Modeling, Verification and Testing of Legal Requirements
Developing a system complying with legal requirements is a challenging task which, if not managed carefully, can lead to a hard-to-test and undocumented system potentially violating legal obligations. Legal texts may contain ambiguities that make it difficult to extract well-defined, clear legal requirements. When these requirements are extracted, the impact of changes to legal texts on the developed system may be hard to trace if no effective support is provided for this activity. The inability to automatically identify the impact of changes would not only complicate the testing of the system after changes but can also introduce further inconsistencies between the legal texts, legal requirements, and the system implementation. Different stakeholders of legal systems have different levels of technical expertise. Selecting one representation of legal requirements that is both useful and understandable to all stakeholders (e.g., lawyers, software engineers) may not be possible. Instead, solutions are required for managing consistency across different representations.
The University of Luxembourg is to developing suitable techniques to model legal requirements in such a way that they can be reviewed by legal experts, but also analyzed to derive test plans for systematic and automated system validation. In addition, traceability links will be maintained between the law, its interpretation, system requirements, system design, and the test plans.
A key prerequisite for achieving the above is to be able to model the legal and system requirements in a syntactically and semantically well-defined form, preferably relying on international modeling standards for software. Model-Driven Engineering (MDE) is already part of the practice at CTIE but will need to be further adapted and tailored where necessary, to address these new requirements.