Local AI for Auditors: §43/§50a WPO, §323 HGB and the RAG Path

AI in the audit firm without risking client figures? We build local, §203-compliant AI on your hardware - see AI for auditors and AI for confidentiality professionals, or book an initial consultation.

Analysing working papers, researching audit standards, drafting reports - AI can save a lot of time in auditing. The problem is not the AI but where the data flows. Audit data is client financial data and trade secrets at once - so an outflow is doubly critical.

The good news: with §50a WPO there is a clear, legal path. It runs through a contractually bound provider - most cleanly through local AI that never leaves the building. This article frames the legal situation, shows the permitted operating models, and explains how we build a RAG pipeline on your audit knowledge.

Table of contents

• The legal situation in 2026: §43/§50a WPO and §323 HGB
• Why cloud AI becomes a risk for audit firms
• Operating models for audit AI
• The RAG pipeline: components step by step
• Connecting multiple knowledge sources securely
• How we work at WZ-IT
• Further guides

The legal situation in 2026: §43/§50a WPO and §323 HGB

The auditor's confidentiality is anchored in §43 WPO; for the statutory auditor §323 HGB is added. Both are criminally sanctioned via §203 StGB. The special feature: audit data is client financial data and trade secrets at once - the protection need is doubled.

For the use of external IT, the profession-specific norm §50a WPO applies. It permits engaging services but ties this to clear conditions:

• Careful selection of the provider and termination in case of violations.
• Contract in text form (§126b BGB) with a confidentiality obligation and a warning about the criminal consequences, plus a restriction to the information required for the service.
• Clear rules on engaging subprocessors, who must also be bound.

The DPA under Art. 28 GDPR only governs data protection, not the criminally sanctioned confidentiality - §43/§50a WPO and §203 StGB apply additionally. From 2 August 2026, transparency obligations of the EU AI Act for deployers also apply (as of June 2026, European Commission). This article is general information and not legal advice.

Why cloud AI becomes a risk for audit firms

Cloud AI with client figures is doubly sensitive:

1. The subprocessor chain. An AI provider itself uses subprocessors (Azure, AWS, and others). Each would have to be bound in text form under §50a WPO - not practically feasible.
2. The CLOUD Act. US providers are subject to the US CLOUD Act; an EU region does not protect as long as a US parent company stands behind it.
3. Trade secrets. Client financial data is protected trade secrets. An outflow breaches not only confidentiality but also the client's secret protection.

With local AI in-house most of this chain disappears: the data does not leave the firm. Because we retain maintenance access, we remain a participating person - which is why we supply the §50a/§203 contract package for the build and maintenance phase.

Operating models for audit AI

We implement three models - with a clear link to our services:

• On-premise appliance (AI Cube). A turnkey AI box in-house. Open WebUI, Ollama/vLLM and local models are pre-installed; ideal for small and mid-sized firms.
• Dedicated GPU server or LLM hosting. For larger firms with more users and throughput. OpenAI-compatible API for integration into the audit software.
• Managed fallback. If you do not want to operate your own hardware, you can have AI run in our EU infrastructure - with a short, controllable provider chain.

In all models only open-source building blocks are used (no vendor lock-in), and the §50a/§203 contract package is standard. More on the cross-industry framework under AI for confidentiality professionals.

The RAG pipeline: components step by step

The real value comes not from a bare language model but from Retrieval-Augmented Generation (RAG): the AI answers questions from audit standards and internal methodology instead of from generic training knowledge - with source references. This is how we build the pipeline (more under Custom RAG):

1. Ingestion. Documents are read in (IDW PS, methodology, working papers) and normalised.
2. Chunking. Content is split into meaningful sections, oriented around standards structure and context.
3. Embeddings + vector database. Each section is translated into a vector and stored in a vector database (Qdrant) - with access and client-separation metadata.
4. Retrieval and re-ranking. For a query, the most relevant sections are retrieved and sorted by re-ranking.
5. Generation. A local model (Ollama or vLLM) formulates the answer - based solely on the retrieved passages, with source references.
6. Observability and quality. With Langfuse we measure quality, latency and cost and make answers traceable - important for documentation.

We run exactly this stack ourselves: our AI offer finder on wz-it.com is a production RAG system on Qdrant, LiteLLM/Mistral and Langfuse.

Connecting multiple knowledge sources securely

We connect multiple knowledge sources into the same RAG pipeline - with enforced access rights:

• Audit standards and methodology. IDW PS and internal methodology as a RAG source for consistent work.
• Working papers and data analyses. Analysis and summarisation to support the audit - locally.
• Internal knowledge base. Audit know-how searchable from one place.

Client figures stay local. Through access rights and payload filters in the vector database, every query only sees the sources it is allowed to see - a mandatory requirement across multiple engagements.

How we work at WZ-IT

We deliver audit AI as a lifecycle, not as a device purchase:

1. Advise and design. Workshop, sizing, data classification and the §50a/§203 contract framework - before any hardware arrives.
2. Build and integrate. On-premise setup, RAG on standards and methodology with access control, integration into the audit software, confidentiality obligation plus DPA.
3. Operate and maintain (optional). Updates, monitoring, model upgrades and RAG curation as a contract - or you operate it yourself after handover and training.

The operational contract texts are drafted by qualified professionals; this article does not replace case-specific legal advice.

Further guides

• AI for auditors - the solution page with use cases and hardware options.
• AI for confidentiality professionals - the cross-industry §203 framework (also for tax advisors and lawyers).
• Custom RAG - how we build RAG pipelines end to end.
• AI hub - local AI infrastructure, LLM hosting and RAG at a glance.

Ready for AI that protects your client figures? We build it locally, §50a/§203-compliant, and operate it on request. Book your initial consultation now.

Sources

• §43 WPO (general professional duties / confidentiality)
• §50a WPO (engaging service providers)
• §323 HGB (responsibility of the statutory auditor)
• §203 StGB (violation of private secrets)
• European Commission: Regulatory framework on AI (EU AI Act)