Integrating Legal Considerations into Model-Based

Cyber-Physical-Systems Development

Katharina Polanec

1 a

, Dominik Vereno

1 b

, Erich Fritzenwallner

and Christian Neureiter

1 c

Josef Ressel Centre for Dependable System-of-Systems Engineering, Salzburg University of Applied Sciences,

Urstein Sued 1, A-5412 Puch, Austria

ChargePoint Austria GmbH, Salzburger Straße 26, A-5550 Radstadt, Austria

{ﬁrstname.lastname}@fh-salzburg.ac.at, {ﬁrstname.lastname}@chargepoint.com

Keywords:

Model-Based Systems Engineering, SGAM, Compliance by Design, Cyber-Physical Systems.

Abstract:

Developing complex cyber-physical systems (CPS) demands a variety of disciplines like engineering, software

development, economics and legislation to effectively communicate with each other. Enabling this interdisci-

plinary communication is a challenge that can be tackled with the use of a model-based systems engineering

approach in combination with domain-speciﬁc modeling languages. In domain-speciﬁc modeling frameworks

that implement these approaches, however, research reveals an oversight: an insufﬁcient consideration of leg-

islation disciplines. Since regulations have a signiﬁcant impact on CPS, omitting their incorporation early on

during development can signiﬁcantly delay deployment and lead to exponentially rising development costs.

This position paper advocates for a compliance-by-design approach through the early integration of legal

requirements into domain-speciﬁc architecture frameworks. By bridging the gap between technical and leg-

islative disciplines, the interdisciplinary development of CPS is enhanced, not only ensuring the technical

robustness of the systems but also regulatory compliance. This results in mitigating development risks, espe-

cially avoiding pitfalls of costly adaptions to the system due to late-stage integration of legal considerations.

1 INTRODUCTION

Dependability in the landscape of complex cyber-

physical systems (CPS), has emerged as a challenge.

Dependable systems, by deﬁnition, must be reli-

able, available, maintainable, safe, and secure (La-

prie, 1995). When developing these systems, multi-

ple disciplines such as engineering, software devel-

opment, design, legislation, and management are in-

volved. For the successful realization of CPS not

only effective communication among these ﬁelds but

also managing the system’s complexity is crucial. A

methodology that proved valuable for this purpose is

model-based systems engineering (MBSE) (INCOSE

Technical Operations, 2007). Using models as key

artifacts, not only the complexity of systems can be

mastered; by storing the models in repositories acces-

sible to everyone involved, also a consistent source

of truth is enabled. For effective communication

between stakeholders from different ﬁelds so-called

domain-speciﬁc languages (DSLs) are used as mod-

https://orcid.org/0009-0001-8615-7388

https://orcid.org/0000-0002-7930-6744

https://orcid.org/0000-0001-7509-7597

eling languages for MBSE-based approaches. These

languages are tailored to a speciﬁc domain so that

they can be understood intuitively by all involved par-

ties, leading to effective interdisciplinary collabora-

tions (Fowler, 2010).

A well-known example of such dependable, com-

plex CPS are power grids intertwined with informa-

tion and communications technology, better known

as smart grids (Steinbrink et al., 2018). Within

the smart grid domain, the Smart Grid Architec-

ture Model (SGAM) framework (Smart Grid Coor-

dination Group, 2012) alongside an SGAM-speciﬁc

DSL (Neureiter, 2017) was designed to facilitate a

structured development approach for smart grids, that

also effectively involves relevant stakeholders. How-

ever, the smart grid not only faces challenges due

to its complexity and its necessity for dependability.

This domain also has to deal with national and inter-

national legislation. Especially due to concerns re-

garding privacy and security, it faces numerous poli-

cies aiming at protecting consumers’ privacy and se-

curity (Brown and Zhou, 2019). A tangible example

of the importance of legislation is the smart metering

rollout in Europe. (Zhou and Brown, 2017) found that

Polanec, K., Vereno, D., Fritzenwallner, E. and Neureiter, C.

Integrating Legal Considerations into Model-Based Cyber-Physical-Systems Development.

DOI: 10.5220/0012732200003714

Paper published under CC license (CC BY-NC-ND 4.0)

In Proceedings of the 13th International Conference on Smart Cities and Green ICT Systems (SMARTGREENS 2024), pages 80-84

ISBN: 978-989-758-702-3; ISSN: 2184-4968

national policy measures have a signiﬁcant inﬂuence

on the smart-metering deployment in Europe.

Developments centered around the SGAM frame-

work, as well as similar manifestations in domains

like the automotive claim to incorporate all relevant

stakeholders. However, policymakers, regulations

and legislation are frequently omitted. Legislative in-

terventions can help drive smart grid advancements

forward by utilizing regulatory mandates and enhanc-

ing social acceptance. Nevertheless, without effective

communication between policymakers and engineers

innovations like the smart meter rollout can also be

signiﬁcantly delayed (Faber et al., 2023). Moreover,

if regulations inﬂuencing the development of systems

are not considered from an early development stage,

but need to be integrated during late phases, the de-

velopment costs can increase exponentially. There-

fore, the goal of this position paper is to raise aware-

ness within the CPS development community, that the

early integration of legal consideration is not just a

compliance exercise but a strategic approach to ease

communication between engineers and policymak-

ers as well as avoid exorbitant expenses due to late

changes of the system’s architecture.

2 RELATED WORK

To underpin the position of this paper, the following

section outlines research that has been conducted in

the ﬁeld of MBSE as well as the interdisciplinary de-

velopment of complex systems. Moreover, to frame

the context of this work, this section outlines archi-

tecture frameworks tailored to domains dealing with

such complex systems as the Industry 4.0, automotive

or smart grid domain.

2.1 Domain-Speciﬁc Architecture

Frameworks

CPS are a challenge to master during development

due to their high complexity. To tackle this chal-

lenge, systems engineering was extended by means

of models, resulting in MBSE (INCOSE Techni-

cal Operations, 2007). However, without a well-

structured approach, models alone are not sufﬁcient

for the development of complex systems. For that

reason, in the smart grid domain for instance, the

SGAM, as depicted in Figure 1, was developed dur-

ing an initiative of standardizing smart-grid-related

processes (Smart Grid Coordination Group, 2012).

SGAM is a domain-speciﬁc framework that aids with

a well-structured development approach tailored to

the speciﬁc needs, perspectives, and viewpoints of

Figure 1: Smart Grid Architecture Model (ﬁgure based on

(Smart Grid Coordination Group, 2012)).

the smart grid domain. Hence, this framework incor-

porates every stakeholder that is involved in smart-

grid-related development processes, no matter which

professional discipline they come from. To com-

bine the theoretical approach of the SGAM frame-

work with a model-based approach, (Neureiter, 2017)

introduced a model-based DSL. Opposed to so-

called general-purpose languages, which are typically

used in MBSE, DSLs are tailored to a speciﬁc do-

main, being intuitively understandable for domain ex-

perts (Fowler, 2010). Hence, DSLs form a suitable

model-based tool for the purpose of domain-speciﬁc

frameworks. This advancement of utilizing DSLs

for MBSE approaches results in so-called domain-

speciﬁc systems engineering (DSSE) (Neureiter and

Binder, 2022).

Inspired by the achievements of SGAM in the

smart grid domain, similar initiatives have been un-

dertaken in other domains such as Industry 4.0 and the

automotive sector. These efforts led to the two frame-

works Reference Architecture Model Industrie 4.0

(RAMI 4.0) in the Industry 4.0 domain (Deutsches In-

stitut f

ur Normung, 2016) and the Automotive Refer-

ence Architecture Model (ARAM) in the automotive

domain (Polanec et al., 2022). Like the smart grid

framework, both RAMI 4.0 and ARAM utilize DSLs

to enable a model-based development approach.

These domain-speciﬁc architecture frameworks

provide a suitable basis for effective interdisciplinary

development of highly complex systems. In the fol-

lowing, this necessity for effective communication

across different ﬁelds within the same domain is out-

lined in detail.

2.2 Interdisciplinary Development

When it comes to the development of highly com-

plex CPS, typically numerous distinctive disciplines

are involved in the process. The more complex the

systems are, the more disciplines are involved and the

more difﬁcult it becomes to efﬁciently communicate

Integrating Legal Considerations into Model-Based Cyber-Physical-Systems Development

across the different involved ﬁelds. To overcome this

challenge, well-structured interdisciplinary develop-

ment approaches are needed as outlined by (Neureiter

and Binder, 2022). The authors suggest the use of

models to enable a holistic understanding of CPS. In

engineering, models centered around clarity and un-

derstanding rather than detail and accuracy should be

used according to (Lee, 2016). The DSL tailored to

the SGAM framework was developed following this

principle, utilizing a DSSE approach. (Neureiter and

Binder, 2022) also highlight the importance of antici-

pating all stakeholder’s perspectives. However, tak-

ing a closer look at the description of the business

layer in the SGAM user manual (Smart Grid Coordi-

nation Group, 2014) the following content is deﬁned:

the business layer can be used to represent business

capabilities, use cases, business processes, and busi-

ness models; but also regulatory structures as well

as policies. Hence, stakeholders from all of these

ﬁelds should be taken into account when developing

a model-based approach. In the past, research tried

to address the issue of incorporating non-engineering

ﬁelds.

(Pavlovic et al., 2016) considered the business

layer of SGAM in detail, particularly focusing on the

integration of business aspects in the context of lo-

cal energy markets. While mentioning that this layer

should host policies, the authors primarily concen-

trated on modeling elements like business actors and

roles alongside their responsibilities.

To mention another example, the SGAM-based

DSL implemented by (Neureiter, 2017) provides a

practical application of the framework’s theoretical

concepts whilst advancing MBSE for smart grids.

However, while enhancing the modeling and com-

munication capabilities within the smart grid domain,

this DSL on the business layer primarily focuses on

the business aspects, omitting regulatory and legal

considerations.

A similar focus on business aspects can be ob-

served in the automotive domain and the develop-

ment of the ARAM framework (Polanec et al., 2022).

Hence, the importance of regulatory and policy con-

siderations is recognized in the DSSE community,

however, these aspects are not adequately incorpo-

rated into the system’s architecture models.

3 POSITION STATEMENT

This position paper advocates for integrating regu-

lation, interdisciplinary collaboration between pol-

icymakers and engineers as well as requirements

engineering into early development stages—by de-

sign—of complex CPS. Following these principles

leads to a paradigm shift towards a model-based

compliance-by-design approach. This not only en-

sures that legal requirements are foundational ele-

ments of a system architecture. By enhancing in-

terdisciplinary communication between policymak-

ers and engineers utilizing domain-speciﬁc modeling

frameworks, system development can be aligned with

regulatory landscapes. Moreover, policymakers gain

a well-structured and clear insight into the system ar-

chitecture of complex CPS, facilitating comprehen-

sion of how regulations can be tailored to support the

realization and deployment of CPS. Enabling this un-

derstanding, regulations can become enablers enhanc-

ing efﬁcient deployment of CPS by eliminating poten-

tial obstacles through informed regulatory adaption.

In the following, this position statement is outlined in

detail.

3.1 Interdisciplinary Communication

The rollout of smart meters serves as an example to

highlight the necessity of cooperation between poli-

cymakers and engineers regarding complex systems.

To successfully facilitate not only the development of

such systems in compliance with relevant regulations

but also their public acceptance, engineers and policy-

makers need to share their respective expertise. How-

ever, effective communication between different dis-

ciplines introduces challenges. Different disciplines

often use different professional terminology, which

is not necessarily familiar to another discipline. At

this point, the domain-speciﬁc frameworks come into

play. To provide a holistic view of the system un-

der development, these frameworks alongside their

DSLs aim at incorporating all relevant stakeholders

from different disciplines with a signiﬁcant impact

on the system’s design. Regarding the integration of

various technical and economic disciplines, there has

been considerable research. However, the inclusion

of legal disciplines has been minimal up to now.

3.2 Requirements Engineering as

Enabler

In the context of domain-speciﬁc modeling frame-

works, engineers are not familiar with the integration

of legal texts. However, engineers are well-versed

when it comes to the incorporation of technical stan-

dards, which form the basis for the identiﬁcation of

technical requirements. Since legal texts also serve as

a source for requirements, the commonality between

standards and legal texts lies within requirements en-

gineering. Requirements engineering is the process

SMARTGREENS 2024 - 13th International Conference on Smart Cities and Green ICT Systems

of evaluating, documenting and verifying stakeholder

needs to identify key requirements of the system un-

der development. Stakeholders can be natural per-

sons, other systems, standards, or regulations that af-

fect the requirements of the system directly or indi-

rectly (Sommerville and Sawyer, 1997).

Frameworks like SGAM or ARAM, however,

do not directly incorporate requirements within their

structure or associated DSLs. Therefore, this gap

should be closed by utilizing a focused approach to

requirements engineering. Legal texts and regula-

tory guidelines could be incorporated within domain-

speciﬁc frameworks by translating them into speciﬁc

requirements. Hence, we recommend conducting re-

search on how to directly or indirectly incorporate re-

quirements with frameworks like SGAM or ARAM.

3.3 Compliance by Design

Research shows that regulations and legal considera-

tions are not simply an obligation for the development

of complex systems but can also have a signiﬁcant

inﬂuence on the design, operation and public accep-

tance of these systems. If not considered early on in

the development phase, however, the deployment of

systems can not only be delayed drastically; changes

that are introduced at late stages of development can

lead to exponentially increasing costs and might com-

promise the system’s operational efﬁciency.

Drawing parallels from established approaches

like security-by-design, (Vereno et al., 2024) recently

discussed the concept of compliance by design. The

authors emphasized the importance and beneﬁt of

MBSE in this approach, which highlights that com-

pliance by design could prove valuable for the model-

based development of complex systems. This ap-

proach ensures the seamless integration of legal con-

siderations into the system’s architecture from early

development stages throughout the whole life cycle,

facilitating the development of dependable systems

that is compliant with regulations.

4 CONCLUSIONS

Developing CPS especially in domains like the smart

grid or automotive presents challenges, like effective

interdisciplinary communication due to the involve-

ment of numerous stakeholders from diverse disci-

plines. Domain-speciﬁc architecture frameworks in

combination with an MBSE approach, claim to ad-

dress this challenge by providing a structured and

comprehensive methodology for the interdisciplinary

development of dependable CPS. Nevertheless, re-

search presents a gap in the integration of regulations

and legal considerations which have a great inﬂuence

on CPS: regulations can positively inﬂuence their ad-

vancements by enhancing social acceptance. How-

ever, if integrated at late stages of development not

only deployment is delayed but the costs of devel-

opment can escalate exponentially. To properly pre-

vent this risk, this paper outlined the following sug-

gestions:

1. Interdisciplinary Communication. It is impor-

tant for domain-speciﬁc architecture frameworks

to not only integrate stakeholders like diverse en-

gineers, developers and economists but to con-

sider legislative disciplines as well, resulting in

true interdisciplinary communication.

2. Requirements Engineering as Enabler. Regu-

lations are a source for requirements. Hence, re-

search should be conducted on how to effectively

translate legal texts into speciﬁc requirements

as well as how to combine this requirements-

engineering approach with model-based domain-

speciﬁc architecture frameworks.

3. Compliance by Design. Based on concepts like

security by design, the presented suggestions need

to be incorporated at early stages of CPS develop-

ment, resulting in compliance by design.

By following a compliance-by-design approach,

not only can expensive late-stage modiﬁcations be

avoided, but it can also be assured that the devel-

opment of dependable CPS complies with national

and international legislation. Moreover, incorporat-

ing the language of policymakers into engineering

frameworks can improve effective communication be-

tween those two parties, facilitating both, the align-

ment of CPS development with regulatory landscapes

and comprehension of how regulations can support

the acceptance, realization and deployment of CPS.

ACKNOWLEDGEMENTS

The support for valuable contributions of the Charge-

Point Austria GmbH is gratefully acknowledged. The

ﬁnancial support by the Austrian Federal Ministry for

Digital and Economic Affairs and the National Foun-

dation for Research, Technology and Development

and the Christian Doppler Research Association as

well as the Federal State of Salzburg is gratefully ac-

knowledged.

Integrating Legal Considerations into Model-Based Cyber-Physical-Systems Development

REFERENCES

Brown, M. A. and Zhou, S. (2019). Smart-grid policies:

an international review. Advances in Energy Systems:

The Large-scale renewable energy integration chal-

lenge, pages 127–147.

Deutsches Institut f

ur Normung (2016). DIN SPEC 91345:

Rami 4.0.

Faber, R., D

uck, L., and Reichwein, D. (2023). Ger-

many’s delayed electricity smart meter rollout and

its implications on innovation, infrastructure, inte-

gration, and social acceptance: An ex-post analysis.

National Case Study of the 4i-TRACTION Deliv-

erable D2.6, Ecologic Institute, Berlin. Available

online: https://www.4i-traction.eu/outputs/germanys-

delayed-electricity-smart-meter-rollout-and-its-

implications-innovation.

Fowler, M. (2010). Domain-speciﬁc languages. Pearson

Education.

INCOSE Technical Operations (2007). Systems engineer-

ing vision 2020, version 2.03. Technical report, IN-

COSE.

Laprie, J.-C. (1995). Dependability—its attributes, im-

pairments and means. In Randell, B., Laprie, J.-C.,

Kopetz, H., and Littlewood, B., editors, Predictably

Dependable Computing Systems, pages 3–18, Berlin,

Heidelberg. Springer Berlin Heidelberg.

Lee, E. A. (2016). Fundamental limits of cyber-physical

systems modeling. ACM Transactions on Cyber-

Physical Systems, 1(1):1–26.

Neureiter, C. (2017). A domain-speciﬁc, model driven engi-

neering approach for systems engineering in the smart

grid. MBSE4U.

Neureiter, C. and Binder, C. (2022). A domain-speciﬁc,

model based systems engineering approach for cyber-

physical systems. Systems, 10(2).

Pavlovic, M., Gawron-deutsch, T., Neureiter, C., and Di-

wold, K. (2016). Sgam business layer for a local ﬂex-

ibility market. In CIRED Workshop 2016, pages 1–4.

Polanec, K., Gross, J.-A., Brankovic, B., and Neureiter, C.

(2022). Evolution of the automotive reference archi-

tecture model towards a domain-speciﬁc systems en-

gineering approach. In 2022 IEEE 27th International

Conference on Emerging Technologies and Factory

Automation (ETFA).

Smart Grid Coordination Group (2012). Smart Grid

Reference Architecture. Technical report, CEN-

CENELEC-ETSI.

Smart Grid Coordination Group (2014). SGAM User Man-

ual - Applying, testing & reﬁning the Smart Grid Ar-

chitecture Model (SGAM) Version 3.0. Technical re-

port, CEN-CENELEC-ETSI.

Sommerville, I. and Sawyer, P. (1997). Requirements engi-

neering: a good practice guide. John Wiley & Sons,

Inc.

Steinbrink, C., Schl

ogl, F., Babazadeh, D., Lehnhoff, S.,

Rohjans, S., and Narayan, A. (2018). Future perspec-

tives of co-simulation in the smart grid domain. In

2018 IEEE International Energy Conference (ENER-

GYCON), pages 1–6. IEEE.

Vereno, D., Polanec, K., and Neureiter, C. (2024). Com-

pliance by design for cyber-physical energy systems:

The role of model-based systems engineering in com-

plying with the EU AI Act. preprint on webpage at

https://www.en-trust.at/papers/Vereno24a.pdf.

Zhou, S. and Brown, M. A. (2017). Smart meter deploy-

ment in europe: A comparative case study on the im-

pacts of national policy schemes. Journal of cleaner

production, 144:22–32.

SMARTGREENS 2024 - 13th International Conference on Smart Cities and Green ICT Systems