{"id":"https://openalex.org/W7133218865","doi":"https://doi.org/10.3390/jcp6020043","title":"XAI-Compliance-by-Design: A Modular Framework for GDPR- and AI Act-Aligned Decision Transparency in High-Risk AI Systems","display_name":"XAI-Compliance-by-Design: A Modular Framework for GDPR- and AI Act-Aligned Decision Transparency in High-Risk AI Systems","publication_year":2026,"publication_date":"2026-03-02","ids":{"openalex":"https://openalex.org/W7133218865","doi":"https://doi.org/10.3390/jcp6020043"},"language":"en","primary_location":{"id":"doi:10.3390/jcp6020043","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp6020043","pdf_url":"https://www.mdpi.com/2624-800X/6/2/43/pdf?version=1772442363","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2624-800X/6/2/43/pdf?version=1772442363","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5127818993","display_name":"Antonio Goncalves","orcid":null},"institutions":[{"id":"https://openalex.org/I921685582","display_name":"Escola Naval","ror":"https://ror.org/01ev6gy70","country_code":"PT","type":"education","lineage":["https://openalex.org/I921685582"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Antonio Goncalves","raw_affiliation_strings":["Naval Research Center (CINAV), Portuguese Naval Academy, Military University Institute, Lisbon Naval Base, 2810-001 Almada, Portugal"],"affiliations":[{"raw_affiliation_string":"Naval Research Center (CINAV), Portuguese Naval Academy, Military University Institute, Lisbon Naval Base, 2810-001 Almada, Portugal","institution_ids":["https://openalex.org/I921685582"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5127818699","display_name":"Anacleto Correia","orcid":null},"institutions":[{"id":"https://openalex.org/I921685582","display_name":"Escola Naval","ror":"https://ror.org/01ev6gy70","country_code":"PT","type":"education","lineage":["https://openalex.org/I921685582"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Anacleto Correia","raw_affiliation_strings":["Naval Research Center (CINAV), Portuguese Naval Academy, Military University Institute, Lisbon Naval Base, 2810-001 Almada, Portugal"],"affiliations":[{"raw_affiliation_string":"Naval Research Center (CINAV), Portuguese Naval Academy, Military University Institute, Lisbon Naval Base, 2810-001 Almada, Portugal","institution_ids":["https://openalex.org/I921685582"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5127818993"],"corresponding_institution_ids":["https://openalex.org/I921685582"],"apc_list":{"value":1000,"currency":"CHF","value_usd":1082},"apc_paid":{"value":1000,"currency":"CHF","value_usd":1082},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.81735108,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"6","issue":"2","first_page":"43","last_page":"43"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.41760000586509705,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.41760000586509705,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.3050999939441681,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.12250000238418579,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.5742999911308289},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.5443999767303467},{"id":"https://openalex.org/keywords/verifiable-secret-sharing","display_name":"Verifiable secret sharing","score":0.5133000016212463},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.48750001192092896},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.47279998660087585},{"id":"https://openalex.org/keywords/accountability","display_name":"Accountability","score":0.4650999903678894},{"id":"https://openalex.org/keywords/corporate-governance","display_name":"Corporate governance","score":0.42250001430511475},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.41999998688697815},{"id":"https://openalex.org/keywords/applications-of-artificial-intelligence","display_name":"Applications of artificial intelligence","score":0.38190001249313354}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6987000107765198},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.5742999911308289},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.5443999767303467},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.5133000016212463},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.48750001192092896},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.47279998660087585},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4717000126838684},{"id":"https://openalex.org/C2776007630","wikidata":"https://www.wikidata.org/wiki/Q2798912","display_name":"Accountability","level":2,"score":0.4650999903678894},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.42250001430511475},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.41999998688697815},{"id":"https://openalex.org/C157170001","wikidata":"https://www.wikidata.org/wiki/Q4781507","display_name":"Applications of artificial intelligence","level":2,"score":0.38190001249313354},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.37880000472068787},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.37779998779296875},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3709999918937683},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.335099995136261},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32499998807907104},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3172999918460846},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.31540000438690186},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3075999915599823},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2935999929904938},{"id":"https://openalex.org/C53619493","wikidata":"https://www.wikidata.org/wiki/Q4787093","display_name":"Architecture framework","level":3,"score":0.2867000102996826},{"id":"https://openalex.org/C107327155","wikidata":"https://www.wikidata.org/wiki/Q330268","display_name":"Decision support system","level":2,"score":0.2797999978065491},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.273499995470047},{"id":"https://openalex.org/C196879817","wikidata":"https://www.wikidata.org/wiki/Q872685","display_name":"Data governance","level":4,"score":0.26510000228881836},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.2624000012874603},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.25459998846054077},{"id":"https://openalex.org/C58328972","wikidata":"https://www.wikidata.org/wiki/Q184609","display_name":"Expert system","level":2,"score":0.2538999915122986},{"id":"https://openalex.org/C195344581","wikidata":"https://www.wikidata.org/wiki/Q2555318","display_name":"Automated reasoning","level":2,"score":0.2506999969482422},{"id":"https://openalex.org/C191172861","wikidata":"https://www.wikidata.org/wiki/Q7899321","display_name":"Upstream (networking)","level":2,"score":0.2502000033855438}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3390/jcp6020043","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp6020043","pdf_url":"https://www.mdpi.com/2624-800X/6/2/43/pdf?version=1772442363","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.3390/jcp6020043","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp6020043","pdf_url":"https://www.mdpi.com/2624-800X/6/2/43/pdf?version=1772442363","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7133218865.pdf","grobid_xml":"https://content.openalex.org/works/W7133218865.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W2282821441","https://openalex.org/W2916904544","https://openalex.org/W2958089299","https://openalex.org/W2962772482","https://openalex.org/W2964303497","https://openalex.org/W2981731882","https://openalex.org/W2999765337","https://openalex.org/W3204153914","https://openalex.org/W4223605145","https://openalex.org/W4317748910","https://openalex.org/W4391547535","https://openalex.org/W4391566218","https://openalex.org/W4391693527","https://openalex.org/W4391848979","https://openalex.org/W4400819211","https://openalex.org/W4403072386","https://openalex.org/W4404824525","https://openalex.org/W4406063062","https://openalex.org/W4409410133","https://openalex.org/W4412008824","https://openalex.org/W4412202257","https://openalex.org/W4413951932"],"related_works":[],"abstract_inverted_index":{"High-risk":[0],"Artificial":[1,37,53],"Intelligence":[2,38,54],"(AI)":[3],"systems":[4,110],"deployed":[5],"in":[6,48,81,111,216,292],"cybersecurity":[7,112,258],"and":[8,25,35,67,73,96,113,131,141,148,160,167,196,204,208,230,242,259,316,325],"privacy-critical":[9],"contexts":[10],"must":[11],"satisfy":[12],"not":[13,298],"only":[14],"demanding":[15],"performance":[16],"targets":[17],"but":[18],"also":[19],"stringent":[20],"obligations":[21],"for":[22,107,257],"transparency,":[23],"accountability,":[24],"human":[26],"oversight":[27],"under":[28],"the":[29,36,77,155,157,221,233,249,273,286],"General":[30],"Data":[31],"Protection":[32],"Regulation":[33],"(GDPR)":[34],"Act":[39],"(AI":[40],"Act).":[41],"Existing":[42],"approaches":[43],"often":[44],"treat":[45],"these":[46],"concerns":[47],"isolation":[49],"as":[50],"follows:":[51],"Explainable":[52],"(XAI)":[55],"methods":[56],"are":[57],"added":[58],"ad":[59],"hoc":[60],"to":[61,76,245,266,279,285],"machine":[62],"learning":[63],"pipelines,":[64],"while":[65],"governance":[66,136,310],"regulatory":[68,247,328],"frameworks":[69],"remain":[70],"largely":[71],"conceptual":[72],"weakly":[74],"connected":[75],"concrete":[78,246],"artefacts":[79,226,318],"produced":[80],"practice.":[82],"This":[83,295],"article":[84,270,296],"proposes":[85,307],"XAI-Compliance-by-Design,":[86],"a":[87,104,119,134,145,149,177,187,217,300],"modular":[88],"framework":[89,117,164,222,275],"that":[90,122,227,312,320],"integrates":[91],"XAI":[92],"techniques,":[93],"compliance-by-design":[94],"principles":[95],"trustworthy":[97],"Machine":[98],"Learning":[99],"Operations":[100],"(MLOps)":[101],"practices":[102],"into":[103],"unified":[105],"architecture":[106],"high-risk":[108,255,281],"AI":[109,158,256,282,293],"privacy":[114,260],"domains.":[115],"The":[116,163,211,269],"follows":[118],"dual-flow":[120],"design":[121],"couples":[123],"an":[124,170,308],"upstream":[125],"technical":[126],"pipeline":[127,137,311],"(data,":[128],"model,":[129],"explanation,":[130],"monitoring)":[132],"with":[133,154,186],"downstream":[135],"(policy,":[138],"oversight,":[139],"audit,":[140],"decision-making),":[142],"orchestrated":[143],"by":[144],"Compliance-by-Design":[146],"Engine":[147],"technical\u2013regulatory":[150],"correspondence":[151],"matrix":[152],"aligned":[153],"GDPR,":[156],"Act,":[159],"ISO/IEC":[161],"42001.":[162],"is":[165],"instantiated":[166],"evaluated":[168],"through":[169],"end-to-end,":[171],"Python-based":[172],"proof":[173],"of":[174,288],"concept":[175],"using":[176],"synthetic,":[178],"intrusion":[179,302],"detection":[180,184,303],"system":[181],"(IDS)-inspired":[182],"anomaly":[183],"scenario":[185],"Random":[188],"Forest":[189],"(RF)":[190],"classifier,":[191],"Shapley":[192],"Additive":[193],"exPlanations":[194],"(SHAP)":[195],"Local":[197],"Interpretable":[198],"Model-agnostic":[199],"Explanations":[200],"(LIME),":[201],"drift":[202,240],"indicators,":[203],"tamper-evident":[205],"evidence":[206],"bundles":[207],"decision":[209,314],"dossiers.":[210],"results":[212],"show":[213],"that,":[214],"even":[215],"modest,":[218],"toy":[219],"setting,":[220],"systematically":[223],"produces":[224],"verifiable":[225],"support":[228],"auditability":[229],"accountability":[231],"across":[232],"model":[234],"lifecycle.":[235],"By":[236],"linking":[237],"explanation":[238],"reports,":[239],"statistics":[241],"compliance":[243,317],"logs":[244],"provisions,":[248],"approach":[250],"illustrates":[251],"how":[252,272],"organisations":[253],"operating":[254],"can":[261,276,322],"move":[262],"from":[263],"model-centric":[264],"optimisation":[265],"evidence-centric":[267,309],"governance.":[268,294],"discusses":[271],"proposed":[274],"be":[277,323],"generalised":[278],"real-world":[280],"applications,":[283],"contributing":[284],"operationalisation":[287],"European":[289],"digital":[290],"sovereignty":[291],"does":[297],"introduce":[299],"new":[301],"algorithm;":[304],"instead,":[305],"it":[306],"captures":[313],"provenance":[315],"so":[319],"decisions":[321],"audited":[324],"justified":[326],"against":[327],"obligations.":[329]},"counts_by_year":[],"updated_date":"2026-03-10T14:07:55.174380","created_date":"2026-03-03T00:00:00"}