Payroll Compliance

This page explains how the Payroll Engine ensures compliance with legal, regulatory, and operational requirements.

Section	Description
Statutory Requirements and Localization	Rule-based calculation, versioned limits, reporting
Audit Trail	Regulation history, granular categories, technical immutability
Transparency & Traceability	Granular splitting, period-level derivation
GDPR Compliance	Data minimization, accountability, data subject rights, retention
Database Integrity	Collation check on startup

Statutory Requirements and Localization

Compliance with local laws is the foundation of any payroll solution. The payroll engine offers a flexible system for accurately mapping country-specific logic.

Rule-based calculation: Legal formulas for taxes and social security are stored as scripts. This allows for quick adaptation to national requirements.
Versioned limits: Contribution assessment limits and tax tables are stored in a time-dependent manner. The engine automatically uses the original time's values for retroactive calculations.
Reporting: The engine provides the necessary data structures to generate electronic reports for authorities, such as tax offices and insurance carriers, in accordance with the law.

Audit Trail

Regulation history

Not only personnel data, but also the calculation logic (regulations) are subject to strict auditing requirements.

Versioned logic: Ensures that every change to a regulation (wage types, scripts or tables) generates a new audit entry. You can trace who changed a formula and when at any time.
Integrity of the calculation: Each payroll run is linked to a specific version of the regulations, so the calculation remains reproducible, even if the legal situation changes later.

Granular Audit Trail Configuration

The audit trail can be enabled or disabled per category to balance traceability against storage and performance requirements:

Category	Scope
`Script`	Script objects
`Lookup`	Lookups and lookup values
`Input`	Cases, case fields, and case relations
`Payrun`	Collectors and wage types
`Report`	Reports, report templates, and report parameters

All categories are configured in appsettings.json under the AuditTrail section. By default, the audit trail is disabled.

Unchangeable time values

The engine uses a dual timeline model for company (tenant) and employee data that allows for corrections without data loss:

System time vs. validity time:
Validity is defined as the period of time during which a value (e.g., a salary) is technically effective.
The system time (created/modified) is unchangeable and documents when the value was technically recorded in the system.
Retroactive calculation security: Due to the unchangeable nature of the timestamps, the engine can determine exactly which data was known at the time of the original run during a retroactive calculation ("retro").

Technical immutability

Once stored, audit objects and timestamps cannot be modified or deleted via the standard API. This ensures that the database acts as a single source of truth for auditors.

Transparency & traceability (calculation traceability)

For legally compliant accounting, knowing the end result is not enough. Auditors and reviewers must be able to trace how a wage value changes over time (e.g., during a month with salary adjustments or periods of illness).

Granular traceability: The payroll engine splits time values directly when calculating wage types. This allows you to see which part of a value is attributable to a specific period or condition (see Payroll.ClusterSetWageTypePeriod).
Avoidance of "black box" calculations: Rather than simply outputting a sum, the splitting provides the mathematical derivation. This meets the third-party verifiability compliance requirement, as auditors can validate the calculation steps individually.
Error prevention: Detailed splitting enables the identification and correction of discrepancies between time management and payroll accounting during the payroll run, greatly increasing process compliance (quality assurance).

Wage Calculation Traceability

Audit requirements and payroll certification often demand more than the aggregated wage result — reviewers must be able to verify exactly how a value was derived when case values change mid-period. The engine addresses this through automatic period-level result storage.

When clusterSetWageTypePeriod is set on the payroll, every wage type that belongs to the referenced cluster set generates one Wage Type Custom Result per case value time split within the pay period. Each custom result covers exactly the sub-period during which a specific combination of case values was active.

Configuration (payroll object):

clusterSetWageTypePeriod: Legal
clusterSets:
- name: Legal
  includeClusters:
  - Legal

Scenario — employee anna.meyer in February 2025:

Case Field	Value	Valid From
`Salary`	6 000	Jan 1
`EmploymentLevel`	80%	Jan 1
`EmploymentLevel`	60%	Feb 15

Wage type GrossSalary (WT 100): ^^Salary * ^^EmploymentLevel — cluster Legal

Because EmploymentLevel changes on Feb 15, the engine splits the February period into two sub-periods and stores one custom result per split:

Custom Result	Sub-Period	Level	Calculation	Value
1	Feb 1–14 (14 days)	80%	6 000 × 0.80 × 14/28	2 400.00
2	Feb 15–28 (14 days)	60%	6 000 × 0.60 × 14/28	1 800.00
WT 100 result	Feb 1–28			4 200.00

The aggregated wage type result (4 200.00) is the payslip value. The two custom results are the auditable derivation — an auditor can verify that each sub-period was calculated correctly against the case values active at that time.

This feature requires that the relevant wage types are assigned to the cluster referenced by clusterSetWageTypePeriod. Wage types outside this cluster produce no period-level custom results.

Payroll data processing is subject to the strictest General Data Protection Regulation (GDPR) requirements because it involves processing particularly sensitive data, such as union membership and income.

Data minimization (privacy by design)

The Payroll Engine supports the principle of data minimization through its flexible architecture:

Case value model: Only those data points (values) that are absolutely necessary for the specific calculation or legal reporting are stored.
Avoidance of data redundancy: Central rule management eliminates the need for unnecessary copies of employee data in different parts of the system.

Accountability

According to the GDPR, the controller must be able to demonstrate compliance with the data protection principles.

Complete logging: The audit trail (see chapter Audit Trail) serves as technical proof of who accessed or modified which personal data and when.
Transparency: Changes to the calculation logic (Regulation) that affect remuneration are always documented in a traceable manner.

Data subject rights (access & portability)

The engine supports the fulfillment of data subject rights:

Automated information: All data and histories stored for an Employee ID can be exported in a structured, common, and machine-readable format via the API.
Data sovereignty: Tenants have full access to their data sets to respond promptly to information requests.

Storage limitation & deletion concept (retention)

The system resolves the conflict between the GDPR deletion obligation:

Secure deletion: Physical deletion from the database ensures that data cannot be restored after the retention period has expired.

Technical and organizational measures (TOM)

Role-Based Access Control: A fine-grained role concept ensures that an administrator, for example, can maintain the system but cannot necessarily view the management's salary data.

Database Integrity

Collation Check

The backend verifies the database collation on startup (default: SQL_Latin1_General_CP1_CS_AS). A mismatch is reported as a startup error to prevent silent data integrity issues, such as case-insensitive comparisons affecting identifier uniqueness or sorting behavior in payroll calculations.