Multidisciplinary, Computer Science, Information Systems, Business, Management and Accounting
73
Scopus Publications
621
Scholar Citations
13
Scholar h-index
21
Scholar i10-index
Scopus Publications
XAI-Compliance-by-Design: A Modular Framework for GDPR- and AI Act-Aligned Decision Transparency in High-Risk AI Systems Antonio Goncalves, Anacleto Correia Journal of Cybersecurity and Privacy, 2026 High-risk Artificial Intelligence (AI) systems deployed in cybersecurity and privacy-critical contexts must satisfy not only demanding performance targets but also stringent obligations for transparency, accountability, and human oversight under the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act). Existing approaches often treat these concerns in isolation as follows: Explainable Artificial Intelligence (XAI) methods are added ad hoc to machine learning pipelines, while governance and regulatory frameworks remain largely conceptual and weakly connected to the concrete artefacts produced in practice. This article proposes XAI-Compliance-by-Design, a modular framework that integrates XAI techniques, compliance-by-design principles and trustworthy Machine Learning Operations (MLOps) practices into a unified architecture for high-risk AI systems in cybersecurity and privacy domains. The framework follows a dual-flow design that couples an upstream technical pipeline (data, model, explanation, and monitoring) with a downstream governance pipeline (policy, oversight, audit, and decision-making), orchestrated by a Compliance-by-Design Engine and a technical–regulatory correspondence matrix aligned with the GDPR, the AI Act, and ISO/IEC 42001. The framework is instantiated and evaluated through an end-to-end, Python-based proof of concept using a synthetic, intrusion detection system (IDS)-inspired anomaly detection scenario with a Random Forest (RF) classifier, Shapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME), drift indicators, and tamper-evident evidence bundles and decision dossiers. The results show that, even in a modest, toy setting, the framework systematically produces verifiable artefacts that support auditability and accountability across the model lifecycle. By linking explanation reports, drift statistics and compliance logs to concrete regulatory provisions, the approach illustrates how organisations operating high-risk AI for cybersecurity and privacy can move from model-centric optimisation to evidence-centric governance. The article discusses how the proposed framework can be generalised to real-world high-risk AI applications, contributing to the operationalisation of European digital sovereignty in AI governance. This article does not introduce a new intrusion detection algorithm; instead, it proposes an evidence-centric governance pipeline that captures decision provenance and compliance artefacts so that decisions can be audited and justified against regulatory obligations.
Engineering Explainable AI Systems for GDPR-Aligned Decision Transparency: A Modular Framework for Continuous Compliance Antonio Goncalves, Anacleto Correia Journal of Cybersecurity and Privacy, 2026 Explainability is increasingly expected to support not only interpretation, but also accountability, human oversight, and auditability in high-risk Artificial Intelligence (AI) systems. However, in many deployments, explanations are generated as isolated technical reports, remaining weakly connected to decision provenance, governance actions, audit logs, and regulatory documentation. This short communication introduces XAI-Compliance-by-Design, a modular engineering framework for explainable artificial intelligence (XAI) systems that routes explainability outputs and related technical traces into structured, audit-ready evidence throughout the AI lifecycle, designed to align with key obligations under the European Union Artificial Intelligence Act (EU AI Act) and the General Data Protection Regulation (GDPR). The framework specifies (i) a modular architecture that separates technical evidence generation from governance consumption through explicit interface points for emitting, storing, and querying evidence, and (ii) a Technical–Regulatory Correspondence Matrix—a mapping table linking regulatory anchors to concrete evidence artefacts and governance triggers. As this communication does not report measured results, it also introduces an Evidence-by-Design evaluation protocol defining measurable indicators, baseline configurations, and required artefacts to enable reproducible empirical validation in future work. Overall, the contribution is a practical blueprint that clarifies what evidence must be produced, where it is generated in the pipeline, and how it supports continuous compliance and auditability efforts without relying on post hoc explanations.
FROM STABILITY TO AGILITY: INTEGRATING EMERGENT DESIGN PRINCIPLES INTO CORPORATE GOVERNANCE Anacleto Correia, Pedro B. Água Journal of Governance and Regulation, 2025 In today’s complex and rapidly evolving corporate landscape, traditional stability-oriented governance frameworks often struggle to respond effectively to emergent challenges and disruptions. These models, while promoting accountability and risk control, frequently lack the agility required for dynamic environments. This study explores how emergent design principles — strategic emergence, self-disruption, systems thinking, and reflexivity — can be applied to corporate governance to enhance responsiveness, resilience, and adaptability. Drawing from the Archipelago of Design (AoD) principles, supported by a synthesis of contemporary literature and qualitative case studies, the paper proposes a hybrid governance model that balances accountability with strategic flexibility. Using a conceptual and thematic analysis approach, it maps the application of AoD principles onto core governance functions such as risk management and decision-making. The findings indicate that integrating these principles enhances boards’ ability to make timely, informed decisions and anticipate risks in volatile contexts. Practical recommendations for implementation and areas for future research are also discussed. This paper contributes to the ongoing shift in governance literature toward frameworks that accommodate complexity and change, offering insights relevant to both scholars and practitioners navigating governance innovation.
Emerging Disruptive Technologies Focused Strategy: A Constraint Management Approach Pedro Água, Anacleto Correia, José Bartolomeu Applied Human Factors and Ergonomics International, 2025 Businesses across all industries are facing increasing challenges, which put their competitiveness at stake. Challenges range from disruptions driven by world conflicts and global politics to a perceived increase in socioeconomic risks. With the increased competition, businesses make a considerable effort to sustain a competitive edge in their arenas. A factor ever impacting business performance is technology—a major driver of competitiveness, accelerating innovation and new product development. All these factors together are putting pressure on business leaders and top management teams across any industry. They have to manage finite resources and funds, while at the same time dealing with tough choices on how to react to technological threats, which may affect their businesses, sometimes with catastrophic consequences, as has happened by the effect of technological change along history. At times, an apparent technological advantage may prompt business leaders to consider alternative technological paths. Such decision-makers oftentimes lack a framing and pragmatic approach to assess such potentially emerging technologies. The purpose of this paper is to suggest a strategy to deal with the danger posed by Emerging Disruptive Technologies (EDTs). It suggests businesses how to design a well-thought-out plan that will help them be more resilient and competitive when faced with the threat of possible EDTs. The methodological approach is based on causal logic and a constraints management approach. Taking the defining dimensions of EDTs (strategic, operational, tactical, technical, and organisational), the methodological approach starts by identifying and making problem symptoms visible, together with the chains of cause and effects, which typically originate and drive such symptoms. Oftentimes strategy design imply solving dilemmas and making suboptimal choices, however, by using some tools such as the Categories of Legitimate Reservation, as well as the concept of Conflict Resolution Diagram, both tools from the Theory of Constraint framework, apparent dilemmas, aka dichotomies, are broken allowing for the design of optimal solutions. The results are shown as logic trees, which help through all the strategy development stages, from problem characterisation to strategy design and planning for implementation. This paper also intends to provide academics as well as practitioners with a strategic problem solving framework, which can be further customised for any organisation or strategic situation where the threat of EDTs is a real concern. Overall, and moreover an EDT-influenced strategy is critical for supporting decisions concerning technology investment, capability development, and other strategic initiatives.
Preface Innovation Strategy and Transformation Frameworks for the Modern Enterprise, 2023
Analysis of the General Data Protection Regulation: Approach through Activity Theory Atas Da Conferencia Da Associacao Portuguesa De Sistemas De Informacao, 2021
Enterprise Architeture as circular economy infrastruture Atas Da Conferencia Da Associacao Portuguesa De Sistemas De Informacao, 2021
From information security to data protection: proposal for a reference model Atas Da Conferencia Da Associacao Portuguesa De Sistemas De Informacao, 2021
Enhancing the Correctness of BPMN Models Anacleto Correia, Fernando Brito e Abreu Sustainable Business Concepts Methodologies Tools and Applications Volumes 1 4, 2019
Integrating the Scrum Framework and Lean Six Sigma Anacleto Correia, António Gonçalves, Sanjay Misra Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 2019
A framework for quality measurement of BPMN process models Anacleto Correia, António Gonçalves, Mário Simões-Marques Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 2018
Data protection risk modeling into business process analysis António Gonçalves, Anacleto Correia, Luis Cavique Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 2017
Enterprise control an approached based on ? Theory INESC-ID Lisboa, Portugal, Antonio Goncalves, Anacleto Correia, CINAV Almada, Portugal, Marielba Zacarias, et al. Atas Da Conferencia Da Associacao Portuguesa De Sistemas De Informacao, 2017
Knowledge management in geospatial information context. A preliminary statistical approach - A case study Wseas Transactions on Business and Economics, 2017
A reference information model to information security service INESC-ID Lisboa, Portugal, Antonio Goncalves, Anacleto Correia, CINAV Almada, Portugal, Marielba Zacarias, et al. Atas Da Conferencia Da Associacao Portuguesa De Sistemas De Informacao, 2017
Analyzing the performance of a GPS device Wseas Transactions on Environment and Development, 2017
Enhancing the correctness of BPMN models Anacleto Correia, Fernando Brito e Abreu Improving Organizational Effectiveness with Enterprise Information Systems, 2015
Model-driven service level management Anacleto Correia, Fernando Brito e Abreu Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 2010
Integrating IT service management within the enterprise architecture Anacleto Correia, Fernando Brito e Abreu 4th International Conference on Software Engineering Advances Icsea 2009 Includes Sedes 2009 Simposio Para Estudantes De Doutoramento Em Engenharia De Software, 2009
RECENT SCHOLAR PUBLICATIONS
XAI-Compliance-by-Design: A Modular Framework for GDPR-and AI Act-Aligned Decision Transparency in High-Risk AI Systems A Goncalves, A Correia Journal of Cybersecurity and Privacy 6 (2), 43 , 2026 2026 Citations: 1
Balancing Innovation and Responsibility in AI A Correia, A Gonçalves, P Água Proceedings of 19th Iberian Conference on Information Systems and … , 2026 2026
Operationally Audit-Ready Dual-Flow Compliance Pipelines for Conformance Matrices: An Ontology-Based Metamodel with GDPR and EU AI Act Instantiation A Goncalves, A Correia Preprints , 2026 2026 Citations: 1
ARTIFICIAL INTELLIGENCE IN ACTIVE LEARNING: TRANSFORMING STUDENT INTERACTION AND ASSESSMENT A Correia, P Água, A Gonçalves INTED2026 Proceedings, 0862 , 2026 2026
FROM PASSIVE TO ACTIVE: AI-POWERED GAMIFICATION STRATEGIES FOR MODERN EDUCATIONAL PRACTICES A Correia, P Água, A Gonçalves INTED2026 Proceedings, 0861 , 2026 2026
FROM GDPR RECORDS OF PROCESSING TO IMPLEMENTABLE CONTROLS FOR AI IN HIGHER EDUCATION: AN ORGANIZATIONAL AND TECHNICAL PERSPECTIVE A Goncalves, A Correia, P Água INTED2026 Proceedings, 1949 , 2026 2026
DESIGNING GDPR-COMPLIANT EXPLAINABLE AI FOR STUDENT ASSESSMENT: FROM LEGAL PRINCIPLES TO IMPLEMENTABLE CONTROLS A Goncalves, A Correia, P Água INTED2026 Proceedings, 1948 , 2026 2026
THE ROLE OF ROLE PLAYS AS AN ACTIVE TEACHING METHODOLOGY. IS IT STILL RELEVANT IN THE AI AGE? P Agua, A Correia, M Silva, I Soares, A Frias INTED2026 Proceedings, 0163 , 2026 2026
THE CATEGORIES OF LEGITIMATE RESERVATION: A CONSTRAINT-ROOTED, LOGIC-BASED ALTERNATIVE TO RESEARCH VALIDATION OF CAUSALITY P Agua, M Silva, I Soares, A Frias, A Correia INTED2026 Proceedings, 0729 , 2026 2026
Engineering Explainable AI Systems for GDPR-Aligned Decision Transparency: A Modular Framework for Continuous Compliance A Goncalves, A Correia Journal of Cybersecurity and Privacy 6 (1), 7 , 2025 2025 Citations: 3
The Technical–Regulatory Correspondence Matrix: A Practical Development Framework for Building GDPR-and AI Act-Compliant High-Risk AI Systems A Goncalves, A Correia Preprints , 2025 2025
THE IMPACT OF CULTURAL DIVERSITY ON ACADEMIC COUNCILS AND COMMITTEES: TOWARDS A COMPREHENSIVE APPROACH P Agua, A Frias, A Correia, M Silva ICERI2025 Proceedings, 606-613 , 2025 2025
O QUE COMER NA GRAVIDEZ: PRINCIPAIS NECESSIDADES NUTRICIONAIS A Correia, E Cardeira, A Frias SAÚDE DA GRÁVIDA: MANUAL DE CUIDADOS ESPECIALIZADO 1, 118-133 , 2025 2025
Applying Markov Chains in Data Quality Management for GDPR Compliance: A New Perspective A Gonçalves, A Correia Procedia Computer Science 256, 292-299 , 2025 2025
Balancing Innovation and Responsibility in AI: A Roadmap for Developing a Framework for the EU AI Act A Correia, A Gonçalves, P Água Iberian Conference on Information Systems and Technologies, 462-473 , 2024 2024 Citations: 2
The OECD-Inspired ORM Blueprint for Personal Data Security A Goncalves, A Correia Iberian Conference on Information Systems and Technologies, 35-43 , 2024 2024
From Precision to Protection: Integrating Data Quality and GDPR Practices A Goncalves, A Correia Iberian Conference on Information Systems and Technologies, 55-62 , 2024 2024
The downside of board diversity: landscapes and challenges P Agua, A Correia Stankeviciute, ˇ Z., Kostyuk, A., Venuti, M. and Ulrich, P.(Ed. s … , 2024 2024 Citations: 1
Building Resilience and Competitiveness with Data Quality and GDPR Adherence A Goncalves, A Correia World Journal of Information Systems 1 (1), 11-18 , 2024 2024
OECD-Driven Operational Risk Management for Personal Data Safeguarding A Goncalves, A Correia World Journal of Information Systems 1 (1), 1-10 , 2024 2024
MOST CITED SCHOLAR PUBLICATIONS
Adding preciseness to BPMN models A Correia, FB e Abreu Procedia Technology 5, 407-417 , 2012 2012 Citations: 39
Integrating the scrum framework and lean six sigma A Correia, A Gonçalves, S Misra International Conference on Computational Science and Its Applications, 136-149 , 2019 2019 Citations: 25
Knowledge management in the development of an intelligent system to support emergency response A Correia, I Severino, IL Nunes, M Simões-Marques International Conference on Applied Human Factors and Ergonomics, 109-120 , 2017 2017 Citations: 23
An Ontology for IT Services. JM Freitas, A Correia, FB e Abreu JISBD, 367-372 , 2008 2008 Citations: 23
Integrating it service management within the enterprise architecture A Correia, FB e Abreu 2009 Fourth International Conference on Software Engineering Advances, 553-558 , 2009 2009 Citations: 22
Adaptive learning design: integrating AI to personalize critical thinking education A Correia, P Água, V Lobo EDULEARN24 Proceedings, 7733-7741 , 2024 2024 Citations: 19
Empirical studies in user experience of an emergency management system M Simões-Marques, A Correia, MF Teodoro, IL Nunes International Conference on Applied Human Factors and Ergonomics, 97-108 , 2017 2017 Citations: 19
SLALOM: a language for Service Level Agreement specification and monitoring A Correia, F Brito Proceedings on the 3th INForum. Universidade de Coimbra , 2011 2011 Citations: 18
Innovation governance in practice: A business policy approach PB Água, A Correia Corporate Board: Role, Duties and Composition 16 (2), 54-64 , 2020 2020 Citations: 17
Modeling services in information systems architectures A Correia, MM Silva Digital Enterprise Technology: Perspectives and Future Challenges, 157-164 , 2007 2007 Citations: 17
Defining and observing the compliance of service level agreements: A model driven approach A Correia, FB e Abreu 2010 Seventh International Conference on the Quality of Information and … , 2010 2010 Citations: 15
Guia técnico: sector da pedra natural JM Figueiredo, F Rodrigues, A Correia, MT Chambino Lisboa: INETI , 2001 2001 Citations: 15
Harnessing artificial intelligence for enhanced environmental, social, and governance reporting: A new paradigm in corporate transparency A Correia, PB Água Corporate governance: Research and advanced practices, 92-98 , 2024 2024 Citations: 13
Metaverse and digital twins: Contributions, opportunities and challenges to a sustainable use of the ocean M Simões-Marques, P Água, A Frias, A Correia Human Factors and Systems Interaction 84 (84), 1-14 , 2023 2023 Citations: 13
Enhancing the correctness of BPMN models A Correia, FB e Abreu Sustainable Business: Concepts, Methodologies, Tools, and Applications, 373-394 , 2020 2020 Citations: 13
The impact of cultural diversity on organizational and operational risk levels P Água, A Frias, A Correia, M Simões-Marques Human Factors and Systems Interaction 84, 84 , 2023 2023 Citations: 12
Handbook of research on decision-making capabilities improvement with serious games A Correia, M Simões-Marques IGI Global , 2023 2023 Citations: 11
Artificial intelligence to enhance corporate governance: A conceptual framework A Correia, P Água Corporate Board: Role, Duties and Composition 19 (1), 29-35 , 2023 2023 Citations: 11
Logistics future trends and their transformative impact A Frias, M Simões-Marques, P Água, A Correia Human Factors and Systems Interaction 84, 217-226 , 2023 2023 Citations: 10
A corporate governance perspective on IT governance A Correia, PB Água Corporate Governance: A search for emerging trends in the pandemic times, S … , 2021 2021 Citations: 10
