HomeCompliance › BAIT

BAIT compliance software for German banks.

All eight BAIT chapters pre-loaded - IT strategy, governance, information-risk, user authorisations, projects, operations, outsourcing, BCM. Maps to DORA and MaRisk so you operate one workspace instead of three spreadsheets. Built for BaFin-supervised institutions.

Open the portal See pricing

What is BAIT?

The Bankaufsichtliche Anforderungen an die IT are BaFin's supervisory requirements for IT at German banks. Eight chapters - from IT-Strategie down to Notfallmanagement - flesh out the expectations under KWG and MaRisk. From January 2025, DORA harmonises ICT risk-management across the EU financial sector; BAIT and DORA now operate side-by-side and Dazr tracks both in one workspace.

Who needs to comply

  • German credit institutions under KWG supervised by BaFin
  • Financial-services institutions in scope of MaRisk
  • Group IT-service providers serving BaFin-supervised banks (Auslagerungen)
  • Sister regimes: KAIT (Kapitalverwaltungsgesellschaften), VAIT (Insurers), ZAIT (Payment institutions)

Key BAIT capabilities in Dazr

IT-StrategieBoard-approved IT strategy with annual sign-off tracker.
ISB-FunktionQuarterly board pack template + ISB independence documentation.
BerechtigungskonzeptAuthorisation matrices per system + quarterly recertification.
Schwachstellen-ManagementContinuous scanning + severity-based remediation SLAs (7/14/30 days).
AuslagerungsregisterAligned with MaRisk AT 9 / DORA. Exit plan per critical provider.
IT-NotfallmanagementBCM per critical process. Annual exercise + lessons-learned tracker.

What auditors look for

A BaFin or external auditor walks the eight chapters with particular focus on the outsourcing register (post-DORA), the authorisation concept, the information-security organisation, and the BCM. Dazr keeps each chapter audit-ready with contemporaneous evidence.

How Dazr helps with BAIT

  • Pre-loaded controls per BAIT chapter
  • Outsourcing register aligned with MaRisk AT 9 and DORA
  • Run BAIT alongside DORA, ISO 27001 and BSI C5 in one workspace
  • Quarterly ISB board pack template
  • Hand the auditor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

BAIT questions, answered.

What is BAIT?

BaFin's supervisory requirements for IT in German banks. Eight chapters cover IT strategy, governance, information-risk, user authorisations, projects, operations, outsourcing and BCM.

Who has to comply?

German credit institutions and financial-services institutions supervised by BaFin under KWG. Closely related: KAIT (capital management), VAIT (insurers), ZAIT (payment institutions).

How does BAIT relate to DORA?

DORA harmonises ICT risk requirements across the EU and supersedes large parts of BAIT for in-scope entities. We keep both views in one workspace.

Where is data hosted?

European Union only. AES-256-GCM at rest. EU jurisdiction.

Ready to start your BAIT programme?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks