Regulatory Requirements Engineering (regulatory RE) is a specialized field within software engineering research and practice that focuses on the elicitation, analysis, modeling, specification, verification, validation, and management of software requirements derived from various regulations (laws, directives, statutes, acts, codes, standards). Rephrasing the definition of requirements engineering given in ISO 29148, regulatory RE is an interdisciplinary function that mediates between the domain of the acquirer and the supplier of software systems in order to process requirements and achieve regulatory compliance.
Regulatory compliance in software engineering can be defined as a state of verifiable conformance of software systems to requirements emerging from regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and many others.
Legal requirements engineering (legal RE) is a broader term referring to the processing of requirements derived not only from regulations, but also from other legal (mainly contractual) sources, such as contracts between persons, collective bargaining agreements, and others.
In the context of regulatory RE, privacy by design (PbD) refers to the specification of requirements and early software design and architecture of software systems in response to GDPR norms and user privacy requirements, thereby facilitating demonstrable and verifiable compliance.