KIRA — Künstliche Intelligenz für risikoorientierte Arbeitgeberprüfungen (Artificial Intelligence for Risk-Oriented Employer Audits) — is an AI-based decision-support system developed by Deutsche Rentenversicherung Bund (DRV Bund), Germany's federal pension insurance agency, to assist auditors in conducting statutory employer audits (Betriebsprüfungen). The system represents DRV Bund's first operational deployment of artificial intelligence and was developed with funding from the Bundesministerium für Arbeit und Soziales (BMAS), the German Federal Ministry of Labour and Social Affairs.
Germany's social insurance system requires that all employers correctly calculate and remit contributions for pension, unemployment, health, and long-term care insurance on behalf of their employees. The Betriebsprüfdienst (employer audit service) of Deutsche Rentenversicherung is legally mandated to verify employer compliance, with each business subject to an audit every four years. This results in approximately 400,000 employer audits per year, conducted by roughly 1,700 audit staff. On average, auditors have less than one day per audit to review the full body of documentation for a given employer, forcing them to rely on experience-based sampling and ad hoc prioritisation of audit focus areas. The demographic transition and growing skills shortages in Germany's public sector are expected to further strain this capacity in coming years. Annual back-payment demands resulting from audits already run into the high hundreds of millions of euros, underscoring the fiscal significance of the audit function.
KIRA addresses this capacity challenge by scanning all digitally available employer data — including payroll records, contribution filings, and data submitted through the electronically supported audit process (elektronisch unterstützte Betriebsprüfung, euBP) — to identify anomalous patterns, irregularities, and outliers. The system searches for unusual contribution levels (both unusually high and unusually low), missing documentation, inconsistent payroll patterns, and other indicators that may signal errors, non-compliance, or potential fraud such as bogus self-employment (Scheinselbständigkeit). Based on these analyses, KIRA generates risk scores on a criticality scale of 1 to 10 for each employer case, ranking them by likelihood and severity of irregularity. These scores help auditors decide which cases can be processed quickly and where the time saved should be reinvested into deeper, more thorough examination. KIRA also marks the specific locations within employer documentation where anomalies have been identified, directing auditors to the most relevant sections.
The underlying model is a traditional (classical) machine learning system trained on anonymised historical data from previous employer audits, including structured employer records, contribution data, and prior audit outcomes. The 2025 ISSA TechByte appendix adds concrete implementation detail that was not present in the earlier public-facing DRV pages: DRV's stack includes Python tooling such as Kedro, PyTorch, TensorFlow, SciPy, scikit-learn, Random Forest and XGBoost, with Angular/Node.js interfaces, Oracle/SQL data infrastructure, and Apache web services. The data are anonymised before model training to comply with data protection requirements, and the TechByte notes that extensive preparatory work was required to create an anonymised database and secure the internal development environment. All data remain within the DRV pension insurance network infrastructure and do not leave this closed system, ensuring domestic data residency. The model is continuously refined based on feedback from auditors who assess the quality and relevance of KIRA's flagged anomalies, creating an iterative improvement loop.
A core design principle of KIRA is human-in-the-loop oversight. The system provides risk scores and indications, but DRV auditors retain full decision-making authority and perform all legal assessments. KIRA does not make binding determinations about employer compliance, assess penalties, or issue enforcement actions. The auditor decides whether and how to act on the information KIRA provides. This design ensures that the AI serves as a prioritisation and decision-support tool rather than an autonomous decision-maker.
DRV Bund began testing KIRA in January 2025 within the audit service in a controlled pilot phase. The full-scale, nationwide rollout is planned for 2026. According to DRV Bund, employers should not experience any direct change in the audit process as a result of KIRA's deployment — other than that audits may be completed more quickly. However, independent professional advisory firms including EY and Grant Thornton have noted that KIRA is likely to increase the detection risk for employers with compliance issues, and have recommended that employers proactively ensure their social insurance contribution processes are up to date and compliant. EY has specifically noted the heightened risk of detecting bogus self-employment arrangements.
The project received significant institutional recognition in September 2024, when DRV Bund won both the first prize and the public choice award at the 23rd eGovernment-Wettbewerb (eGovernment Competition) in the category 'Digitalisierungsschub durch KI und moderne Infrastruktur' (Digitalisation Push through AI and Modern Infrastructure). This award recognises innovative digital transformation projects in the German public sector and confirms the project's maturity and institutional support.
The TechByte appendix also clarifies the development model more precisely than the earlier public materials: technically, DRV relied heavily on an external development partner while building internal know-how, and the project required sustained coordination with IT security, data protection, staff representatives, accessibility specialists, and business-domain experts. KIRA still fits a sovereign-AI pattern in operational terms because model hosting and data remain inside the German public pension-insurance environment, but it was not a purely in-house build from the outset.
Expected and early-reported outcomes include more efficient screening of large data volumes, better targeting of audit focus areas, and potential increases in the detection of contribution irregularities. The TechByte appendix reports self-declared early KPIs that are materially stronger than the earlier public sources: approximately 50 per cent of audit cases can be deprioritised as inconspicuous, while the missed financial impact from incorrect classification is reported at less than 1 per cent. These are institutional self-reports rather than independent evaluations, so they strengthen the case for operational maturity but do not eliminate the need for external validation.