Germany Develops Sovereign AI Architecture for Public Administrations

Executive Summary

Several German federal states are currently developing isolated AI solutions for administrative processes, leading to redundancies. The reference architecture KIVA.arc is intended to replace this patchwork with a shared technical foundation. The system uses open-source models and a central RAG system for document-driven administrative work. The architecture is available on the federal-state platform OpenCoDE and will be presented at the Public IT 2026 conference in Hanover.

People

• Dr. Michael Wissen (Ministry of the Interior Baden-Württemberg)
• Philipp Richter (State Service Brandenburg)
• Michael Diepold (Institute for Municipal Data Processing Bavaria)

Topics

• AI architecture for administrations
• Open-source standardization
• Federated digitalization
• Administrative process optimization
• Sovereignty in the cloud

Clarus Lead

The fragmented approach to AI development in federal states is intensified by lack of coordination: basic components are repeatedly created in parallel instead of building on standardized infrastructure. KIVA.arc addresses this coordination problem centrally – and signals a shift away from proprietary large vendors toward independently controlled systems. This is strategically relevant for federated systems like Germany, as it combines technical autonomy with cost efficiency.

Detailed Summary

The reference architecture KIVA.arc is based on two core components: It uses open-source models instead of closed proprietary systems and integrates a central Retrieval-Augmented-Generation system (RAG) for document-supported work in authorities. This enables administrations to automatically process large quantities of papers and digital documents – a core problem in immigration offices, health departments, and other document-intensive services.

A concrete application example is the digitalization of residence permit processes: AI systems automatically check whether uploaded documents meet requirements before they are passed to the authority for manual processing. This significantly reduces data entry errors and follow-up inquiries.

In parallel, public administration is pursuing a second strategy: sovereignty through on-premise solutions and low-code platforms. Frankfurt am Main demonstrates this approach by building an independent domain-specific application landscape – a deliberate countermodel to dependence on SAP, Microsoft, and other megavendors. The balance between low-code (rapid adaptation, federated flexibility) and technical standardization (cost control, maintainability) is at the center of these debates.

In the area of API security, administrations are relying on FAPI 2.0 and OAuth2 standards to secure the increasing interconnection of federal, state, and municipal levels. This becomes increasingly critical in light of digital networking.

Key Statements

• Federal states develop AI systems in isolation, leading to massive duplicate structures – KIVA.arc creates a shared technical foundation
• Open-source architecture and RAG systems enable document-based automation in authorities (e.g., residence permit procedures)
• Sovereign on-premise solutions reduce dependence on commercial software vendors and enable federated autonomy
• API security (FAPI 2.0, OAuth2) becomes critical as administration levels become increasingly networked

Critical Questions

1. Data Quality of the RAG System: How is it ensured that central document processing works correctly across heterogeneous administrations with different classification systems? Are there validation data on detection rates for complex document types?

2. Governance and Dependency Risk: If KIVA.arc becomes a central architecture, new single points of failure emerge. Who will maintain and update this platform in the long term, and who controls security-critical updates?

3. Cost Savings vs. Reality: The presentation suggests efficiency gains through standardization. But don't federalism and local peculiarities demand considerable adjustments that consume savings?

4. Dependency on Open-Source Communities: KIVA.arc relies on open-source models. How stable are these community projects for critical administrative functions? Who bears liability for security vulnerabilities?

5. Employee Data Protection in AI-Driven Automation: The residence permit AI automatically recognizes documents. What review processes protect against misclassifications that lead to rejections, and who bears responsibility?

6. Vendor Independence in Practice: Low-code platforms often only shift dependence from ERP vendors to low-code platforms. What criteria ensure genuine technical sovereignty against vendor lock-in?

Source Directory

Primary Source: Public IT: A Sovereign AI Architecture for Administration – heise.de

Verification Status: ✓ January 2025

This text was created with the support of an AI model.
Editorial responsibility: clarus.news | Fact-checking: January 2025