Managing legal risks for startups

Recently, the university of Torino (Italy), in cooperation with the university of Tilburg (NL) presented their research at the 16th International Conference on Artificial Intelligence and Law (ICAIL ’17). You can download the paper here.



The research concerns regulatory compliance of startups, particularly those with disruptive technology. The focus is to help startups manage their legal risks by mapping the relevant legal requirements onto their business processes. After conducting a survey of how startups manage legal risks, the researchers determined that a business-first approach to compliance was essential. They therefore proposed a Compliance Patterns Framework (CPF) with value modeling as the first step; the VDMbee methodology determines how the application of a technological resource within an organization drives capabilities and the consequent activities to create value. It is these activities and the general interaction between the stakeholders in the value model that give hints on what legal domain governs the model in order to derive the rules that determine compliance are derived. They describe the business by using the business model canvas (BMC), a business network collaboration diagram, a Strategy Map (SM) and a business model built using the VDMbee Value Management Platform (VMP).

Modeling common patterns

A value model sets the stage to formulate common patterns that can be used to check the business model for compliance. The goal is to summarize knowledge and expertise about compliance of business processes in the form of so-called compliance patterns. Similar to design patterns in software engineering, compliance patterns consist of a context-problem-solution structure. The partnership with VDMbee further aims to model and quantify legal risk as value-at-risk in order to factor it alongside other values in business model planning. The researchers concentrate on competency design within the VDMbee methodology as this is where resources are modeled. A legal risk analysis method is deployed to determine appropriate system requirements to be mapped onto the business processes of the value model. The solution is then presented by modeling an alternative phase on the VDMbee platform with the necessary changes to mitigate the legal risks.

Using VDMbee Value Management Platform

Using VDMbee in the exploratory phase of our research, they depict the value models of two startups litigated at the Supreme Court of the United States and the Court of Justice of the European Union respectively. The cases of Aereo[1] and TVCatchup[2] develop innovations internet television streaming with repercussions in copyright law. VDMbee is also applied at the final stage of the research where the CPF is evaluated using the value models of two startups in Turin, Italy and Nairobi, Kenya. The former, Firstlife, applies its technology to plan and coordinate civic events using open data. This raises copyright infringement concerns while reusing Public Sector Information under the EU PSI Directive. The second instance is a Nairobi startup BitPesa, which is using Bitcoin to conduct money remittance services. This presents a case for gap-filling as there is no regulatory framework in Kenya to handle cryptocurrencies. All these cases show that the CPF is able to express the legal arguments in the case, but in a manner understandable to the target audience.

[1] American Broadcasting Companies v. Aereo 573 U.S. (2014)

[2] ITV Broadcasting Ltd & Others vs TVCatchup Ltd and Others 2015 EWCA Civ 204