Multi-Regulation RAG for AI Product Counsel: A Legal Governance Framework for Cross-Border Digital Commerces

Multi-Regulation RAG for AI Product Counsel: A Legal Governance Framework for Cross-Border Digital Commerces

Authors

  • Jing Li New York University, USA
  • Ashley Zhou Data Science, Columbia University, NY, USA

DOI:

https://doi.org/10.64780/rolsj.v2i2.225

Keywords:

AI Product Counsel, Retrieval-Augmented Generation, Regulatory Compliance

Abstract

Background:  The growing use of artificial intelligence (AI) in cross-border digital commerce has intensified compliance challenges arising from overlapping regulatory frameworks, particularly the European Union Artificial Intelligence Act (EU AI Act), the General Data Protection Regulation (GDPR), and the Digital Operational Resilience Act (DORA). Although Retrieval-Augmented Generation (RAG) systems are increasingly adopted to support legal and compliance decision-making, retrieval failures may undermine legal certainty and regulatory accountability.

Aim: This study evaluates the reliability of legal RAG systems in identifying and ranking regulatory obligations required for AI product counsel and examines retrieval as a legal governance mechanism rather than merely a technical process.

Method: An empirical audit was conducted using 139 English ComplianceBench scenarios and a corpus of 289 article- and annex-level units extracted from official EU AI Act, GDPR, and DORA texts. Seven transparent lexical retrieval methods were assessed using Hit@k, Recall@10, Mean Reciprocal Rank (MRR), nDCG@10, and citation-sufficiency metrics. External validation was performed using 300 AIReg-Bench technical-documentation excerpts.

Result: The hybrid lexical retriever achieved the strongest overall performance (Hit@1 = 0.360, Hit@10 = 0.770, Recall@10 = 0.392, MRR = 0.493, nDCG@10 = 0.344). While at least one relevant obligation appeared within the top ten results for 77.0% of queries, only 39.2% of the complete labelled obligation set was recovered on average. Validation on AIReg-Bench showed substantially higher retrieval effectiveness, with TF-IDF word retrieval achieving Hit@10 = 1.000 and MRR = 0.974.

Conclusion: Retrieval quality is a critical legal-governance control point that directly affects the reliability of AI-assisted compliance advice. Evidence-first architectures, citation-sufficiency thresholds, confidence-sensitive escalation, and human review mechanisms are necessary to support accountable AI product counsel in cross-border digital commerce.

References

Abo El-Enen, M., Saad, S., & Nazmy, T. (2025). A survey on retrieval-augmentation generation (RAG) models for healthcare applications. Neural Computing and Applications, 37(33), 28191–28267. https://doi.org/10.1007/s00521-025-11666-9

Ashley, K. D. (2017). Artificial intelligence and legal analytics: New tools for law practice in the digital age. Cambridge University Press.

Augustyniak, L. (2026). ComplianceBench [Data set]. Hugging Face.

Barocas, S., Hardt, M., & Narayanan, A. (2023). Fairness and machine learning: Limitations and opportunities. MIT Press.

Bingham, T. (2011). The rule of law. Penguin.

Buffa, M., Ferrara, A., Picascia, S., Riva, D., & Castano, S. (2025). Enhancing legal document building with retrieval-augmented generation. Computer Law & Security Review, 59, Article 106229. https://doi.org/10.1016/j.clsr.2025.106229

Citron, D. K. (2008). Technological due process. Washington University Law Review, 85(6), 1249–1313.

Citron, D. K., & Pasquale, F. (2014). The scored society: Due process for automated predictions. Washington Law Review, 89(1), 1–33.

Clarke, R. (2019). Regulatory alternatives for AI. Computer Law & Security Review, 35(4), 398–409. https://doi.org/10.1016/j.clsr.2019.04.008

Dancy, T., & Zalnieriute, M. (2026). AI and transparency in judicial decision making. Oxford Journal of Legal Studies, 46(1), 1–34. https://doi.org/10.1093/ojls/gqaf030

Dicey, A. V. (1885). Introduction to the study of the law of the constitution. Macmillan.

European Parliament and Council. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Official Journal of the European Union.

European Parliament and Council. (2022). Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (Digital Operational Resilience Act). Official Journal of the European Union.

European Parliament and Council. (2024a). Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union.

Fuller, L. L. (1964). The morality of law. Yale University Press.

Goktas, P. (2024). Ethics, transparency, and explainability in generative AI decision-making systems: A comprehensive bibliometric study. Journal of Decision Systems, 1–29. https://doi.org/10.1080/12460125.2024.2410042

Huang, Y., & Huang, J. X. (2026). A survey on retrieval-augmented text generation for large language models. ACM Computing Surveys, 58(12), 1–38. https://doi.org/10.1145/3805774

Kalathil, L. (2025). AI-driven real-time compliance management in IoT-enabled retail operations. International Journal of Emerging Trends in Computer Science and Information Technology, 173–181.

Kumar, D., & Suthar, N. (2024). Ethical and legal challenges of AI in marketing: An exploration of solutions. Journal of Information, Communication and Ethics in Society, 22(1), 124–144. https://doi.org/10.1108/JICES-05-2023-0068

Leon, M. (2026). Lifecycle-based governance to build reliable ethical AI systems. Systems Research and Behavioral Science. Advance online publication. https://doi.org/10.1002/sres.70014

Lewis, P., Perez, E., Piktus, A., Petroni, F., Karpukhin, V., Goyal, N., Kuttler, H., Lewis, M., Yih, W.-T., Rocktäschel, T., Riedel, S., & Kiela, D. (2020). Retrieval-augmented generation for knowledge-intensive NLP tasks. Advances in Neural Information Processing Systems, 33, 9459–9474.

Lins, S., & Sunyaev, A. (2023). Advancing the presentation of IS certifications: Theory-driven guidelines for designing peripheral cues to increase users' trust perceptions. Behaviour & Information Technology, 42(13), 2255–2278. https://doi.org/10.1080/0144929X.2022.2113432

Manning, C. D., Raghavan, P., & Schütze, H. (2008). Introduction to information retrieval. Cambridge University Press.

Marino, B., Hunter, R., Jamali, Z., Kalpakos, M. E., Kashyap, M., Hinton, I., Hanson, A., Nazir, M., Schnabl, C., Steffek, F., Wen, H., & Lane, N. D. (2025). AIReg-Bench: Benchmarking language models that assess AI regulation compliance (arXiv Preprint No. 2510.01474). arXiv.

National Institute of Standards and Technology. (2023). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). U.S. Department of Commerce.

OECD. (2024). Recommendation of the Council on Artificial Intelligence. OECD Legal Instruments (OECD/LEGAL/0449).

Pazouki, S., Jamshidi, M., Jalali, M., & Tafreshi, A. (2025). Artificial intelligence and digital technologies in finance: A comprehensive review. Journal of Economics, Finance & Accounting Studies, 7(2). https://doi.org/10.32996/jefas.2025.7.2.5

Rane, N., Choudhary, S. P., & Rane, J. (2024). Acceptance of artificial intelligence technologies in business management, finance, and e-commerce: Factors, challenges, and strategies. Studies in Economics and Business Relations, 5(2), 23–44. https://doi.org/10.48185/sebr.v5i2.1333

Raz, J. (1977). The rule of law and its virtue. Law Quarterly Review, 93, 195–211.

Robertson, S., & Zaragoza, H. (2009). The probabilistic relevance framework: BM25 and beyond. Foundations and Trends in Information Retrieval, 3(4), 333–389. https://doi.org/10.1561/1500000019

Salton, G., & Buckley, C. (1988). Term-weighting approaches in automatic text retrieval. Information Processing & Management, 24(5), 513–523. https://doi.org/10.1016/0306-4573(88)90021-0

Surden, H. (2014). Machine learning and law. Washington Law Review, 89(1), 87–115.

Waldron, J. (2011). The rule of law and the importance of procedure. In J. E. Fleming (Ed.), Getting to the rule of law (pp. 3–31). New York University Press.

Wong, D., & Floridi, L. (2023). Meta's oversight board: A review and critical assessment. Minds and Machines, 33(2), 261–284. https://doi.org/10.1007/s11023-022-09613-x

Downloads

Published

2026-06-16

How to Cite

Li, J., & Zhou, A. (2026). Multi-Regulation RAG for AI Product Counsel: A Legal Governance Framework for Cross-Border Digital Commerces. Rule of Law Studies Journal, 2(2), 105–123. https://doi.org/10.64780/rolsj.v2i2.225

Issue

Vol. 2 No. 2 (2026): Rule of Law Studies Journal

Section

Articles

License

Copyright (c) 2026 Jing Li, Ashley Zhou

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.