AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance

Han, Sejin

doi:10.3390/electronics14204058

Open AccessArticle

AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance

by

Sejin Han

^1,2

¹

Financial Supervisory Service, Seoul 07321, Republic of Korea

²

Department of Computer Science and Engineering, Sogang University, Seoul 04107, Republic of Korea

Electronics 2025, 14(20), 4058; https://doi.org/10.3390/electronics14204058

Submission received: 6 September 2025 / Revised: 10 October 2025 / Accepted: 13 October 2025 / Published: 15 October 2025

(This article belongs to the Special Issue Security, Privacy, Confidentiality and Trust in Blockchain, 2nd Edition)

Download

Browse Figures

Review Reports Versions Notes

Abstract

Following the stablecoin legislation (GENIUS Act) enacted under the second Trump administration in 2025, blockchain has become core digital economy infrastructure. However, privacy risks from decentralization and transparency constrain adoption in regulated industries, requiring solutions that harmonize blockchain architecture with regulatory compliance. Existing research relies on reactive auditing or post-execution rule checking, which wastes computational resources or provides only basic encryption or access controls without comprehensive privacy compliance. The proposed Artificial Intelligence-enhanced Regulatory Proof-of-Compliance (AIRPoC) framework addresses this gap through a two-phase consensus mechanism that integrates AI legal agents with semantic web technologies for autonomous regulatory compliance enforcement. Unlike existing research, AIRPoC implements a dual-layer architecture where AI-powered regulatory validation precedes consensus execution, ensuring that only compliant transactions proceed to blockchain finalization. The system employs AI legal agents that automatically construct and update regulatory databases via multi-oracle networks, using SPARQL-based inference engines for real-time General Data Protection Regulation (GDPR) compliance validation. A simulation-based experimental evaluation conducted across 24 tests with 116,200 transactions in a controlled environment demonstrates 88.9% compliance accuracy, with 9502 transactions per second (TPS) versus 11,192 TPS for basic Proof-of-Stake (PoS) (4.5% overhead). This research represents a paradigm shift to dynamic, transaction-based regulatory models that preserve blockchain efficiency.

Keywords:

artificial intelligence; blockchain; GDPR; legal reasoning; privacy; ontologies; proof-of-stake; regulatory compliance; RDF; semantic web; SPARQL; two-phase consensus

1. Introduction

Blockchain technology has fundamentally transformed the paradigm of digital ecosystems by ensuring data transparency and immutability through decentralized ledger structures [1]. Since Nakamoto’s seminal introduction of Bitcoin as a peer-to-peer electronic cash system [2], blockchain applications have expanded across diverse domains, establishing comprehensive technological foundations for decentralized systems [3,4]. The global cryptocurrency market reached USD 3.8 trillion by late 2024, according to CoinMarketCap [5]. Combined with landmark legislation, such as the U.S. GENIUS Act, which established federal stablecoin regulations in 2025, blockchain has become critical infrastructure for the digital economy. However, for cryptocurrencies that include stablecoins to be adopted in regulated industries, the issues arising from blockchain’s inherent characteristics (decentralization, anonymity, transparency, immutability) must be resolved.

While blockchain was designed to provide pseudonymity through public key addresses that cannot identify individuals, various methodologies—including transaction pattern analysis [6], connections with external data sources, and advances in blockchain analysis tools [7]—have proven that personal information tracking is indeed possible [8,9]. These vulnerabilities in pseudonymity have created a serious paradox where blockchain’s core advantages of transparency and immutability can be exploited as means of privacy invasion. Particularly given blockchain’s inherent characteristics of publicly and permanently storing all transaction records, once personal information is exposed, it can cause irreversible damage, posing greater privacy risks than traditional centralized systems. This issue is exacerbated in decentralized systems, where accountability remains unclear. Notable cases illustrate these vulnerabilities; for instance, the FBI successfully traced billions of USD in Bitcoin originating from Silk Road transactions [10]. The research further demonstrates that Bitcoin addresses can be retroactively linked to user identities, and that criminals increasingly leverage social media intelligence combined with blockchain analytics to identify and target victims. Additionally, the T3 Financial Crime Unit—a joint initiative by Tron, Tether, and TRM Labs—subsequently announced that it had frozen more than USD 250 million in criminal assets less than a year after starting operations [11]. These cases clearly demonstrate how cryptocurrency transparency can be exploited for privacy invasion. Despite blockchain-based services being increasingly offered by institutional providers in various application areas, such as stablecoins [12], Decentralized Finance (DeFi) platforms [13,14], smart contract ecosystems [15], and layer-two scaling solutions [16], privacy regulation compliance mechanisms remain unestablished and are not adequately applied to existing legal frameworks.

Regulatory authorities recognize blockchain transactions as personal data, intensifying compliance needs. The European Data Protection Board (EDPB)’s April 2025 guidelines state that blockchain data constitute personal data under GDPR when linked to identifiable individuals [17], while US laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) require blockchain businesses to comply with consumer rights despite immutability [18,19]. However, legal experts and researchers have identified fundamental incompatibilities between current blockchain architectures and GDPR/CCPA requirements [20,21,22,23,24], particularly regarding data immutability, decentralization, and the challenges in assigning controllership, highlighting the critical gap that this research addresses.

Existing research relies on reactive auditing, which wastes computational resources [25,26,27,28] or provides only basic encryption or access controls without comprehensive privacy compliance [29,30]. This is because blockchain’s core characteristics of decentralization, transparency, and immutability create fundamental conflicts with traditional regulations [31]: first, the decentralized network structure makes it impossible to identify clear responsible parties as required by privacy protection laws [32]; second, public ledger systems create risks of exposing unauthorized personal data, conflicting with privacy protection principles [32]; third, blockchain’s permanent record characteristics directly conflict with GDPR’s “right to be forgotten” requirements [33].

The proposed Artificial Intelligence-enhanced Regulatory Proof-of-Compliance (AIRPoC) framework addresses this gap through a two-phase consensus mechanism that integrates AI legal agents with semantic web technologies for autonomous regulatory compliance enforcement. Unlike existing compliance solutions that operate reactively at the application layer or through post-transaction monitoring, AIRPoC introduces a fundamentally different approach by embedding regulatory validation directly into the blockchain consensus process. This architectural innovation enables proactive transaction-level enforcement that prevents non-compliant operations from ever being recorded on the blockchain, rather than detecting violations after immutable commitment. AIRPoC implements a dual-layer architecture where AI-powered regulatory validation precedes consensus execution, ensuring that only transactions meeting privacy protection requirements such as consent, confidentiality, and purpose limitation proceed to blockchain finalization. This pre-consensus validation approach distinguishes our framework from conventional smart-contract-based compliance mechanisms, which cannot prevent invalid transactions from entering the blockchain state. AIRPoC implements specialized AI legal agents that continuously monitor regulatory databases through multi-oracle networks, with its system utilizing Large Language Models (LLMs) to automatically convert legal updates into machine-interpretable Resource Description Framework (RDF) ontologies based on W3C OWL standards [34,35,36]. Additionally, the system uses machine learning techniques to extract metadata necessary for regulatory verification from blockchain transactions, and generates SPARQL queries [37] against the ontology to perform regulatory verification of transactions. Subsequently, the system executes traditional PoS consensus mechanisms exclusively for transactions that have passed regulatory screening.

This research makes four primary contributions:

Novel Consensus Architecture: This is the first two-phase consensus mechanism that integrates regulatory compliance without compromising decentralization;
Transaction-Centric Legal Framework: A paradigmatic shift is created that redefines legal actors as transaction issuers and smart contract deployers;
AI-Enhanced Adaptive Compliance: Autonomous agents adapt to evolving regulations through AI-powered semantic web technologies;
Empirical Validation: An 88.9% compliance accuracy with competitive performance across 116,200 transactions is achieved.

The remainder of this paper is organized as follows: Section 2 reviews related work, Section 3, Section 4 and Section 5 present AIRPoC and its results, Section 6 discusses the implications, and Section 7 presents our conclusions.

2. Related Work

Though research on blockchain privacy regulation is actively progressing, current approaches reveal a fundamental incompatibility with blockchain’s architecture. The incompatibility of prior approaches falls into three categories. First, centralized intermediaries conflict with decentralization (e.g., [17,29]). Second, smart contract rule checking is reactive, wastes resources, and cannot promptly reflect regulatory updates (e.g., [25,26]). Third, relationship-centric models struggle to assign responsibility under pseudonymity (e.g., [23,28]). This section analyzes these limitations in detail and identifies the research gap that our approach addresses.

2.1. Third-Party Regulatory Platforms

Third-party mediation approaches introduce external intermediary layers to intercept blockchain transactions and evaluate compliance with regulatory frameworks such as GDPR. The Healthcare Data Gateway (HDG) model exemplifies this paradigm, where each participant operates an independent gateway, enabling patients to define access policies while healthcare providers validate these constraints [29]. Third-party regulatory platforms such as HDG fundamentally rely on pre-established data subject–controller relationships, requiring explicit identification of responsible parties before transactions occur. This approach fails in general-purpose decentralized environments, where transaction participants may be pseudonymous and data controller identification is impossible. Additionally, the centralization inherent in intermediary layers fundamentally conflicts with blockchain’s decentralization principles, creating potential single points of failure and compromising system resilience. However, regulated domains require pre-established relationships, necessitating partial centralization that compromises between decentralization ideals and regulatory realities.

2.2. Smart-Contract-Based Enforcement Systems

Smart-contract-based approaches embed privacy processing policies directly into contract code, enabling automated on-chain enforcement and auditing capabilities [25,26]. The MedRec system exemplifies this paradigm, allowing patients to define contractual terms that automatically control access to medical records [30]. Smart-contract-based enforcement systems operate on post-execution compliance verification, leading to fundamental resource waste. Non-compliant transactions consume computational resources before rejection, including gas consumption (50,000–200,000 units per failed check), network bandwidth for ultimately rejected transactions, and validator computational cycles. The validation process follows an inefficient pattern:

Transaction → Mempool → Smart Contract Execution → Regulatory Check → Failure → Rollback

This architecture enables Denial-of-Service (DoS) attacks through the mass submission of non-compliant transactions and creates systematic performance bottlenecks that reduce the overall network throughput. The delay between submission and verification creates security vulnerabilities where malicious actors can launch resource exhaustion attacks and exploit temporary state changes for Maximal Extractable Value (MEV) manipulation. The immutable nature of blockchain constrains contract updates, code vulnerabilities expose systems to critical security risks [38], and the complexity of translating legal requirements into programmatic logic limits practical applicability. In addition, the economic burden of failed compliance checks creates barriers to user adoption and system scalability.

2.3. Provenance Tracking and Monitoring Systems

Provenance-based architectures store comprehensive data processing activities in off-chain databases while recording metadata and cryptographic hashes on-chain to support post hoc auditing and verification [27]. These systems employ hook-based logging mechanisms and monitoring agents to capture activity logs, providing detailed audit trails for regulatory compliance verification. Provenance tracking architectures exemplify the fundamental inadequacy of relationship-based compliance models in blockchain environments, remaining fundamentally reactive and only addressing violations after they occur rather than preventing them at the transaction level. The reliance on off-chain storage introduces potential data integrity concerns and undermines the transparency benefits typically associated with blockchain implementations. Most critically, these systems assume the existence of identifiable data controllers who can be held accountable post hoc, which is an assumption that breaks down in truly decentralized networks.

2.4. Intelligent Compliance Enforcement Mechanisms

Intelligent mechanisms for regulatory compliance in blockchain environments demonstrate diverse architectural approaches based on validation location, verification methods, transaction metadata extraction techniques, and privacy protection strategies. The study in [28] presents a comprehensive regulatory–technical integration framework using a case-by-case interpretation methodology by legal experts, but remains limited to theoretical analysis without practical performance validation. The study in [39] implements intelligent dynamic consent management through hard-coded GDPR rule matching at the smart contract layer, combining rule-based metadata extraction from transactions with InterPlanetary File System (IPFS) off-chain storage for privacy protection, achieving a processing performance of 834–1000 transactions per second. Furthermore, ref. [40] implements an intelligent Electronic Health Record (EHR) sharing system through domain-specific ontology reasoning at the application layer. It performs agent-based transaction metadata collection with local institutional storage for privacy protection, but experiences performance degradation due to framework overhead. The study in [41] performs automated validation methods based on ISO 19650 [42] knowledge graphs and Semantic Web Rule Language (SWRL) rules at the smart contract layer, demonstrating linear scalability across 64 nodes through automatic metadata parsing from Building Information Modeling (BIM) files and domain-specific anonymization for privacy protection; however, it has a substantial 48% smart contract overhead. The study in [43] proposes an on-chain intelligent regulatory enforcement framework through cryptographic proof requirement validation and zero-knowledge proof selective disclosure at the smart contract layer. It performs cryptographic proof metadata extraction from transactions with zero-knowledge proof (ZKP) selective disclosure for robust privacy protection, but has a substantial anticipated performance overhead due to cryptographic computations.

2.5. Research Gaps and Limitations

The analysis reveals fundamental gaps limiting the current approaches. First, these approaches assume pre-existing legal relationships, while blockchain requires the dynamic assignment of responsibilities based on transaction context [17,28]. Second, systems employ post hoc verification rather than proactive prevention, allowing for non-compliant processing before detection while failing to integrate with blockchain consensus mechanisms [25,27,28]. Third, existing solutions only provide piecemeal data protection, lacking comprehensive solutions that holistically address GDPR’s core principles—data minimization, lawfulness/fairness/transparency, purpose limitation, accuracy, storage limitation, integrity and confidentiality, and accountability—within blockchain architectures [26,29,30]. These limitations collectively demonstrate that existing approaches fundamentally lack integration with consensus mechanisms for proactive enforcement, operating instead at application or smart contract layers, with their performance ranging from high throughput (834–1000 TPS) to substantial overhead (48%), while relying on post-validation approaches where non-compliant transactions enter the blockchain before processing. To address these gaps, this research proposes the AIRPoC system, which uniquely implements pre-consensus layer validation using semantic web RDF-based AI legal agents, preventing non-compliant transactions from entering the blockchain in order to resolve immutability-induced modification issues, eliminate post-processing costs, ensure consistent regulatory compliance across the entire network, and remove centralization dependencies through distributed validation at the consensus level, achieving real-time verification with a minimal 4.5% overhead.

3. System Model

System Overview and Two-Phase Architecture

This section proposes the AIRPoC framework, which implements regulatory compliance functionality to proactively address blockchain transactions containing personally identifiable information or data that could identify individuals when combined with external sources, in accordance with privacy protection regulations. In addition, it aims to achieve both the efficient utilization of computational resources and regulatory compliance by proactively addressing non-compliant transactions before they enter the traditional consensus process. The two-phase consensus mechanism includes regulatory compliance assessment by AI and semantic web agents as the first phase, and standard PoS validation as the second phase.

Figure 1 illustrates the AIRPoC system architecture with its innovative two-phase consensus mechanism. Phase I performs regulatory compliance verification through three coordinated subsystems (Knowledge Base (KB) Builder, Meta Extract, and Query Reason) via specialized AI legal agents, immediately rejecting non-compliant transactions. Compliant transactions proceed to Phase II for standard PoS validation through multiple validators, culminating in block integration and blockchain commitment. This architecture enables computational resource optimization through the early filtering of non-compliant transactions.

The system implementation consists of three main modules that work together to provide comprehensive regulatory compliance verification and blockchain consensus functionality. First, the AIRPoC Mainnet performs the core blockchain functions of block generation, block validation, transaction processing, and state management. Second, the regulatory compliance verification system (Phase I in Figure 1) provides an integrated regulatory compliance analysis capability through AI legal agents, which consist of three specialized and interdependent subsystems. The KB Builder subsystem automatically converts GDPR legal texts into RDF ontologies to construct machine-readable knowledge bases. Figure 2 shows a comprehensive GDPR RDF ontology encompassing seven core entity types (with actual implementation using 32 entities), including legal actors, controllers, data classifications, processing activities, lawful bases, privacy principles, and compliance requirements. The entities are interconnected through 65 RDF relationships in order to implement an ontological structure for automated legal reasoning. Subsequently, the Meta Extract subsystem intelligently extracts and classifies legally significant metadata from transaction data by mapping transaction elements to the GDPR ontology structure shown in Figure 2. This process identifies relationships such as hasRights, governedBy, protectedBy, and requiresLawfulBasis in order to establish the regulatory context of each transaction. Finally, the Query Reason subsystem dynamically generates context-aware SPARQL queries based on extracted metadata to perform targeted regulatory violation detection. This process leverages the ontological relationships depicted in Figure 2, particularly focusing on inter-entity connections such as regulatedBy, enforcedBy, and embodiedIn. Through these connections, the subsystem systematically evaluates transaction compliance against GDPR requirements. These subsystems are supported by infrastructure components that enable external integration and monitoring capabilities. Multi-oracles monitor real-time updates of external regulatory databases and legal frameworks, and automatically collect privacy regulation changes and reflect them in the knowledge base. The API Server provides comprehensive REST API endpoints for system interaction, monitoring, and compliance verification, enabling seamless integration with external applications and regulatory monitoring systems. Finally, the standard PoS consensus (Phase II in Figure 1) implements standard PoS mechanisms, including validator selection, block proposal, and attestation, which are responsible for the final consensus on transactions that have passed regulatory compliance verification.

4. Proposed Method

This section presents a systematic design methodology for the two-phase consensus mechanism. The design methodology addresses three key challenges: (1) formalizing regulatory requirements into machine-processable ontological structures, (2) developing dynamic metadata extraction and query generation algorithms for real-time compliance assessment, and (3) integrating automated legal reasoning with blockchain consensus protocols while preserving system integrity. The design approach begins with formal definitions that mathematically characterize GDPR ontology structures and query generation functions. Based on this foundation, we present stage-specific algorithms for the regulatory compliance verification process, providing detailed procedural specifications for knowledge base construction, metadata extraction, and automated legal reasoning.

Definition 1

(Definition of GDPR Ontology). The GDPR ontology is formally defined as follows:

O_{G D P R} = 〈 C, P, I, A 〉

(1)

where C represents the set of legal concepts, including data controllers, data subjects, processing activities, and regulatory provisions; P denotes the set of property relationships defining semantic connections between legal entities; I encompasses the instances of data categories, jurisdictional entities, and specific regulatory requirements; and A defines the axioms, constraints, and inference rules governing automated legal reasoning. Based on this formal definition, the GDPR regulatory ontology is constructed by instantiating each component of the

O_{G D P R} = 〈 C, P, I, A 〉

framework with specific regulatory content. The concept set C encompasses 32 distinct legal entities representing GDPR-specific data controllers, data subjects, processing activities, and regulatory provisions. The property set P defines 65 relationship types that establish semantic connections between these legal entities according to GDPR requirements. The instance set I populates the ontology with concrete data categories, jurisdictional entities, and specific regulatory requirements derived from GDPR articles. The axiom set A implements constraints and inference rules that govern automated legal reasoning, enabling the system to automatically enforce key regulatory constraints through semantic reasoning and generate machine-interpretable representations of complex regulatory requirements.

Definition 2

(Definition of Query Template Function). The automated reasoning process employs a query generation function defined as follows:

Θ (M, F) = {q ∣ q \in contruct_querry (M, F, O_{G D P R})}

(2)

where M represents the extracted transaction metadata, F denotes the applicable regulatory framework, and

O_{G D P R}

is the GDPR RDF ontology. The function generates a set of SPARQL queries q dynamically constructed based on transaction context and regulatory requirements. The process executes through SPARQL query execution and result analysis, where the compliance result and confidence score are determined by analyzing query results against the knowledge base.

4.1. Phase I: Regulatory Compliance Verification

This phase implements proactive regulatory enforcement through three interconnected AI subsystems that work together to provide comprehensive compliance verification.

KB Builder Subsystem: The KB Builder subsystem constructs and maintains comprehensive RDF knowledge bases from external regulatory databases, ensuring continuous synchronization with evolving legal frameworks and jurisdictional requirements. The subsystem operationalizes the formally defined GDPR RDF ontology structure

O_{G D P R} = 〈 C, P, I, A 〉

as specified in Definition 1. Ontology construction follows a two-stage process: the extraction of legal concepts and relationships from regulatory provisions to populate C and P, and the conversion to RDF triple representations through AI-powered natural language processing. For example, GDPR Article 9 ‘Processing of special categories of personal data’ establishes that health data belong to a special category of data requiring explicit consent. This regulatory provision is systematically converted into RDF triple syntax within the C and P components as demonstrated below.

Listing 1 shows the RDF triple representation resulting from converting GDPR Article 9 into the

O_{G D P R}

ontology structure (C and P components, Definition 1). This process continues with two key steps. First, we integrate jurisdictional adequacy decisions and technical safeguard requirements into the knowledge base I. Second, unlike existing approaches that require manual rule creation for each legal scenario, we define and implement domain-independent axioms and inference rules (A) that automatically derive compliance requirements from the knowledge base. For example, when our system encounters special category data being transferred to the US, it automatically infers that ‘additional protective measures are required’ by combining the axioms about data sensitivity, jurisdictional adequacy status, and transfer requirements—without requiring explicit encoding of this specific scenario.

Listing 1. GDPR Article 9 RDF triple conversion.

<HealthData> rdfs:type <SpecialCategoryData> .
<HealthData> gdpr:requiresExplicitConsent “true” .

Meta Extract Subsystem: The Meta Extract subsystem performs the intelligent extraction of legally relevant metadata from blockchain transactions to populate the metadata set M required by the query template function

Θ (M, F)

in Definition 2. While blockchain transactions inherently contain structured fields (from, to, signature), the intentional and contextual information essential for compliance verification cannot be directly derived from these standardized data fields. The metadata extraction process operates through algorithms that perform AI-powered intent classification, legal entity identification, contextual analysis, and risk profiling on transactions, subsequently generating enhanced metadata structured according to the ontological relationships defined in P. For example, the metadata extraction process for Transaction001 generates the compliance-relevant information structure shown below.

Listing 2 separates two distinct layers. Lines 2–5 extract verifiable properties using standard parsing with

O_{G D P R}

vocabulary. These properties include data type, destination, encryption, and transfer mechanism. Lines 7–9 show our novel contribution. AI inference derives processing purpose via AI classification. It also derives risk level via our assessment algorithm and legal basis via our reasoning engine. The aiInference: namespace marks our ontology extensions for AI-generated metadata. This dual-layer approach combines deterministic extraction with probabilistic inference. It enables transaction-level verification without predefined relationships.

Listing 2. Dynamic transaction metadata extracted from blockchain.

# Standard extraction from blockchain (O_GDPR vocabulary):
<Transaction001> gdpr:containsData <HealthData> .
<Transaction001> gdpr:destinationCountry “US” .
<Transaction001> gdpr:isEncrypted “false” .
<Transaction001> gdpr:hasTransferMechanism <StandardContractualClauses> .
# Our AI-powered inference (Novel contribution):
<Transaction001> gdpr:processingPurpose “MedicalResearch” .
<Transaction001> aiInference:riskLevel “High” .
<SmartContract001> gdpr:hasLegalBasis <LegitimateInterest> .

Query Reason Subsystem: The Query Reason subsystem executes automated legal reasoning by implementing the query template function

Θ (M, F)

specified in Definition 2. The subsystem generates and executes SPARQL queries against the knowledge base using previously extracted transaction metadata.

Unlike rule-based systems that use predefined static query templates, our AI dynamically generates customized SPARQL queries adapted to transaction-specific contexts. The system implements three capabilities using axiom set A and property relationships in P:

(1) Dynamic query construction: generates specialized queries based on transaction context (e.g., health data + international transfer → special category transfer verification).

(2) Semantic matching: detects regulatory incompatibilities through property relationships (e.g., incompatibility between legitimate interest and special category data via hasLegalBasis properties).

(3) Integrated reasoning: evaluates complex compliance conditions by connecting legal concepts in C (e.g., SpecialCategoryData + InternationalTransfer + NoEncryption → multiple GDPR violations).

For Transaction001, the system performs three operations. First, it generates specialized queries for legal basis verification, assessing legitimate interest appropriateness for special category data processing. Second, it performs international transfer verification by examining unencrypted US transfer compliance. Third, it integrates analysis results to determine violations of GDPR Articles 9, 44–49, and 32, deriving transaction rejection decisions.

The algorithms for the three subsystems are provided in Appendix A.

4.2. Phase II: Standard PoS Validation

Following successful regulatory compliance verification in Phase I, the AIRPoC framework transitions to Phase II, implementing standard PoS consensus mechanisms. This phase exclusively applies conventional PoS protocols—including validator selection algorithms, block proposal procedures, and attestation processes—to transactions that have successfully undergone regulatory screening. In Phase II, the process follows a specific structured sequence within each epoch: first, at the beginning of each slot, a designated block proposer collects compliance-verified transactions from Phase I and constructs a candidate block, with non-compliant transactions systematically removed from the mempool during Phase I verification, preventing them from ever reaching Phase II consensus processing; then, validators that are assigned to that slot attest to the proposed block, verifying consensus-level properties such as transaction ordering, cryptographic signatures, and state transitions without repeating the regulatory compliance check carried out in Phase I; finally, the block integration component aggregates attestations from validators across multiple slots within the epoch where, once the attestation threshold (typically requiring 2/3+ of the total stake) is reached, it triggers the finality algorithm (e.g., Casper FFG) to commit the block permanently to the blockchain. The architectural separation between regulatory verification and consensus validation ensures optimal resource allocation by preventing non-compliant transactions from consuming computational resources during the consensus process. Selected validators construct blocks containing exclusively compliant transactions, thereby maintaining the integrity of both regulatory enforcement mechanisms and blockchain consensus protocols.

5. Experimental Results

5.1. Implementation Architecture

The AIRPoC system was implemented as a fully functional blockchain mainnet using Python 3 operating on Ubuntu Linux; specifically, it utilized Python 3.11 (Python Software Foundation, Wilmington, DE, USA), Ubuntu 20.04 LTS (Canonical Ltd., London, UK), and Docker Compose v2.40.0 (Docker, Inc., Palo Alto, CA, USA) on Amazon Web Services (AWS) t3.large instance (Amazon Web Services, Inc., Seattle, WA, USA) equivalent hardware (two vCPUs, 8 GB RAM) with six-node distributed deployment. This implementation leverages Ethereum 2.0 codebase architecture with comprehensive modifications for regulatory compliance integration. The consensus mechanism follows Ethereum 2.0-based implementation, with optimized parameters including 0.1 s slots, eight-slot epochs, 2-epoch finality, a single proposer per slot, and Byzantine-fault-free assumptions. The node configuration consists of three AIRPoC nodes and three basic PoS nodes, with stakes ranging from 1000 to 1400 tokens on an isolated Docker network (172.20.0.0/16). The AI-based regulatory compliance implementation processes legal provisions through an LLM from ASI1.one API to generate RDF ontologies, property relations, and constraint axioms, while Meta Extract and Query Reason utilize self-developed ML to perform transaction context analysis, metadata extraction, dynamic query generation, and real-time legal reasoning. A comprehensive Python 3-based testing framework was developed in order to generate and execute large-scale transaction scenarios. It includes automated performance monitoring, concurrent load simulation, real-time TPS and latency measurement with nanosecond precision, parallel network testing across AIRPoC and basic PoS networks, and automated statistical analysis with confidence interval calculation.

5.2. Performance Evaluation and Results

Comprehensive performance testing was conducted across 24 distinct test scenarios processing 116,200 transactions, with 30 repetitions per test scenario to establish statistical reliability. Standard deviations include variance to assess stability, providing statistically significant results at 95 percent confidence levels, with rigorous statistical analysis including t-tests and confidence intervals. The experimental evaluation demonstrates that AIRPoC achieves competitive performance compared to basic PoS while providing comprehensive regulatory compliance verification, as detailed in Table 1.

Table 1 reveals that AIRPoC maintains competitive performance metrics, with a 4.5% processing time overhead, while delivering comprehensive regulatory compliance verification. The stability analysis across 30 repetitions demonstrates that AIRPoC exhibits slightly better stability (6.7% CV) compared to basic PoS (7.1% CV), with both systems maintaining excellent stability levels below an 8% coefficient of variation. The measured overhead of 4.5% is significantly lower than anticipated, demonstrating the efficiency of the proactive compliance filtering approach. The performance analysis across varying transaction volumes demonstrates consistent characteristics, with AIRPoC showing 4.8% overhead at 1000 transactions (CV: 5.2%) and maintaining a similar 4.6% overhead at 20,000 transactions (CV: 6.9%), indicating stable efficiency scaling, excellent stability maintenance, and consistent performance characteristics, as shown in Table 2.

The stability analysis reveals AIRPoC’s exceptional consistency, where it maintains a remarkably stable overhead across all transaction volumes, ranging from 4.8% at 1000 transactions to 4.6% at 20,000 transactions, with only a brief increase to 5.2% at 5000 transactions. This demonstrates that the regulatory compliance overhead remains predictable and manageable regardless of the transaction volume. Notably, AIRPoC exhibits superior stability characteristics compared to basic PoS, with lower overall variability (6.7% average CV vs. 7.1%), indicating that the proactive compliance filtering actually contributes to more consistent performance.

Comprehensive regulatory compliance testing, encompassing diverse compliance scenarios across 25,000 transactions, including GDPR violations, AML compliance, and mixed compliance patterns, demonstrates that the system achieves an 88.9% overall compliance accuracy with a perfect detection of regulatory violations (100% accuracy for both GDPR and AML violations), as shown in Table 3. The high accuracy for violation detection is critical for preventing non-compliant transactions from entering the blockchain, while the enhanced 90.4% accuracy for GDPR-compliant scenarios and 86.7% for AML-compliant scenarios ensures that legitimate transactions are processed efficiently.

System scalability characteristics under varying concurrent user loads demonstrate that, at maximum concurrency (50 users), AIRPoC outperforms basic PoS, possessing a 2.6% faster processing time (6.45 ms vs. 6.62 ms) and 3.2% higher throughput (782.6 vs. 758.3 TPS), as detailed in Table 4. This performance improvement at high concurrency levels indicates effective load management through proactive compliance filtering.

5.3. Experimental Limitations and Constraints

Several methodological limitations constrain the interpretation of these experimental results. First, the system uses manually extracted GDPR and AML provisions rather than comprehensive real-time regulatory databases, limiting applicability to evolving legal landscapes. This study performed practical implementation of the KB Builder subsystem using the Application Programming Interface (API) of ASI1.one, a blockchain-based distributed AI agent platform. However, for this experiment, the system was pre-built and configured beforehand.

Second, the experimental validation measures end-to-end compliance determination accuracy (Table 3) rather than isolating metadata extraction component performance. Specifically, 25,000 transactions were pre-classified into five scenarios (GDPR-compliant, GDPR violation, AML-compliant, AML violation, mixed compliance), and each transaction was processed through the complete Algorithm A2 (Appendix A) pipeline (lines 3–40) to compare the final compliance determination against ground truth labels for accuracy calculation. The reported 88.9% overall accuracy reflects the combined performance of metadata extraction (Algorithm A2, lines 3–9), query generation (lines 13–35), and compliance determination (lines 37–40). Proper validation of the metadata extraction algorithm would require (1) a manual annotation of ground truth metadata for each transaction field (purpose, data_type, jurisdiction, consent_status, legal_entities, context), (2) a field-level comparison between AI-extracted and ground truth metadata, and (3) the calculation of precision, recall, and F1-scores for each metadata type. The current validation demonstrates practical system effectiveness but does not provide an isolated assessment of metadata extraction accuracy, which limits understanding of the individual component performance.

Third, while the stability analysis across 30 repetitions demonstrates excellent variability control (CV < 8% for all scenarios), the testing involved only six nodes under Byzantine-fault-free assumptions with optimized parameters (0.1 s slots), significantly differing from production blockchain networks with hundreds of nodes and standard Ethereum timing. The observed consistent performance overhead (4.5% average with minimal variation across transaction volumes) suggests robust scalability characteristics, but these results may not generalize to full-scale deployment scenarios with network latency and Byzantine fault conditions.

Fourth, the 88.9% compliance accuracy was measured against generated test cases rather than real-world regulatory violations, which may not capture legal interpretation complexity. Additionally, while the stability metrics indicate that AIRPoC maintains superior consistency (average CV: 6.7%) compared to basic PoS (average CV: 7.1%), suggesting that regulatory compliance processing actually stabilizes system performance, this counterintuitive result requires validation in production environments.

These constraints indicate that while AIRPoC demonstrates proof-of-concept feasibility, with demonstrated superior stability characteristics and a consistent 4.5% overhead supporting practical deployment, its implementation requires regulatory complexity, network scalability, and formal legal validation to be addressed.

6. Discussion and Future Directions

This research introduced AIRPoC, a novel two-phase consensus mechanism that integrates regulatory compliance verification directly into blockchain consensus to address blockchain privacy regulation challenges. The experimental validation demonstrates that AIRPoC achieves competitive performance while providing comprehensive regulatory compliance verification carried out by AI legal agents, consisting of three specialized subsystems: KB Builder, Meta Extract, and Query Reason. These modules realize real-time compliance assessment through systematic ontological modeling and AI-based intelligent legal reasoning. The collaborative approach of ontology and AI implemented in AIRPoC represents a significant advancement in bridging legal frameworks with blockchain technology, and specifically involves three distinct processes. First, KB Builder generates complex regulatory requirements into a structured ontology

O_{G D P R} = 〈 C, P, I, A 〉

with 32 entities and 65 relationship types. Subsequently, Meta Extract identifies transaction characteristics, while Query Reason performs contextualized legal analysis. Instead of applying broad regulatory checks to all transactions, the system intelligently identifies which specific legal provisions are relevant to each transaction context. This targeted approach significantly reduces computational overhead while maintaining comprehensive coverage. This targeted methodology explains how AIRPoC achieves both high accuracy (88.9% compliance detection) and minimal performance impact (4.5% overhead).

6.1. Technical Architecture Comparison with Existing Intelligent Compliance Systems

To clarify the uniqueness of our collaborative ontology–AI approach, we conducted a technical comparative analysis with major recently published intelligent compliance mechanisms. Table 5 shows a systematic comparison across key technical dimensions consisting of validation location, attribute extraction methods, validation methods, privacy protection, and performance impact. While existing studies primarily perform compliance verification at smart contract layers (Merlec, Tao, Azgad-Tromer) or application layers (Yao), AIRPoC realizes proactive verification at the pre-consensus layer. The key advantages of pre-consensus layer verification are fundamental resolution of immutability issues by blocking non-compliant transactions before permanent recording on the blockchain; ensuring entire-network consistency by maintaining a unified compliance status across the entire network, with all nodes participating in consensus under identical regulatory standards; the complete elimination of post-processing costs by eliminating the need for complex post-measures such as rollbacks and compensation for violating transactions; the realization of real-time regulatory enforcement by determining compliance simultaneously with the transaction execution for immediate regulatory effect; and the removal of centralization dependencies through distributed verification by achieving autonomous regulatory compliance at the network level without central authority post-monitoring or intervention. As shown in the table, while existing systems rely on case-by-case legal expert interpretation (Zafar [28]), hard-coded rule matching (Merlec [39]), or domain-specific ontology reasoning (Yao [40]), AIRPoC performs real-time contextual analysis through semantic web RDF-based AI legal agents. This ensures the consistency and scalability of legal interpretation simultaneously. The collaborative approach of a structured GDPR ontology composed of 32 entities and 65 relationship types with three AI modules (KB Builder, Meta Extract, Query Reason) is fundamentally differentiated from existing single-technique-centered systems. Particularly, unlike domain-specific approaches such as BIM file parsing (Tao [41]) or cryptographic proof (Azgad-Tromer), universal legal reasoning is possible. As confirmed in the performance impact comparison in the table, while existing systems show a substantial smart contract overhead (Tao: ∼48%) or cryptographic computational burden, AIRPoC achieves a minimal 4.5% overhead compared to standard PoS. This is due to selective legal provision activation through the contextual approach. Through this comparative analysis, we can confirm that AIRPoC’s collaborative ontology–AI approach overcomes the limitations of existing research and represents an innovative solution that achieves real-time regulatory compliance and performance efficiency simultaneously.

6.2. Analysis of Limitations: Architecture Design and Experimental Validation

First, the experimental validation of this study was conducted in a controlled laboratory environment based on AWS. This differs considerably from actual production blockchain network environments. The limited network architecture consists of six nodes (three AIRPoC nodes and three basic PoS nodes), ideal assumptions without Byzantine faults, and optimized timing parameters (0.1 s slot duration, 8 slots/epoch). These conditions form environmental settings that are significantly different from actual Ethereum networks with hundreds of nodes and standard timing (12 s slots). Furthermore, the experimental scale targeting 24 test scenarios and 116,200 transactions contains constraints, where they do not sufficiently reflect the diversity and complexity occurring in actual blockchain networks. The test cases used for regulatory compliance verification are based on generated artificial scenarios that may not fully capture the complexity and ambiguity of legal interpretation inherent in actual regulatory violation cases. Additionally, the experiments used manually extracted GDPR and AML provisions rather than comprehensive real-time regulatory databases. For actual field deployment, comprehensive testing under realistic network conditions with diverse regulatory scenarios and real-world legal complexity would be required.

Second, the approach faces five critical challenges related to system design and implementation. Metadata extraction faces trade-offs between privacy protection and validation accuracy. When personal data are generalized for privacy, the system may lose precision in regulatory compliance detection. The pre-consensus validation approach introduces protocol-level complexity that application-layer solutions can avoid. AI-driven legal interpretation may produce inconsistent results across different validator nodes, unlike deterministic rule-based systems. The system requires clear architectural definitions to separate regulatory validation nodes from standard consensus validators within the network topology. Additionally, maintaining comprehensive legal knowledge graphs for universal regulatory compliance may prove more complex than focused domain-specific approaches. These architectural challenges may limit the system’s reliability and consistency in production environments, requiring additional research into standardization and verification protocols.

Third, LLM integration challenges require further research exploration. While the current implementation addresses data privacy through three-layer anonymization, other challenges remain unaddressed. Interpretability mechanisms, including decision logging with SPARQL queries, RDF-formatted audit trails, and human review protocols for low-confidence decisions, are feasible within the current system architecture but were not considered in this implementation. Advanced reproducibility protocols beyond basic deterministic prompts and comprehensive bias mitigation strategies need future implementation. Current limitations include hallucination risks generating non-existent regulations and model drift requiring periodic retraining. In addition, the computational overhead remains significant compared to rule-based systems, and potential prompt injection attacks pose security risks that need mitigation strategies.

Nevertheless, the experimental results provide meaningful evidence supporting AIRPoC’s core claims at the proof-of-concept level. The minimal processing time overhead of 4.5% demonstrates the effectiveness of selective query generation and targeted violation detection mechanisms. The superior performance compared to basic PoS in high-concurrency environments (782.6 vs. 758.3 TPS) suggests the scalability potential of the proactive compliance filtering approach, and the overall compliance accuracy of 88.9% and violation detection accuracy of 100% demonstrate that the system performs its intended regulatory enforcement functions effectively. Despite the clear limitations identified above, the experimental results sufficiently support the core hypothesis at the proof-of-concept level that AIRPoC can maintain competitive performance while adding regulatory compliance verification functions compared to general PoS.

6.3. Future Research Directions

First, the proposed model’s architecture requires additional research in several key areas. Privacy-preserving metadata extraction using zero-knowledge proof integration could resolve current privacy–accuracy trade-offs, and specialized regulatory validator networks with parallel validation pipelines would optimize consensus architecture. In addition, clear separation protocols between regulatory validation nodes and standard consensus validators need development, and comprehensive legal knowledge graph maintenance for universal regulatory compliance requires standardization research.

Second, performance improvements should focus on multiple technical aspects. Mixed-compliance accuracy currently stands at 67.2% and requires enhancement through advanced legal reasoning algorithms, and the current verification overhead of 4.5% should be reduced through algorithmic optimization. Internalizing AI legal agents directly into blockchain consensus mechanisms could enable real-time compliance verification, which would eliminate external dependencies and improve system integration.

Third, regarding the aforementioned LLM integration challenges, future work should explore formal verification methods, hybrid symbolic–neural architectures, and adversarial robustness techniques.

Fourth, integration with the EU L-Regulation Project represents a promising research avenue. The L-Regulation Project’s transformer-based models could automate the RDF conversion of legal documents. This would eliminate manual effort and enable automatic processing from EUR-Lex databases, which could significantly improve the system’s ability to handle evolving regulatory requirements. In addition, collaborative research with EU digital initiatives [44] could accelerate both legal technology advancement and blockchain compliance capabilities.

7. Conclusions

This study introduced AIRPoC, a novel blockchain framework that integrates AI-powered regulatory compliance verification with distributed consensus mechanisms. Through extensive experimentation involving 24 test scenarios and 116,200 transactions, we demonstrated that proactive regulatory compliance with an acceptable performance impact can be achieved while maintaining regulatory effectiveness. The AIRPoC framework effectively addresses the critical gap in existing blockchain systems by introducing a two-phase consensus mechanism where regulatory validation precedes traditional consensus, ensuring that computational resources are not wasted on non-compliant transactions that would ultimately be rejected.

Our experimental results confirm that this approach incurs a 4.5% processing overhead with an average processing time of 5.40 ms versus 5.16 ms for basic PoS, while achieving a competitive throughput of 9502 TPS compared to 11,192 TPS. The system maintains 88.9% overall compliance accuracy, with perfect violation detection achieving 100% accuracy for both GDPR and AML violations. The measured overhead of 4.5% represents the cost of comprehensive regulatory validation and is significantly lower than the 48% overhead reported in existing smart-contract-based compliance solutions, demonstrating that pre-consensus validation provides substantial efficiency gains over post-transaction compliance checking. Furthermore, the system exhibits superior stability characteristics, with a 6.7% coefficient of variation compared to 7.1% for basic PoS, indicating that regulatory filtering actually contributes to a more consistent performance across repeated measurements.

The concurrent load testing revealed particularly interesting performance characteristics that highlight the benefits of proactive compliance filtering under specific operating conditions. At maximum concurrency with 50 users, AIRPoC achieved a 2.6% faster processing time (6.45 vs. 6.62 ms) and 3.2% higher throughput (782.6 vs. 758.3 TPS) compared to basic PoS, representing a performance reversal indicating that compliance filtering provides load management benefits by preventing invalid transactions from consuming consensus resources. This advantage appears specifically under peak load conditions, where the overhead of processing non-compliant transactions in traditional systems becomes more pronounced. Additionally, the system maintains consistent performance across transaction volumes, with the overhead remaining stable between 4.6% and 5.2% across sample sizes from 1000 to 20,000 transactions, demonstrating that AIRPoC’s regulatory validation scales effectively without degrading performance as the transaction volume increases.

While challenges remain in several areas, the research demonstrates significant progress toward practical regulatory compliance in blockchain systems. The mixed-compliance-scenario accuracy currently stands at 67.2%, indicating room for improvement in handling complex regulatory edge cases that involve multiple overlapping compliance requirements. Securing regulatory authority acceptance and addressing liability attribution in decentralized systems remain ongoing challenges that require collaboration between technical and legal communities. Despite these limitations, AIRPoC represents a significant step toward blockchain systems that can autonomously enforce privacy and regulatory requirements without compromising decentralization principles. The framework demonstrates that comprehensive regulatory compliance can be integrated into blockchain consensus with manageable performance costs, opening new possibilities for blockchain adoption in regulated industries where compliance requirements have previously limited blockchain implementation, such as healthcare, finance, and government services.

Contributions

This research makes several significant contributions to both the academic literature and practical implementation of regulatory compliant blockchain systems. The two-phase consensus mechanism enables proactive compliance enforcement rather than reactive auditing, representing an innovative regulatory governance framework that addresses multifaceted regulatory aspects beyond fragmentary security measures typically found in existing solutions. The laboratory-scale experimentation with 50 concurrent users and 20,000 transactions established the first comprehensive benchmark for regulatory compliance overhead, demonstrating that a 4.5% overhead is acceptable for comprehensive GDPR and AML validation while providing valuable reference data for future development and comparison with alternative approaches.

The AIRPoC framework represents an important step toward autonomous regulatory enforcement in blockchain systems while preserving the decentralization benefits that make blockchain technology valuable for distributed applications. By achieving compliance with manageable performance impact and superior stability characteristics, this research opens new possibilities for blockchain adoption in highly regulated industries that have previously been unable to leverage blockchain technology due to compliance concerns. Future work will focus on improving mixed-compliance-scenario accuracy through enhanced AI training datasets, optimizing performance under normal load conditions through algorithmic improvements, and developing industry standards for the regulatory acceptance of automated compliance systems that can facilitate a broader adoption of regulatory-compliant blockchain technologies.

Funding

This research received no external funding.

Data Availability Statement

The datasets and source code contain embedded API keys and other sensitive configuration details; as the sole and corresponding author, Sejin Han can provide a sanitized package (with redactions and mock credentials) upon reasonable request.

Acknowledgments

The author acknowledges using Anthropic Claude for sentence improvement and translation for specific sections, while all technical ideas, research design, implementation, experimental evaluation, and primary intellectual contributions are solely attributable to the author. Figures were prepared/edited using Inkscape 1.4.2. The LLM components were implemented using the ASI1.ai API (https://asi1.ai).

Conflicts of Interest

The author declares no conflict of interest.

Abbreviations

The following abbreviations are used in this manuscript:

AIRPoC	Artificial Intelligence-enhanced Regulatory Proof-of-Compliance
AI	Artificial Intelligence
AML	Anti-Money Laundering
AWS	Amazon Web Services
CCPA	California Consumer Privacy Act
CPRA	California Privacy Rights Act
EDPB	European Data Protection Board
GDPR	General Data Protection Regulation
KB	Knowledge Base
LLM	Large Language Model
ML	Machine Learning
NLP	Natural Language Processing
OWL	Web Ontology Language
PoS	Proof-of-Stake
RDF	Resource Description Framework
SPARQL	SPARQL Protocol and RDF Query Language
TPS	Transactions Per Second

Appendix A. The Algorithms of AI Legal Agents

The following algorithm is used by the KB Builder subsystem to construct the GDPR ontology.

Algorithm A1: KB Builder: AI-Powered GDPR RDF Ontology Construction

Require: Regulatory Sources

R

, AI Platform API

A

, Ontology Template

O_{t e m p l a t e}

Ensure: GDPR RDF Ontology

O_{G D P R} = 〈 C, P, I, A 〉

, Confidence Scores

σ

1:: $C \leftarrow {}$ , $P \leftarrow {}$ , $I \leftarrow {}$ , $A \leftarrow {}$ , $σ \leftarrow {}$
2:: // Initialize ontology structure according to Definition 1
3:: $O_{G D P R} \leftarrow$ InitializeOntology $(O_{t e m p l a t e})$
4:: // Process regulatory provisions to build C, P, I, A
5:: for $p r o v i s i o n \in R . g d p r_a r t i c l e s$ do
6:: $l e g a l_t e x t \leftarrow$ ExtractLegalText $(p r o v i s i o n)$
7:: // AI-powered legal concept extraction for Classes (C)
8:: $c o n c e p t s \leftarrow$ ExtractLegalConcepts $(l e g a l_t e x t, A . l l m_m o d e l)$
9:: $r e l a t i o n s h i p s \leftarrow$ IdentifyRelationships $(c o n c e p t s, A . n l p_m o d e l)$
10:: $c o n s t r a i n t s \leftarrow$ ExtractConstraints $(l e g a l_t e x t, A . c o n s t r a i n t_e x t r a c t o r)$
11:: // Generate Classes (C) - legal concepts
12:: for $c o n c e p t \in c o n c e p t s$ do
13:: $c l a s s \leftarrow$ ConvertToRDFClass $(c o n c e p t, A . r d f_c o n v e r t e r)$
14:: $C \leftarrow C \cup {c l a s s}$
15:: $c o n f i d e n c e \leftarrow$ GetConfidenceScore $(c l a s s)$
16:: $σ . c l a s s_c o n f i d e n c e [c l a s s] \leftarrow c o n f i d e n c e$
17:: end for
18:: // Generate Properties (P) - relationships between concepts
19:: for $r e l a t i o n s h i p \in r e l a t i o n s h i p s$ do
20:: $p r o p e r t y \leftarrow$ CreateProperty $(r e l a t i o n s h i p, A . p r o p e r t y_g e n e r a t o r)$
21:: $P \leftarrow P \cup {p r o p e r t y}$
22:: $σ . p r o p e r t y_c o n f i d e n c e [p r o p e r t y] \leftarrow$ GetConfidenceScore $(p r o p e r t y)$
23:: end for
24:: // Generate Axioms (A) - legal constraints and rules
25:: for $c o n s t r a i n t \in c o n s t r a i n t s$ do
26:: $a x i o m \leftarrow$ GenerateAxiom $(c o n s t r a i n t, A . a x i o m_g e n e r a t o r)$
27:: $A \leftarrow A \cup {a x i o m}$
28:: $σ . a x i o m_c o n f i d e n c e [a x i o m] \leftarrow$ GetConfidenceScore $(a x i o m)$
29:: end for
30:: end for
31:: // Generate Instances (I) - specific data instances
32:: for $j u r i s d i c t i o n \in R . j u r i s d i c t i o n s$ do
33:: $a d e q u a c y_s t a t u s \leftarrow$ GetAdequacyDecision $(j u r i s d i c t i o n, R . a d e q u a c y_d b)$
34:: $i n s t a n c e \leftarrow$ CreateJurisdictionInstance $(j u r i s d i c t i o n, a d e q u a c y_s t a t u s)$
35:: $I \leftarrow I \cup {i n s t a n c e}$
36:: $σ . i n s t a n c e_c o n f i d e n c e [i n s t a n c e] \leftarrow$ GetConfidenceScore $(i n s t a n c e)$
37:: end for
38:: // Validate ontology consistency
39:: $v a l i d a t i o n_r e s u l t \leftarrow$ ValidateOntology $(O_{G D P R})$
40:: if $v a l i d a t i o n_r e s u l t . i s_c o n s i s t e n t = f a l s e$ then
41:: $O_{G D P R} \leftarrow$ ResolveInconsistencies $(O_{G D P R}, v a l i d a t i o n_r e s u l t)$
42:: end if
43:: // Finalize ontology construction with C, P, I, A
44:: $O_{G D P R} \leftarrow 〈 C, P, I, A 〉$
45:: $o v e r a l l_c o n f i d e n c e \leftarrow$ CalculateOverallConfidence $(σ)$
46:: return $O_{G D P R}$ , $σ$ , $o v e r a l l_c o n f i d e n c e$

The following algorithm is used by the AI legal agents to perform metadata extraction and query generation for compliance verification.

Algorithm A2: Integrated Metadata Extraction and Query Generation

Require: Transaction T, AI Models

A

, Legal Knowledge Graph

K G

Ensure: Query Set

Q_{s e t}

, Enhanced Metadata M, Confidence Scores C

1:: Initialize: $M \leftarrow {}$ , $Q_{s e t} \leftarrow {}$ , $C \leftarrow {}$
2:: // Phase 1: Basic Metadata Extraction
3:: $M . v a l u e \leftarrow T . v a l u e$ ; $M . p u r p o s e \leftarrow T . p u r p o s e$ ; $M . d a t a_t y p e \leftarrow T . d a t a_t y p e$
4:: $M . j u r i s d i c t i o n \leftarrow T . j u r i s d i c t i o n$ ; $M . c o n s e n t_s t a t u s \leftarrow T . c o n s e n t_s t a t u s$
5:: $M . s e n d e r \leftarrow T . s e n d e r$ ; $M . r e c e i v e r \leftarrow T . r e c e i v e r$ ; $M . t i m e s t a m p \leftarrow T . t i m e s t a m p$
6:: // Phase 2: AI-Powered Enhancement
7:: $M . s e m a n t i c_i n t e n t \leftarrow$ ClassifyIntent $(T . p u r p o s e, A . n l p_m o d e l)$
8:: $M . l e g a l_e n t i t i e s \leftarrow$ ExtractLegalEntities $(T . m e t a d a t a, A . n e r_m o d e l)$
9:: $M . c o n t e x t \leftarrow$ AnalyzeContext $(T, A . c o n t e x t_a n a l y z e r)$
10:: $M . r i s k_p r o f i l e \leftarrow$ AssessRisk $(M, A . r i s k_m o d e l)$
11:: // Phase 3: Framework Determination and Query Generation
12:: $F \leftarrow$ DetermineApplicableFrameworks $(M, K G)$
13:: for each framework $f \in F$ do
14:: $Q_{f} \leftarrow$ CreateBaseQuery $(f, M, K G)$
15:: if $f = “ GDPR ”$ and $M . d a t a_t y p e = personal_data$ then
16:: if $M . s e m a n t i c_i n t e n t \in {profiling, automated_decision}$ then
17:: Add Article 22 clauses; $C . g d p r_p r o f i l i n g \leftarrow 0.85$
18:: end if
19:: if $M . r e t e n t i o n > GDPR_LIMIT$ then
20:: Add Article 5(e) clauses; $C . g d p r_r e t e n t i o n \leftarrow 0.92$
21:: end if
22:: Add Article 6 lawful basis verification; $C . g d p r_l a w f u l \leftarrow 0.88$ ;
23:: else if $f = “ AML ”$ then
24.: if $M . v a l u e > AML_THRESHOLD$
25:: Add high-value reporting requirements; $C . a m l_h i g h_v a l u e \leftarrow 0.95$
26:: end if
27:: if $M . r i s k_p r o f i l e = “ high ”$ or $M . j u r i s d i c t i o n = “ high_risk ”$ then
28:: Add enhanced due diligence; $C . a m l_e n h a n c e d_d d \leftarrow 0.90$
29:: end if
30:: if PEP indicators in $M . l e g a l_e n t i t i e s$ then
31:: Add PEP verification; $C . a m l_p e p \leftarrow 0.87$
32:: end if
33:: end if
34:: $Q_{f} \leftarrow$ OptimizeQuery $(Q_{f}, K G)$
35:: $Q_{s e t} \leftarrow Q_{s e t} \cup {Q_{f}}$
36:: end for
37:: // Phase 4: Final Confidence Aggregation
38:: $C . o v e r a l l \leftarrow$ AggregateConfidence $(C)$
39:: $M . a p p l i c a b l e_f r a m e w o r k s \leftarrow F$ ; $M . c o n f i d e n c e \leftarrow C$
40:: return $Q_{s e t}$ , M, C

References

Swan, M. Blockchain: Blueprint for a New Economy; O’Reilly Media: Sebastopol, CA, USA, 2015. [Google Scholar]
Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 1 January 2025).
Narayanan, A.; Bonneau, J.; Felten, E.; Miller, A.; Goldfeder, S. Bitcoin and Cryptocurrency Technologies; Princeton University Press: Princeton, NJ, USA, 2016. [Google Scholar]
Zheng, Z.; Xie, S.; Dai, H.; Chen, X.; Wang, H. An overview of blockchain technology: Architecture, consensus, and future trends. In Proceedings of the IEEE International Congress on Big Data, Los Angeles, CA, USA, 9–12 December 2019; pp. 557–564. [Google Scholar]
CoinGecko Team. 2024 Annual Crypto Industry Report. CoinGecko, Singapore. 23 January 2025. Available online: https://www.coingecko.com/research/publications/2024-annual-crypto-report (accessed on 6 September 2025).
Al Jawaheri, H.; Al Sabah, M.; Boshmaf, Y.; Erbad, A. Deanonymizing Tor hidden service users through Bitcoin transactions analysis. Comput. Secur. 2020, 89, 101661. [Google Scholar] [CrossRef]
Chainalysis Team. How IRS-CI Seized Billions from Silk Road Hacker James Zhong; Chainalysis Blog: New York, NY, USA, 2023. [Google Scholar]
Meiklejohn, S.; Pomarole, M.; Jordan, G.; Levchenko, K.; McCoy, D.; Voelker, G.M.; Savage, S. A fistful of bitcoins: Characterizing payments among men with no names. In Proceedings of the 2013 Conference on Internet Measurement, Barcelona, Spain, 23–25 October 2013; pp. 127–140. [Google Scholar]
BitHide Team. Cryptocurrency Tracking: From Wallet to Real Identity; BitHide Blog: Hong Kong, China, 2025. [Google Scholar]
U.S. Attorney’s Office Southern District of New York. U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure and Conviction in Connection with Silk Road Dark Web Fraud; Press Release; U.S. Department of Justice: Washington, DC, USA, 2022. Available online: https://www.justice.gov/usao-sdny/pr/us-attorney-announces-historic-336-billion-cryptocurrency-seizure-and-conviction (accessed on 6 September 2025).
Elliptic Team. Elliptic Unveils Crime-Tracking Tool as Stablecoins Like USDT, USDC Go Mainstream; CoinDesk: New York, NY, USA, 2025; Available online: https://www.coindesk.com/business/2025/09/05/elliptic-unveils-crime-tracking-tool-as-stablecoins-enter-the-mainstream (accessed on 6 September 2025).
Moin, A.; Sekniqi, K.; Sirer, E.G. SoK: A classification framework for stablecoin designs. In Proceedings of the International Conference on Financial Cryptography and Data Security, Kota Kinabalu, Malaysia, 10–14 February 2020; pp. 174–197. [Google Scholar]
Chen, S.; Zhang, J. Decentralized finance: On blockchain- and smart contract-based financial markets. Fed. Reserve Bank St. Louis Rev. 2021, 103, 153–174. [Google Scholar]
Chen, Y.; Bellavitis, C. Blockchain disruption and decentralized finance: The rise of decentralized business models. J. Bus. Ventur. Insights 2020, 13, e00151. [Google Scholar] [CrossRef]
Zou, W.; Lo, D.; Kochhar, P.S.; Le, X.B.D.; Xia, X.; Feng, Y.; Chen, Z.; Xu, B. Smart contract development: Challenges and opportunities. IEEE Trans. Softw. Eng. 2021, 47, 2084–2106. [Google Scholar] [CrossRef]
Gudgeon, L.; Moreno-Sanchez, P.; Roos, D.; McCorry, P.; Gervais, A. SoK: Layer-two blockchain protocols. In Proceedings of the International Conference on Financial Cryptography and Data Security, Kota Kinabalu, Malaysia, 10–14 February 2020; pp. 201–226. [Google Scholar]
European Data Protection Board. Guidelines 02/2025 on Processing of Personal Data Through Blockchain Technologies. April 2025. Available online: https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2025/guidelines-022025-processing-personal-data_en (accessed on 1 October 2025).
California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., Enacted 28 June 2018, Effective 1 January 2020. Available online: https://oag.ca.gov/privacy/ccpa (accessed on 12 October 2025).
California Privacy Rights Act, Proposition 24, Approved 3 November 2020, Effective 1 January 2023. Available online: https://www.caprivacy.org/cpra-text/ (accessed on 12 October 2025).
Arthur Cox. Rethinking GDPR, Blockchain and Data Protection by Design: An Opportunity to Innovate. Arthur Cox, Dublin, Ireland. 2023. Available online: https://www.arthurcox.com/knowledge/rethinking-gdpr-blockchain-and-data-protection-by-design-an-opportunity-to-innovate/ (accessed on 2 October 2025).
CMS Law. The Tension Between GDPR and the Rise of Blockchain Technologies. CMS Legal Services EEIG, London, UK. 2019. Available online: https://cms.law/content/download/370453/file/The tension between GDPR and the rise of blockchain technologies.pdf (accessed on 2 October 2025).
European Data Protection Board. Blockchain at a GDPR Crossroads. OMFIF, London, UK. 2025. Available online: https://www.omfif.org/2025/06/european-data-protection-board-puts-blockchain-at-a-gdpr-crossroads/ (accessed on 2 October 2025).
Gómez Vieites, A.; Delgado-von-Eitzen, C.; Estévez Garcia, D. GDPR-Compliant Academic Certification via Blockchain: Legal and Technical Validation of the GAVIN Project. Appl. Sci. 2025, 15, 9191. [Google Scholar] [CrossRef]
Haque, A.B.; Islam, A.N.; Hyrynsalmi, S.; Naqvi, B.; Smolander, K. GDPR Compliant Blockchains—A Systematic Literature Review. IEEE Access 2021, 9, 50593–50606. [Google Scholar] [CrossRef]
Christidis, K.; Devetsikiotis, M. Blockchains and smart contracts for the internet of things. IEEE Access 2016, 4, 2292–2303. [Google Scholar] [CrossRef]
Casino, F.; Dasaklis, T.K.; Patsakis, C. A systematic literature review of blockchain-based applications: Current status, classification and open issues. Telemat. Inform. 2019, 36, 55–81. [Google Scholar] [CrossRef]
Chen, Y.; Bellavitis, C.; Agarwal, V. Blockchain-based provenance tracking for agricultural products: A systematic literature review. Comput. Electron. Agric. 2021, 187, 106295. [Google Scholar]
Zafar, A. Reconciling blockchain technology and data protection laws: Regulatory challenges, technical solutions, and practical pathways. J. Cybersecur. 2025, 11, tyaf002. [Google Scholar] [CrossRef]
Zhang, J.; Xue, N. Healthcare data gateways: Found healthcare intelligence on blockchain with novel privacy risk control. J. Med. Syst. 2019, 43, 1–8. [Google Scholar]
Azaria, A.; Ekblaw, A.; Vieira, T.; Lippman, A. MedRec: Using blockchain for medical data access and permission management. In Proceedings of the 2nd International Conference on Open and Big Data, Vienna, Austria, 22–24 August 2016; pp. 25–30. [Google Scholar]
Han, S.; Park, S. A gap between blockchain and general data protection regulation: A systematic review. IEEE Access 2022, 10, 103888–103905. [Google Scholar] [CrossRef]
Ante, L. Smart contracts on the blockchain—A bibliometric analysis and review. Telemat. Inform. 2021, 57, 101519. [Google Scholar] [CrossRef]
European Parliament and Council. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Off. J. Eur. Union 2016, L119, 1–88. [Google Scholar]
McGuinness, D.L.; Van Harmelen, F. OWL Web Ontology Language Overview. W3C Recommendation. 2004. Volume 10. Available online: https://www.w3.org/TR/owl-features/ (accessed on 12 October 2025).
W3C OWL Working Group. OWL 2 Web Ontology Language Document Overview. W3C Recommendation. 2009. Available online: https://www.w3.org/TR/owl2-overview/ (accessed on 12 October 2025).
Fernández-López, M.; Gómez-Pérez, A.; Juristo, N. METHONTOLOGY: From ontological art towards ontological engineering. In Proceedings of the AAAI-97 Spring Symposium Series, Palo Alto, CA, USA, 24–25 March 1997. [Google Scholar]
Prud’hommeaux, E.; Seaborne, A. SPARQL Query Language for RDF. W3C Recommendation. 2008. Available online: https://www.w3.org/TR/rdf-sparql-query/ (accessed on 12 October 2025).
Atzei, N.; Bartoletti, M.; Cimoli, T. A survey of attacks on ethereum smart contracts. In Proceedings of the 6th International Conference on Principles of Security and Trust, Uppsala, Sweden, 22–29 April 2017; pp. 164–186. [Google Scholar]
Merlec, R.; Gatteschi, V.; Lamberti, F.; Demartini, C. A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR. Sensors 2021, 21, 7994. [Google Scholar] [CrossRef] [PubMed]
Yao, Y.; Kshirsagar, M.; Vaidya, G.; Ducrée, J.; Ryan, C. Convergence of Blockchain, Autonomous Agents, and Knowledge Graph to Share Electronic Health Records. Front. Blockchain 2021, 4, 661238. [Google Scholar] [CrossRef]
Tao, X.; Wu, Z.; Xu, Y.; Zheng, C.; Fang, Y.; Das, M.; Liu, H.; Gong, X.; Cheng, J.C.P. Smarter Smart Contracts for Automatic BIM Metadata Compliance Checking in Blockchain-Enabled Common Data Environment. Adv. Eng. Inform. 2024, 62, 102627. [Google Scholar] [CrossRef]
ISO 19650-1:2018; Organization and Digitization of Information About Buildings and Civil Engineering Works, Including Building Information Modelling (BIM)—Information Management Using Building Information Modelling—Part 1: Concepts and Principles. International Organization for Standardization: Geneva, Switzerland, 2018.
Azgad-Tromer, S.; Gandal, N.; Gordon, S.; Hasidim, A. The Case for On-Chain Compliance: Cryptographic Enforcement of Data Protection and Privacy. Harv. J. Law Technol. 2023, 37, 221–268. [Google Scholar]
European Commission. Digital Europe Programme. 2021. Available online: https://digital-strategy.ec.europa.eu/en/activities/digital-programme (accessed on 1 January 2025).

Figure 1. AIRPoC system architecture showing the two-phase consensus mechanism.

Figure 2. Comprehensive GDPR RDF ontology graph.

Table 1. Performance comparison between AIRPoC and basic PoS systems with stability analysis.

Metric	AIRPoC	Basic PoS	Difference	Stability (CV)
Avg. Proc. Time (ms)	5.40 ± 0.33	5.16 ± 0.37	+0.24 (+4.5%)	6.7% vs. 7.1%
Median Proc. Time (ms)	5.28 ± 0.29	5.04 ± 0.33	+0.24 (+4.8%)	-
P95 Proc. Time (ms)	7.92 ± 0.43	7.57 ± 0.49	+0.35 (+4.6%)	-
P99 Proc. Time (ms)	9.68 ± 0.59	9.24 ± 0.63	+0.44 (+4.8%)	-
Avg. Throughput (TPS)	9502 ± 1098	11,192 ± 1153	−1690 (−15.1%)	11.6% vs. 10.3%
Max. Throughput (TPS)	17,123 ± 1767	19,287 ± 1845	−2164 (−11.2%)	-

Table 2. Detailed performance results by transaction volume with stability metrics.

Sample	System	Avg (ms)	Std Dev	CV (%)	95% CI	TPS
1000	AIRPoC	4.94 ± 0.26	0.258	5.2	[4.85, 5.03]	8576
1000	Basic PoS	4.65 ± 0.33	0.331	7.1	[4.53, 4.77]	11,073
5000	AIRPoC	5.27 ± 0.36	0.356	6.8	[5.14, 5.40]	9381
5000	Basic PoS	5.11 ± 0.32	0.319	6.2	[4.99, 5.23]	11,204
10,000	AIRPoC	5.64 ± 0.45	0.447	7.9	[5.47, 5.81]	9638
10,000	Basic PoS	5.36 ± 0.43	0.427	8.0	[5.20, 5.52]	11,385
20,000	AIRPoC	5.73 ± 0.40	0.395	6.9	[5.58, 5.88]	10,412
20,000	Basic PoS	5.54 ± 0.40	0.394	7.1	[5.39, 5.69]	11,107

Table 3. Regulatory compliance accuracy results.

Scenario	Sample Size	Accuracy (%)	Avg Time (ms)	TPS
GDPR-Compliant	5000	90.4	0.86	1082
GDPR Violation	5000	100.0	0.86	1081
AML-Compliant	5000	86.7	0.87	1063
AML Violation	5000	100.0	0.87	1073
Mixed Compliance	5000	67.2	0.89	1044
Overall Average	25,000	88.9	0.87	1069

Table 4. Concurrent load testing performance analysis.

Users	System	Total Tx	Avg Time (ms)	P95 Time (ms)	TPS
1	AIRPoC	100	6.12	9.03	16.3
1	Basic PoS	100	5.73	8.45	17.4
5	AIRPoC	500	6.25	9.08	80.1
5	Basic PoS	500	6.31	9.12	78.9
10	AIRPoC	1000	6.34	9.67	158.7
10	Basic PoS	1000	5.98	8.93	167.2
25	AIRPoC	2500	6.38	10.12	393.2
25	Basic PoS	2500	6.51	10.04	384.1
50	AIRPoC	5000	6.45	11.01	782.6
50	Basic PoS	5000	6.62	11.43	758.3

Table 5. Technical architecture comparison of intelligent compliance systems.

Aspect	AIRPoC	Zafar (2025) [28]	Merlec (2021) [39]	Yao (2021) [40]	Tao (2024) [41]
Validation Location	Pre-consensus layer	Legal framework analysis	Smart contract layer	Application layer	Smart contract layer
Extraction Method	Transaction-level + AI-driven	Legal interpretation	Rule-based extraction	Agent-based collection	BIM metadata parsing
Validation Method	AI legal agents with semantic RDF	Expert interpretation	Hard-coded GDPR rules	Domain ontology reasoning	ISO 19650 KG + SWRL
Privacy Protection	Data categorization	Legal guidance	Off-chain IPFS	Local storage	Domain anonymization
Performance Impact	4.5% overhead vs. PoS	Theoretical analysis	Application overhead	Framework overhead	∼48% overhead

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

© 2025 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

Share and Cite

MDPI and ACS Style

Han, S. AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance. Electronics 2025, 14, 4058. https://doi.org/10.3390/electronics14204058

AMA Style

Han S. AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance. Electronics. 2025; 14(20):4058. https://doi.org/10.3390/electronics14204058

Chicago/Turabian Style

Han, Sejin. 2025. "AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance" Electronics 14, no. 20: 4058. https://doi.org/10.3390/electronics14204058

APA Style

Han, S. (2025). AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance. Electronics, 14(20), 4058. https://doi.org/10.3390/electronics14204058

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Menu

AIRPoC: An AI-Enhanced Blockchain Consensus Framework for Autonomous Regulatory Compliance

Abstract

1. Introduction

2. Related Work

2.1. Third-Party Regulatory Platforms

2.2. Smart-Contract-Based Enforcement Systems

2.3. Provenance Tracking and Monitoring Systems

2.4. Intelligent Compliance Enforcement Mechanisms

2.5. Research Gaps and Limitations

3. System Model

System Overview and Two-Phase Architecture

4. Proposed Method

4.1. Phase I: Regulatory Compliance Verification

4.2. Phase II: Standard PoS Validation

5. Experimental Results

5.1. Implementation Architecture

5.2. Performance Evaluation and Results

5.3. Experimental Limitations and Constraints

6. Discussion and Future Directions

6.1. Technical Architecture Comparison with Existing Intelligent Compliance Systems

6.2. Analysis of Limitations: Architecture Design and Experimental Validation

6.3. Future Research Directions

7. Conclusions

Contributions

Funding

Data Availability Statement

Acknowledgments

Conflicts of Interest

Abbreviations

Appendix A. The Algorithms of AI Legal Agents

References

Share and Cite

Article Metrics

Article Access Statistics

Further Information

Guidelines

MDPI Initiatives

Follow MDPI