (9% of workforce), growing fast. • In the 2013/14 financial year, the Australian Government awarded more than 66,000 contracts with an overall value of almost $49 billion AUD. 4 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 5. The cost of compliance • The cost of compliance on businesses: $1.88 trillion USD per annum (Source: IRS) $249 (190 in 2015) billion AUD per annum • 1 million people employed in the compliance area in Australia (9% of workforce), growing fast. • In the 2013/14 financial year, the Australian Government awarded more than 66,000 contracts with an overall value of almost $49 billion AUD. Data61 Computational Law and Regulatory Technology can reduce the compliance cost by 30% 4 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 6. Opportunity • Build technologies to enable Australian industry to comply easily and cost effectively • Leverage Australia’s strength of a strong regulatory framework to create a new AI led regulation industry 5 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 7. Data61 Regulation as a Platform 6 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 8. Digital Legislation Platform 7 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 9. Benefits of RaaP 8 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 10. Computational Law 9 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 11. Aims of Computational Law To provide formal methods (logic) to: • determine what normative positions are in force • determine what norms have been violated or complied with 10 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 12. A Privacy Act Section 1: (Prohibition to collect personal medical information) Offence: It is an offence to collect personal medical information. Defence: It is a defence to the prohibition of collecting personal medical information, if an entity immediately destroys the illegally collected personal medical information before making any use of the personal medical information Section 2: An entity is permitted to collect personal medical information if the entity acts under a Court Order authorising the collection of personal medical information. Section 3: (Prohibition to collect personal information) It is forbidden to collect personal information unless an entity is permitted to collect personal medical information. Offence: an entity collected personal information Defence: an entity being permitted to collect personal medical information. 11 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 13. Making Sense of the Act • Collection of medical information is forbidden. (Forbidden A) • Destruction of the illegally collected medical information excuses the illegal collection. (B compensates A) • Collection of medical information is permitted if there is an authorising court order. (if C the Permitted A) • Collection of personal information is forbidden. (Forbidden D) • Collection of personal information is permitted if the collection of medical information is permitted. (If Permitted A then Permitted D) 12 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 14. Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End 13 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 15. Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End • According the legal intuition the process is not compliant • Most exisiting compliance frameworks assess is a compliant Data61 Regorous Business Process Compliance tool provides the right assessment. 13 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 16. Key components of Normative Systems A normative system is a set of clauses (norms). 14 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 17. Key components of Normative Systems A normative system is a set of clauses (norms). Norms are modelled as if . . . then rules A1, . . . , An ⇒ C • Definitional clauses (constitutive rules: defining terms used in a legal context) • Prescriptive clauses (norms defining “normative effects”) obligations permissions prohibitions violations 14 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 18. Key components of Normative Systems A normative system is a set of clauses (norms). Norms are modelled as if . . . then rules A1, . . . , An ⇒ C • Definitional clauses (constitutive rules: defining terms used in a legal context) • Prescriptive clauses (norms defining “normative effects”) obligations permissions prohibitions violations Norms are defeasible (handling exceptions) 14 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 19. Normative Effects Obligation A situation, an act, or a course of action to which a bearer is legally bound, and if it is not achieved or performed results in a violation. Prohibition A situation, an act, or a course of action which a bearer should avoid, and if it is achieved results in a violation. Permission Something is permitted if the obligation to the contrary of or its prohibition does not hold. Obligations and prohibitions can be violated and violations can be compensated. 15 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 20. Defeasiblity/Exceptions: Example 1 TELECOMMUNICATIONS CONSUMER PROTECTIONS CODE (C628:2012) Section 2.1. Definitions Complaint means an expression of dissatisfaction made to a Supplier in relation to its Telecommunications Products or the complaints handling process itself, where a response or Resolution is explicitly or implicitly expected by the Consumer. An initial call to a provider to request a service or information or to request support is not necessarily a Complaint. An initial call to report a fault or service difficulty is not a Complaint. However, if a Customer advises that they want this initial call treated as a Complaint, the Supplier will also treat this initial call as a Complaint. If a Supplier is uncertain, a Supplier must ask a Customer if they wish to make a Complaint and must rely on the Customer’s response. 16 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 21. Defeasiblity/Exceptions: Example 2 NATIONAL CONSUMER CREDIT PROTECTION ACT 2009 (Act No. 134 of 2009) Section 29 (1) A person must not engage in a credit activity if the person does not hold a licence authorising the person to engage in the credit activity. (3) For the purposes of subsections (1) and (2), it is a defence if: (a) the person engages in the credit activity on behalf of another person (the principal); and (b) the person is: (i) an employee or director of the principal or of a related body corporate of the principal; or (ii) a credit representative of the principal; and . . . 17 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 22. Exceptions Formalised r1 : If person Then creditActivity is FORBIDDEN r2 : If ownCreditLicense Then creditActivity is PERMITTED r3 : If person And onBehalfOfPricipal And employeeOfPrincipal Then creditActivity is PERMITTED r2 overrides r1, r3 overrides r1 18 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 23. Obligations, Violations and Sanctions • Norms (obligations and prohibitions in force) can be violated • Some violation can be compensated (by some sanction) • Compensatory norms vs Contray-to-duty 19 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 24. Obligations, Violations and Sanctions • Norms (obligations and prohibitions in force) can be violated • Some violation can be compensated (by some sanction) • Compensatory norms vs Contray-to-duty If condition Then something is FORBIDDEN If something Then somethingelse is OBLIGED vs If condition Then something is FORBIDDEN compesated somethingelse is OBLIGED 19 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 25. Sample Contract 1. The Licensor grants the Licensee a licence to evaluate the Product. 2. The Licensee must not publish the results of the evaluation of the Product without the approval of the Licensor; the approval must be obtained before the publication. If the Licensee publishes results of the evaluation of the Product without approval from the Licensor, the Licensee has 24 hours to remove the material. 3. The Licensee must not publish comments on the evaluation of the Product, unless the Licensee is permitted to publish the results of the evaluation. 4. If the Licensee is commissioned to perform an independent evaluation of the Product, then the Licensee has the obligation to publish the evaluation results. 5. This license will terminate automatically if Licensee breaches this Agreement. 20 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 26. Modelling the contract Article1.0 : Default use is FORBIDDEN Article1.1 : If getLicense then use is PERMITTED Article2.1 : Default publish is FORBIDDEN compensated remove is OBLIGED Article2.2 : If getApproval then publish is PERMITTED Article3.1 : Default comment is FORBIDDEN Article3.2 : If publish is PERMITTED then comment is PERMITTED Article4.1 : If getCommission then publish is OBLIGED Article4.2 : If getCommission then getLicense Article5 : If violation then use is FORBIDDEN Article1.1 overrrides Article1.0, Article5 overrrides Article1.1 Article2.2 overrrides Article2.1 Article3.2 overrrides Article3.1 21 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 27. Data61 Computational Law Applications 22 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 28. Applications • Regulation as a Platform (RaaP, https://raap.d61.io) • Regorous: Business Process Compliance • Question Answering 23 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori
  • 29. References Guido Governatori. “Representing Business Contracts in RuleML”. In: International Journal of Cooperative Information Systems 14.2-3 (2005), pp. 181–216. doi: 10.1142/S0218843005001092. Guido Governatori. “Thou Shalt is not You Will”. In: Proceedings of the Fifteenth International Conference on Artificial Intelligence and Law. Ed. by Katie Atkinson. New York: ACM, 2015, pp. 63–68. doi: 10.1145/2746090.2746105. Guido Governatori and Mustafa Hashmi. “No Time for Compliance”. In: 2015 IEEE 19th Enterprise Distibuted Object Computing Conference. Ed. by Sylvain Hall´e and Wolfgang Mayer. IEEE, 2015, pp. 9–18. doi: 10.1109/EDOC.2015.12. Guido Governatori and Duy Hoang Pham. “DR-CONTRACT: an architecture for e-contracts in defeasible logic”. In: International Journal of Business Process Integration and Management 4.3 (2009), pp. 187–199. doi: 10.1504/IJBPIM.2009.030985. Guido Governatori et al. “On legal contracts, imperative and declarative smartcontracts, and blockchain systems”. In: Artificial Intelligence and Law (2018). doi: 10.1007/s10506-018-9223-3. Florian Idelberg et al. “Evaluation of Logic-Based Smart Contracts for Blockchain Systems”. In: Rule Technologies: Research, Tools, and Applications. Ed. by Jos´e J´ulio Alferes et al. LNCS 9718. Switzerland: Springer, 2016, pp. 167–183. doi: 10.1007/978-3-319-42019-611. 24 | Data61’s Regulation as a Platform (RaaP) | Guido Governatori