Pub Date : 2025-12-01DOI: 10.1016/j.clsr.2025.106223
Cosimo Laneve , Alessandro Parenti , Giovanni Sartor
Legal contracts are governed not only by their explicit terms but also by statutory norms, a principle recognized across legal systems. As contracts become computable and executable as code, ensuring compliance with these norms becomes critical. This paper introduces a method for integrating legislative provisions into computable contracts using the Stipula language, via a novel import construct. We distinguish between mandatory and default imports to model imperative and optional legal norms, respectively, and define a mechanism to enforce the priorities between these norms and contract’s provisions. This approach supports the automated creation of legally compliant contracts and lays the foundation for a broader framework aimed at enhancing the effectiveness of consumer rights through programmable legal tools.
{"title":"Integration of statutory norms in computable contracts","authors":"Cosimo Laneve , Alessandro Parenti , Giovanni Sartor","doi":"10.1016/j.clsr.2025.106223","DOIUrl":"10.1016/j.clsr.2025.106223","url":null,"abstract":"<div><div>Legal contracts are governed not only by their explicit terms but also by statutory norms, a principle recognized across legal systems. As contracts become computable and executable as code, ensuring compliance with these norms becomes critical. This paper introduces a method for integrating legislative provisions into computable contracts using the <span><em>Stipula</em></span> language, via a novel <span>import</span> construct. We distinguish between <span>mandatory</span> and <span>default</span> imports to model imperative and optional legal norms, respectively, and define a mechanism to enforce the priorities between these norms and contract’s provisions. This approach supports the automated creation of legally compliant contracts and lays the foundation for a broader framework aimed at enhancing the effectiveness of consumer rights through programmable legal tools.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"60 ","pages":"Article 106223"},"PeriodicalIF":3.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-29DOI: 10.1016/j.clsr.2025.106235
Marte Eidsand Kjørven , Kristian Gjøsteen , Tone Linn Wærstad
To promote autonomy, safety, and inclusion in the digital age, the eIDAS 2.0 Regulation obliges all member states to provide citizens with a European Digital Identity Wallet (EDIW). A central principle underpinning this framework is sole control, which ensures that the use of EDIWs – as well as electronic IDs and signatures – can be attributed to their rightful users. While the cryptographic understanding of sole control focuses on technical safeguards, its real-world application is far more complex. Practical control over one’s digital identity is often out of reach for individuals with limited digital skills, disabilities, or for those who rely on third-party assistance. Others may fall victim to fraud, coercion, or social engineering attacks.
This paper critically examines how the cryptographic concept of sole control has shaped Scandinavian legal frameworks, turning a debatable assumption about user behaviour into a legal obligation. The result is increased exclusion and a troubling shift in legal responsibility from perpetrators to victims of identity theft and abuse. eIDAS 2.0 risks replicating this dynamic, raising serious human rights concerns across the EU.
We explore how exclusion, fraud, and coercion can be mitigated through a combination of legal and technical safeguards. We propose a balanced approach – one that acknowledges the inevitability of some fraudulent use without placing the legal responsibility on end users. Otherwise, the EDIW may end up deepening digital inequality or compromising security, thus failing those it was meant to empower.
{"title":"Safe and inclusive or unsafe and discriminatory? European digital identity wallets and the challenges of ‘sole control’","authors":"Marte Eidsand Kjørven , Kristian Gjøsteen , Tone Linn Wærstad","doi":"10.1016/j.clsr.2025.106235","DOIUrl":"10.1016/j.clsr.2025.106235","url":null,"abstract":"<div><div>To promote autonomy, safety, and inclusion in the digital age, the eIDAS 2.0 Regulation obliges all member states to provide citizens with a European Digital Identity Wallet (EDIW). A central principle underpinning this framework is <em>sole control</em>, which ensures that the use of EDIWs – as well as electronic IDs and signatures – can be attributed to their rightful users. While the cryptographic understanding of <em>sole control</em> focuses on technical safeguards, its real-world application is far more complex. Practical control over one’s digital identity is often out of reach for individuals with limited digital skills, disabilities, or for those who rely on third-party assistance. Others may fall victim to fraud, coercion, or social engineering attacks.</div><div>This paper critically examines how the cryptographic concept of <em>sole control</em> has shaped Scandinavian legal frameworks, turning a debatable assumption about user behaviour into a legal obligation. The result is increased exclusion and a troubling shift in legal responsibility from perpetrators to victims of identity theft and abuse. eIDAS 2.0 risks replicating this dynamic, raising serious human rights concerns across the EU.</div><div>We explore how exclusion, fraud, and coercion can be mitigated through a combination of legal and technical safeguards. We propose a balanced approach – one that acknowledges the inevitability of some fraudulent use without placing the legal responsibility on end users. Otherwise, the EDIW may end up deepening digital inequality or compromising security, thus failing those it was meant to empower.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"60 ","pages":"Article 106235"},"PeriodicalIF":3.2,"publicationDate":"2025-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145618738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106232
Christian Djeffal
Law by design obligations refer to a growing, dynamic approach in European technology law. This article examines this trend by establishing a definition of law by design obligations based on three key elements: their focus on the creation and development of technologies throughout the lifecycle, their aim to incorporate and achieve legal goals in these processes, and the discretion they afford in complying with such obligations. The study shows an evolving practice with legal roots in 1970s data protection. Initially focused on data protection and security, such obligations have expanded to 45 design goals in European legislation. This growth in breadth and depth indicates their increased importance, which has not been previously examined. The analysis of regulatory practice uncovers significant choices that shape how these obligations function: this includes the legal scope defining applicability through various limitations and thresholds; goals establishing how principles serve as aims with different levels of detail and potential conflicts; procedural dimensions organizing iterative processes of assessment, measures, and proportionality; collective dimensions of knowledge governance enabling learning within and across organizations; and accountability dimensions ensuring compliance through documentation, specialized roles, and enforcement mechanisms. These choices demonstrate that law by design obligations are not fixed but highly adaptable regulatory instruments. Four structural elements set law by design apart from traditional regulation. Goal orientation links the translation of legal principles into socio-technical contexts, maintaining discretion for implementation. Stretched temporality extends regulatory influence through permanence across technology lifecycles, an accelerated pace of legal response, and a proactive approach. The interdisciplinary and cross-sectoral nature of the field encourages dialogue between law and technology. Finally, knowledge governance transforms isolated compliance efforts into collective learning systems.
{"title":"Law by design obligations: The future of regulating digital technologies in Europe?","authors":"Christian Djeffal","doi":"10.1016/j.clsr.2025.106232","DOIUrl":"10.1016/j.clsr.2025.106232","url":null,"abstract":"<div><div>Law by design obligations refer to a growing, dynamic approach in European technology law. This article examines this trend by establishing a definition of law by design obligations based on three key elements: their focus on the creation and development of technologies throughout the lifecycle, their aim to incorporate and achieve legal goals in these processes, and the discretion they afford in complying with such obligations. The study shows an evolving practice with legal roots in 1970s data protection. Initially focused on data protection and security, such obligations have expanded to 45 design goals in European legislation. This growth in breadth and depth indicates their increased importance, which has not been previously examined. The analysis of regulatory practice uncovers significant choices that shape how these obligations function: this includes the legal scope defining applicability through various limitations and thresholds; goals establishing how principles serve as aims with different levels of detail and potential conflicts; procedural dimensions organizing iterative processes of assessment, measures, and proportionality; collective dimensions of knowledge governance enabling learning within and across organizations; and accountability dimensions ensuring compliance through documentation, specialized roles, and enforcement mechanisms. These choices demonstrate that law by design obligations are not fixed but highly adaptable regulatory instruments. Four structural elements set law by design apart from traditional regulation. Goal orientation links the translation of legal principles into socio-technical contexts, maintaining discretion for implementation. Stretched temporality extends regulatory influence through permanence across technology lifecycles, an accelerated pace of legal response, and a proactive approach. The interdisciplinary and cross-sectoral nature of the field encourages dialogue between law and technology. Finally, knowledge governance transforms isolated compliance efforts into collective learning systems.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106232"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145623492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106228
Shaokun Huang , Le Cheng
In recent years, China has been actively advancing the clarification of data ownership rights, establishing the National Data Administration and over 50 data exchanges. In China, data property rights are defined as proprietary rights enjoyed by right holders over specific data, including the rights to hold, use, and operate data. However, the construction of China’s data property rights system faces several challenges, such as the ambiguity of the subject matter of data property rights, excessive exclusivity of such rights, insufficient protection of individual data rights, and inadequate data sharing. To address these issues, this paper argues that it is necessary to move beyond the traditional property rights theories rooted in civil law. Rather than emphasizing exclusive control or rights enforceable against the world, the legal framework should be grounded in the relationships among different participants in data-related activities and aim to promote data sharing and co-utilization. A comprehensive and structural data property regime should be established that balances rights and obligations. In designing such a regime, it is essential to distinguish the proprietary rights and obligations of different actors—such as data originators, data processors, and data users—clarify the interrelations among various rights, and develop the specific contents of the system across the stages of data resourcification, data productization, and data capitalization.
{"title":"Experiences, challenges, and improvements in the construction of data property rights in China","authors":"Shaokun Huang , Le Cheng","doi":"10.1016/j.clsr.2025.106228","DOIUrl":"10.1016/j.clsr.2025.106228","url":null,"abstract":"<div><div>In recent years, China has been actively advancing the clarification of data ownership rights, establishing the National Data Administration and over 50 data exchanges. In China, data property rights are defined as proprietary rights enjoyed by right holders over specific data, including the rights to hold, use, and operate data. However, the construction of China’s data property rights system faces several challenges, such as the ambiguity of the subject matter of data property rights, excessive exclusivity of such rights, insufficient protection of individual data rights, and inadequate data sharing. To address these issues, this paper argues that it is necessary to move beyond the traditional property rights theories rooted in civil law. Rather than emphasizing exclusive control or rights enforceable against the world, the legal framework should be grounded in the relationships among different participants in data-related activities and aim to promote data sharing and co-utilization. A comprehensive and structural data property regime should be established that balances rights and obligations. In designing such a regime, it is essential to distinguish the proprietary rights and obligations of different actors—such as data originators, data processors, and data users—clarify the interrelations among various rights, and develop the specific contents of the system across the stages of data resourcification, data productization, and data capitalization.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106228"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145473817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106210
Vittoria Caponecchia, Bernardo D’Agostino, Sima Sarv Ahrabi, Giovanni Comandè, Daniele Licari, Andrea Vandin
Process Mining (PM) is a family of data-driven techniques that use data to study the underlying processes generating the data, i.e., the data-generating process. Despite being initially tailored for the engineering and industrial domain, it is becoming popular also in more human-centric domains like the legal and healthcare ones. We present a PM methodology using the fuzzy miner technique aimed at analysing and optimising the complex processes underlying decision making by legal Courts. We consider specifically the domain of civil proceedings, with a focus on divorces. In PM terms, we see a legal proceeding as a process instance, and the different internal phases in which a legal proceeding transits as activities. The studied process is, therefore, the internal process followed by a Court, possibly varying over the years, to handle specific types of proceedings. By leveraging PM techniques, this article compares consensual divorce proceedings within a Court across time, and across Courts. As a case study we take two Courts in Northern Italy. Our PM analysis identifies key performance indicators and uncovers hidden process efficiencies and inefficiencies. The findings highlight the ability of PM to reveal critical process patterns, enabling organisations to make data-driven decisions and implement targeted process improvements.
{"title":"Process Mining for legal Courts: Visualising, analysing and comparing Italian divorce proceedings","authors":"Vittoria Caponecchia, Bernardo D’Agostino, Sima Sarv Ahrabi, Giovanni Comandè, Daniele Licari, Andrea Vandin","doi":"10.1016/j.clsr.2025.106210","DOIUrl":"10.1016/j.clsr.2025.106210","url":null,"abstract":"<div><div>Process Mining (PM) is a family of data-driven techniques that use data to study the underlying processes generating the data, i.e., the data-generating process. Despite being initially tailored for the engineering and industrial domain, it is becoming popular also in more human-centric domains like the legal and healthcare ones. We present a PM methodology using the <strong>fuzzy miner technique</strong> aimed at analysing and optimising the complex processes underlying decision making by legal Courts. We consider specifically the domain of civil proceedings, with a focus on divorces. In PM terms, we see a legal proceeding as a process instance, and the different internal phases in which a legal proceeding transits as activities. The studied process is, therefore, the internal process followed by a Court, possibly varying over the years, to handle specific types of proceedings. By leveraging PM techniques, this article compares consensual divorce proceedings within a Court across time, and across Courts. As a case study we take two Courts in Northern Italy. Our PM analysis identifies key performance indicators and uncovers hidden process efficiencies and inefficiencies. The findings highlight the ability of PM to reveal critical process patterns, enabling organisations to make data-driven decisions and implement targeted process improvements.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106210"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106225
Weiwei Yi , Zihao Li
In recent years, dark patterns, which are interface designs that manipulate user decisions, have raised growing regulatory concern. Yet scholarship on their governance remains fragmented, particularly in how the concept is defined, the harms are understood, and legal responses are framed. This paper offers a systematic review of 65 studies from Law and Human–Computer Interaction, following PRISMA guidelines. It identifies five root problems and layered harms, critiques sectoral regulations for their theoretical and enforcement limits, and synthesises proposed solutions, from doctrinal refinements and accountability measures to technical design interventions. Building on these findings, the paper argues that regulatory progress is hindered by the elusive nature of dark patterns, the difficulty of pinpointing actionable harms, and the expanding scope of the concept. It concludes by advocating a paradigmatic shift towards a proactive framework centred on ‘diligent design’, and outlines directions for collaborative, transdisciplinary research.
{"title":"Mapping the scholarship of the regulation of dark patterns: A systematic review of concepts, regulatory paradigms, and solutions from law and HCI perspectives","authors":"Weiwei Yi , Zihao Li","doi":"10.1016/j.clsr.2025.106225","DOIUrl":"10.1016/j.clsr.2025.106225","url":null,"abstract":"<div><div>In recent years, dark patterns, which are interface designs that manipulate user decisions, have raised growing regulatory concern. Yet scholarship on their governance remains fragmented, particularly in how the concept is defined, the harms are understood, and legal responses are framed. This paper offers a systematic review of 65 studies from Law and Human–Computer Interaction, following PRISMA guidelines. It identifies five root problems and layered harms, critiques sectoral regulations for their theoretical and enforcement limits, and synthesises proposed solutions, from doctrinal refinements and accountability measures to technical design interventions. Building on these findings, the paper argues that regulatory progress is hindered by the elusive nature of dark patterns, the difficulty of pinpointing actionable harms, and the expanding scope of the concept. It concludes by advocating a paradigmatic shift towards a proactive framework centred on ‘diligent design’, and outlines directions for collaborative, transdisciplinary research.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106225"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145473808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106226
Chimaobi Umezuruike
Cyber risk events have become a routine occurrence in business operations, and the shipping industry is not left out. Internet technology has been adopted in shipping for onshore and shipboard purposes. Hence, shipping businesses face dual-pronged cyber risks. On the one hand, they are exposed to shipboard cyber risks, and on the other hand, they face onshore cyber exposure much like any other business.
Conventionally, perils of the sea and other offshore risks are handled by traditional marine insurance policies, while onshore business risks are handled by non-marine insurance policies. Both sets of risks had been unique to their classes of insurance. Now, things are muddled as both aspects feature the exposure to cyber risks.
This article analyses the categories of cyber insurance available to the shipowner. It considers the coverage of cyber risks under traditional marine insurance and affirmative cyber insurance. It evaluates how traditional marine insurance tailored for ships' hulls and machinery mitigates some cyber risks and how affirmative cyber insurance covers shipboard and business cyber risks. It examines affirmative cyber insurance policies tailored to the shipping industry and those intended for businesses at large.
Instance policies from each category are analysed to answer what cyber risks may be covered and the policies’ restrictions. This paper is restricted primarily to policies from the UK and the US insurance markets and decided cases from both jurisdictions. It is concluded that shipping businesses require a combination of policies or an extensive hybrid policy to adequately mitigate cyber risks.
{"title":"Cyber risk insurance in the shipping business: What cover is available?","authors":"Chimaobi Umezuruike","doi":"10.1016/j.clsr.2025.106226","DOIUrl":"10.1016/j.clsr.2025.106226","url":null,"abstract":"<div><div>Cyber risk events have become a routine occurrence in business operations, and the shipping industry is not left out. Internet technology has been adopted in shipping for onshore and shipboard purposes. Hence, shipping businesses face dual-pronged cyber risks. On the one hand, they are exposed to shipboard cyber risks, and on the other hand, they face onshore cyber exposure much like any other business.</div><div>Conventionally, perils of the sea and other offshore risks are handled by traditional marine insurance policies, while onshore business risks are handled by non-marine insurance policies. Both sets of risks had been unique to their classes of insurance. Now, things are muddled as both aspects feature the exposure to cyber risks.</div><div>This article analyses the categories of cyber insurance available to the shipowner. It considers the coverage of cyber risks under traditional marine insurance and affirmative cyber insurance. It evaluates how traditional marine insurance tailored for ships' hulls and machinery mitigates some cyber risks and how affirmative cyber insurance covers shipboard and business cyber risks. It examines affirmative cyber insurance policies tailored to the shipping industry and those intended for businesses at large.</div><div>Instance policies from each category are analysed to answer what cyber risks may be covered and the policies’ restrictions. This paper is restricted primarily to policies from the UK and the US insurance markets and decided cases from both jurisdictions. It is concluded that shipping businesses require a combination of policies or an extensive hybrid policy to adequately mitigate cyber risks.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106226"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Legal document building refers to the process of producing a legal textual document following a predefined schema with the support of digital, automated tools. Such systems must balance two fundamental requirements: providing targeted drafting assistance while preserving judicial autonomy and decision-making authority, and systematically leveraging existing legal document corpora to enhance consistency and quality in legal documentation. In this paper, we propose a document builder architecture, called JusBuild, designed to assist and support legal practitioners in drafting new legal documents. JusBuild supports the document assembly process by relying on a predefined legal document template and on a corpus of past legal documents. The key features of JusBuild are: (i) the use of a Conditional Random Field (CRF) model for the supervised segmentation of legal documents into functional sections according to a document template; (ii) a vector database storing segmented sections and their semantically meaningful vector representations for efficiently performing semantic search for suggestions retrieval; (iii) the suggestion, at drafting time, of relevant precedent sections retrieved from the vector database and of new, AI-generated sections, using a Large Language Model and Retrieval-Augmented Generation (RAG). A featuring design choice of JusBuild is the “human-in-the-loop” approach, which allows the user (judge) to exercise his/her decision-making freedom and full control in the formulation of the provision in working with the suggestions provided by JusBuild. Thanks to the flexible nature of the architecture, adaptable to a large number of legal contexts, with different document structures and legal matters, JusBuild makes contextualized content generation accurate and efficient for legal practitioners. The application of JusBuild to legal document building in the Italian legal context is discussed. JusBuild validation is provided by considering datasets that differ for document template, language, and judicial matter, to test its applicability and adaptability to different contexts.
{"title":"Enhancing legal document building with Retrieval-Augmented Generation","authors":"Matteo Buffa , Alfio Ferrara , Sergio Picascia , Davide Riva , Silvana Castano","doi":"10.1016/j.clsr.2025.106229","DOIUrl":"10.1016/j.clsr.2025.106229","url":null,"abstract":"<div><div>Legal document building refers to the process of producing a legal textual document following a predefined schema with the support of digital, automated tools. Such systems must balance two fundamental requirements: providing targeted drafting assistance while preserving judicial autonomy and decision-making authority, and systematically leveraging existing legal document corpora to enhance consistency and quality in legal documentation. In this paper, we propose a document builder architecture, called JusBuild, designed to assist and support legal practitioners in drafting new legal documents. JusBuild supports the document assembly process by relying on a predefined legal document template and on a corpus of past legal documents. The key features of JusBuild are: (i) the use of a Conditional Random Field (CRF) model for the supervised segmentation of legal documents into functional sections according to a document template; (ii) a vector database storing segmented sections and their semantically meaningful vector representations for efficiently performing semantic search for suggestions retrieval; (iii) the suggestion, at drafting time, of relevant precedent sections retrieved from the vector database and of new, AI-generated sections, using a Large Language Model and Retrieval-Augmented Generation (RAG). A featuring design choice of JusBuild is the “human-in-the-loop” approach, which allows the user (judge) to exercise his/her decision-making freedom and full control in the formulation of the provision in working with the suggestions provided by JusBuild. Thanks to the flexible nature of the architecture, adaptable to a large number of legal contexts, with different document structures and legal matters, JusBuild makes contextualized content generation accurate and efficient for legal practitioners. The application of JusBuild to legal document building in the Italian legal context is discussed. JusBuild validation is provided by considering datasets that differ for document template, language, and judicial matter, to test its applicability and adaptability to different contexts.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106229"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145578862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106227
Marilyne Ordekian , Ingolf Becker , Tyler Moore , Marie Vasek
Centralized cryptocurrency exchanges have quickly become internal components of the digital finance ecosystem, mirroring traditional institutions by offering custody, investments, and transactional services. Despite their increasing prominence, the regulatory oversight has historically been fragmented and inadequate, leaving them largely relying on self-regulation. The resulting environment has been marked by exchange collapses, connections to criminal activities, cyber attacks, and poor operational security. High-profile failures, such as Mt. Gox and FTX, highlight the systemic risks and failure of internal governance models to properly mitigate or protect user funds from cascading risks or security breaches. In response, the European Union introduced the Markets in Crypto-Assets (MiCA) regulation and the Digital Operational Resilience Act (DORA), intending to standardize regulatory oversight and enhance user protection.
This paper presents the first comprehensive interdisciplinary analysis of centralized exchanges under the MiCA and DORA frameworks. Drawing on methods from both law and computer science, we systematically translate regulatory requirements into measurable compliance standards, and develop a novel doctrinal and empirical methodology to evaluate current self-regulatory practices of 75 centralized exchanges operating in Europe. Through a detailed analysis of 143 exchange legal documents, we identify major compliance gaps and regulatory uncertainties. Our findings indicate significant shortcomings in exchange practices relating to asset custody, cybersecurity, and liability. This suggests that serious efforts are needed to change these practices and ensure their alignment with regulatory requirements. Our framework enables a systemic comparison between regulation and practice, and establishes a baseline for evaluating the effectiveness of regulatory measures. This approach can be replicated to study other self-regulating emerging sectors.
{"title":"Raising the bar: Assessing historical cryptocurrency exchange practices in light of the EU’s MiCA and DORA regulation","authors":"Marilyne Ordekian , Ingolf Becker , Tyler Moore , Marie Vasek","doi":"10.1016/j.clsr.2025.106227","DOIUrl":"10.1016/j.clsr.2025.106227","url":null,"abstract":"<div><div>Centralized cryptocurrency exchanges have quickly become internal components of the digital finance ecosystem, mirroring traditional institutions by offering custody, investments, and transactional services. Despite their increasing prominence, the regulatory oversight has historically been fragmented and inadequate, leaving them largely relying on self-regulation. The resulting environment has been marked by exchange collapses, connections to criminal activities, cyber attacks, and poor operational security. High-profile failures, such as Mt. Gox and FTX, highlight the systemic risks and failure of internal governance models to properly mitigate or protect user funds from cascading risks or security breaches. In response, the European Union introduced the Markets in Crypto-Assets (MiCA) regulation and the Digital Operational Resilience Act (DORA), intending to standardize regulatory oversight and enhance user protection.</div><div>This paper presents the first comprehensive interdisciplinary analysis of centralized exchanges under the MiCA and DORA frameworks. Drawing on methods from both law and computer science, we systematically translate regulatory requirements into measurable compliance standards, and develop a novel doctrinal and empirical methodology to evaluate current self-regulatory practices of 75 centralized exchanges operating in Europe. Through a detailed analysis of 143 exchange legal documents, we identify major compliance gaps and regulatory uncertainties. Our findings indicate significant shortcomings in exchange practices relating to asset custody, cybersecurity, and liability. This suggests that serious efforts are needed to change these practices and ensure their alignment with regulatory requirements. Our framework enables a systemic comparison between regulation and practice, and establishes a baseline for evaluating the effectiveness of regulatory measures. This approach can be replicated to study other self-regulating emerging sectors.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106227"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145473809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-01DOI: 10.1016/j.clsr.2025.106236
Shujie Feng
The tremendous capacity of AI to generate abundant content at minimum cost will revolutionize all creative endeavors in the literary, artistic and industrial sectors. Whether to protect AI-generated content (AIGC) as copyrightable work is a challenging question common to all countries. While most countries remain attached to the traditional copyright doctrine of absolute human authorship and reluctant to extend copyright protection to AIGC over which AI users have no sufficient control, Chinese courts have recognized the copyrightability of AIGC once AI users’ intellectual investment in the creation process can be shown. This paper explains the political motivation behind the innovative approach of Chinese judges and its favorable support from Chinese scholars, clarifies the Chinese judicial practice, analyzes the significance of its underlying doctrine and evaluates the possible consequences of the Chinese solution for the market. It concludes that the Chinese judicial practice is not a deviation from traditional copyright doctrine, but rather provides a solution to make the traditional standard of human authorship more accessible. The Chinese solution is efficient because it avoids the difficult distinction between users’ and AI’s contribution to AIGC, and it is inclusive of creators assisted by AI as it values the creative genius of humankind instead of physical operation. With that said, for a better balance of interests between prior copyright owners on AIGC and posterior creators, the criteria as well as the burden and standard of proof for determining copyright infringement should be adjusted to protect freedom of creation by human beings.
{"title":"The copyrightability of AI-generated content: A doctrinal exploration of the pioneering chinese judicial practice","authors":"Shujie Feng","doi":"10.1016/j.clsr.2025.106236","DOIUrl":"10.1016/j.clsr.2025.106236","url":null,"abstract":"<div><div>The tremendous capacity of AI to generate abundant content at minimum cost will revolutionize all creative endeavors in the literary, artistic and industrial sectors. Whether to protect AI-generated content (AIGC) as copyrightable work is a challenging question common to all countries. While most countries remain attached to the traditional copyright doctrine of absolute human authorship and reluctant to extend copyright protection to AIGC over which AI users have no sufficient control, Chinese courts have recognized the copyrightability of AIGC once AI users’ intellectual investment in the creation process can be shown. This paper explains the political motivation behind the innovative approach of Chinese judges and its favorable support from Chinese scholars, clarifies the Chinese judicial practice, analyzes the significance of its underlying doctrine and evaluates the possible consequences of the Chinese solution for the market. It concludes that the Chinese judicial practice is not a deviation from traditional copyright doctrine, but rather provides a solution to make the traditional standard of human authorship more accessible. The Chinese solution is efficient because it avoids the difficult distinction between users’ and AI’s contribution to AIGC, and it is inclusive of creators assisted by AI as it values the creative genius of humankind instead of physical operation. With that said, for a better balance of interests between prior copyright owners on AIGC and posterior creators, the criteria as well as the burden and standard of proof for determining copyright infringement should be adjusted to protect freedom of creation by human beings.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106236"},"PeriodicalIF":3.2,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145623493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号