{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T17:59:39Z","timestamp":1767203979763,"version":"3.48.0"},"reference-count":17,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T00:00:00Z","timestamp":1767052800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Explainability is increasingly expected to support not only interpretation, but also accountability, human oversight, and auditability in high-risk Artificial Intelligence (AI) systems. However, in many deployments, explanations are generated as isolated technical reports, remaining weakly connected to decision provenance, governance actions, audit logs, and regulatory documentation. This short communication introduces XAI-Compliance-by-Design, a modular engineering framework for explainable artificial intelligence (XAI) systems that routes explainability outputs and related technical traces into structured, audit-ready evidence throughout the AI lifecycle, designed to align with key obligations under the European Union Artificial Intelligence Act (EU AI Act) and the General Data Protection Regulation (GDPR). The framework specifies (i) a modular architecture that separates technical evidence generation from governance consumption through explicit interface points for emitting, storing, and querying evidence, and (ii) a Technical\u2013Regulatory Correspondence Matrix\u2014a mapping table linking regulatory anchors to concrete evidence artefacts and governance triggers. As this communication does not report measured results, it also introduces an Evidence-by-Design evaluation protocol defining measurable indicators, baseline configurations, and required artefacts to enable reproducible empirical validation in future work. Overall, the contribution is a practical blueprint that clarifies what evidence must be produced, where it is generated in the pipeline, and how it supports continuous compliance and auditability efforts without relying on post hoc explanations.<\/jats:p>","DOI":"10.3390\/jcp6010007","type":"journal-article","created":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T17:24:58Z","timestamp":1767201898000},"page":"7","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Engineering Explainable AI Systems for GDPR-Aligned Decision Transparency: A Modular Framework for Continuous Compliance"],"prefix":"10.3390","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6091-2624","authenticated-orcid":false,"given":"Antonio","family":"Goncalves","sequence":"first","affiliation":[{"name":"Centro de Investiga\u00e7\u00e3o Naval (CINAV), Military University Institute (IUM) (Portuguese Naval Academy), 2810-001 Almada, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7248-4310","authenticated-orcid":false,"given":"Anacleto","family":"Correia","sequence":"additional","affiliation":[{"name":"Centro de Investiga\u00e7\u00e3o Naval (CINAV), Military University Institute (IUM) (Portuguese Naval Academy), 2810-001 Almada, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,30]]},"reference":[{"key":"ref_1","unstructured":"European Parliament and Council of the European Union (2025, December 12). Regulation (EU) 2016\/679 (General Data Protection Regulation). Available online: https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj."},{"key":"ref_2","unstructured":"European Parliament and Council of the European Union (2025, December 12). Regulation (EU) 2024\/1689\u2014Artificial Intelligence Act. Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:32024R1689."},{"key":"ref_3","unstructured":"(2023). Artificial Intelligence Management System. Standard No. ISO\/IEC 42001:2023. Available online: https:\/\/www.iso.org\/standard\/81230.html."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Thomaidou, A., and Limniotis, K. (2025). Navigating Through Human Rights in AI: Exploring the Interplay Between GDPR and Fundamental Rights Impact Assessment. J. Cybersecur. Priv., 5.","DOI":"10.3390\/jcp5010007"},{"key":"ref_5","first-page":"126","article-title":"Metrics, Explainability and the European AI Act Proposal","volume":"5","author":"Sovrano","year":"2022","journal-title":"J"},{"key":"ref_6","unstructured":"(2023). Artificial Intelligence\u2014Risk Management (Standard No. ISO\/IEC 23894:2023)."},{"key":"ref_7","unstructured":"National Institute of Standards and Technology (2025, December 12). Artificial Intelligence Risk Management Framework (AI RMF 1.0), Available online: https:\/\/www.nist.gov\/itl\/ai-risk-management-framework."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Ahangar, M.N., Jalali, S.M.J., and Dastjerdi, A.V. (2025). AI Trustworthiness in Manufacturing: Challenges, Toolkits and Best Practices. Sensors, 25.","DOI":"10.3390\/s25144357"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Linardatos, P., Papastefanopoulos, V., and Kotsiantis, S. (2021). Explainable AI: A Review of Machine Learning Interpretability Methods. Entropy, 23.","DOI":"10.3390\/e23010018"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Antoniadi, A.M., Du, Y., Guendouz, Y., Wei, L., Mazo, C., Becker, B.A., and Mooney, C. (2021). Current Challenges and Future Opportunities for XAI in Machine Learning-Based Clinical Decision Support Systems: A Systematic Review. Appl. Sci., 11.","DOI":"10.3390\/app11115088"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Feretzakis, G., Vagena, E., Kalodanis, K., Peristera, P., Kalles, D., and Anastasiou, A. (2025). GDPR and Large Language Models: Technical and Legal Obstacles. Future Internet, 17.","DOI":"10.3390\/fi17040151"},{"key":"ref_12","first-page":"93:1","article-title":"A Survey of Methods for Explaining Black Box Models","volume":"51","author":"Guidotti","year":"2018","journal-title":"ACM Comput. Surv."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ranaldi, L. (2025). Survey on the Role of Mechanistic Interpretability in Generative AI. Big Data Cogn. Comput., 9.","DOI":"10.3390\/bdcc9080193"},{"key":"ref_14","unstructured":"MLflow (2025, December 12). MLflow Documentation: Model Registry Tutorial. Available online: https:\/\/mlflow.org\/docs\/3.6.0\/ml\/model-registry\/tutorial\/."},{"key":"ref_15","unstructured":"Kubeflow (2025, December 12). Kubeflow Pipelines: Getting Started. Available online: https:\/\/www.kubeflow.org\/docs\/components\/pipelines\/getting-started\/."},{"key":"ref_16","unstructured":"European Commission (2025, December 12). Simpler EU Digital Rules and New Digital Wallets to Save Time and Money for Businesses and Citizens. Available online: https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_25_2718."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Lendvai, G.F., and Gosztonyi, G. (2025). Algorithmic Bias as a Core Legal Dilemma in the Age of Artificial Intelligence: Conceptual Basis and the Current State of Regulation. Laws, 14.","DOI":"10.3390\/laws14030041"}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/1\/7\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T17:54:59Z","timestamp":1767203699000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/1\/7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,30]]},"references-count":17,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["jcp6010007"],"URL":"https:\/\/doi.org\/10.3390\/jcp6010007","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,30]]}}}