Glossary term

BAIT

Also: German Banking Supervisory Requirements for IT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for IT strategy, information security, user permissions, project management, application development, and IT outsourcing.

BAIT applies to all credit institutions under the KWG. Supplementary interpretation material to MaRisk, de facto mandatory. Current version: BAIT 2021 with amendments.

Contents: IT strategy and governance, information risk management, information security management, user permissions (incl. joiner-mover-leaver), IT projects and application development, IT operations, outsourcing, critical infrastructures.

Relationship to DORA: DORA supersedes BAIT in many points but retains a BAIT reference. BaFin examiners work in a transition phase in 2025/2026. Banks must master both DORA and BAIT logic in parallel.

Related terms

VAIT

BaFin circular for insurance undertakings. Counterpart to BAIT in banking, derived from MaGo. Regula…

DORA

EU regulation on digital operational resilience in the financial sector. Directly applicable since 1…

BCM

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI…

BSI C5

Cloud audit catalogue of the German BSI that defines minimum security baseline and transparency duti…

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…

CASB

Security layer between users and SaaS providing visibility (shadow IT discovery), data protection (D…

← All terms Book a demo →