Developing with Compliance in Mind: Addressing Data Protection Law, Cybersecurity Regulation, and AI Regulation During Software Development

Abstract

This paper explores the concept of complying with relevant legal requirements when developing software systems. Specifically, it focuses on data protection law, cybersecurity regulation, and Artificial Intelligence (AI) regulation requirements in the software system development processes. The paper analyses the impact of three key regulatory frameworks in the European Union: the General Data Protection Regulation (GDPR), the Network and Information Security (NIS) 2 Directive, and the proposed Artificial Intelligence Act (AIA). The article examines the interplay and potential conflicts between different requirements in these rule sets. Towards the end of the paper, some suggestions are made for achieving alignment with these regulations in software systems, enabling concurrent compliance with the GDPR, the NIS 2 Directive, and the AIA, in situations where all the regulations enter into effect simultaneously.