The United States has long pursued regulations that aim to reduce fossil fuel use. However, while potential emission reduction motivates the introduction and enforcement of these regulations, realization of this potential does not obfuscate the need for prudent economic policy. Scrutinizing nearly two decades of climate regulations in the transportation, industrial, and electric power sector, we enumerate their associated cost effectiveness. Our findings are twofold. Firstly, we find that whereas there are instances where climate regulations carry net economic benefits, there are also cases where compliance costs substantially exceed the social cost of carbon (SCC). Aggregated across sectors and subject to the precise SCC leveraged, up to 65 percent of climate regulations have abatement costs that exceed the SCC. This exceedance is particularly profound in the transportation sector where up to 82 percent of regulations reviewed have abatement costs that exceed the SCC. Secondly, we find that whereas the economic benefits of climate regulations generally exceed the economic costs, this exceedance is largely contingent on the presence of non-climate benefits. Aggregated across sector
Air Traffic Flow Management (ATFM) traffic regulations are being increasingly used as rising demand meets persistent workforce shortages. This operational strain has amplified a critical phenomenon that we call \emph{regulation cascading}: the compounding, non-linear interactions that occur when multiple regulations influence one another in unpredictable ways. As the number and complexity of regulations grow, cascading effects become more pronounced, undermining the network operator's ability to protect sectors reliably. To address this challenge, we introduce RegulationZero, a sequential planning framework that natively operates in the regulation space, optimizing over ordered sequences of flow-level regulations that remain fully compatible with existing slot-allocation systems such as CASA and RBS++. At its core, the method employs a hierarchical Monte Carlo Tree Search (MCTS) that first samples congestion hotspots and then selects candidate regulations synthesized by a local proposal engine. Each proposal is evaluated by a fast First-Planned-First-Served (FPFS) allocator to estimate its reward, with these feedbacks guiding the subsequent MCTS exploration.
Existing cybersecurity literature lacks a source of empirical, representative data as to the true nature of cyberattacks on Critical National Infrastructure. We have obtained UK-wide data on incidents reported under the Network and Information Systems (NIS) Regulations in 2024 causing "a significant impact on the continuity" of essential services and comparator data from intelligence agencies. We find that 29% of NIS reports already concern cybersecurity incidents. As the UK Government seeks to extend cybersecurity reporting, we find the NIS Regulations are limited in their effectiveness; whilst our requests revealed 30 cybersecurity incidents reported under the NIS regulations, there were 89 incidents classified as "highly significant and significant" captured by the National Cyber Security Centre in the 2024 reporting year. Whereas 36% of Cybersecurity and Infrastructure Security Agency reported attacks concerned espionage, from NIS data we find 100% NIS-reportable cyberattacks concerning healthcare systems in England in 2024 were ransomware.
As Industry 4.0 transforms the food industry, the role of software in achieving compliance with food-safety regulations is becoming increasingly critical. Food-safety regulations, like those in many legal domains, have largely been articulated in a technology-independent manner to ensure their longevity and broad applicability. However, this approach leaves a gap between the regulations and the modern systems and software increasingly used to implement them. In this article, we pursue two main goals. First, we conduct a Grounded Theory study of food-safety regulations and develop a conceptual characterization of food-safety concepts that closely relate to systems and software requirements. Second, we examine the effectiveness of two families of large language models (LLMs) -- BERT and GPT -- in automatically classifying legal provisions based on requirements-related food-safety concepts. Our results show that: (a) when fine-tuned, the accuracy differences between the best-performing models in the BERT and GPT families are relatively small. Nevertheless, the most powerful model in our experiments, GPT-4o, still achieves the highest accuracy, with an average Precision of 89% and an a
Taking aim at one of the largest greenhouse gas emitting sectors, the US Environmental Protection Agency (EPA) finalized new regulations on power plant greenhouse gas emissions in May 2024. These rules take the form of different emissions performance standards for different classes of power plant technologies, creating a complex set of regulations that make it difficult to understand their consequential impacts on power system capacity, operations, and emissions without dedicated and sophisticated modeling. Here, we enhance a state-of-the-art power system capacity expansion model by incorporating new detailed operational constraints tailored to different technologies to represent the EPA's rules. Our results show that adopting these new regulations could reduce US power sector emissions in 2040 to 51% below the 2022 level (vs 26% without the rules). Regulations on coal-fired power plants drive the largest share of reductions. Regulations on new gas turbines incrementally reduce emissions but lower overall efficiency of the gas fleet, increasing the average cost of carbon mitigation. Therefore, we explore several alternative emission mitigation strategies. By comparing these alterna
This report summarizes the European Union's series of data and AI regulations and analyzes them for managers in automotive vehicle manufacturing organizations. In particular, we highlight the relevant ideas of the regulations, including how they find their roots in earlier legislation, how they contradict and complement each other, as well as the business opportunities that these regulations offer. The structure of the report is as follows. First, we address the GDPR as the cornerstone against which the requirements of other regulations are weighed and legislated. Second, we explain the EU Data Act since it directly addresses Internet of Things (IoT) for businesses in the private sector and imposes strict requirements on large data generators such as vehicle manufacturers. For manufacturers, compliance with the EU Data Act is a prerequisite for the subsequent legislation, in particular the EU AI Act. Third, we explain the Data Governance Act, Digital Services Act, Digital Markets Act, and EU AI Act in chronological order. Overall, we characterize European Union data regulations as a wave set, rooted in historical precedent, with important implications for the automotive industry.
This study examines the effects of the Fédération Internationale de l'Automobile (FIA) regulations on Formula 1 (F1) from 1990 to 2023, focusing on safety, racing dynamics, and spectacle. By analyzing data on fatalities, overtaking statistics, car weights, and significant regulatory changes, including aerodynamic modifications and the introduction of the Drag Reduction System (DRS), the study assesses whether these regulations have positively influenced safety while negatively impacting racing dynamics and spectacle. The findings reveal that while FIA regulations aim to enhance driver safety, their immediate association with fatalities is not statistically significant due to the rarity of such incidents, delayed safety effects, and methodological constraints. Contrary to initial concerns, regulations have not negatively affected overtaking opportunities. The introduction of DRS has improved overtaking, mitigating some adverse impacts of other regulations on racing excitement. The study concludes that data-driven evaluation and refinement of regulations are necessary to ensure they continue to benefit the sport holistically.
Compliance checking is the process of determining whether a regulated entity adheres to these regulations. Currently, compliance checking is predominantly manual, requiring significant time and highly skilled experts, while still being prone to errors caused by the human factor. Various approaches have been explored to automate compliance checking, however, representing regulations in OWL DL language which enables compliance checking through OWL reasoning has not been adopted. In this work, we propose an annotation schema and an algorithm that transforms text annotations into machine-interpretable OWL DL code. The proposed approach is validated through a proof-of-concept implementation applied to examples from the building construction domain.
We are interested in automating reasoning with and about study regulations, catering to various stakeholders, ranging from administrators, over faculty, to students at different stages. Our work builds on an extensive analysis of various study programs at the University of Potsdam. The conceptualization of the underlying principles provides us with a formal account of study regulations. In particular, the formalization reveals the properties of admissible study plans. With these at end, we propose an encoding of study regulations in Answer Set Programming that produces corresponding study plans. Finally, we show how this approach can be extended to a generic user interface for exploring study plans.
A firm seeks to analyze a dataset and to release the results. The dataset contains information about individual people, and the firm is subject to some regulation that forbids the release of the dataset itself. The regulation also imposes conditions on the release of the results. What properties should the regulation satisfy? We restrict our attention to regulations tailored to controlling the downstream effects of the release specifically on the individuals to whom the data relate. A particular example of interest is an anonymization rule, where a data protection regulation limiting the disclosure of personally identifiable information does not restrict the distribution of data that has been sufficiently anonymized. In this paper, we develop a set of technical requirements for anonymization rules and related regulations. The requirements are derived by situating within a simple abstract model of data processing a set of guiding general principles put forth in prior work. We describe an approach to evaluating such regulations using these requirements -- thus enabling the application of the general principles for the design of mechanisms. As an exemplar, we evaluate competing interp
Data regulations, such as GDPR, are increasingly being adopted globally to protect against unsafe data management practices. Such regulations are, often ambiguous (with multiple valid interpretations) when it comes to defining the expected dynamic behavior of data processing systems. This paper argues that it is possible to represent regulations such as GDPR formally as invariants using a (small set of) data processing concepts that capture system behavior. When such concepts are grounded, i.e., they are provided with a single unambiguous interpretation, systems can achieve compliance by demonstrating that the system-actions they implement maintain the invariants (representing the regulations). To illustrate our vision, we propose Data-CASE, a simple yet powerful model that (a) captures key data processing concepts (b) a set of invariants that describe regulations in terms of these concepts. We further illustrate the concept of grounding using "deletion" as an example and highlight several ways in which end-users, companies, and software designers/engineers can use Data-CASE.
In this paper we examine the existing artificial intelligence (AI) policy documents in aviation for the following three regions: the United States, European Union, and China. The aviation industry has always been a first mover in adopting technological advancements. This early adoption offers valuable insights because of its stringent regulations and safety-critical procedures. As a result, the aviation industry provides an optimal platform to counter AI vulnerabilities through its tight regulations, standardization processes, and certification of new technologies. Keywords: AI in aviation; aviation safety; standardization; certifiable AI; regulations
Despite stringent data protection regulations such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other country-specific regulations, many websites continue to use cookies to track user activities. Recent studies have revealed several data protection violations, resulting in significant penalties, especially for multinational corporations. Motivated by the question of why these data protection violations continue to occur despite strong data protection regulations, we examined 360 popular e-commerce websites in multiple countries to analyze whether they comply with regulations to protect user privacy from a cookie perspective.
Ensuring adherence to traffic sign regulations is essential for both human and autonomous vehicle navigation. While current online mapping solutions often prioritize the construction of the geometric and connectivity layers of HD maps, overlooking the construction of the traffic regulation layer within HD maps. Addressing this gap, we introduce MapDR, a novel dataset designed for the extraction of Driving Rules from traffic signs and their association with vectorized, locally perceived HD Maps. MapDR features over $10,000$ annotated video clips that capture the intricate correlation between traffic sign regulations and lanes. Built upon this benchmark and the newly defined task of integrating traffic regulations into online HD maps, we provide modular and end-to-end solutions: VLE-MEE and RuleVLM, offering a strong baseline for advancing autonomous driving technology. It fills a critical gap in the integration of traffic sign rules, contributing to the development of reliable autonomous driving systems. Code is available at https://github.com/MIV-XJTU/MapDR.
This article assesses the effectiveness of current cybersecurity regulations and policies in the United States amidst the escalating frequency and sophistication of cyber threats. The focus is on the comprehensive framework established by the U.S. government, with a spotlight on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and key regulations such as HIPAA, GLBA, FISMA, CISA, CCPA, and the DOD Cybersecurity Maturity Model Certification. The study evaluates the impact of these regulations on different sectors and analyzes trends in cybercrime data from 2000 to 2022. The findings highlight the challenges, successes, and the need for continuous adaptation in the face of evolving cyber threats
In this article, we propose the R2GQA system, a Retriever-Reader-Generator Question Answering system, consisting of three main components: Document Retriever, Machine Reader, and Answer Generator. The Retriever module employs advanced information retrieval techniques to extract the context of articles from a dataset of legal regulation documents. The Machine Reader module utilizes state-of-the-art natural language understanding algorithms to comprehend the retrieved documents and extract answers. Finally, the Generator module synthesizes the extracted answers into concise and informative responses to questions of students regarding legal regulations. Furthermore, we built the ViRHE4QA dataset in the domain of university training regulations, comprising 9,758 question-answer pairs with a rigorous construction process. This is the first Vietnamese dataset in the higher regulations domain with various types of answers, both extractive and abstractive. In addition, the R2GQA system is the first system to offer abstractive answers in Vietnamese. This paper discusses the design and implementation of each module within the R2GQA system on the ViRHE4QA dataset, highlighting their functiona
Financial large language models (FinLLMs) have been applied to various tasks in business, finance, accounting, and auditing. Complex financial regulations and standards are critical to financial services, which LLMs must comply with. However, FinLLMs' performance in understanding and interpreting financial regulations has rarely been studied. Therefore, we organize the Regulations Challenge, a shared task at COLING 2025. It encourages the academic community to explore the strengths and limitations of popular LLMs. We create 9 novel tasks and corresponding question sets. In this paper, we provide an overview of these tasks and summarize participants' approaches and results. We aim to raise awareness of FinLLMs' professional capability in financial regulations.
Significant investment and development have gone into integrating Artificial Intelligence (AI) in medical and healthcare applications, leading to advanced control systems in medical technology. However, the opacity of AI systems raises concerns about essential characteristics needed in such sensitive applications, like transparency and trustworthiness. Our study addresses these concerns by investigating a process for selecting the most adequate Explainable AI (XAI) methods to comply with the explanation requirements of key EU regulations in the context of smart bioelectronics for medical devices. The adopted methodology starts with categorising smart devices by their control mechanisms (open-loop, closed-loop, and semi-closed-loop systems) and delving into their technology. Then, we analyse these regulations to define their explainability requirements for the various devices and related goals. Simultaneously, we classify XAI methods by their explanatory objectives. This allows for matching legal explainability requirements with XAI explanatory goals and determining the suitable XAI algorithms for achieving them. Our findings provide a nuanced understanding of which XAI algorithms a
The short paper discusses algorithmic fairness by focusing on non-discrimination and a few important laws in the European Union (EU). In addition to the EU laws addressing discrimination explicitly, the discussion is based on the EU's recently enacted regulation for artificial intelligence (AI) and the older General Data Protection Regulation (GDPR). Through a theoretical scenario analysis, on one hand, the paper demonstrates that correcting discriminatory biases in AI systems can be legally done under the EU regulations. On the other hand, the scenarios also illustrate some practical scenarios from which legal non-compliance may follow. With these scenarios and the accompanying discussion, the paper contributes to the algorithmic fairness research with a few legal insights, enlarging and strengthening also the growing research domain of compliance in AI engineering.
Air Traffic Flow Management (ATFM) traffic regulations are being increasingly used as rising demand meets persistent workforce shortages. This operational strain has amplified a critical phenomenon that we call \emph{regulation cascading}: the compounding, non-linear interactions that occur when multiple regulations influence one another in unpredictable ways. As the number and complexity of regulations grow, cascading effects become more pronounced, undermining the network operator's ability to protect sectors reliably. To address this challenge, we introduce Regulation Zero 2, an updated sequential planning framework that natively operates in the regulation space, optimizing over ordered sequences of flow-level regulations that remain compatible as much as possible with existing slot-allocation systems such as CASA and RBS++. We equipped Regulation Zero 2 with new heuristics to render flow finding more efficient. At its core, the method employs a hierarchical Monte Carlo Tree Search (MCTS) that first samples congestion hotspots and then selects candidate regulations synthesized by a local proposal engine. Each proposal is evaluated by a fast First-Planned-First-Served (FPFS) allo