Sanna Kaisa Wong Toropainen

Research Interests

• Data Sciences
• Leadership and Organization
• Philosophy
• Standards
• Technology and Education

Current Research and Scholarly Interests

Sanna Wong-Toropainen researches neuro-symbolic AI approaches to regulatory compliance and legal reasoning, focusing on how computational methods can formalize the interpretation of complex, evolving legal frameworks. Her doctoral work at the University of Helsinki Faculty of Law investigates the intersection of artificial intelligence, computational law, and EU digital regulation, with particular emphasis on the AI Act, Data Act, GDPR, and sector-specific compliance regimes.

At Stanford CodeX, she is conducting the ComplianceTwin research pilot in collaboration with five Finnish enterprises operating in highly regulated domains: Atlas Copco (industrial manufacturing), Vaisala (environmental measurement), PwC Finland (professional services), Tieto (digital services), and iLOQ (secure access systems). This applied research project examines how regulatory texts—including statutes, standards, and guidance—can be transformed into structured legal knowledge by capturing obligations, exceptions, scope, and hierarchical relationships. The research develops AI systems that support applicability analysis, obligation mapping, gap identification, and evidence generation while remaining traceable and defensible in audits and enforcement contexts.

Her technical approach combines knowledge graphs that encode legal structure with large language models for natural language understanding, creating neuro-symbolic architectures that provide explainable, auditable legal reasoning. This work addresses a fundamental challenge in AI governance: enabling AI systems to interpret regulations consistently across jurisdictions while maintaining transparency and human oversight in high-stakes decisions.
Sanna is affiliated with the University of Helsinki Legal Tech Lab and serves as a researcher in the Trust-M consortium, which explores trustworthy AI-enabled digital public infrastructures (funded by the Strategic Research Council of Finland). Her research is supported by scholarships from the Finnish Work Environment Fund and the Foundation for Economic Development.

Her work contributes to computational law, explainable AI, and legal knowledge representation, with implications for AI governance, regulatory technology, and the design of data-sharing ecosystems. She examines how EU data spaces function as legal infrastructures controlling data access and sharing, and how AI can support compliance in these complex organizational and ecosystem contexts.

Before her doctoral research, Sanna served as Data Protection Officer for Finland's Criminal Sanctions Agency, where she led GDPR compliance initiatives and conducted Data Protection Impact Assessments for AI-driven projects. She also co-founded Muna.io, a privacy-tech startup focused on personal data control and monetization, participating in EU Horizon 2020 and Nordic Innovation House programs.

She is the author of EU Data Regulations – Handbook to Five Regulations (Edita Publishing, 2025), which provides practical guidance on implementing the AI Act, Data Act, Data Governance Act, Digital Markets Act, and Digital Services Act.

Research interests: computational law, neuro-symbolic AI, regulatory compliance automation, AI governance, explainable AI, legal knowledge representation, data spaces, digital public infrastructures, GDPR, EU AI Act implementation.