The Violation Situation Pattern: A Knowledge-Graph Pattern for Compliance Violations
For compliance engineers and knowledge-graph practitioners, VSP provides a reusable pattern to decouple violation detection from audit history, but the contribution is incremental as it adapts an existing pattern (Situation pattern) to a specific domain.
The Violation Situation Pattern (VSP) reifies compliance violations as persistent graph nodes with lifecycle and evidence links, enabling audit history as graph traversal. Extending a deontic rule from clause-presence to deadline checking improved F1 from 0.312 to 0.602 while the pattern's semantics remained unchanged.
Compliance pipelines detect violations as transient query results and do not keep the violation itself as a persistent graph object with review state, affected entities, or audit history. The Violation Situation Pattern (VSP) closes this gap. Building on the Situation pattern of Gangemi and Mika, VSP reifies each detected violation as a graph node with a rule identifier, a temporal validity interval, a lifecycle state, and evidence links to the entities involved. Lifecycle transitions are stored as immutable, PROV-O-aligned events, so audit history is a graph traversal. We instantiate VSP in a legal entity and contract lifecycle property graph and operationalize four deontic rules (V1 unauthorized signature, V2 expired mandate, V3 missing confidentiality clause, V4 missing breach-notification clause) through an FCL->Cypher->MERGE pipeline. We check V1 and V2 against BODACC corporate-officer publications, evaluate V4 on 73 GDPRhub enforcement decisions, and run a SHACL cross-formalism check on V3 and V4. The central finding is rule-body independence: extending V4 from clause-presence to deadline checking raises F1 from 0.312 to 0.602, while the pattern's identity, lifecycle, and evidence semantics stay the same. This separates a pattern contribution from a detector contribution, so detection logic can evolve without invalidating accumulated audit history.