{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:EMSZVE4EJOVJY57U4SN6UMWED5","short_pith_number":"pith:EMSZVE4E","canonical_record":{"source":{"id":"2604.16361","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.SE","submitted_at":"2026-03-19T15:07:45Z","cross_cats_sorted":[],"title_canon_sha256":"af459dfeb16aa7ddf5cbea9e4ee7f0432c502588e4fb5c7f49b7614039bf408d","abstract_canon_sha256":"cb2ef2a36e051e11281be9b61b8f4fc549a2328eb696f7ea943ea5934e8c70a2"},"schema_version":"1.0"},"canonical_sha256":"23259a93844baa9c77f4e49bea32c41f54330fa26d223a518b3f8332bce90058","source":{"kind":"arxiv","id":"2604.16361","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2604.16361","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"arxiv_version","alias_value":"2604.16361v1","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2604.16361","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"pith_short_12","alias_value":"EMSZVE4EJOVJ","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"pith_short_16","alias_value":"EMSZVE4EJOVJY57U","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"pith_short_8","alias_value":"EMSZVE4E","created_at":"2026-05-28T02:04:47Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:EMSZVE4EJOVJY57U4SN6UMWED5","target":"record","payload":{"canonical_record":{"source":{"id":"2604.16361","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.SE","submitted_at":"2026-03-19T15:07:45Z","cross_cats_sorted":[],"title_canon_sha256":"af459dfeb16aa7ddf5cbea9e4ee7f0432c502588e4fb5c7f49b7614039bf408d","abstract_canon_sha256":"cb2ef2a36e051e11281be9b61b8f4fc549a2328eb696f7ea943ea5934e8c70a2"},"schema_version":"1.0"},"canonical_sha256":"23259a93844baa9c77f4e49bea32c41f54330fa26d223a518b3f8332bce90058","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-28T02:04:47.931337Z","signature_b64":"Kr+t/ipD2FPF9IolDY+U6bVi/uR7qlNHtJimikfyzCFxeDGdK80dk6SrD3ITgV02MIVBU7E/dmiyDE9TmkKDCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"23259a93844baa9c77f4e49bea32c41f54330fa26d223a518b3f8332bce90058","last_reissued_at":"2026-05-28T02:04:47.930787Z","signature_status":"signed_v1","first_computed_at":"2026-05-28T02:04:47.930787Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2604.16361","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-28T02:04:47Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"7YmjVrOWbRNNtMRjRSvvmqs2ay9/nhab5i7xKYLYSws23wYPd+Vi1mRkwYzjzkybXyOI7CJbuohF+BZ9oR9pAw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-10T16:50:33.620607Z"},"content_sha256":"bb30240e91d8136ddfb0c66e9b6b1cad84ee2c2104e083763f7a5ba233c23fd7","schema_version":"1.0","event_id":"sha256:bb30240e91d8136ddfb0c66e9b6b1cad84ee2c2104e083763f7a5ba233c23fd7"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:EMSZVE4EJOVJY57U4SN6UMWED5","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Modelling GDPR-based Privacy Requirements with Software Engineering Diagrams: A Systematic Literature Review","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","headline":"A review of 18 studies shows current software engineering diagrams capture only partial GDPR privacy requirements and lack integration across the development lifecycle.","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Anna Philippou, Evangelia Vanezi, Georgia M. Kapitsaki","submitted_at":"2026-03-19T15:07:45Z","abstract_excerpt":"The application of the General Data Protection Regulation (GDPR) has significantly affected privacy requirements elicitation, modelling, and verification in Software Engineering (SE). One of the affected areas is requirements visualisation through modelling diagrams, which plays a crucial role in ensuring privacy compliance, as functional system requirements should be integrated with GDPR-based privacy requirements. We present a systematic literature review on how SE diagrams have been employed to capture and integrate GDPR-based privacy requirements into software system design. The study aims"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"The findings highlight the need for inter-diagram integration, full lifecycle traceability mechanisms, tool support, and automated compliance checking.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That the 18 primary studies selected via the search protocol provide a comprehensive and unbiased representation of all relevant research on modelling GDPR-based privacy requirements with SE diagrams.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"A systematic literature review of 18 studies from 2017-2025 categorizes SE diagrams used for GDPR privacy requirements and highlights gaps in integration, traceability, tool support, and automated compliance checking.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"A review of 18 studies shows current software engineering diagrams capture only partial GDPR privacy requirements and lack integration across the development lifecycle.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"4ef38ec398de132798032e2e7acce559447258362dada4fb810e0846b056382c"},"source":{"id":"2604.16361","kind":"arxiv","version":1},"verdict":{"id":"be2f7796-b02d-4836-b626-1b64b3954c2b","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-15T08:23:26.068209Z","strongest_claim":"The findings highlight the need for inter-diagram integration, full lifecycle traceability mechanisms, tool support, and automated compliance checking.","one_line_summary":"A systematic literature review of 18 studies from 2017-2025 categorizes SE diagrams used for GDPR privacy requirements and highlights gaps in integration, traceability, tool support, and automated compliance checking.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That the 18 primary studies selected via the search protocol provide a comprehensive and unbiased representation of all relevant research on modelling GDPR-based privacy requirements with SE diagrams.","pith_extraction_headline":"A review of 18 studies shows current software engineering diagrams capture only partial GDPR privacy requirements and lack integration across the development lifecycle."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2604.16361/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":3,"sample":[{"doi":"","year":2019,"title":"is this ohk´ ey?","work_id":"d92a3b0b-6baf-4ebd-ae89-4376aa4eaccd","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2021,"title":"V anezi, E., V asileiou, A., and Papadopoulos, G","work_id":"8382defe-a08e-4123-955a-6c3e6f42bec6","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2019,"title":"Springer. V eseli, F., Olvera, J. S., Pulls, T., and Rannenberg, K. (2019). Engineering privacy by design: lessons from the design and implementation of an identity wallet platform. In Proceedings of ","work_id":"82b0225e-7f15-4993-9ba8-bc648143ef20","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":3,"snapshot_sha256":"5c7d718a4a4c14bb838382d218aaf4c0dd27919237faa78820ba2521e77540fa","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"2368704e3e4412647bb966ec8b47d9bfdc531e86c09c30ff4271b94948adcaf1"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":"be2f7796-b02d-4836-b626-1b64b3954c2b"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-28T02:04:47Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"FuwVZWv8MJ69J6gFIQItD0991PhWe2twANAH9MuhaC6lxUpTwCfFZoXkVeqRJXhFghFvVpYd9c9GiVioZaYeDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-10T16:50:33.621271Z"},"content_sha256":"317331b01eadec79f16f8a926c09453f8eae7093842ba39a51bd9601f067462d","schema_version":"1.0","event_id":"sha256:317331b01eadec79f16f8a926c09453f8eae7093842ba39a51bd9601f067462d"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/EMSZVE4EJOVJY57U4SN6UMWED5/bundle.json","state_url":"https://pith.science/pith/EMSZVE4EJOVJY57U4SN6UMWED5/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/EMSZVE4EJOVJY57U4SN6UMWED5/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-10T16:50:33Z","links":{"resolver":"https://pith.science/pith/EMSZVE4EJOVJY57U4SN6UMWED5","bundle":"https://pith.science/pith/EMSZVE4EJOVJY57U4SN6UMWED5/bundle.json","state":"https://pith.science/pith/EMSZVE4EJOVJY57U4SN6UMWED5/state.json","well_known_bundle":"https://pith.science/.well-known/pith/EMSZVE4EJOVJY57U4SN6UMWED5/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:EMSZVE4EJOVJY57U4SN6UMWED5","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"cb2ef2a36e051e11281be9b61b8f4fc549a2328eb696f7ea943ea5934e8c70a2","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.SE","submitted_at":"2026-03-19T15:07:45Z","title_canon_sha256":"af459dfeb16aa7ddf5cbea9e4ee7f0432c502588e4fb5c7f49b7614039bf408d"},"schema_version":"1.0","source":{"id":"2604.16361","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2604.16361","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"arxiv_version","alias_value":"2604.16361v1","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2604.16361","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"pith_short_12","alias_value":"EMSZVE4EJOVJ","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"pith_short_16","alias_value":"EMSZVE4EJOVJY57U","created_at":"2026-05-28T02:04:47Z"},{"alias_kind":"pith_short_8","alias_value":"EMSZVE4E","created_at":"2026-05-28T02:04:47Z"}],"graph_snapshots":[{"event_id":"sha256:317331b01eadec79f16f8a926c09453f8eae7093842ba39a51bd9601f067462d","target":"graph","created_at":"2026-05-28T02:04:47Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"The findings highlight the need for inter-diagram integration, full lifecycle traceability mechanisms, tool support, and automated compliance checking."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"That the 18 primary studies selected via the search protocol provide a comprehensive and unbiased representation of all relevant research on modelling GDPR-based privacy requirements with SE diagrams."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"A systematic literature review of 18 studies from 2017-2025 categorizes SE diagrams used for GDPR privacy requirements and highlights gaps in integration, traceability, tool support, and automated compliance checking."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"A review of 18 studies shows current software engineering diagrams capture only partial GDPR privacy requirements and lack integration across the development lifecycle."}],"snapshot_sha256":"4ef38ec398de132798032e2e7acce559447258362dada4fb810e0846b056382c"},"formal_canon":{"evidence_count":2,"snapshot_sha256":"2368704e3e4412647bb966ec8b47d9bfdc531e86c09c30ff4271b94948adcaf1"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2604.16361/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"The application of the General Data Protection Regulation (GDPR) has significantly affected privacy requirements elicitation, modelling, and verification in Software Engineering (SE). One of the affected areas is requirements visualisation through modelling diagrams, which plays a crucial role in ensuring privacy compliance, as functional system requirements should be integrated with GDPR-based privacy requirements. We present a systematic literature review on how SE diagrams have been employed to capture and integrate GDPR-based privacy requirements into software system design. The study aims","authors_text":"Anna Philippou, Evangelia Vanezi, Georgia M. Kapitsaki","cross_cats":[],"headline":"A review of 18 studies shows current software engineering diagrams capture only partial GDPR privacy requirements and lack integration across the development lifecycle.","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.SE","submitted_at":"2026-03-19T15:07:45Z","title":"Modelling GDPR-based Privacy Requirements with Software Engineering Diagrams: A Systematic Literature Review"},"references":{"count":3,"internal_anchors":0,"resolved_work":3,"sample":[{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":1,"title":"is this ohk´ ey?","work_id":"d92a3b0b-6baf-4ebd-ae89-4376aa4eaccd","year":2019},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":2,"title":"V anezi, E., V asileiou, A., and Papadopoulos, G","work_id":"8382defe-a08e-4123-955a-6c3e6f42bec6","year":2021},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":3,"title":"Springer. V eseli, F., Olvera, J. S., Pulls, T., and Rannenberg, K. (2019). Engineering privacy by design: lessons from the design and implementation of an identity wallet platform. In Proceedings of ","work_id":"82b0225e-7f15-4993-9ba8-bc648143ef20","year":2019}],"snapshot_sha256":"5c7d718a4a4c14bb838382d218aaf4c0dd27919237faa78820ba2521e77540fa"},"source":{"id":"2604.16361","kind":"arxiv","version":1},"verdict":{"created_at":"2026-05-15T08:23:26.068209Z","id":"be2f7796-b02d-4836-b626-1b64b3954c2b","model_set":{"reader":"grok-4.3"},"one_line_summary":"A systematic literature review of 18 studies from 2017-2025 categorizes SE diagrams used for GDPR privacy requirements and highlights gaps in integration, traceability, tool support, and automated compliance checking.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"A review of 18 studies shows current software engineering diagrams capture only partial GDPR privacy requirements and lack integration across the development lifecycle.","strongest_claim":"The findings highlight the need for inter-diagram integration, full lifecycle traceability mechanisms, tool support, and automated compliance checking.","weakest_assumption":"That the 18 primary studies selected via the search protocol provide a comprehensive and unbiased representation of all relevant research on modelling GDPR-based privacy requirements with SE diagrams."}},"verdict_id":"be2f7796-b02d-4836-b626-1b64b3954c2b"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:bb30240e91d8136ddfb0c66e9b6b1cad84ee2c2104e083763f7a5ba233c23fd7","target":"record","created_at":"2026-05-28T02:04:47Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"cb2ef2a36e051e11281be9b61b8f4fc549a2328eb696f7ea943ea5934e8c70a2","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.SE","submitted_at":"2026-03-19T15:07:45Z","title_canon_sha256":"af459dfeb16aa7ddf5cbea9e4ee7f0432c502588e4fb5c7f49b7614039bf408d"},"schema_version":"1.0","source":{"id":"2604.16361","kind":"arxiv","version":1}},"canonical_sha256":"23259a93844baa9c77f4e49bea32c41f54330fa26d223a518b3f8332bce90058","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"23259a93844baa9c77f4e49bea32c41f54330fa26d223a518b3f8332bce90058","first_computed_at":"2026-05-28T02:04:47.930787Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-28T02:04:47.930787Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Kr+t/ipD2FPF9IolDY+U6bVi/uR7qlNHtJimikfyzCFxeDGdK80dk6SrD3ITgV02MIVBU7E/dmiyDE9TmkKDCg==","signature_status":"signed_v1","signed_at":"2026-05-28T02:04:47.931337Z","signed_message":"canonical_sha256_bytes"},"source_id":"2604.16361","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:bb30240e91d8136ddfb0c66e9b6b1cad84ee2c2104e083763f7a5ba233c23fd7","sha256:317331b01eadec79f16f8a926c09453f8eae7093842ba39a51bd9601f067462d"],"state_sha256":"1c971c27441aa0700c22819222ff6928c3c168ef5188604a0b662e27e4e3f34b"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"2+ul3d4+XY8OzlHc4OpbCT1e5047uEEwsrbVMqrrb22d3dAlFJx66dx4z9iKvKsd/vO1/vlmS8SbWtStExFxDg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-10T16:50:33.624854Z","bundle_sha256":"0bea18bd5cb75833ea63cc1bc28db3242b73565fe1e04801834904e27441e510"}}