Business Process Full Compliance with Respect to a Set of Conditional Obligation in Polynomial Time

In this paper, we present a new methodology to evaluate whether a business process model is fully compliant with a regulatory framework composed of a set of conditional obligations. The methodology is based failure delta-constraints that are evaluated on bottom-up aggregations of a tree-like representation of business process models. While the generic problem of proving full compliance is in coNP-complete, we show that verifying full compliance can be done in polynomial time using our methodology, for an acyclic structured process model given a regulatory framework composed by a set of conditional obligations, whose elements are restricted to be represented by propositional literals

💡 Research Summary

The paper addresses the problem of determining whether a business process model fully complies with a regulatory framework consisting of a set of conditional obligations. The authors introduce a novel methodology based on “failure Δ‑constraints” that are evaluated on a bottom‑up aggregation of a tree‑like representation of the process model. The key contributions are threefold. First, they formalize structured, acyclic business processes as nested process blocks composed of tasks and four types of coordinators (AND‑split, AND‑join, XOR‑split, XOR‑join). These blocks can be combined using SEQ (sequential), XOR (exclusive choice), and AND (parallel) operators, yielding a hierarchical tree structure that can be traversed efficiently. Each task is annotated with a consistent set of propositional literals, and state updates follow the AGM belief‑revision operator ⊕, allowing the construction of execution traces as sequences of states.

Second, the regulatory framework is modeled as a collection of conditional obligations, each defined by a tuple ⟨o, r, t, d⟩ where o denotes the obligation type (achievement or maintenance), r is the requirement literal, t is the trigger literal, and d is the deadline literal. All components are propositional, which simplifies evaluation: a trigger occurring in a trace state activates the obligation, and the deadline marks the end of its “in‑force” interval. Achievement obligations are satisfied if the requirement holds in at least one state within the interval; maintenance obligations require the requirement to hold in every state of the interval.

Third, the authors propose to translate each obligation into a failure Δ‑constraint that captures the conditions under which the obligation would be violated. Starting from the leaves of the process tree, these constraints are computed locally for each task and then aggregated upward using logical operations that correspond to the structural operators (AND, XOR, SEQ). Because each node is processed once, the overall algorithm runs in time linear in the size of the process tree and the number of obligations, i.e., O(n·m) where n is the number of nodes and m the number of obligations.

A crucial assumption is that the final task of every trace satisfies the deadline of any obligation that is still in force, ensuring that the compliance decision can always be made at the end of a trace. This eliminates the need to consider infinite executions or unresolved deadlines, which would otherwise complicate the analysis.

The paper proves that, under the restrictions of acyclic structured processes and propositional literals for obligations, the generic full‑compliance problem—normally coNP‑complete—can be solved in polynomial time. This result has practical significance: organizations can automatically verify full regulatory compliance of their process designs without exhaustive enumeration of all possible executions, enabling faster, more reliable compliance checking in real‑world settings.