pith. machine review for the scientific record. sign in

arxiv: 2602.19360 · v2 · submitted 2026-02-22 · 💻 cs.SE

Recognition: no theorem link

Compliance Management for Federated Data Processing

Natallia Kokash , Adam Belloum , Paola Grosso
Authors on Pith no claims yet

Pith reviewed 2026-05-15 20:02 UTC · model grok-4.3

classification 💻 cs.SE
keywords federated data processingcompliance managementpolicy-as-codeLLM-assisted translationmachine-actionable policiesworkflow orchestrationregulatory requirementsdata privacy
0
0 comments X

The pith

Legal and organizational requirements can be collected and translated into machine-actionable policies for federated data processing networks via a prototype framework.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents a framework for compliance-aware federated data processing that integrates policy-as-code, workflow orchestration, and large language model assistance. Through an implemented prototype, it shows how requirements can be collected and converted into enforceable policies across organizational boundaries without centralizing raw datasets. This targets a practical barrier to FDP adoption by automating compliance handling for heterogeneous policies and long-running workflows. A sympathetic reader would see value in enabling secure collaborative analysis of sensitive data while meeting regulatory demands. The approach focuses on making policies machine-actionable to support real-world use cases.

Core claim

The paper claims that through the implemented prototype, legal and organizational requirements can be collected and translated into machine-actionable policies in FDP networks by integrating policy-as-code, workflow orchestration, and LLM-assisted compliance management.

What carries the argument

The compliance-aware FDP framework, which uses policy-as-code to encode rules, workflow orchestration to manage processes across boundaries, and LLM assistance to translate requirements into enforceable policies.

If this is right

  • Collaborative analysis of sensitive data across organizations becomes possible without moving raw datasets.
  • Heterogeneous access policies and regulatory requirements can be managed more consistently in FDP networks.
  • Long-running workflows gain integrated compliance checks that adapt to organizational boundaries.
  • Real-world FDP adoption increases by reducing manual effort in policy creation and enforcement.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the prototype generalizes, similar frameworks could extend to other distributed systems handling regulated data like medical records or financial transactions.
  • The method opens a path to automated policy updates when regulations change, reducing lag in compliance for dynamic networks.
  • Integration with existing orchestration tools might allow compliance to be verified continuously rather than at workflow start.

Load-bearing premise

LLM-assisted translation of complex legal and organizational requirements produces accurate machine-actionable policies without substantial human correction or errors in real FDP settings.

What would settle it

Testing the prototype on actual multi-organization legal texts and finding frequent inaccuracies or incomplete policies that require major manual fixes would show the translation step does not hold.

read the original abstract

Federated data processing (FDP) offers a promising approach for enabling collaborative analysis of sensitive data without centralizing raw datasets. However, real-world adoption remains limited due to the complexity of managing heterogeneous access policies, regulatory requirements, and long-running workflows across organizational boundaries. In this paper, we present a framework for compliance-aware FDP that integrates policy-as-code, workflow orchestration, and large language model (LLM)-assisted compliance management. Through the implemented prototype, we show how legal and organizational requirements can be collected and translated into machine-actionable policies in FDP networks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The manuscript presents a framework for compliance-aware federated data processing (FDP) that integrates policy-as-code, workflow orchestration, and LLM-assisted compliance management. The central claim is that an implemented prototype demonstrates how legal and organizational requirements can be collected and translated into machine-actionable policies across FDP networks.

Significance. If the LLM-assisted translation component can be shown to produce reliable policies, the framework would address a significant practical barrier to FDP adoption by automating compliance handling for heterogeneous requirements and long-running workflows. This could enable more widespread collaborative analysis of sensitive data without centralization.

major comments (1)
  1. [Abstract] Abstract: The prototype is presented as evidence that requirements 'can be collected and translated' into machine-actionable policies, yet the description provides no quantitative accuracy metrics, error rates, human-expert validation results, or baseline comparisons for the LLM translation step. Without such evidence, the effectiveness claim for real FDP settings remains unsupported.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the detailed and constructive review. We agree that the current manuscript lacks quantitative evidence for the LLM-assisted translation step and will strengthen the paper with an evaluation section in the revision.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The prototype is presented as evidence that requirements 'can be collected and translated' into machine-actionable policies, yet the description provides no quantitative accuracy metrics, error rates, human-expert validation results, or baseline comparisons for the LLM translation step. Without such evidence, the effectiveness claim for real FDP settings remains unsupported.

    Authors: We accept this criticism. The prototype demonstrates end-to-end feasibility of collecting requirements and emitting policy-as-code artifacts, but the manuscript does not report accuracy, error rates, or expert validation for the LLM translation component. In the revised manuscript we will add a new evaluation subsection that measures translation accuracy against a ground-truth set of legal requirements, reports error categories, and includes a baseline comparison with rule-based or human-written policies. We will also update the abstract to reflect the scope of the empirical claims more precisely. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected in derivation chain

full rationale

The paper presents an engineering framework and prototype for compliance management in federated data processing, integrating policy-as-code, orchestration, and LLM assistance. The central claim is that the implemented prototype demonstrates collection and translation of legal/organizational requirements into machine-actionable policies. No equations, first-principles derivations, fitted parameters, or predictions appear in the provided abstract or described content. No self-citations, uniqueness theorems, or ansatzes are invoked in a load-bearing way. The argument rests on prototype implementation rather than any reduction of outputs to inputs by construction. This matches the default expectation for non-circular papers; the reader's score of 1.0 is consistent with the absence of any of the enumerated circularity patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The framework rests on the domain assumption that heterogeneous legal requirements can be reliably collected and encoded as machine-actionable policies with LLM assistance; no free parameters or invented entities are specified in the abstract.

axioms (1)
  • domain assumption Legal and organizational requirements can be collected and translated into machine-actionable policies using LLMs and policy-as-code.
    This underpins the entire compliance management approach described in the abstract.

pith-pipeline@v0.9.0 · 5381 in / 1222 out tokens · 46334 ms · 2026-05-15T20:02:05.800226+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

70 extracted references · 70 canonical work pages · 1 internal anchor

  1. [1]

    In: Haverkort BR, de Jongste A, van Kuilenburg P, et al (eds) Commit2Data, Open Access Series in Informatics (OASIcs), vol 124

    Alsayed Kassem J, Allaart C, Amiri S, et al (2024) Building a Digital Health Twin for Personalized Intervention: The EPI Project. In: Haverkort BR, de Jongste A, van Kuilenburg P, et al (eds) Commit2Data, Open Access Series in Informatics (OASIcs), vol 124. Schloss Dagstuhl – Leibniz-Zentrum f¨ ur Informatik, Dagstuhl, Germany, pp 2:1–2:18, https://doi.or...

    work page doi:10.4230/oasics.commit2data.2 2024

  2. [2]

    https://www.altair

    Altair Engineering (2003) Portable Batch System (PBS). https://www.altair. com/pbs-professional/, accessed: 2025-04-11

    work page 2003

  3. [3]

    arXiv preprint URL https://doi.org/10

    Alves S, Igl´ esias J (2021) A graphical framework for the category-based meta- model for access control and obligations. arXiv preprint URL https://doi.org/10. 48550/arXiv.2111.00588

    work page arXiv 2021

  4. [4]

    Computers 13(12):311

    Al-Kharusi Y, Khan A, Rizwan M, et al (2024) Open-Source Artificial Intelligence Privacy and Security: A Review. Computers 13(12):311. https://doi.org/10.3390/ computers13120311

    work page 2024

  5. [5]

    https://airflow.apache.org/, accessed: 2025-04-11

    Apache Software Foundation (2015) Apache Airflow. https://airflow.apache.org/, accessed: 2025-04-11

    work page 2015

  6. [6]

    URL https://arxiv.org/abs/2508

    Beauchemin D, Albert-Rochette M, Khoury R, et al (2025) Judgebert: Assessing legal meaning preservation between sentences. URL https://arxiv.org/abs/2508. 16870, 2508.16870

    work page arXiv 2025

  7. [7]

    Journal of Computer Security 8:309 – 353

    Bertino E, Bonatti PA, Ferrari E, et al (2000) Temporal authorization bases: From specification to integration. Journal of Computer Security 8:309 – 353. URL https://api.semanticscholar.org/CorpusID:21118749

    work page 2000

  8. [8]

    International Journal of Science and Research (IJSR) 13:910–913

    Bhatkar P (2024) AI in Regulatory Compliance: Revolutionizing Training with Fine - Tuned Language Models for Banking and Payment Systems. International Journal of Science and Research (IJSR) 13:910–913. https://doi.org/10.21275/ SR24812093543

    work page 2024

  9. [9]

    In: Proceedings of the 19th ACM 27 SIGPLAN International Conference on Generative Programming: Concepts and Experiences

    van Binsbergen LT, Liu LC, van Doesburg R, et al (2020) eflint: a domain-specific language for executable norm specifications. In: Proceedings of the 19th ACM 27 SIGPLAN International Conference on Generative Programming: Concepts and Experiences. Association for Computing Machinery, New York, NY, USA, GPCE 2020, p 124–136, https://doi.org/10.1145/3425898.3426958

    work page doi:10.1145/3425898.3426958 2020

  10. [10]

    IEEE Transactions on Software Engineering 34(1):5–20

    Breaux T, Ant´ on A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Transactions on Software Engineering 34(1):5–20. https:// doi.org/10.1109/TSE.2007.70746

    work page doi:10.1109/tse.2007.70746 2008

  11. [11]

    International Journal of Medical Informatics 112:59–67

    Brisimi TS, Chen R, Mela T, et al (2018) Federated learning of predictive mod- els from federated electronic health records. International Journal of Medical Informatics 112:59–67. https://doi.org/10.1016/j.ijmedinf.2018.01.007

    work page doi:10.1016/j.ijmedinf.2018.01.007 2018

  12. [12]

    Proceed- ings of the IEEE 106(4):689–712

    Calvanese D, et al (2018) Ontology-based data access and integration. Proceed- ings of the IEEE 106(4):689–712. https://doi.org/10.1109/JPROC.2018.2806570

    work page doi:10.1109/jproc.2018.2806570 2018

  13. [13]

    https://doi.org/10.1007/ 978-3-031-78841-3 2, URL https://doi.org/10.1007/978-3-031-78841-3 2

    Cremonesi F, Vesin M, Cansiz S, et al (2025) Fed-BioMed: Open, Trans- parent and Trusted Federated Learning for Real-world Healthcare Applica- tions, Springer Nature Switzerland, Cham, pp 19–41. https://doi.org/10.1007/ 978-3-031-78841-3 2, URL https://doi.org/10.1007/978-3-031-78841-3 2

    work page doi:10.1007/978-3-031-78841-3 2025

  14. [14]

    Philosophy Compass 11(10):554–569

    d’Almeida LD (2016) Fundamental legal concepts: The Hohfeldian framework. Philosophy Compass 11(10):554–569. https://doi.org/10.1111/phc3.12352

    work page doi:10.1111/phc3.12352 2016

  15. [15]

    Journal of Neuro- surgery 130(4):1065–1076

    Dewan MC, Rattani A, Mekary R, et al (2018) Global hydrocephalus epidemi- ology and incidence: systematic review and meta-analysis. Journal of Neuro- surgery 130(4):1065–1076. https://doi.org/10.3171/2018.1.JNS17281, URL https: //pubmed.ncbi.nlm.nih.gov/29701543/

    work page doi:10.3171/2018.1.jns17281 2018

  16. [16]

    Nature Biotechnology 35(4):316–319

    Di Tommaso P, et al (2017) Nextflow enables reproducible computational work- flows. Nature Biotechnology 35(4):316–319. URL https://pubmed.ncbi.nlm.nih. gov/28398311/

    work page arXiv 2017

  17. [17]

    https://www

    DLA Piper (2025) Data protection laws of the world. https://www. dlapiperdataprotection.com/, accessed: 2026-01-12

    work page 2025

  18. [18]

    Esterhuyse CA, M¨ uller T, van Binsbergen LT (2024) Justact: Actions univer- sally justified by partial dynamic policies. In: Castiglioni V, Francalanza A (eds) Formal Techniques for Distributed Objects, Components, and Systems – 44th IFIP WG 6.1 International Conference, FORTE 2024, Lecture Notes in Computer Science, vol 14678. Springer, pp 60–81, https:...

    work page 2024

  19. [19]

    arXiv preprint arXiv:250200138 URL https://arxiv.org/abs/2502.00138

    Esterhuyse CA, M¨ uller T, van Binsbergen LT (2025) Justact+: Justified and accountable actions in policy-regulated, multi-domain data processing. arXiv preprint arXiv:250200138 URL https://arxiv.org/abs/2502.00138

    work page arXiv 2025

  20. [20]

    arXiv preprint arXiv:240419744 URL https://arxiv.org/abs/2404.19744

    Garza L, Elluri L, Kotal A, et al (2024) PrivComp-KG: Leveraging Knowledge Graph and Large Language Models for Privacy Policy Compliance Verification. arXiv preprint arXiv:240419744 URL https://arxiv.org/abs/2404.19744

    work page arXiv 2024

  21. [21]

    Differentially Private Federated Learning: A Client Level Perspective

    Geyer RC, Klein T, Nabi M (2017) Differentially Private Federated Learning: A Client Level Perspective. In: Proceedings of the NIPS Workshop on Machine Learning on the Phone and other Consumer Devices, Long Beach, CA, USA, URL https://arxiv.org/abs/1712.07557

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  22. [22]

    Google Cloud Composer (2018) https://cloud.google.com/composer, accessed: 2025-04-11 28

    work page 2018

  23. [23]

    arXiv preprint https://doi.org/10.48550/ arXiv.2303.16688, shows formal verification techniques for access control policies via model checking

    Gouglidis A, Kagia A, Hu VC (2023) Model Checking Access Control Policies: A Case Study using Google Cloud IAM. arXiv preprint https://doi.org/10.48550/ arXiv.2303.16688, shows formal verification techniques for access control policies via model checking

    work page arXiv 2023

  24. [24]

    URL https://arxiv.org/abs/2411

    Han Y, Guo Z (2024) Regulator-manufacturer ai agents modeling: Mathemati- cal feedback-driven multi-agent llm framework. URL https://arxiv.org/abs/2411. 15356, 2411.15356

    work page arXiv 2024

  25. [25]

    In: Proceedings of the 32nd IEEE International Require- ments Engineering Conference (RE)

    Hassani S (2024) Enhancing legal compliance and regulation analysis with large language models. In: Proceedings of the 32nd IEEE International Require- ments Engineering Conference (RE). IEEE, pp 507–511, https://doi.org/10.1109/ re59067.2024.00065, URL https://arxiv.org/abs/2404.17522

    work page arXiv 2024

  26. [26]

    URL https://arxiv.org/ abs/2404.14356, 2404.14356

    Hassani S, Sabetzadeh M, Amyot D, et al (2024) Rethinking legal compliance automation: Opportunities with large language models. URL https://arxiv.org/ abs/2404.14356, 2404.14356

    work page arXiv 2024

  27. [27]

    Hu VC, Ferraiolo D, Kuhn R (2015) Guide to Attribute Based Access Control (ABAC) Definition and Considerations. Tech. Rep. SP 800-162, NIST, URL https: //nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-162.pdf

    work page 2015

  28. [28]

    https://iapp.org/resources/, accessed: 2026-01-12

    International Association of Privacy Professionals (2025) IAPP Resources and Tools. https://iapp.org/resources/, accessed: 2026-01-12

    work page 2025

  29. [29]

    Guideline document, URL https://database.ich.org/ sites/default/files/ICH E6%28R3%29 Step4 FinalGuideline 2025 0106.pdf

    International Council for Harmonisation of Technical Requirements for Phar- maceuticals for Human Use (ICH) (2025) ICH Harmonised Guideline: Good Clinical Practice E6(R3). Guideline document, URL https://database.ich.org/ sites/default/files/ICH E6%28R3%29 Step4 FinalGuideline 2025 0106.pdf

    work page 2025

  30. [30]

    Computers & Security 46:154–172

    Jha S, Sural S, Vaidya J, et al (2014) Security analysis of temporal RBAC under an administrative model. Computers & Security 46:154–172. URL https://www. sciencedirect.com/science/article/pii/S0167404814001217

    work page 2014

  31. [31]

    Nature Machine Intelligence 2(6):305–311

    Kaissis G, Makowski MR, R¨ uckert D, et al (2020) Secure, privacy-preserving and federated machine learning in medical imaging. Nature Machine Intelligence 2(6):305–311. https://doi.org/10.1038/s42256-020-0186-1

    work page doi:10.1038/s42256-020-0186-1 2020

  32. [32]

    URL https://arxiv.org/abs/ 2402.01717, 2402.01717

    Kim J, Min M (2024) From RAG to QA-RAG: Integrating Generative AI for Pharmaceutical Regulatory Compliance Process. URL https://arxiv.org/abs/ 2402.01717, 2402.01717

    work page arXiv 2024

  33. [33]

    https://github.com/albatros13/policy-reasoner, accessed: 2026-01-12

    Kokash N (2024) Policy reasoner: A tool for reasoning about policies (with opa support). https://github.com/albatros13/policy-reasoner, accessed: 2026-01-12

    work page 2024

  34. [34]

    https://github.com/ albatros13/braneHub, accessed 2026-01-19

    Kokash N (2026) BraneHub: A proof-of-concept web platform to set up fed- erated data processing projects and create access policies. https://github.com/ albatros13/braneHub, accessed 2026-01-19

    work page 2026

  35. [35]

    arXiv preprint arXiv:2505.20020

    Kokash N, Wang L, Gillespie TH, et al (2025) Ontology- and LLM-based data har- monization for federated learning in healthcare. arXiv preprint arXiv:2505.20020. https://doi.org/10.48550/arXiv.2505.20020, arXiv:2505.20020 [cs.LG]

    work page doi:10.48550/arxiv.2505.20020 2025

  36. [36]

    Bioinformatics 28(19):2520–2522

    K¨ oster J, Rahmann S (2012) Snakemake—a scalable bioinformatics work- flow engine. Bioinformatics 28(19):2520–2522. URL https://academic.oup.com/ bioinformatics/article/28/19/2520/290322

    work page 2012

  37. [37]

    arXiv preprint 29 arXiv:210709605 URL https://arxiv.org/abs/2107.09605

    Kurtz A, Yao Y, Rieke Nea (2021) Federated learning with nvidia clara: Improv- ing breast cancer diagnosis while preserving patient privacy. arXiv preprint 29 arXiv:210709605 URL https://arxiv.org/abs/2107.09605

    work page arXiv 2021

  38. [38]

    In: Proceed- ings of the 21st ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pp 233–246, https://doi.org/10.1145/543613.543644

    Lenzerini M (2002) Data Integration: A Theoretical Perspective. In: Proceed- ings of the 21st ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pp 233–246, https://doi.org/10.1145/543613.543644

    work page doi:10.1145/543613.543644 2002

  39. [39]

    Future Internet 17(3):100

    Li J, Maiti A (2025) Applying Large Language Model Analysis and Backend Web Services in Regulatory Technologies for Continuous Compliance Checks. Future Internet 17(3):100. https://doi.org/10.3390/fi17030100, URL https://doi.org/10. 3390/fi17030100

    work page doi:10.3390/fi17030100 2025

  40. [40]

    Cyberpsychology: Journal of Psychosocial Research on Cyberspace 16(4)

    Lim S, Shim H (2022) No secrets between the two of us: Privacy concerns over using ai agents. Cyberpsychology: Journal of Psychosocial Research on Cyberspace 16(4). https://doi.org/10.5817/CP2022-4-3

    work page doi:10.5817/cp2022-4-3 2022

  41. [41]

    Frontiers of Computer Science 18(1):181336

    Liu F, Zheng Z, Shi Y, et al (2024) A Survey on Federated Learning: A Perspec- tive from Multi-Party Computation. Frontiers of Computer Science 18(1):181336. https://doi.org/10.1007/s11704-023-3319-5

    work page doi:10.1007/s11704-023-3319-5 2024

  42. [42]

    In: Fundamental Approaches to Software Engineer- ing: 23rd International Conference, FASE 2020, Proceedings, Lecture Notes in Computer Science, vol 12076

    L´ opez HA, Debois S, Slaats T, et al (2020) Business process compliance using reference models of law. In: Fundamental Approaches to Software Engineer- ing: 23rd International Conference, FASE 2020, Proceedings, Lecture Notes in Computer Science, vol 12076. Springer, Cham, Cham, Switzerland, p 378–399, https://doi.org/10.1007/978-3-030-45234-6 19

    work page doi:10.1007/978-3-030-45234-6 2020

  43. [43]

    URL https://arxiv.org/abs/2512

    Ma Z, Wen C, Su Z, et al (2025) Bridging Natural Language and Formal Specification–Automated Translation of Software Requirements to LTL via Hier- archical Semantics Decomposition Using LLMs. URL https://arxiv.org/abs/2512. 17334, 2512.17334

    work page arXiv 2025

  44. [44]

    In: 2020 IEEE Symposium on Security and Privacy (SP), IEEE, pp 791–809, https://doi.org/10.1109/SP40000.2020.00076

    Matte C, Bielova N, Santos C (2020) Do cookie banners respect my choice? mea- suring legal compliance of banners from IAB Europe’s transparency and consent framework. In: 2020 IEEE Symposium on Security and Privacy (SP), IEEE, pp 791–809, https://doi.org/10.1109/SP40000.2020.00076

    work page doi:10.1109/sp40000.2020.00076 2020

  45. [45]

    https://azure.microsoft.com/ products/logic-apps, accessed: 2025-04-11

    Microsoft Azure (2016) Azure Logic Apps. https://azure.microsoft.com/ products/logic-apps, accessed: 2025-04-11

    work page 2016

  46. [46]

    The VLDB Journal 29(5):907–933

    Naeem MA, d’Orazio L, Pinet F, et al (2020) Federated query processing in large- scale distributed data management: A survey. The VLDB Journal 29(5):907–933. https://doi.org/10.1007/s00778-020-00616-9

    work page doi:10.1007/s00778-020-00616-9 2020

  47. [47]

    arXiv preprint arXiv:250805192 URL https://arxiv.org/abs/2508.05192, accepted for MODELS’25

    Neubauer F, et al (2025) AI-assisted JSON Schema Creation and Mapping. arXiv preprint arXiv:250805192 URL https://arxiv.org/abs/2508.05192, accepted for MODELS’25

    work page arXiv 2025

  48. [48]

    https://www.dataguidance.com/, accessed: 2026-01-12

    OneTrust DataGuidance (2025) Dataguidance: Global privacy and data protec- tion research platform. https://www.dataguidance.com/, accessed: 2026-01-12

    work page 2025

  49. [49]

    https://play.openpolicyagent.org/, accessed: 2026-01-22

    Open Policy Agent (2018) Rego Playground. https://play.openpolicyagent.org/, accessed: 2026-01-22

    work page 2018

  50. [50]

    https://github.com/open-policy-agent/regal, URL https://github.com/ open-policy-agent/regal

    Open Policy Agent (2025) Regal: A linter and language server for rego. https://github.com/open-policy-agent/regal, URL https://github.com/ open-policy-agent/regal

    work page 2025

  51. [51]

    https://www.openapis

    OpenAPI Initiative (2025) Arazzo specification v1.0.1. https://www.openapis. org/arazzo-specification, accessed: 2026-01-19 30

    work page 2025

  52. [52]

    Open Policy Agent, URL https: //www.openpolicyagent.org/projects/regal/language-server

    Project OPA (2025) Regal Language Server. Open Policy Agent, URL https: //www.openpolicyagent.org/projects/regal/language-server

    work page 2025

  53. [53]

    Journal of the Ameri- can Medical Informatics Association 29(12):2144–2155

    Quinn TP, Nguyen D, Huang J, et al (2022) Federated learning in digital health: Systematic review and taxonomy of implementations. Journal of the Ameri- can Medical Informatics Association 29(12):2144–2155. https://doi.org/10.1093/ jamia/ocac166

    work page 2022

  54. [54]

    Ramezani E, Fahland D, van der Aalst WMP (2014) Supporting domain experts to select and configure precise compliance rules. In: Business Process Manage- ment Workshops: BPM 2013 International Workshops, Beijing, China, August 26, 2013, Revised Papers, Lecture Notes in Business Information Processing, vol

    work page 2014

  55. [55]

    Springer, pp 498–512, https://doi.org/10.1007/978-3-319-06257-0 39

    work page doi:10.1007/978-3-319-06257-0

  56. [56]

    NPJ Digital Medicine 3(1):119

    Rieke N, Hancox J, Li W, et al (2020) The future of digital health with federated learning. NPJ Digital Medicine 3(1):119. https://doi.org/10.1038/ s41746-020-00323-1

    work page 2020

  57. [57]

    IEEE Computer 29(2):38–47

    Sandhu RS, Coyne EJ, Feinstein HL, et al (1996) Role-based access control models. IEEE Computer 29(2):38–47. https://doi.org/10.1109/2.485845

    work page doi:10.1109/2.485845 1996

  58. [58]

    In: Daniel F, Facca FM (eds) Cur- rent Trends in Web Engineering

    Schumm D, Turetken O, Kokash N, et al (2010) Business process compliance through reusable units of compliant processes. In: Daniel F, Facca FM (eds) Cur- rent Trends in Web Engineering. Springer Berlin Heidelberg, Berlin, Heidelberg, pp 325–337, URL https://doi.org/10.1007/978-3-642-16985-4 29

    work page doi:10.1007/978-3-642-16985-4 2010

  59. [59]

    In: Proceed- ings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp 1310–1321, https://doi.org/10.1145/2810103.2813687

    Shokri R, Shmatikov V (2015) Privacy-preserving deep learning. In: Proceed- ings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp 1310–1321, https://doi.org/10.1145/2810103.2813687

    work page doi:10.1145/2810103.2813687 2015

  60. [60]

    MIT Computational Law Report, URL https://law.mit.edu/pub/thedawnofaneweraofcompliance/release/1

    Sobkowski M, Karapetyan G (2024) The dawn of a new era of compliance: Auto- mated compliance verification and enforcement. MIT Computational Law Report, URL https://law.mit.edu/pub/thedawnofaneweraofcompliance/release/1

    work page 2024

  61. [61]

    https: //github.com/spotify/luigi, accessed: 2025-04-11

    Spotify (2015) Luigi: A Python Package for Building Complex Pipelines. https: //github.com/spotify/luigi, accessed: 2025-04-11

    work page 2015

  62. [62]

    In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security (AISec ’19)

    Truex S, Baracaldo N, Anwar A, et al (2019) A hybrid approach to privacy- preserving federated learning. In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security (AISec ’19). Association for Comput- ing Machinery, New York, NY, USA, pp 1–11, https://doi.org/10.1145/3338501. 3357370

    work page doi:10.1145/3338501 2019

  63. [63]

    In: 2021 IEEE 17th International Confer- ence on eScience (eScience), pp 277–282, https://doi.org/10.1109/eScience51609

    Valkering O, Cushing R, Belloum A (2021) Brane: A framework for programmable orchestration of multi-site applications. In: 2021 IEEE 17th International Confer- ence on eScience (eScience), pp 277–282, https://doi.org/10.1109/eScience51609. 2021.00056

    work page doi:10.1109/escience51609 2021

  64. [64]

    Procedia Computer Science 198:140–147

    van Binsbergen LT, Kebede MG, Baugh J, et al (2022) Dynamic gen- eration of access control policies from social policies. Procedia Computer Science 198:140–147. URL https://www.sciencedirect.com/science/article/pii/ S1877050921024601

    work page 2022

  65. [65]

    Medical Principles and Practice 30(1):17–28

    Varkey B (2021) Principles of clinical ethics and their application to practice. Medical Principles and Practice 30(1):17–28. https://doi.org/10.1159/000509119

    work page doi:10.1159/000509119 2021

  66. [66]

    JAMA 31 323(9):844–853

    Wouters OJ, McKee M, Luyten J (2020) Estimated research and develop- ment investment needed to bring a new medicine to market, 2009–2018. JAMA 31 323(9):844–853. https://doi.org/10.1001/jama.2020.1166

    work page doi:10.1001/jama.2020.1166 2020

  67. [67]

    arXiv https://doi.org/10.48550/arXiv.2509.19218

    Xu Y, Ding Y, Sun H, et al (2025) HyKid: An Open MRI Dataset with Expert- Annotated Multi-Structure and Choroid Plexus in Pediatric Hydrocephalus. arXiv https://doi.org/10.48550/arXiv.2509.19218

    work page doi:10.48550/arxiv.2509.19218 2025

  68. [68]

    Job Scheduling Strategies for Parallel Processing pp 44–60

    Yoo AB, Jette MA, Grondona M (2003) SLURM: Simple Linux Utility for Resource Management. Job Scheduling Strategies for Parallel Processing pp 44–60. https://doi.org/10.1007/10968987 3

    work page doi:10.1007/10968987 2003

  69. [69]

    Software 2(1):71–120

    Zasada A, Hashmi M, Fellmann M, et al (2023) Evaluation of Compliance Rule Languages for Modelling Regulatory Compliance Requirements. Software 2(1):71–120. https://doi.org/10.3390/software2010004

    work page doi:10.3390/software2010004 2023

  70. [70]

    IEEE Internet of Things Journal 9(15):13740–13754

    Zhuang W, Gan X, Wen Y, et al (2022) EasyFL: A Low-Code Federated Learn- ing Platform for Dummies. IEEE Internet of Things Journal 9(15):13740–13754. https://doi.org/10.1109/JIOT.2022.3143842 32

    work page doi:10.1109/jiot.2022.3143842 2022