The Black Box Problem
Most payroll software — whether it’s an embedded API, an EOR platform, or a traditional payroll application — runs proprietary calculation logic. The customer sends inputs (salary, tax class, social security status) and receives outputs (net pay, tax withholding, employer cost). What happens in between is the provider’s intellectual property.
This works until it doesn’t. When a payslip shows an unexpected value, the provider’s support team explains the result. When an auditor asks how a specific tax withholding was calculated, the answer is “our engine calculated it correctly.” When a regulatory change produces different results than expected, there is no way to inspect the logic to understand why.
The payroll industry has operated this way for decades. It works because most of the time, the calculations are correct. But “most of the time” is not a compliance standard. Payroll errors have real consequences: incorrect tax withholding, wrong social security contributions, employee disputes, and regulatory penalties.
The Open-Core Model
PayrollEx is built on an open-core model. The Payroll Engine — the calculation framework, the REST API, the period logic, the retro correction mechanics, the scripting runtime — is open source under the MIT license. The country regulations (statutory logic, tax algorithms, data satellites) are commercial.
This split is deliberate, and it’s worth understanding what each part provides:
| Component | License | What it contains |
|---|---|---|
| Payroll Engine | MIT (open source) | Calculation runtime, REST API, tenant management, period logic, retro correction, result storage, scripting engine, test runner |
| Country regulations | Commercial | Income tax algorithms, social security calculations, employer cost formulas, statutory data satellites, integration tests |
| MCP Server | MIT (read-only) / Commercial (write) | AI agent interface — 29 read tools (OSS), write + consolidation tools (commercial) |
The engine is the layer that other software builds on. Like a database engine, it should be inspectable, verifiable, and independently testable. Making it open source means any customer, auditor, or regulator can read the code that executes their payroll calculations.
What Open Source Means for Compliance
Auditability
When an auditor asks “how is the German Vorsorgepauschale calculated?”, the answer is not a support ticket. It is a reference to a specific algorithm in the regulation package, executed by a specific version of the open-source engine, verified by a specific integration test. The complete chain — from statutory law to code to test result — is traceable.
This matters in regulated environments. Financial institutions, government agencies, and publicly traded companies are subject to audit requirements that extend to their payroll systems. When the payroll engine is open source, the auditor can inspect the calculation logic directly — not through a vendor-mediated explanation.
Reproducibility
Payroll calculations need to produce the same result today that they did two years ago — for the same inputs, the same period, the same statutory parameters. This is essential for retro corrections, historical reporting, and audit trails.
An open-source engine with versioned regulations provides this guarantee structurally. The engine code is tagged by version. The regulations are versioned with validFrom dates. A calculation for January 2024 uses the engine version and data satellite that were active in January 2024 — regardless of what the current version is.
With a proprietary SaaS API, the provider may update their engine at any time. There is typically no way to verify that the calculation logic for a past period hasn’t been silently changed by a subsequent update.
Independent verification
Every PayrollEx country regulation ships with integration tests — full payrun executions that verify statutory calculations against known expected values. These are not unit tests; they execute the complete payroll pipeline from case input to result storage.
Because the engine is open source, these tests can be run by anyone. A customer can execute the test suite against their deployment. An auditor can verify that the regulation produces correct results for specific scenarios. A payroll consultant can validate that a new regulatory change was implemented correctly.
694 integration tests across 11 countries represent 694 verifiable compliance assertions. Each test documents its scenario, expected values, and the statutory basis for the expected result.
How This Compares to the Industry
To be clear: most payroll providers are not open source, and most produce correct results. The industry standard is a proprietary engine with SOC 2 certification, regular audits, and customer support for disputed calculations. This works for many organizations.
The difference is in the verification model:
| Verification method | Proprietary payroll providers | Open-source engine (PayrollEx) |
|---|---|---|
| Calculation logic inspection | Not available to customer | Full source code available |
| Compliance certification | Provider’s SOC 2, vendor attestation | Customer-runnable integration tests + source inspection |
| Dispute resolution | Support ticket, provider explains | Customer inspects code and test, traces the calculation |
| Regulatory change verification | Provider publishes changelog | Diff the regulation package, run the new tests |
| Historical accuracy | Trust the provider’s versioning | Versioned engine + versioned regulations with validFrom |
| Long-term availability | Dependent on provider’s business continuity | MIT-licensed code remains available regardless of vendor |
Neither model is wrong. They serve different trust requirements. Organizations that are comfortable with vendor attestation don’t need source code access. Organizations that require independent verification — because their industry, their regulators, or their customers demand it — need the transparency that open source provides.
Vendor Independence and Long-Term Viability
Payroll is long-lived infrastructure. A company that starts using a payroll system today will need it to produce accurate historical calculations in 2031 and beyond. Retro corrections require recalculating past periods with the rules that were active at the time. Audits can look back years. Statutory retention requirements span 5–10 years.
With a proprietary SaaS provider, the availability of historical calculation logic depends on the provider’s continued operation and their data retention policies. If the provider changes ownership, discontinues a product, or exits a market, the customer’s ability to reproduce historical calculations may be compromised.
An MIT-licensed engine cannot be taken away. Even if the commercial regulation provider changes direction, the engine code remains available under an irrevocable open-source license. The customer can continue to operate their existing deployment, maintain it with internal resources, or engage a different vendor for regulation updates.
This is not a theoretical concern. The payroll software industry has experienced significant consolidation — acquisitions, product discontinuations, and forced migrations. An open-source foundation provides structural insurance against these events.
Test-Driven Compliance as a Standard
The combination of open source and test-driven compliance creates a verification standard that is unusual in the payroll industry.
Each country regulation is a package that includes:
- Statutory logic: Wage types, cases, collectors, and scripts that implement the country’s payroll rules
- Data satellites: Versioned statutory values (tax tables, contribution rates, thresholds) with
validFromdates - Integration tests: Full payrun executions with documented scenarios, expected values, and statutory references
When a new regulatory year starts — when Germany publishes its 2027 PAP, when the UK adjusts its April NIC rates, when Spain updates its IRPF tables — the regulation package is updated. New data satellites carry the updated statutory values. New integration tests verify the changed calculations. Existing tests verify that unaffected calculations remain correct (regression). The complete update is a verifiable, diffable, testable package.
This is described in more detail in the article on test-driven compliance.
Who Benefits Most
Open-source payroll infrastructure is not relevant for every buyer. For a small company using a managed payroll service for 20 employees, source code access has no practical value. The managed service handles everything.
The transparency matters for:
- Payroll providers who run payroll as a service for hundreds of client companies and need to demonstrate compliance to their customers
- Platforms that embed payroll as a product feature and need to understand exactly what their product is calculating
- Regulated industries (banking, insurance, government) where audit requirements mandate inspectable calculation logic
- Enterprise organizations with internal compliance teams that need to verify payroll calculations independently of the vendor
For these buyers, the difference between “trust our engine” and “inspect the engine yourself” is a meaningful architectural choice.
See the open foundation
Explore the open-source Payroll Engine on GitHub, review the architecture documentation, or see the integration test suite in action.
payrollengine.org →