This work proposes the Automated Compliance Engine (ACE), a novel trust and reputation system that overcomes the limitations of existing approaches relying on subjective ratings or coarse-grained compliance judgments. ACE uniquely models regulatory compliance as a dynamic, multi-dimensional trust metric by formalizing policies using obligation-centered logic and continuously auditing system logs. It quantifies compliance through a scoring mechanism that accounts for the volume, duration, breadth, and criticality of violations. Experimental evaluation on a synthetic hospital dataset demonstrates that ACE accurately detects complex violations of HIPAA and GDPR regulations. The resulting compliance scores offer significantly greater expressiveness and practical utility compared to traditional binary compliance assessments, enabling fine-grained and interpretable trust evaluations.

Trust and Reputation Management Systems (TRMSs) are critical for the modern web, yet their reliance on subjective user ratings or narrow Quality of Service (QoS) metrics lacks objective grounding. Concurrently, while regulatory frameworks like GDPR and HIPAA provide objective behavioral standards, automated compliance auditing has been limited to coarse, binary (pass/fail) outcomes. This paper bridges this research gap by operationalizing regulatory compliance as a quantitative and dynamic trust metric through our novel automated compliance engine (ACE). ACE first formalizes legal and organizational policies into a verifiable, obligation-centric logic. It then continuously audits system event logs against this logic to detect violations. The core of our contribution is a quantitative model that assesses the severity of each violation along multiple dimensions, including its Volume, Duration, Breadth, and Criticality, to compute a fine-grained, evolving compliance score. We evaluate ACE on a synthetic hospital dataset, demonstrating its ability to accurately detect a range of complex HIPAA and GDPR violations and produce a nuanced score that is significantly more expressive than traditional binary approaches. This work enables the development of more transparent, accountable, and resilient TRMSs on the Web.