Integrating Legal Considerations into Model-Based
Cyber-Physical-Systems Development
Katharina Polanec
1 a
, Dominik Vereno
1 b
, Erich Fritzenwallner
and Christian Neureiter
1 c
Josef Ressel Centre for Dependable System-of-Systems Engineering, Salzburg University of Applied Sciences,
Urstein Sued 1, A-5412 Puch, Austria
ChargePoint Austria GmbH, Salzburger Straße 26, A-5550 Radstadt, Austria
{firstname.lastname}, {firstname.lastname}
Model-Based Systems Engineering, SGAM, Compliance by Design, Cyber-Physical Systems.
Developing complex cyber-physical systems (CPS) demands a variety of disciplines like engineering, software
development, economics and legislation to effectively communicate with each other. Enabling this interdisci-
plinary communication is a challenge that can be tackled with the use of a model-based systems engineering
approach in combination with domain-specific modeling languages. In domain-specific modeling frameworks
that implement these approaches, however, research reveals an oversight: an insufficient consideration of leg-
islation disciplines. Since regulations have a significant impact on CPS, omitting their incorporation early on
during development can significantly delay deployment and lead to exponentially rising development costs.
This position paper advocates for a compliance-by-design approach through the early integration of legal
requirements into domain-specific architecture frameworks. By bridging the gap between technical and leg-
islative disciplines, the interdisciplinary development of CPS is enhanced, not only ensuring the technical
robustness of the systems but also regulatory compliance. This results in mitigating development risks, espe-
cially avoiding pitfalls of costly adaptions to the system due to late-stage integration of legal considerations.
Dependability in the landscape of complex cyber-
physical systems (CPS), has emerged as a challenge.
Dependable systems, by definition, must be reli-
able, available, maintainable, safe, and secure (La-
prie, 1995). When developing these systems, multi-
ple disciplines such as engineering, software devel-
opment, design, legislation, and management are in-
volved. For the successful realization of CPS not
only effective communication among these fields but
also managing the system’s complexity is crucial. A
methodology that proved valuable for this purpose is
model-based systems engineering (MBSE) (INCOSE
Technical Operations, 2007). Using models as key
artifacts, not only the complexity of systems can be
mastered; by storing the models in repositories acces-
sible to everyone involved, also a consistent source
of truth is enabled. For effective communication
between stakeholders from different fields so-called
domain-specific languages (DSLs) are used as mod-
eling languages for MBSE-based approaches. These
languages are tailored to a specific domain so that
they can be understood intuitively by all involved par-
ties, leading to effective interdisciplinary collabora-
tions (Fowler, 2010).
A well-known example of such dependable, com-
plex CPS are power grids intertwined with informa-
tion and communications technology, better known
as smart grids (Steinbrink et al., 2018). Within
the smart grid domain, the Smart Grid Architec-
ture Model (SGAM) framework (Smart Grid Coor-
dination Group, 2012) alongside an SGAM-specific
DSL (Neureiter, 2017) was designed to facilitate a
structured development approach for smart grids, that
also effectively involves relevant stakeholders. How-
ever, the smart grid not only faces challenges due
to its complexity and its necessity for dependability.
This domain also has to deal with national and inter-
national legislation. Especially due to concerns re-
garding privacy and security, it faces numerous poli-
cies aiming at protecting consumers’ privacy and se-
curity (Brown and Zhou, 2019). A tangible example
of the importance of legislation is the smart metering
rollout in Europe. (Zhou and Brown, 2017) found that
Polanec, K., Vereno, D., Fritzenwallner, E. and Neureiter, C.
Integrating Legal Considerations into Model-Based Cyber-Physical-Systems Development.
DOI: 10.5220/0012732200003714
Paper published under CC license (CC BY-NC-ND 4.0)
In Proceedings of the 13th International Conference on Smart Cities and Green ICT Systems (SMARTGREENS 2024), pages 80-84
ISBN: 978-989-758-702-3; ISSN: 2184-4968
Proceedings Copyright © 2024 by SCITEPRESS Science and Technology Publications, Lda.
national policy measures have a significant influence
on the smart-metering deployment in Europe.
Developments centered around the SGAM frame-
work, as well as similar manifestations in domains
like the automotive claim to incorporate all relevant
stakeholders. However, policymakers, regulations
and legislation are frequently omitted. Legislative in-
terventions can help drive smart grid advancements
forward by utilizing regulatory mandates and enhanc-
ing social acceptance. Nevertheless, without effective
communication between policymakers and engineers
innovations like the smart meter rollout can also be
significantly delayed (Faber et al., 2023). Moreover,
if regulations influencing the development of systems
are not considered from an early development stage,
but need to be integrated during late phases, the de-
velopment costs can increase exponentially. There-
fore, the goal of this position paper is to raise aware-
ness within the CPS development community, that the
early integration of legal consideration is not just a
compliance exercise but a strategic approach to ease
communication between engineers and policymak-
ers as well as avoid exorbitant expenses due to late
changes of the system’s architecture.
To underpin the position of this paper, the following
section outlines research that has been conducted in
the field of MBSE as well as the interdisciplinary de-
velopment of complex systems. Moreover, to frame
the context of this work, this section outlines archi-
tecture frameworks tailored to domains dealing with
such complex systems as the Industry 4.0, automotive
or smart grid domain.
2.1 Domain-Specific Architecture
CPS are a challenge to master during development
due to their high complexity. To tackle this chal-
lenge, systems engineering was extended by means
of models, resulting in MBSE (INCOSE Techni-
cal Operations, 2007). However, without a well-
structured approach, models alone are not sufficient
for the development of complex systems. For that
reason, in the smart grid domain for instance, the
SGAM, as depicted in Figure 1, was developed dur-
ing an initiative of standardizing smart-grid-related
processes (Smart Grid Coordination Group, 2012).
SGAM is a domain-specific framework that aids with
a well-structured development approach tailored to
the specific needs, perspectives, and viewpoints of
Figure 1: Smart Grid Architecture Model (figure based on
(Smart Grid Coordination Group, 2012)).
the smart grid domain. Hence, this framework incor-
porates every stakeholder that is involved in smart-
grid-related development processes, no matter which
professional discipline they come from. To com-
bine the theoretical approach of the SGAM frame-
work with a model-based approach, (Neureiter, 2017)
introduced a model-based DSL. Opposed to so-
called general-purpose languages, which are typically
used in MBSE, DSLs are tailored to a specific do-
main, being intuitively understandable for domain ex-
perts (Fowler, 2010). Hence, DSLs form a suitable
model-based tool for the purpose of domain-specific
frameworks. This advancement of utilizing DSLs
for MBSE approaches results in so-called domain-
specific systems engineering (DSSE) (Neureiter and
Binder, 2022).
Inspired by the achievements of SGAM in the
smart grid domain, similar initiatives have been un-
dertaken in other domains such as Industry 4.0 and the
automotive sector. These efforts led to the two frame-
works Reference Architecture Model Industrie 4.0
(RAMI 4.0) in the Industry 4.0 domain (Deutsches In-
stitut f
ur Normung, 2016) and the Automotive Refer-
ence Architecture Model (ARAM) in the automotive
domain (Polanec et al., 2022). Like the smart grid
framework, both RAMI 4.0 and ARAM utilize DSLs
to enable a model-based development approach.
These domain-specific architecture frameworks
provide a suitable basis for effective interdisciplinary
development of highly complex systems. In the fol-
lowing, this necessity for effective communication
across different fields within the same domain is out-
lined in detail.
2.2 Interdisciplinary Development
When it comes to the development of highly com-
plex CPS, typically numerous distinctive disciplines
are involved in the process. The more complex the
systems are, the more disciplines are involved and the
more difficult it becomes to efficiently communicate
Integrating Legal Considerations into Model-Based Cyber-Physical-Systems Development
across the different involved fields. To overcome this
challenge, well-structured interdisciplinary develop-
ment approaches are needed as outlined by (Neureiter
and Binder, 2022). The authors suggest the use of
models to enable a holistic understanding of CPS. In
engineering, models centered around clarity and un-
derstanding rather than detail and accuracy should be
used according to (Lee, 2016). The DSL tailored to
the SGAM framework was developed following this
principle, utilizing a DSSE approach. (Neureiter and
Binder, 2022) also highlight the importance of antici-
pating all stakeholder’s perspectives. However, tak-
ing a closer look at the description of the business
layer in the SGAM user manual (Smart Grid Coordi-
nation Group, 2014) the following content is defined:
the business layer can be used to represent business
capabilities, use cases, business processes, and busi-
ness models; but also regulatory structures as well
as policies. Hence, stakeholders from all of these
fields should be taken into account when developing
a model-based approach. In the past, research tried
to address the issue of incorporating non-engineering
(Pavlovic et al., 2016) considered the business
layer of SGAM in detail, particularly focusing on the
integration of business aspects in the context of lo-
cal energy markets. While mentioning that this layer
should host policies, the authors primarily concen-
trated on modeling elements like business actors and
roles alongside their responsibilities.
To mention another example, the SGAM-based
DSL implemented by (Neureiter, 2017) provides a
practical application of the framework’s theoretical
concepts whilst advancing MBSE for smart grids.
However, while enhancing the modeling and com-
munication capabilities within the smart grid domain,
this DSL on the business layer primarily focuses on
the business aspects, omitting regulatory and legal
A similar focus on business aspects can be ob-
served in the automotive domain and the develop-
ment of the ARAM framework (Polanec et al., 2022).
Hence, the importance of regulatory and policy con-
siderations is recognized in the DSSE community,
however, these aspects are not adequately incorpo-
rated into the system’s architecture models.
This position paper advocates for integrating regu-
lation, interdisciplinary collaboration between pol-
icymakers and engineers as well as requirements
engineering into early development stages—by de-
sign—of complex CPS. Following these principles
leads to a paradigm shift towards a model-based
compliance-by-design approach. This not only en-
sures that legal requirements are foundational ele-
ments of a system architecture. By enhancing in-
terdisciplinary communication between policymak-
ers and engineers utilizing domain-specific modeling
frameworks, system development can be aligned with
regulatory landscapes. Moreover, policymakers gain
a well-structured and clear insight into the system ar-
chitecture of complex CPS, facilitating comprehen-
sion of how regulations can be tailored to support the
realization and deployment of CPS. Enabling this un-
derstanding, regulations can become enablers enhanc-
ing efficient deployment of CPS by eliminating poten-
tial obstacles through informed regulatory adaption.
In the following, this position statement is outlined in
3.1 Interdisciplinary Communication
The rollout of smart meters serves as an example to
highlight the necessity of cooperation between poli-
cymakers and engineers regarding complex systems.
To successfully facilitate not only the development of
such systems in compliance with relevant regulations
but also their public acceptance, engineers and policy-
makers need to share their respective expertise. How-
ever, effective communication between different dis-
ciplines introduces challenges. Different disciplines
often use different professional terminology, which
is not necessarily familiar to another discipline. At
this point, the domain-specific frameworks come into
play. To provide a holistic view of the system un-
der development, these frameworks alongside their
DSLs aim at incorporating all relevant stakeholders
from different disciplines with a significant impact
on the system’s design. Regarding the integration of
various technical and economic disciplines, there has
been considerable research. However, the inclusion
of legal disciplines has been minimal up to now.
3.2 Requirements Engineering as
In the context of domain-specific modeling frame-
works, engineers are not familiar with the integration
of legal texts. However, engineers are well-versed
when it comes to the incorporation of technical stan-
dards, which form the basis for the identification of
technical requirements. Since legal texts also serve as
a source for requirements, the commonality between
standards and legal texts lies within requirements en-
gineering. Requirements engineering is the process
SMARTGREENS 2024 - 13th International Conference on Smart Cities and Green ICT Systems
of evaluating, documenting and verifying stakeholder
needs to identify key requirements of the system un-
der development. Stakeholders can be natural per-
sons, other systems, standards, or regulations that af-
fect the requirements of the system directly or indi-
rectly (Sommerville and Sawyer, 1997).
Frameworks like SGAM or ARAM, however,
do not directly incorporate requirements within their
structure or associated DSLs. Therefore, this gap
should be closed by utilizing a focused approach to
requirements engineering. Legal texts and regula-
tory guidelines could be incorporated within domain-
specific frameworks by translating them into specific
requirements. Hence, we recommend conducting re-
search on how to directly or indirectly incorporate re-
quirements with frameworks like SGAM or ARAM.
3.3 Compliance by Design
Research shows that regulations and legal considera-
tions are not simply an obligation for the development
of complex systems but can also have a significant
influence on the design, operation and public accep-
tance of these systems. If not considered early on in
the development phase, however, the deployment of
systems can not only be delayed drastically; changes
that are introduced at late stages of development can
lead to exponentially increasing costs and might com-
promise the system’s operational efficiency.
Drawing parallels from established approaches
like security-by-design, (Vereno et al., 2024) recently
discussed the concept of compliance by design. The
authors emphasized the importance and benefit of
MBSE in this approach, which highlights that com-
pliance by design could prove valuable for the model-
based development of complex systems. This ap-
proach ensures the seamless integration of legal con-
siderations into the system’s architecture from early
development stages throughout the whole life cycle,
facilitating the development of dependable systems
that is compliant with regulations.
Developing CPS especially in domains like the smart
grid or automotive presents challenges, like effective
interdisciplinary communication due to the involve-
ment of numerous stakeholders from diverse disci-
plines. Domain-specific architecture frameworks in
combination with an MBSE approach, claim to ad-
dress this challenge by providing a structured and
comprehensive methodology for the interdisciplinary
development of dependable CPS. Nevertheless, re-
search presents a gap in the integration of regulations
and legal considerations which have a great influence
on CPS: regulations can positively influence their ad-
vancements by enhancing social acceptance. How-
ever, if integrated at late stages of development not
only deployment is delayed but the costs of devel-
opment can escalate exponentially. To properly pre-
vent this risk, this paper outlined the following sug-
1. Interdisciplinary Communication. It is impor-
tant for domain-specific architecture frameworks
to not only integrate stakeholders like diverse en-
gineers, developers and economists but to con-
sider legislative disciplines as well, resulting in
true interdisciplinary communication.
2. Requirements Engineering as Enabler. Regu-
lations are a source for requirements. Hence, re-
search should be conducted on how to effectively
translate legal texts into specific requirements
as well as how to combine this requirements-
engineering approach with model-based domain-
specific architecture frameworks.
3. Compliance by Design. Based on concepts like
security by design, the presented suggestions need
to be incorporated at early stages of CPS develop-
ment, resulting in compliance by design.
By following a compliance-by-design approach,
not only can expensive late-stage modifications be
avoided, but it can also be assured that the devel-
opment of dependable CPS complies with national
and international legislation. Moreover, incorporat-
ing the language of policymakers into engineering
frameworks can improve effective communication be-
tween those two parties, facilitating both, the align-
ment of CPS development with regulatory landscapes
and comprehension of how regulations can support
the acceptance, realization and deployment of CPS.
The support for valuable contributions of the Charge-
Point Austria GmbH is gratefully acknowledged. The
financial support by the Austrian Federal Ministry for
Digital and Economic Affairs and the National Foun-
dation for Research, Technology and Development
and the Christian Doppler Research Association as
well as the Federal State of Salzburg is gratefully ac-
Integrating Legal Considerations into Model-Based Cyber-Physical-Systems Development
Brown, M. A. and Zhou, S. (2019). Smart-grid policies:
an international review. Advances in Energy Systems:
The Large-scale renewable energy integration chal-
lenge, pages 127–147.
Deutsches Institut f
ur Normung (2016). DIN SPEC 91345:
Rami 4.0.
Faber, R., D
uck, L., and Reichwein, D. (2023). Ger-
many’s delayed electricity smart meter rollout and
its implications on innovation, infrastructure, inte-
gration, and social acceptance: An ex-post analysis.
National Case Study of the 4i-TRACTION Deliv-
erable D2.6, Ecologic Institute, Berlin. Available
Fowler, M. (2010). Domain-specific languages. Pearson
INCOSE Technical Operations (2007). Systems engineer-
ing vision 2020, version 2.03. Technical report, IN-
Laprie, J.-C. (1995). Dependability—its attributes, im-
pairments and means. In Randell, B., Laprie, J.-C.,
Kopetz, H., and Littlewood, B., editors, Predictably
Dependable Computing Systems, pages 3–18, Berlin,
Heidelberg. Springer Berlin Heidelberg.
Lee, E. A. (2016). Fundamental limits of cyber-physical
systems modeling. ACM Transactions on Cyber-
Physical Systems, 1(1):1–26.
Neureiter, C. (2017). A domain-specific, model driven engi-
neering approach for systems engineering in the smart
grid. MBSE4U.
Neureiter, C. and Binder, C. (2022). A domain-specific,
model based systems engineering approach for cyber-
physical systems. Systems, 10(2).
Pavlovic, M., Gawron-deutsch, T., Neureiter, C., and Di-
wold, K. (2016). Sgam business layer for a local flex-
ibility market. In CIRED Workshop 2016, pages 1–4.
Polanec, K., Gross, J.-A., Brankovic, B., and Neureiter, C.
(2022). Evolution of the automotive reference archi-
tecture model towards a domain-specific systems en-
gineering approach. In 2022 IEEE 27th International
Conference on Emerging Technologies and Factory
Automation (ETFA).
Smart Grid Coordination Group (2012). Smart Grid
Reference Architecture. Technical report, CEN-
Smart Grid Coordination Group (2014). SGAM User Man-
ual - Applying, testing & refining the Smart Grid Ar-
chitecture Model (SGAM) Version 3.0. Technical re-
Sommerville, I. and Sawyer, P. (1997). Requirements engi-
neering: a good practice guide. John Wiley & Sons,
Steinbrink, C., Schl
ogl, F., Babazadeh, D., Lehnhoff, S.,
Rohjans, S., and Narayan, A. (2018). Future perspec-
tives of co-simulation in the smart grid domain. In
2018 IEEE International Energy Conference (ENER-
GYCON), pages 1–6. IEEE.
Vereno, D., Polanec, K., and Neureiter, C. (2024). Com-
pliance by design for cyber-physical energy systems:
The role of model-based systems engineering in com-
plying with the EU AI Act. preprint on webpage at
Zhou, S. and Brown, M. A. (2017). Smart meter deploy-
ment in europe: A comparative case study on the im-
pacts of national policy schemes. Journal of cleaner
production, 144:22–32.
SMARTGREENS 2024 - 13th International Conference on Smart Cities and Green ICT Systems