Research project RegCheck

Program analysis for regulatory compliance assessment of FinTech Software (RegCheck)

RegCheck ensures GDPR compliance by extracting rules, analysing code, and mapping legal terms to software, developing tools for automated privacy checks.

The project at a glance

  • Start date:
    01 Mar 2023
  • Duration in months:
    24
  • Funding:
    FNR
  • Principal Investigator(s):
    Jacques KLEIN
    Domenico BIANCULLI
    Stanislaw TOSZA

About

The RegCheck project aims to ensure that software complies with privacy regulations, such as the GDPR, through automated code analysis. Its primary objectives are: (1) to extract privacy requirements from the GDPR and translate them into rules, (2) to analyse software artefacts, including source code, with a focus on regulatory compliance, and (3) to map legal requirements to the outputs of software analysis. The analysis will use advanced static tools to identify sensitive data flows, such as personal contacts or private data, to verify that they are managed securely. Techniques such as code tagging and code search, supported by machine learning, will assist in locating and categorising relevant sections of code. Additionally, tools will be developed to recognise legal terminology and map it to corresponding programming language constructs. This project combines software engineering with regulatory compliance expertise and aims to develop industry-ready prototypes for automated software compliance, promoting a “compliance by design” approach.

Organisation and Partners

  • Faculty of Law, Economics and Finance (FDEF)
  • Interdisciplinary Centre for Security, Reliability and Trust (SnT)
  • Software Verification and Validation Research Group (SVV)

Project team

Keywords

  • Software compliance
  • Privacy
  • Legal requirements