{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T15:31:46Z","timestamp":1772551906286,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T00:00:00Z","timestamp":1772064000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Greek National Recovery and Resilience Plan \u201cGreece 2.0\u201d"},{"name":"European Union\u2014NextGenerationEU","award":["\u03a5P3TA-0559562"],"award-info":[{"award-number":["\u03a5P3TA-0559562"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Software"],"abstract":"<jats:p>Current research in consent management techniques focuses on isolated aspects of data security, privacy, or auditability, but important issues like (i) dynamically integrating regulatory updates into form generation, (ii) support in content generation with verifiable audit trails, and (iii) tools that make compliance reasoning transparent for non-legal users are not yet addressed. This paper introduces CONSENT, an architecture that integrates AI-based consent reasoning using Large Language Models (LLMs) for automated consent-form drafting and compliance evaluation, alongside blockchain technology for secure and auditable storage. The architecture builds on prior work to address the aforementioned issues by introducing three supporting mechanisms: (a) Specialized AI models coordinated through expert routing which coordinate subtasks such as automation in form generation and regulatory compliance, (b) Retrieval-Augmented Generation (RAG) that supports the integration of regulatory updates into forms, and (c) Explainable AI (XAI) for the reasoning behind form content and compliance assessments. CONSENT architecture is evaluated through 250 test cases and a pilot case study for clinical trial consent management involving 20 engineers and attorneys, who evaluated the prototype on form quality (i.e., coherence, conciseness, factuality, fluency, and relevance) as well as time and effort efficiency. Results show that CONSENT substantially reduces the manual effort in consent-form creation while providing transparent, audit-ready compliance assessments, highlighting its potential for dynamic, user-centric consent management.<\/jats:p>","DOI":"10.3390\/software5010010","type":"journal-article","created":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T14:51:29Z","timestamp":1772117489000},"page":"10","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["CONSENT: A Software Architecture for Dynamic and Secure Consent Management"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6522-7984","authenticated-orcid":false,"given":"Christina","family":"Zoi","sequence":"first","affiliation":[{"name":"Department of Electrical & Computer Engineering, University of Western Macedonia, 50 150 Kozani, Greece"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2159-1332","authenticated-orcid":false,"given":"Ioannis","family":"Zozas","sequence":"additional","affiliation":[{"name":"Department of Electrical & Computer Engineering, University of Western Macedonia, 50 150 Kozani, Greece"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4248-3752","authenticated-orcid":false,"given":"Stamatia","family":"Bibi","sequence":"additional","affiliation":[{"name":"Department of Electrical & Computer Engineering, University of Western Macedonia, 50 150 Kozani, Greece"}]}],"member":"1968","published-online":{"date-parts":[[2026,2,26]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"287","DOI":"10.21552\/EDPL\/2016\/3\/4","article-title":"How the GDPR will change the world","volume":"2","author":"Albrecht","year":"2016","journal-title":"Eur. Data Prot. Law Rev."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Teare, H., Kaye, J., Beck, S., Bentzen, H.B., Caenazzo, L., Collett, C., D\u2019Abramo, F., and Felzmann, H. (2017). Dynamic consent: A potential solution to some of the challenges of modern biomedical research. BMC Med. Ethics, 18.","DOI":"10.1186\/s12910-016-0162-9"},{"key":"ref_3","unstructured":"Scott, A.S., Goldsmith, M., and Teare, H. (2018). Wider research applications of dynamic consent. IFIP International Summer School on Privacy and Identity Management, Springer."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Xu, Z., Jiao, T., Wang, Z., Wen, S., Chen, S., and Xiang, Y. (2021). AC2M: An automated consent management model for blockchain financial services platform. Proceedings of the 2021 IEEE International Conference on Smart Data Services (SMDS), Chicago, IL, USA, 5\u201310 September 2021, IEEE.","DOI":"10.1109\/SMDS53860.2021.00015"},{"key":"ref_5","unstructured":"Schramm, J., and Eichinger, T. (2024, January 20\u201321). Towards building GDPR-friendly consent management systems on top of self-sovereign identity ecosystems. Proceedings of the Open Identity Summit 2024, Porto, Portugal."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Merlec, M., Lee, Y., Hong, S., and In, H. (2021). A smart contract-based dynamic consent management system for personal data usage under GDPR. Sensors, 21.","DOI":"10.3390\/s21237994"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Voigt, P., and Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A Practical Guide, Springer. [1st ed.].","DOI":"10.1007\/978-3-319-57959-7"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Kakarlapudi, P., and Mahmoud, Q. (2021). A systematic review of blockchain for consent management. Healthcare, 9.","DOI":"10.3390\/healthcare9020137"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Khalid, M., and Ahmed, M. (2023). Blockchain-based dynamic consent management systems for enhancing quality of life for people with disabilities. Proceedings of the 2023 IEEE International Smart Cities Conference (ISC2), Bucharest, Romania, 24\u201327 September 2023, IEEE.","DOI":"10.1109\/ISC257844.2023.10293545"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Khalid, M., Ahmed, M., and Kim, J. (2023). Enhancing data protection in dynamic consent management systems: Formalizing privacy and security definitions with differential privacy, decentralization, and zero-knowledge proofs. Sensors, 23.","DOI":"10.3390\/s23177604"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Mehmood, F., Khalid, U., and Karim, S. (2023). Consent management system based on user data security and privacy using Hyperledger Fabric blockchain. Proceedings of the 6th International Conference on Information Technologies and Electrical Engineering, Changde, China, 3\u20135 November 2023, ACM.","DOI":"10.1145\/3640115.3640188"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"2470","DOI":"10.18421\/TEM124-59","article-title":"Blockchain-based auxiliary systems for pseudonymization and consent management","volume":"12","author":"Lapwattanaworakul","year":"2023","journal-title":"TEM J."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ayappane, B., Vaidyanathan, R., Srinivasa, S., Upadhyaya, S., and Vivek, S. (2024). Consent service architecture for policy-based consent management in data trusts. Proceedings of the 7th Joint International Conference on Data Science & Management of Data (11th ACM IKDD CODS and 29th COMAD), Bangalore, India, 4\u20137 January 2024, ACM.","DOI":"10.1145\/3632410.3632415"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Agbo, C., and Mahmoud, Q. (2020). Design and implementation of a blockchain-based e-health consent management framework. Proceedings of the 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC), Toronto, ON, Canada, 11\u201314 October 2020, IEEE.","DOI":"10.1109\/SMC42975.2020.9283203"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Filho, F., De Alcantara Batista, B., J\u00fanior, J., and De Souza, J. (2023). Heimdall: Blockchain-based consent management framework. 2023 International Conference on Information Networking (ICOIN), IEEE.","DOI":"10.1109\/ICOIN56518.2023.10048920"},{"key":"ref_16","first-page":"e24","article-title":"Blockchain for consent management in the eHealth environment: A nugget for privacy and security challenges","volume":"5","author":"Genestier","year":"2017","journal-title":"J. Int. Soc. Telemed. Ehealth"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1489","DOI":"10.1007\/s11280-021-00923-1","article-title":"CrowdMed-II: A blockchain-based framework for efficient consent management in health data sharing","volume":"25","author":"Hu","year":"2022","journal-title":"World Wide Web"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"225777","DOI":"10.1109\/ACCESS.2020.3045048","article-title":"Fully decentralized multi-party consent management for secure sharing of patient health records","volume":"8","author":"Madine","year":"2020","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1007\/978-3-030-34482-5_31","article-title":"CrowdMed: A blockchain-based approach to consent management for health data sharing","volume":"Volume 11924","author":"Chen","year":"2019","journal-title":"Smart Health"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1007\/978-3-030-60290-1_11","article-title":"Smarter smart contracts: Efficient consent management in health data sharing","volume":"Volume 12318","author":"Wang","year":"2020","journal-title":"Web and Big Data"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"265","DOI":"10.4258\/hir.2020.26.4.265","article-title":"Patient consent management by a purpose-based consent model for electronic health record based on blockchain technology","volume":"26","author":"Tith","year":"2020","journal-title":"Healthc. Inform. Res."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Varshini Naik, K., Vijaya Murari, T., and Manoj, T. (2022). A blockchain-based patient consent management technique for electronic health record sharing. Proceedings of the 2022 IEEE 7th International Conference on Recent Advances and Innovations in Engineering (ICRAIE), Mangalore, India, 1\u20133 December 2022, IEEE.","DOI":"10.1109\/ICRAIE56454.2022.10054337"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Hofman, D., Shannon, C., McManus, B., Lemieux, V., Lam, K., Assadian, S., and Ng, R. (2018). Building trust and protecting privacy: Analyzing evidentiary quality in a blockchain proof-of-concept for health research data consent management. Proceedings of the 2018 IEEE International Conference on Internet of Things, Halifax, NS, Canada, 27 July\u20133 August 2018, IEEE.","DOI":"10.1109\/Cybermatics_2018.2018.00275"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Deepthika, K., Shobana, G., Reddy, K., Kumar, B., and Upadhyay, S. (2024, January 28\u201330). Blockchain-integrated deep learning for secure health data sharing and consent management. Proceedings of the 2024 Second International Conference on Intelligent Cyber Physical Systems and Internet of Things (ICoICI), Coimbatore, India.","DOI":"10.1109\/ICoICI62503.2024.10696868"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"730","DOI":"10.3844\/jcssp.2024.730.741","article-title":"Smart patient consent management model for health information exchange based on blockchain technology","volume":"20","author":"Rohini","year":"2024","journal-title":"J. Comput. Sci."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"100419","DOI":"10.1109\/ACCESS.2024.3431292","article-title":"A blockchain-based hybrid architecture for auditable consent management","volume":"12","author":"Can","year":"2024","journal-title":"IEEE Access"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"12727","DOI":"10.1109\/ACCESS.2023.3242605","article-title":"Blockchain-based service-oriented architecture for consent management, access control, and auditing","volume":"11","year":"2023","journal-title":"IEEE Access"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Ascue, O., Valle, O., and Santisteban, J. (2025). BLOCKSAGE: Blockchain-based cloud architecture for sensitive data management in SMEs. Sustainability, 17.","DOI":"10.3390\/su17041352"},{"key":"ref_29","unstructured":"Garcia, R., Ramachandran, G., Dunnett, K., Jurdak, R., Ranieri, C., Krishnamachari, B., and Ueyama, J. (2024). A survey of blockchain-based privacy applications: An analysis of consent management and self-sovereign identity approaches. arXiv."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"108956","DOI":"10.1016\/j.compbiomed.2024.108956","article-title":"Distributed management of patient data-sharing informed consents for clinical research","volume":"180","author":"Pham","year":"2024","journal-title":"Comput. Biol. Med."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Jhanjhi, N.Z. (2025). Securing AI-based healthcare systems using blockchain technology. AI Techniques for Securing Medical and Business Practices, IGI Global.","DOI":"10.4018\/979-8-3693-8939-3"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"14","DOI":"10.22215\/timreview\/1325","article-title":"Blockchain-enabled clinical study consent management","volume":"10","author":"Jung","year":"2020","journal-title":"Technol. Innov. Manag. Rev."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1145\/3490754","article-title":"Consent verification monitoring","volume":"32","author":"Robol","year":"2023","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"ref_34","unstructured":"Bollinger, D., Kubicek, K., Cotrini, C., and Basin, D. (2022, January 10\u201312). Automating cookie consent and GDPR violation detection. Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.jss.2016.04.057","article-title":"Architecture-based regulatory compliance argumentation","volume":"119","author":"Mihaylov","year":"2016","journal-title":"J. Syst. Softw."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"100886","DOI":"10.1016\/j.jlamp.2023.100886","article-title":"A formal model for blockchain-based consent management in data sharing","volume":"134","author":"Peyrone","year":"2023","journal-title":"J. Log. Algebr. Methods Program."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"142524","DOI":"10.1109\/ACCESS.2024.3471773","article-title":"A formal model for integrating consent management into MLOps","volume":"12","author":"Peyrone","year":"2024","journal-title":"IEEE Access"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Porcelli, L., Mastroianni, M., Ficco, M., and Palmieri, F. (2024). A user-centered privacy policy management system for automatic consent on cookie banners. Computers, 13.","DOI":"10.3390\/computers13020043"},{"key":"ref_39","unstructured":"(2008). Document Management\u2014Portable document format\u2014Part 1: PDF 1.7 (Standard No. ISO 32000-1:2008)."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Park, J.H., and Park, J.H. (2017). Blockchain security in cloud computing: Use cases, challenges, and solutions. Symmetry, 9.","DOI":"10.3390\/sym9080164"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Runeson, P., H\u00f6st, M., Rainer, A., and Regnell, B. (2012). Case Study Research in Software Engineering: Guidelines and Examples, John Wiley & Sons.","DOI":"10.1002\/9781118181034"}],"container-title":["Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2674-113X\/5\/1\/10\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T12:10:32Z","timestamp":1772539832000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2674-113X\/5\/1\/10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,26]]},"references-count":41,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,3]]}},"alternative-id":["software5010010"],"URL":"https:\/\/doi.org\/10.3390\/software5010010","relation":{},"ISSN":["2674-113X"],"issn-type":[{"value":"2674-113X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,26]]}}}