Paper Type
Complete
Abstract
With the growing adoption of IoT devices, cybersecurity regulations are crucial in mitigating data privacy and security. However, understanding the complex and unstructured nature of legal documents makes it difficult and time-consuming for companies to interact and comply with such regulations. This paper presents a methodology for extracting, structuring and representing legal knowledge from California Senate Bill 327(SB-327). Using natural language processing (NLP), ontology engineering, and deontic logic, we extract legal entities, relationships, and constraints. These are organized into an ontology and converted into a machine-readable knowledge graph, allowing manufacturers and stakeholders to visualize and get clear information about legal requirements easily. The methodology enables us to automate the reasoning about legal obligations, permissions, and prohibitions in a knowledge representation that can be easily visualized, analyzed,and understood by IoT manufactures. The proposed methodology is adaptable to other legal documents and supports scalable compliance monitoring for cybersecurity governance in the IoT.
Paper Number
2273
Recommended Citation
Chennu, Sesha Sai; Elluri, Lavanya; and Batra, Gunjan, "Bridging AI and Legal Compliance: Knowledge Graphs for IoT Cybersecurity Regulations" (2025). AMCIS 2025 Proceedings. 22.
https://aisel.aisnet.org/amcis2025/sig_odis/sig_odis/22
Bridging AI and Legal Compliance: Knowledge Graphs for IoT Cybersecurity Regulations
With the growing adoption of IoT devices, cybersecurity regulations are crucial in mitigating data privacy and security. However, understanding the complex and unstructured nature of legal documents makes it difficult and time-consuming for companies to interact and comply with such regulations. This paper presents a methodology for extracting, structuring and representing legal knowledge from California Senate Bill 327(SB-327). Using natural language processing (NLP), ontology engineering, and deontic logic, we extract legal entities, relationships, and constraints. These are organized into an ontology and converted into a machine-readable knowledge graph, allowing manufacturers and stakeholders to visualize and get clear information about legal requirements easily. The methodology enables us to automate the reasoning about legal obligations, permissions, and prohibitions in a knowledge representation that can be easily visualized, analyzed,and understood by IoT manufactures. The proposed methodology is adaptable to other legal documents and supports scalable compliance monitoring for cybersecurity governance in the IoT.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGODIS