Architectures of Contemporary Information Systems and

Legal/Regulatory Environment

alint Moln

1 a

, P

eter B

aldy

2 b

and Krisztina Menyhard-Bal

azs

Information Systems Department, Faculty of Informatics, E

otv

os Lor

and University (ELTE) P

azm

any P

eter s

any 1/C,

H-1117, Budapest, Hungary

Faculty of Law, E

otv

os Lor

and University (ELTE) Budapest, Egyetem t

er 1-3, H-1053, Budapest, Hungary

Keywords:

Enterprise Architecture, Business Processes, XAI, Large Language Models, Blockchain, Lakehouse, Public

Administration, Governance of Cities.

Abstract:

The information interchange, between humans and computers, and the data processing in the context of In-

formation Systems and Enterprises became a complex structure with a rapidly developing technology stack.

This paper proposes an integrated approach that combines recent technological approaches in architecture

for Information Systems and Enterprises concerning the recent development of the technology landscape.

There are established scientiﬁc and research disciplines in domains such as Enterprise Architecture, Anal-

ysis, and Design of Information Systems, Business Process Management and Modeling, Data Management

and Administration, and Human-Computer Interaction. The rapid development of Artiﬁcial Intelligence (Ma-

chine Learning, Data Science) and its applications in enterprise environments necessitates deﬁning a research

framework that can support the alignment of these components for research and practical applications. Since

Information Systems are of socio-technological phenomenon, and quick development of technologies meddles

with the privacy, and personal data of individuals. This fact implies that the legal, regulatory, and ethical set

of rules should be considered and built-in through architectural building blocks into Enterprise Architecture.

Therefore, the existing and emerging regulatory frameworks are considered to make it possible and realize

compliance through artifacts that care about conformance to rules. The legal environment and the ethics that

are deduced from the legal rules touch the local and public administrations that operate the cities through

advanced IT systems.

1 INTRODUCTION

We are in a rapidly changing IT (Information Tech-

nology), Business, Legal, and Financial technolo-

gies environment where new approaches emerge and

will be incorporated into enterprises. Public admin-

istration is not except since IT technology penetrates

the public through mass media. The administrative

processes should embed the recent technologies that

are connected to information management, and doc-

ument handling, moreover, the governments should

take into account the international and national le-

gal rules, e.g., GDPR and AI Act in the European

Union (Sovrano et al., 2022; Voigt and von dem Buss-

che, 2017; Nikolinakos, 2023; Neuwirth, 2022). In

change management, we deal with the changes in the

company’s environment, in the ecosystem, within the

https://orcid.org/0000-0001-5015-8883

https://orcid.org/0000-0002-7932-2832

company (Business Processes, Workﬂow, and data

collections), and the technologies. Nowadays, there

is a lot of turbulence in all aspects of a company’s

business and IT life. There are sets of disruptive tech-

nologies that come into play that inﬂuence the En-

terprise Architecture (EA): (a) generative Artiﬁcial

Intelligence (AI), (b) LLM (Large Language Mod-

els), (c) generally, AI, Machine, Learning (ML), Data

Science (DS), (d) blockchain and General Ledger,

(e) IoT (Internet of Things) with low-power radio fre-

quency communication (RF), (f) Cloud computing in

tandem with broadband communication, (g) ubiqui-

tous computing, (h) Decentralized Finance, (i) Quan-

tum Computing, and (j) Digital Twins (Expert, 2024;

Gartner, 2024). The concept of EA is important

for companies to wrestle with the recent technology

stacks. The question is how the EA can help com-

panies, especially the resource-scarred MSMEs (Mi-

cro, Small, and Medium Sized companies). Some cir-

Molnár, B., Báldy, P. and Menyhard-Balázs, K.

Architectures of Contemporary Information Systems and Legal/Regulatory Environment.

DOI: 10.5220/0012733600003690

Paper published under CC license (CC BY-NC-ND 4.0)

In Proceedings of the 26th International Conference on Enterprise Information Systems (ICEIS 2024) - Volume 2, pages 753-761

ISBN: 978-989-758-692-7; ISSN: 2184-4992

753

cles of scholars, researchers, and professionals started

considering EA as an obsolete approach to solv-

ing problems of companies in the light of current,

fashionable tendencies such as e.g. DevOps (devel-

opment and operations), CD/CI (Continues Devel-

opment/Continuous Integration) and Agile Develop-

ment (Murat Erder, 2021; Chintale, 2023; Hering,

2018; Brandon Atkinson, 2018). Nonetheless, the EA

as an approach to provide an overarching company

perspective seems to be a necessary tool to tackle the

recent turbulent and dynamic IT and business envi-

ronment when new technologies are developed. In

light of the rapid pace at which new technologies

and their potential applications are emerging, it can

be quite challenging to accurately predict the grand

challenges that may arise in the future. The profes-

sionals and researchers in EA should remain up-to-

date with the latest advancements in IT, Data Science,

Machine Learning, and generally AI (Artiﬁcial Intel-

ligence) so that we can be better equipped to address

any challenges that may come our way. There is a

symbiotic relationship between Enterprise Informa-

tion Systems and Enterprise Architecture. Enterprise

information systems are important architecture build-

ing blocks of an enterprise’s architecture. Implement-

ing or modifying such a system involves changes to

its architecture. Similarly, any alteration to an en-

terprise’s architecture will impact its information sys-

tems. Next-generation enterprise information systems

should be viewed in the context of these new realities

to avoid any negative impact on their information sys-

tems. Some frameworks make it possible to analyze

the speciﬁc company and its EA, namely the Zach-

man ontology. The business and system engineering

approach supports disciplined planning and design

that are apt to practical applications, namely TOGAF

and ArchiMate (Zachman, 1987; Josey, 2016; Josey,

2017; Meertens et al., 2012). We apply the Zachman

ontology to provide a theoretical tool to organize the

issues that emerge as the consequence of the rapid

technology development the provide a possible map-

ping to maintain the challenges of both technology

and business development. The TOGAF and Archi-

Mate give a toolset to perform a planning and design

exercise by tracking the templates of architectural so-

lutions in the architecture continuum. The TOGAF

supports ﬁlling in the company-speciﬁc template of

architecture building blocks with the most recent so-

lutions and options with the integration. We adhere

to the neutral terminology of the international stan-

dard ISO/IEC/IEEE 42010 against other open or pro-

prietary approaches to EA.(ISO, 2011). Some publi-

cations combined the formal, mathematics-based ap-

proach and architectures to grasp the signiﬁcant prop-

erties of EISs (Enterprise Information Systems) con-

sidering the theoretical foundations of EA (Moln

and Bencz

ur, 2022; Moln

ar and

Ori, 2018;

Ori and

Moln

ar, 2018) There was an investigation of a speciﬁc

ﬁeld of Cognitive Information Systems that uses sev-

eral domains of Artiﬁcial Intelligence to approximate

the cognitive capabilities of human actors regarding

EA (Mattyasovszky-Philipp and Moln

ar, 2023). The

goal is to cope with the emerging phenomena through

EA approaches to create a blueprint for enterprises

to handle the challenges and incorporate innovation

into the business model. We also discuss models and

theories that we believe could be useful in address-

ing the identiﬁed challenges of applying technology

for innovation. Innovation is a hot topic either from

a scientiﬁc or professional viewpoint in connection to

Information Systems in companies. The issue for the

ﬁrms is how to yield new services through exploiting

IT/IS services (Maglio et al., 2019). To illustrate the

value of these models and theories, we discuss recent

advances in the ﬁeld of Enterprise Information Sys-

tems (EIS) and EA, which guide to help companies

address the emerging issues of responding to rivalry,

competition, innovation, and advances in technology.

We give an outlook on the related regulations and le-

gal environments that raise the issues of compliance

and conformance, and the application of a branch of

the related technologies called RegTech.

2 ENTERPRISE INFORMATION

SYSTEMS

Enterprise Information Systems (EIS) refers to all the

systems, including people, technology, and data, that

are used to support the integrated functions of an en-

terprise. For this reason, EIS is a high-complexity

system whose core properties can be grasped in the

notion of a socio-technological system. The ﬁeld

of EIS now covers different aspects, such as de-

sign, implementation, deployment, rollover, mainte-

nance, and adaptation. Enterprise Architecture is of-

ten used to provide a context for enterprise infor-

mation systems. From this perspective, EA can in-

ﬂuence and prescribe the stages of the requirements

analysis, requirement speciﬁcation, design, and im-

plementation of an enterprise EIS (Ashworth, 1988).

EIS and EA are closely intertwined, and emerging

technologies require that integration issues with es-

tablished solutions and new technologies be kept un-

der control. The proposed EA solutions can provide a

blueprint for the ongoing maintenance and evolution

of EIS to adapt to the changing business and tech-

nology landscape and adopt new approaches. The

SEC-SCIS 2024 - Special Session on Soft Computing in Ethicity and Smart Cities Services

754

Zachman framework is one of the approaches used

in enterprise architecture that provides a comprehen-

sive overview of information systems. Unlike TO-

GAF and Archimate, which use an engineering ap-

proach, the Zachman framework takes a theoretical

foundation(ZachmanInternational, 2024). It can be

considered as a meta-schema or ontology of the col-

lections of ISs in an enterprise. This theoretical ap-

proach can describe a compound structure and can be

used for semantic mapping and matching during inte-

gration exercises(Ma et al., 2022). According to La-

palme (Lapalme, 2012), the Zachman framework can

be regarded as a theory that provides a comprehensive

overview of information systems.

2.1 Issues of Enterprise Information

Systems and Architecture

The Zachman ontology is a useful tool for under-

standing the intricate structure of a set of information

systems, as well as the associated business processes

and workﬂows. The Zachman Enterprise Architec-

ture provides a toolkit that can be utilized to iden-

tify a suitable location for new technology building

blocks and to integrate or extend these new compo-

nents with the existing IT/IS services. As previously

mentioned, the main objective of the Zachman Enter-

prise Architecture (EA) is to provide a comprehensive

understanding of an enterprise. This makes the Zach-

man EA an explanatory theory for Information Sys-

tems (IS). By presenting a new perspective on how

EA can be perceived, the Zachman EA goes beyond

being just a methodology. Rather, it serves as a theory

that provides a comprehensive oversight to depict an

enterprise. Zachman’s Enterprise Architecture (EA)

can be perceived as a theory of Information Systems

(IS) that helps researchers and practitioners under-

stand the role and objectives of EA. This comprehen-

sion is crucial for adapting EA to new business and

information technologies, which can help overcome

challenges. Developing and maintaining EA and ISs

can trigger strategic and tactical planning of EA re-

newal, followed by the design and implementation of

ISs that are touched. Zachman EA can be viewed as a

meta-ontology for business and a meta-schema for IS,

which can serve as a research methodology and meta-

theory for IS research. In summary, Enterprise Archi-

tecture (EA) is a powerful approach for developing,

maintaining, and documenting information systems.

It offers a variety of tools and models and has proven

effective in many projects. Despite the hype around

digital transformation and the many technologies that

it encompasses, we believe that EA will remain rele-

vant in aligning, adapting, and extending the business

services supported by information systems. While the

application of EA can be complex and intertwined

with IT, it is essential for enterprise change manage-

ment and providing a clear picture for stakeholders.

The need for change is driven by competition, rivalry,

and technological development. Disciplined and agile

methods in business and IT projects have changed the

way organizational changes, systems, and software

are planned and developed. Digital transformation in-

troduces new issues, such as the need for improved

customer relationship management and strengthening

the network in ecosystems. Organizations require a

theoretical approach, such as an ontology or meta-

schema, and a lightweight, customized method that

is aligned with customer needs and iterative, allow-

ing for continuous improvement. Therefore, an EA

methodology based on the Zachman ontology that fo-

cuses on business services and can be easily under-

stood by each stakeholder is necessary. We summa-

rize the major properties of Zachman ontologies to

make our application understandable Table 1.

The basic idea is to use the English interrogatives

to explore the “world” thereby the obtained answers

make it possible for a system analyst or architect

to depict the various facets of “entities in the enter-

prise” either tangible or intangible (Gewertz, 2016).

Kipling’s classical poem gives a clue to the appli-

cation, then the Zachman ontology yields a guid-

ance.(Kipling, 1998). The what embraces the data en-

tities and all possible storage formats, database man-

agement systems, data warehouses, data lakes, and

the data that are stored in them. The how incorpo-

rates the intangible business processes and workﬂows

the where can be interpreted as the distribution of the

communication network, and computing service cen-

ters in geography and cyberspace. The who can be

translated into responsibilities with a strong connec-

tion with security, data protection, and access rights.

The when can be perceived as timing and scheduling,

the why the mission of the company mapped onto ob-

jectives and then regulation, and internal standards.

The rows in the table (see Table 1) describe the var-

ious views of the enterprise from the different view-

points of interested parties. The row of the executive

perspectives is about the strategy, mission, and high-

level business concepts and processes. The viewpoint

of the business manager embodies the business model

that can be described as pieces of models that are pro-

duced by business analysts. The business architecture

row represents the models that use the language of IT

with a strong business focus to be understandable to

the users and stakeholders within the company. Ei-

ther the system analyst or recently, the business archi-

tect who maps and reﬁnes the business level model

Architectures of Contemporary Information Systems and Legal/Regulatory Environment

755

Table 1: A mapping semantically between Zachman architecture and the recent technology components. (ZachmanInterna-

tional, 2024).

Aspects /

Perspectives

what how where who when why model view

Executive Fact, business

data / for usage

by recent

AI/ML/D.Sc.

Business Service

utilizing

AI/ML/D.Sc

Chain of Business

Processes

utilizing

AI/ML/D.Sc

Business function Chain of Business

Process utilizing

AI/ML/D.Sc

Business goal Scope, Context

Business

Manager/

Business Analyst

Underlying

Conceptual data

model / Data

Lake structured

and unstructured

data

Service with

added value

originated by the

cognitive

resonance

Service

composition with

business analytics

Actor, Role Business Process

Model

Business

Objective

Business Notions

Business

Architect/ System

Analyst

Class hierarchy,

Logical Data

Model structured,

semi-structured,

and unstructured

data

Service

Component

utilizing

AI/ML/D.Sc

Hierarchy of

Service

Component

utilizing

AI/ML/D.Sc

User role, service

component

BPEL, BPMN,

Orchestration

Business Rule Descriptive

Models of the

System

System &

Software

Engineer

Object hierarchy,

Data model

Service

Component

utilizing

AI/ML/D.Sc at

program code

level

Hierarchy of

Service

Component

utilizing

AI/ML/D.Sc at

program code

level

Component,

Object for

observation of

security

Choreography Rule Design Speciﬁcation of

Models in the

relevant

technologies.

Implementor/realization

of Business

Objects

Data in DBMS Service

Components

Hierarchy of

Service

Components

Component,

Object for

observation of

security

Choreography,

Security

architecture

Rule speciﬁcation Conﬁguration

model of the

applied toolset

The Enterprise Data Function Network Organization Schedule Operationalized

rules

Components of

Operation

(Realization)

Artiﬁcial Intelligence (AI), Machine Learning (ML), Data Science (D.Sc.)

into models according to the relevant IT descriptive

methodologies. The typical examples are models of

business processes, workﬂows, and databases in het-

erogeneous technical approaches that make it possi-

ble to investigate the opportunities for digital trans-

formation. The system engineering row deals with

“physical” design, the transformation of the logi-

cal design into architectural building blocks that are

technology-dependent. For instance, the logical data

model has been translated into database management-

speciﬁc languages, e.g. SQL schemas, the process

models into program codes, the communication net-

work model into equipment speciﬁcations and com-

ponents of a software-deﬁned network, etc. The im-

plementor row treats with the mapping of the physical

design onto the components, and tools of the avail-

able technology, e.g., building up the database by run-

ning the SQL statement specifying the data schema,

or compiling the program code into executable code,

then test them and adjust them to the speciﬁc technol-

ogy. The enterprise row incorporates the operation

of the company in a tangible, physical format, the in-

tangible bit streams are in the physical equipment or

virtual systems in cloud computing.

3 DIGITAL TRANSFORMATION

AND MSMEs

Consumers demand personalized services and prod-

ucts according to the concept of hyper-personalization

that appeared in electronic services (Jain et al., 2021).

Companies can satisfy this requirement through dig-

italized services and digital products exploiting IT.

There is enforcement to create innovative solutions,

and value propositions according to actual business

models (Maglio et al., 2019; Osterwalder and Pigneur,

2010). Improvements in IT and communication tech-

nologies are making information available through-

out the life cycle of products, services, and business

processes. Manufacturing systems, service provision,

and people are closely interconnected. In addition,

the resulting large amounts of data can be used in

recent IT, namely Data Science, Machine Learning,

and comprehensive Artiﬁcial Intelligence (AI) for op-

timization of the tasks within workﬂows, moreover

forecasting the demands for resources, services, and

products. EA has a great opportunity to effectively

adopt and integrate digital transformation through a

disciplined approach of Zachman ontology and then

the TOGAF can be used for the realization of the ar-

chitecture and augmenting the business services along

with the supporting services of ISs. The ﬁrst two rows

of Zachman EA are strongly business-oriented and

contain a more formalized mapping of the business

SEC-SCIS 2024 - Special Session on Soft Computing in Ethicity and Smart Cities Services

756

strategy, the alignment of the business with the recent

technologies, and innovation perspectives to be im-

plemented through digital transformation. Moreover,

the ecosystems, digital products, and electronic ser-

vices become part of the architecture. We outline an

EA approach for supporting digital transformation in

MSMEs concerning the recent IT solutions. From a

bird-view perspective, we separate two major threads

that we can conceptualize as a higher level and a de-

tail level approach. The higher level deﬁnes the ar-

chitecture of the whole MSME. At the detailed level,

single functions in ISs are realized, built, and rolled

over. Besides the two overarching iterative cycles (see

TOGAF and Archimate (Josey, 2016; Josey, 2017))

two pillars help to advance the digital strategy of an

enterprise. The business strategy should be formu-

lated as a digital business strategy or should be in-

cluded explicitly. The digital business strategy em-

braces the velocity, scale, and scope of the use of re-

cent IT in the companies. The business model con-

tains information like value proposition containing

value curves, customer systems, and revenue struc-

ture (Cardoso et al., 2015). The next step is to work

out a company-speciﬁc architecture that considers the

general and sector-speciﬁc solutions. The goal of this

stage is to reﬁne the business model according to the

ﬁrst two rows of the Zachman EA. The proposed ar-

chitecture contains models of business services in the

form of business processes, data collections, the dis-

tribution of human and computer nodes, etc. The

third row in the Zachman EA incorporates the major

IT/S services and data collection that are required for

implementation. Thus, the architecture to be imple-

mentable can be concluded from the proposed archi-

tecture. This phase considers the digital transforma-

tion strategy and takes into account the existing archi-

tecture.

3.1 Enterprise Architecture Support for

Digital Transformation

As we stated previously, the recent architecture ap-

proaches should take into account the ecosystem. The

Zachman as a theory and TOGAF as practical design

theory and project guidance can be used in tandem.

(Bondar et al., 2017). The company and its surround-

ing ecosystem can be seen as a co-evolving environ-

ment: the company and its network of connections

with other stakeholders should be systemically de-

signed to enable digital transformation and sustain-

ability trends. EA provides meaning to and supports

the transformation of the business. (Bakarich et al.,

2020). The senior management should deal with the

ﬁrst row of the Zachman EA with innovation, digi-

tal transformation, and sustainability. The Business

Architecture in TOGAF handles the business analysis

models and the related artifacts focused on the non-

technology aspects, e.g. Business Process descrip-

tion in BPMN (White and Miers, 2008). The second

and third rows treat the socio-technological facets of

various ISs. The artifacts, incorporating the models

in these rows, are IT/IS artifacts, e.g. the descrip-

tion of facts and documents in models of the domain,

and the IT and business events are represented in the

form of behavior models of IS that is touched, and

the behavior model depicts the dynamic side of the

system. The third row contains design models, e.g.

logical data model, in the form of entity-relationship,

or UML class model. The fourth row contains the

artifacts of models that can be considered scientiﬁc

models, models according to Computer Science and

IT. For instance, Petri Nets for Business Processes,

Finite State Machines for state transitions, or rigorous

relation database models according to Codd’s relation

database theory that is founded in the theory of rela-

tions, algorithms, and sets. The disciplined approach

of EA can make it possible for the enterprise to be

adaptive and to get the silos fallen to achieve business

modularity. The technical architecture gives a syn-

ergistic set of data collections and processes devoted

to information handling to buttress the digital trans-

formation. The enterprise should consider the au-

tomation and data science technologies during an EA

exercise, automation technologies: (1) Cloud com-

puting, (2) IoT (Internet of Things), (3) Blockchain,

and (4) Robotic Process Automation (RPA). The pro-

cesses contained in the ”how” column will be ex-

tended by Data Science Technologies to achieve ef-

ﬁciency and effectiveness (Pisoni et al., 2021). How-

ever, Data Science Technologies demand data from

several sources. A Data lake as a data architecture

is an apt solution that can collect the data from vari-

ous resources and can be made available for the vari-

ous AI/ML algorithms for further processing(Moln

et al., 2020). The use of data raises several issues,

primarily the legal and ethical use of data in the al-

gorithms. (I) data of consumers, (II) data of opera-

tions from Customer Relationship Management Sys-

tem and IoT devices, telemetry systems., (III) data

from social networks, (IV) data from the Public Ad-

ministration, and (V) data from the partners in the

ecosystems who either cooperate or compete with the

enterprise. The paper of Molnar and Pisoni (Pisoni

et al., 2021) contains a comprehensive set of optional

domains of data analytics in companies and a set of al-

gorithms in Data Science and Machine Learning that

can be applied for analysis. The data analytics tasks

are strongly coupled to business processes and activ-

Architectures of Contemporary Information Systems and Legal/Regulatory Environment

757

ities in workﬂows. The outlined EA based approach

can assist MSMEs in the digital transformation since

this EA supports the data preparation, model deﬁni-

tion, variable selections and then training and tuning

the model. We will discuss in the next section the

issues related to Data Architecture that will become

manifest through the data processing activities of IS

architecture.

4 THE FACETS OF RULES OF

LAWS AND REGULATIONS

Having described above some aspects of Enterprise

Information Systems and Architecture, we have to

stop and have a look at the aspect, that usually comes

as a whip-crack at the ﬁnish of the development: legal

compliance. We like it or not, IT developments, espe-

cially those of disruptive technologies and their fol-

lowers, face a heavily fragmented regulatory environ-

ment. Legal specialists (in the ﬁeld of personal data,

AI, data management, etc.) are expensive but still es-

sential for evading ﬁnes and other business killer legal

procedures.

4.1 The Legislative Landscape

After ﬁve years of cohabitation with the GDPR

(European-Parliament ”and” of the Council, 2016) it

is useless to explain its goals but the other fruits of

the European legislation are worth stopping. First

of all the proposal on the regulation of Privacy

and Electronic Communications (ePrivacy Regu-

lation(European-Parliament ”and” of the Council,

2017)) repealing the 20-year-old ePrivacy Directive

will complete and clarify the provisions of the GDPR

concerning electronic communication by regulating

among other things conﬁdentiality, storage, and era-

sure of electronic communication data or deﬁning the

permitted processing of electronic communications

data.

The regulation on the free ﬂow of non-personal

data aims to ensure the free ﬂow of data other than

personal data within the Union by laying down rules

relating to data localization requirements, the avail-

ability of data to competent authorities, and the port-

ing of data for professional users. By this legislative

tool, the goal is to deepen the difference between the

practice, and usage of personal and non-personal data

while trying to facilitate the free movement of the lat-

ter. The Open Data (European-Parliament ”and” of

the Council, 2019) directive is replacing the PSI di-

rective and aims to exploit the potential of public sec-

tor information by providing real-time access to dy-

namic data via adequate technical means and increas-

ing the supply of valuable public data for re-use.

The Data Governance Act(European-Parliament

”and” of the Council, 2022d) aims to facilitate data

sharing across sectors, among businesses, and be-

tween businesses and public authorities by establish-

ing a framework for trusted intermediaries that fa-

cilitate data sharing while ensuring compliance with

data protection regulations. The Data Act(European-

Parliament ”and” of the Council, 2023) is more on

business-to-consumer and business-to-business data

sharing by deﬁning an obligation to make product

data and related service data accessible to the user

and by providing the right of the user to share data

with third parties.

The Digital Markets Act (DMA) (European-

Parliament ”and” of the Council, 2022b) regu-

lates the large digital platforms, such as search en-

gines, digital markets, web browsers, virtual as-

sistants, cloud services, online advertising services,

etc., which are gateways for business users to reach

end users. The regulation deﬁnes numerous obli-

gations on fair practice of competition, data acces-

sibility, or interoperability. Digital Services Act

(DSA) (European-Parliament ”and” of the Coun-

cil, 2022c) (European-Parliament ”and” of the Coun-

cil, 2022c) amending and complementing the e-

commerce directive together the with DMA aims to

create a safer digital space, by providing harmonized

rules for the provision of intermediary services in

the internal market and a framework of conditional

exemptions from liability for intermediary service

providers beside speciﬁc rules on due diligence obli-

gations for certain categories of intermediary service

providers.

In these norms, the legislation is still technolog-

ically neutral, not so in the case of the regulation of

AI systems. The essence of the AI Act (European-

Parliament ”and” of the Council, 2021) is the fear,

the risk management of this disruptive technology.

The fact, that even the legal deﬁnition of AI has

changed each round of the legislative process tells a

lot about the soundness of the proposal. Besides, a

huge amount of administration, work will be loaded

on the developers, providers, or others involved in the

marketization of these systems. The directive on AI

Liability (European-Parliament ”and” of the Council,

2022a) aims to deﬁne single rules on the disclosure

of evidence in the case of high-risk AI systems and

on the burden of proof in the case of non-contractual

fault-based civil law claims brought before national

courts for damages caused by an AI system.

SEC-SCIS 2024 - Special Session on Soft Computing in Ethicity and Smart Cities Services

758

Figure 1: Landscape on new regulatory environment based on the EU data strategy.

4.2 Main Legal Issues of EISs

The above-outlined legal landscape already proved

the indispensable involvement of legal knowledge

in the development and maintenance of EISs. Still

scratching the surface, besides the evident problems

arising due to the processing of personal data, many

other elements of the systems are exposed to legal

compliance issues. Maybe the most important, as

well the most difﬁcult will be to deﬁne which data are

subject to the right of the ’free movement of data’,

and what datasets the company or authority has to

share with the data subject or other interested par-

ties. Moreover, not only the public sector but also

the participants of the private sector collecting huge

amounts of information (such as data of smart tools,

etc.) are subject to sharing this information with vari-

ous types of entitled persons. A well-thought-out and

conscious database design is needed to ensure that

business objectives are legally compliant, but also that

their technological implementation is legally and eco-

nomically efﬁcient. Not only the major platforms but

many smaller as well will face obligations concern-

ing business activity, which will be reﬂected in the

architecture of their systems. In the future, the prob-

lems of AI technologies will be added to these com-

pliance issues: starting from the correct classiﬁcation

of the technology used through the risk evaluation till

the concrete administrative obligations of the upcom-

ing rules will put a huge workload on the developers.

The use of machine learning algorithms has the po-

tential to perpetuate or amplify biases inherent in the

training data. Organizations need to adopt strategies

to identify and mitigate biases in data analysis and to

apply data science and machine learning algorithms

that promote the ethical use of data science and ma-

chine learning.

4.3 Data Protection or Data Security

For IT professionals assuring the security of the data

is not only essential, but it is a continuously repeating

task from the system planning to its maintenance. But

data security is only half of the job: ’data protection’,

as the abbreviation of the ’legal protection of personal

data’ is a more complex issue. Companies should un-

derstand compliance with data protection regulations

and utilize proper mechanisms. Since the GDPR it

has been a legal obligation to involve compliance pro-

fessionals in the development and implementation of

the ’data protection by design and by default’. The

ﬁrst step is to precisely deﬁne the complexity of the

data in processes: from a privacy point of view, it is

enough to have the chance to identify a natural person

from the data processed to get the whole system un-

der the scope of the GDPR. A thorough analysis may

lead to the redeﬁnition of the database structure by

creating its anonymized and/or pseudonymized parts.

As IT technology develops it allows more and better

automated individual decision-making which is not

ab ovo permitted by the law, more, they are not just

banned but even the lawful practices must satisfy the

Architectures of Contemporary Information Systems and Legal/Regulatory Environment

759

prescribed rights of the data subjects. The use of AI,

as a new, disruptive technology automatically leads us

to the inevitable task of data protection impact assess-

ment.

5 CONCLUSIONS

Enterprise Architecture is a multi-disciplinary ﬁeld

that is essential in today’s complex business environ-

ment. On one hand, businesses face constantly chang-

ing market conditions and interconnected processes,

and on the other hand, they need to adopt new tech-

nologies to stay competitive. Recently, computing has

evolved to incorporate modern AI algorithms, speciﬁ-

cally machine learning and soft computing. Research

on Enterprise Architecture should also focus on the

needs of MSMEs to identify cost-effective architec-

ture components and solutions that can provide AI-

related services to both their staff and partners. This

is because larger companies have the ﬁnancial re-

sources to embed computing solutions into their ser-

vices. From the legal point of view, we have to un-

derline that the involvement of legal professionals in

the developments in its very ﬁrst phase is crucial –

deﬁning data transfer interfaces, grouping data in line

with the regulatory needs, implementing the data pro-

tection by design and by default, etc. – not only be-

cause of the legal risks of the systems on market or in

use but also its unforeseeable effect on the growth of

the development costs and resource needs in its pre or

post-launch phase.

ACKNOWLEDGEMENTS

This research was supported the Thematic Excellence

Programme TKP2021-NVA-29 (National Challenges

Subprogramme) funding scheme, and by the COST

Action CA19130 - ”Fintech and Artiﬁcial Intelligence

in Finance Towards a Transparent Financial Industry”

(FinAI).

REFERENCES

Ashworth, C. M. (1988). Structured systems analysis and

design method (ssadm). Information and Software

Technology, 30(3):153–163.

Bakarich, K. M., Castonguay, J. J., and O’Brien, P. E.

(2020). The use of blockchains to enhance sustain-

ability reporting and assurance*. Accounting Perspec-

tives, 19(4):389–412.

Bondar, S., Hsu, J. C., Pfouga, A., and Stjepandi

c, J. (2017).

Agile digital transformation of system-of-systems ar-

chitecture models using zachman framework. Journal

of Industrial Information Integration, 7:33–43.

Brandon Atkinson, D. E. (2018). Generic Pipelines Us-

ing Docker: The DevOps Guide to Building Reusable,

Platform Agnostic CI/CD Frameworks. Apress.

Cardoso, J., Fromm, H., Nickel, S., Satzger, G., Studer, R.,

and Weinhardt, C. (2015). Service science: Research

and innovations in the service economy. In Weinhardt,

C., Fromm, H., Nickel, S., Satzger, G., and Studer, R.,

editors, Service Science: Research and Innovations

in the Service Economy, Springer eBook Collection.

Springer International Publishing, Cham, 1st ed. 2015

edition.

Chintale, P. (2023). DevOps Design Pattern. BPB Publica-

tions, Delhi, 1st ed. edition.

European-Parliament ”and” of the Council (2016). Regu-

lation (eu) 2016/679 of the european parliament and

of the council of 27 april 2016 on the protection of

natural persons with regard to the processing of per-

sonal data and on the free movement of such data, and

repealing directive 95/46/ec (general data protection

regulation). Regulation (eu), 679:2016. application

25 May 2018.

European-Parliament ”and” of the Council (2017). Proposal

for a Regulation of the European Parliament and of the

Council concerning the respect for private life and the

protection of personal data in electronic communica-

tions and repealing Directive 2002/58/EC (Regulation

on Privacy and Electronic Communications). applica-

tion = TBD, [Online; accessed 20. Feb. 2024].

European-Parliament ”and” of the Council (2019). Di-

rective - 2019/1024 - EN - psi directive - EUR-

LexDirective (EU) 2019/1024 of the European Parlia-

ment and of the Council of 20 June 2019 on open data

and the re-use of public sector information. applica-

tion 17 July 2021[Online; accessed 20. Feb. 2024].

European-Parliament ”and” of the Council (2021). Proposal

for a Regulation of the European Parliament and of the

Council laying down harmonised rules on artiﬁcial in-

telligence (Artiﬁcial Intelligence Act) and amending

certain union legislative acts. application = TBD, [On-

line; accessed 20. Feb. 2024].

European-Parliament ”and” of the Council (2022a). Pro-

posal for a Directive of the European Parliament and

of the Council on adapting non-contractual civil lia-

bility rules to artiﬁcial intelligence (AI Liability Di-

rective). application = TBD, [Online; accessed 20.

Feb. 2024].

European-Parliament ”and” of the Council (2022b). Regu-

lation - 2022/1925 - EN - EUR-Lex Regulation (EU)

2022/1925 of the European Parliament and of the

Council of 14 September 2022 on contestable and fair

markets in the digital sector and amending Directives

(EU) 2019/1937 and (EU) 2020/1828 (Digital Mar-

kets Act). application 2 May 2023, [Online; accessed

20. Feb. 2024].

European-Parliament ”and” of the Council (2022c). Regu-

lation - 2022/2065 - EN - DSA - EUR-LexRegulation

(EU) 2022/2065 of the European Parliament and of

SEC-SCIS 2024 - Special Session on Soft Computing in Ethicity and Smart Cities Services

760

the Council of 19 October 2022 on a Single Mar-

ket For Digital Services and amending Directive

2000/31/EC (Digital Services Act). application 2

February 2024, [Online; accessed 20. Feb. 2024].

European-Parliament ”and” of the Council (2022d). Regu-

lation (EU) 2022/868 of the European Parliament and

of the Council of 30 May 2022 on European data gov-

ernance and amending Regulation (EU) 2018/1724

(Data Governance Act). application 24 September

2023, [Online; accessed 20. Feb. 2024].

European-Parliament ”and” of the Council (2023). Reg-

ulation (EU) 2023/2854 of the European Parliament

and of the Council of 13 December 2023 on har-

monised rules on fair access to and use of data and

amending Regulation (EU) 2017/2394 and Directive

(EU) 2020/1828 (Data Act). application 12 Septem-

ber 2025, [Online; accessed 20. Feb. 2024].

Expert, P. (2024). 20 Tech Experts On The Tools And

Trends That Will Dominate 2024. Forbes.

Gartner (2024). Gartner Identiﬁes the Top 10 Strategic

Technology Trends for 2024. [Online; accessed 15.

Jan. 2024].

Gewertz, M. (2016). Deﬁning Enterprise: A Systems View

of Capability Management. Marc H. Gewertz.

Hering, M. (2018). DevOps for the Modern Enterprise:

Winning Practices to Transform Legacy IT Organiza-

tions. IT Revolution Press.

ISO (2011). Systems and software engineering – Architec-

ture description. ISO, Geneva. Includes bibliographi-

cal references (pages 35-37).

Jain, G., Paul, J., and Shrivastava, A. (2021). Hyper-

personalization, co-creation, digital clienteling and

transformation. Journal of Business Research,

124:12–23.

Josey, A. (2016). Togaf

 Version 9.1-a Pocket Guide. Van

Haren.

Josey, A. (2017). ArchiMate

 3.0. 1-A pocket guide. Van

Haren.

Kipling, R. (1998). Just so Stories for Little Children. Ox-

ford Paperbacks.

Lapalme, J. (2012). Three schools of thought on enterprise

architecture. IT Professional, 14(6):37–43.

Ma, C., Moln

ar, B., Tarcsi, A., and Bencz

ur, Andr

as,

i. (2022). Knowledge Enriched Schema Match-

ing Framework for Heterogeneous Data Integration.

IEEE.

Maglio, P. P., Kieliszewski, C. A., Spohrer, J. C., Lyons, K.,

Patr

ıcio, L., and Sawatani, Y., editors (2019). Hand-

book of Service Science, Volume II, volume Volume

2 of Service science: research and innovations in the

service economy. Springer International Publishing,

Cham, Switzerland. Enth

alt zahlreiche Beitr

age.

Mattyasovszky-Philipp, D. and Moln

ar, B. (2023). Cogni-

tive information systems and related architecture is-

sues. Acta Polytechnica Hungarica, 20(5):91–108.

Meertens, L. O., Iacob, M. E., Nieuwenhuis, L. J. M., van

Sinderen, M. J., Jonkers, H., and Quartel, D. (2012).

Mapping the business model canvas to archimate. In

Proceedings of the 27th Annual ACM Symposium on

Applied Computing, SAC 2012. ACM.

Moln

ar, B. and

Ori, D. (2018). Towards a hypergraph-based

formalism for enterprise architecture representation to

lead digital transformation. In European Conference

on Advances in Databases and Information Systems,

pages 364–376. Springer.

Moln

ar, B., Pisoni, G., and Tarcsi,

A. (2020). Data lakes for

insurance industry: Exploring challenges and oppor-

tunities for customer behaviour analytics, risk assess-

ment, and industry adoption. In Proceedings of the

17th International Conference on e-Business, ICE-B

2020.

Moln

ar, B. and Bencz

ur, A. (2022). The application of di-

rected hyper-graphs for analysis of models of infor-

mation systems. Mathematics, 10(5):759.

Murat Erder, Pierre Pureur, E. W. (2021). Continuous Ar-

chitecture in Practice: Software Architecture in the

Age of Agility and DevOps (Addison-Wesley Signature

Series (Vernon)). Addison-Wesley Professional, 1 edi-

tion.

Neuwirth, R. J. (2022). The EU Artiﬁcial Intelligence Act:

Regulating Subliminal AI Systems. Routledge Re-

search in the Law of Emerging Technologies. Rout-

ledge.

Nikolinakos, N. T. (2023). EU policy and legal framework

for artiﬁcial intelligence, robotics and related tech-

nologies. Number volume 53 in Law, governance and

technology series. Springer, Cham.

Ori, D. and Moln

ar, B. (2018). A hypergraph based for-

mal description technique for enterprise architecture

representation. In 2018 7th International Congress on

Advanced Applied Informatics (IIAI-AAI), pages 799–

804. IEEE.

Osterwalder, A. and Pigneur, Y. (2010). Business model

generation: a handbook for visionaries, game chang-

ers, and challengers, volume 1. John Wiley & Sons.

Pisoni, G., Moln

ar, B., and

am Tarcsi (2021). Data sci-

ence for ﬁnance: best-suited methods and enterprise

architectures. Applied System Innovation, 4(3):69.

Scimago Q2,Journal Ranking: Scopus CiteScore rank

2020 No.279 Applied System Innovation 1.9; 49th

percentile;2.474,32/91 (Q2), Engineering, Multidisci-

plinary.

Sovrano, F., Sapienza, S., Palmirani, M., and Vitali, F.

(2022). Metrics, explainability and the european ai

act proposal. J, 5(1):126–138.

Voigt, P. and von dem Bussche, A. (2017). The EU General

Data Protection Regulation (GDPR). Springer Inter-

national Publishing.

White, S. A. and Miers, D. (2008). BPMN modeling and ref-

erence guide. Future Strategies Inc., Lighthouse Point,

Fla.

Zachman, J. A. (1987). A framework for information sys-

tems architecture. IBM systems journal, 26:276–292.

ZachmanInternational (2024). Home. [Online; accessed 4.

Feb. 2024].

Architectures of Contemporary Information Systems and Legal/Regulatory Environment

761