Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Regulatory Requirements Engineering in Large Enterprises: An Interview Study on the European Accessibility Act

Oleksandr Kosenkov, Michael Unterkalmsteiner, Daniel Mendez, Jannik Fischbach

TL;DR

Regulatory requirements under the European Accessibility Act challenge large enterprises to translate high-level regulations into enterprise-wide software requirements. The authors perform an exploratory interview study with nine experts across three large enterprises to understand how Regulatory Impact Analysis (RIA) is conducted, who is involved, and what artifacts they use. They find that RIA is a cross-functional, enterprise-wide process driven by executive sponsorship, producing interpretation and compliance artifacts that act as boundary objects to coordinate across OUs and SIPS teams. The study identifies eight coordination and knowledge-management challenges and argues for improved artifact design and governance, with plans for deeper, development-team-focused case studies and artifact integration into regulatory RE.

Abstract

Context: Regulations, such as the European Accessibility Act (EAA), impact the engineering of software products and services. Managing that impact while providing meaningful inputs to development teams is one of the emerging requirements engineering (RE) challenges. Problem: Enterprises conduct Regulatory Impact Analysis (RIA) to consider the effects of regulations on software products offered and formulate requirements at an enterprise level. Despite its practical relevance, we are unaware of any studies on this large-scale regulatory RE process. Methodology: We conducted an exploratory interview study of RIA in three large enterprises. We focused on how they conduct RIA, emphasizing cross-functional interactions, and using the EAA as an example. Results: RIA, as a regulatory RE process, is conducted to address the needs of executive management and central functions. It involves coordination between different functions and levels of enterprise hierarchy. Enterprises use artifacts to support interpretation and communication of the results of RIA. Challenges to RIA are mainly related to the execution of such coordination and managing the knowledge involved. Conclusion: RIA in large enterprises demands close coordination of multiple stakeholders and roles. Applying interpretation and compliance artifacts is one approach to support such coordination. However, there are no established practices for creating and managing such artifacts.

Regulatory Requirements Engineering in Large Enterprises: An Interview Study on the European Accessibility Act

TL;DR

Regulatory requirements under the European Accessibility Act challenge large enterprises to translate high-level regulations into enterprise-wide software requirements. The authors perform an exploratory interview study with nine experts across three large enterprises to understand how Regulatory Impact Analysis (RIA) is conducted, who is involved, and what artifacts they use. They find that RIA is a cross-functional, enterprise-wide process driven by executive sponsorship, producing interpretation and compliance artifacts that act as boundary objects to coordinate across OUs and SIPS teams. The study identifies eight coordination and knowledge-management challenges and argues for improved artifact design and governance, with plans for deeper, development-team-focused case studies and artifact integration into regulatory RE.

Abstract

Context: Regulations, such as the European Accessibility Act (EAA), impact the engineering of software products and services. Managing that impact while providing meaningful inputs to development teams is one of the emerging requirements engineering (RE) challenges. Problem: Enterprises conduct Regulatory Impact Analysis (RIA) to consider the effects of regulations on software products offered and formulate requirements at an enterprise level. Despite its practical relevance, we are unaware of any studies on this large-scale regulatory RE process. Methodology: We conducted an exploratory interview study of RIA in three large enterprises. We focused on how they conduct RIA, emphasizing cross-functional interactions, and using the EAA as an example. Results: RIA, as a regulatory RE process, is conducted to address the needs of executive management and central functions. It involves coordination between different functions and levels of enterprise hierarchy. Enterprises use artifacts to support interpretation and communication of the results of RIA. Challenges to RIA are mainly related to the execution of such coordination and managing the knowledge involved. Conclusion: RIA in large enterprises demands close coordination of multiple stakeholders and roles. Applying interpretation and compliance artifacts is one approach to support such coordination. However, there are no established practices for creating and managing such artifacts.
Paper Structure (18 sections, 2 figures, 1 table)

This paper contains 18 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. Related work
  4. Large-scale (regulatory) requirements engineering
  5. Team coordination and knowledge management research
  6. Regulatory compliance in (scaled) agile methodologies
  7. Methodology
  8. Results
  9. RIA general characteristics
  10. RIA group roles & RIA stakeholders
  11. Goals
  12. Activities
  13. Artifacts
  14. Knowledge and expertise
  15. Challenges
  16. ...and 3 more sections

Figures (2)

  • Figure 1: Main tasks of RIA as synthesized from three enterprises.
  • Figure 2: Visualization of coordination in the process of RIA. For complete information roles, artifacts see corresponding sections.