Glossary term

VAIT

Also: German Insurance Supervisory Requirements for IT

BaFin circular for insurance undertakings. Counterpart to BAIT in banking, derived from MaGo. Regulates IT strategy, information security, user permissions, IT projects and outsourcing.

VAIT applies to primary and reinsurance undertakings under VAG supervision. Current version from 2018 with updates. Closely modelled on BAIT with insurance-specific accents (customer and policy systems, Riester/Rürup data flow).

Core chapters: IT strategy, IT governance, information risk / security / user permission management, IT projects and application development, IT operations, outsourcing.

With DORA application from January 2025, VAIT is partially overlaid. Insurers must operate in a transition phase 2025-2027 that combines DORA duties with VAIT details.

Related terms

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for…

DORA

EU regulation on digital operational resilience in the financial sector. Directly applicable since 1…

Vendor matrix

A structured comparison of vendor options across weighted criteria, showing scores, evidence per cel…

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…

BCM

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI…

BSI C5

Cloud audit catalogue of the German BSI that defines minimum security baseline and transparency duti…

← All terms Book a demo →