Proving Regulatory Compliance: A Computational Complexity Analysis of Elementary Variants

Organisations model their processes using so-called business process models, to allow for verification of their correctness with respect to regulatory requirements and business rules. Automated methods for checking compliance, however, have to deal with the high complexity of the requirements as well as the significant size and quantity of process models in an organisation, which may prevent process models from being checked efficiently and timely. This paper provides a computational complexity analysis of the problem of proving regulatory compliance of process models. We investigate the computational complexity of each variant of the problem resulting from a combination of three binary properties associated to the regulatory framework, determining the regulatory requirements that a process model needs to follow to be compliant. These binary properties are whether the framework contains one or multiple obligations, whether the obligations are global or conditional, and whether only literals or formulae can be used to describe the obligations. For each variant of the problem we study the computational complexity of proving full compliance, partial compliance, and non-compliance. This analysis allows to understand the specific features of the problem leading to intractability issues, thus potentially guiding future research towards developing feasible solutions for the problem in practical settings.