Guide
BSI C5 vs SOC 2 vs ISO 27001: Which Matters for AI Vendor Risk
BSI C5, SOC 2, and ISO 27001 are not equivalent. They differ in legal weight, geographic acceptance, control depth, and audit standard. For DACH-regulated organizations procuring AI, BSI C5 is the only one explicitly recognized by German federal supervisory guidance for cloud services. SOC 2 is the global SaaS lingua franca but US-rooted. ISO 27001 is internationally accepted but its scope statement matters more than the certificate itself.
TL;DR. BSI C5, SOC 2, and ISO 27001 are not equivalent. They differ in legal weight, geographic acceptance, control depth, and audit standard. For DACH-regulated organizations procuring AI, BSI C5 is the only one explicitly recognized by German federal supervisory guidance for cloud services. SOC 2 is the global SaaS lingua franca but US-rooted. ISO 27001 is internationally accepted but its scope statement matters more than the certificate itself.
1. The three frameworks at a glance
| Dimension | BSI C5 | SOC 2 | ISO 27001 |
|---|---|---|---|
| Issuing body | BSI (German federal IT security agency) | AICPA (US accounting body) | ISO/IEC |
| Standard | C5:2020 catalogue | SSAE 18 + Trust Services Criteria | ISO/IEC 27001:2022 |
| Output | Type 1 (design) or Type 2 (operating effectiveness) attestation | Type I or Type II report | Certification (3-year cycle, surveillance audits) |
| Auditor | Wirtschaftsprüfer (German CPA) | CPA firm | Accredited certification body (UKAS, DAkkS, IAS) |
| Geographic anchor | Germany / DACH | United States / global SaaS | International |
| Legal weight in DACH | High (BSI cloud guidance, BaFin VAIT) | Medium (recognized but not specified) | High (referenced in NIS2, sector-specific rules) |
| Public availability | Often public | Confidential, NDA-restricted | Certificate public; SoA confidential |
| Renewal cadence | Typically annual | Typically annual (Type II) | 3-year cycle + surveillance |
| AI-specific controls | Some via 2020 update; not AI-native | None natively | None natively (ISO/IEC 42001 separate) |
For the broader vendor-assessment framework, see the EU AI Act Third-Party Risk pillar.
2. BSI C5 — the DACH-specific anchor
The Cloud Computing Compliance Criteria Catalogue (C5) was published by the Bundesamt für Sicherheit in der Informationstechnik (BSI) and updated to C5:2020 in current use. It is the catalogue that German federal authorities and most DACH-regulated buyers reference when they specify cloud-service security expectations.
C5:2020 has 17 control areas covering organisational and technical security, including:
- Information security management
- Personnel security
- Physical and environmental security
- Asset management
- Identity and access management
- Cryptography
- Communication security
- Operations security
- Procurement, development, and modification of IT systems
- Supplier relationships
- Incident management
- Continuity management
- Compliance
- Internal audits
- Cloud-specific topics: customer data deletion, segregation, transparency
C5 introduces environment parameters that the cloud provider declares (e.g. data location, jurisdiction, certification status of subcontractors). The auditor verifies these parameters as part of the engagement.
Type 1 vs Type 2 in BSI C5
The vocabulary mirrors SOC 2 with subtle differences:
| Aspect | C5 Type 1 | C5 Type 2 |
|---|---|---|
| Object of opinion | Adequacy of control design at a point in time | Adequacy of design AND operating effectiveness over a period |
| Audit period | Date | Typically 6 to 12 months |
| Sufficient for federal cloud procurement | Often gating, not sufficient | Standard expectation |
| Sufficient for BaFin / banking expectations | Rarely | Yes, when paired with proper VAIT/DORA mapping |
For DACH AI vendors selling into financial services, energy, healthcare, or public sector, BSI C5 Type 2 is increasingly the de facto floor. SOC 2 Type II is accepted but does not substitute for it where C5 is specifically required.
3. When DACH regulators expect BSI C5 specifically
BSI C5 is referenced — not always mandated, but expected — in the following contexts:
- Federal authorities procuring cloud services. BSI's UP Bund cloud guidance treats C5 as the baseline.
- BaFin VAIT (Versicherungsaufsichtliche Anforderungen an die IT) and BAIT (Bankaufsichtliche Anforderungen an die IT). Both reference BSI C5 as a reference framework for cloud-service security expectations.
- KRITIS operators under BSI-KritisV. BSI cloud guidance applies.
- Healthcare data processing under §75c SGB V. Higher-tier IT security expectations align with C5 controls.
- DORA Art. 28(4) risk assessment for German financial entities. BSI C5 satisfies the documentary expectation when paired with DORA-specific contract clauses.
A vendor pitching SaaS into a German Sparkasse, regional Versicherung, or KRITIS operator without BSI C5 (or a credible C5 roadmap) faces an uphill procurement path regardless of how strong its SOC 2 is.
For the procurement angle, see the DORA + EU AI Act cluster for how C5 interacts with DORA contract clauses.
4. SOC 2 — the global SaaS lingua franca
SOC 2 is the most common security attestation among US-headquartered AI vendors and global SaaS. It uses the AICPA Trust Services Criteria across Security (mandatory), Availability, Processing Integrity, Confidentiality, and Privacy.
What SOC 2 brings to AI vendor assessment:
- Wide adoption — almost every credible US/global AI vendor offers SOC 2 Type II
- Period-based testing (Type II) provides operating-effectiveness evidence
- Trust Services Criteria provide a shared vocabulary across vendors
- Bridge-letter mechanism handles in-period freshness
What SOC 2 does not bring:
- DACH-specific cloud expectations
- BSI C5 environment-parameter discipline
- Public availability (always NDA-restricted)
- Direct EU regulator recognition for cloud services
For deep coverage of how to actually read a SOC 2 report (Trust Services Criteria scope, CUECs, subservice carve-outs), see the SOC 2 AI vendors cluster.
5. ISO 27001 — the international floor
ISO/IEC 27001:2022 is the international standard for information security management systems (ISMS). The 2022 edition reorganised Annex A into 93 controls across four themes (organisational, people, physical, technological).
ISO 27001 strengths:
- Globally recognised; commonly referenced in EU regulation (NIS2, GDPR Art. 32, sectoral rules)
- Three-year certification cycle with annual surveillance audits creates a sustained compliance posture
- Statement of Applicability (SoA) discloses which Annex A controls apply
- Compatible with sector overlays: ISO 27017 (cloud), ISO 27018 (PII in cloud), ISO/IEC 42001 (AI management)
ISO 27001 weaknesses for AI-vendor diligence:
- The certificate alone is meaningless. The scope statement matters: a certified ISMS that excludes the AI subsystem provides no AI-vendor assurance.
- Certifying body recognition matters: UKAS, DAkkS (DACH-specific), IAS-accredited bodies are credible; some non-accredited "certifying bodies" issue certificates of limited weight.
- Surveillance audits are sample-based; a clean certificate does not mean clean operations.
- AI-specific controls are absent; ISO/IEC 42001 (AI Management System) is the complementary AI-focused standard.
For procurement, the ISO 27001 verification list is:
- Certifying body name and accreditation status
- Scope statement — does it explicitly include the AI service?
- Statement of Applicability — which Annex A controls apply, which are excluded and why
- Audit cycle status — initial, surveillance year 1, surveillance year 2, recertification
- Major / minor non-conformities and their resolution
A certificate without the scope statement and SoA is not enough.
6. Side-by-side: which provides what
| AI-vendor question | BSI C5 | SOC 2 Type II | ISO 27001 |
|---|---|---|---|
| Information security baseline | Strong | Strong | Strong |
| Operating-effectiveness evidence | Yes (Type 2) | Yes | Indirect (surveillance audits) |
| Cloud-specific controls (data deletion, segregation, transparency) | Yes (C5-native) | Partial (TSC depending on scope) | Indirect (ISO 27017 supplement) |
| DACH regulator recognition for cloud | High | Medium | High |
| AI-specific controls | None native | None native | None native (42001 supplement) |
| Public-facing scope description | Often | Confidential | Public certificate, confidential SoA |
| Pairing with EU AI Act Annex IV | Inputs to Annex IV(7) cybersecurity | Same | Same |
| Pairing with DORA Art. 28-30 | Strong | Medium | Strong |
| Useful as standalone diligence floor | No (still need Annex IV, DPIA, etc.) | No | No |
The honest answer: none of the three is sufficient on its own for AI vendor assessment under EU AI Act, DORA, and DACH sector-specific rules. The combination plus AI-specific assessment (Annex III classification, GPAI scoping, red-teaming) is what produces a defensible record.
For comparison of how generic TPRM platforms package these certifications, see the PartnerScope vs Drata comparison and the PartnerScope vs SafeBase comparison.
7. The DACH stacking pattern
A typical defensible stack for an AI vendor selling into DACH-regulated buyers in 2026:
| Layer | Artefact | Purpose |
|---|---|---|
| Information security floor | ISO/IEC 27001:2022 with AI subsystem in scope | International recognition + ISMS discipline |
| DACH-specific cloud | BSI C5:2020 Type 2 | Federal / BaFin / KRITIS expectation |
| Operating effectiveness | SOC 2 Type II covering Security + Confidentiality + Processing Integrity | Global SaaS norm; period-based testing |
| AI management | ISO/IEC 42001:2023 (or roadmap) | AI-specific governance |
| AI Act compliance | Annex IV technical file + Article 13 instructions for use + EU declaration of conformity | Statutory under the Act for high-risk |
| Data protection | GDPR Art. 28-compliant DPA + sub-processor list + TIA | GDPR floor |
| Sector overlay | DORA Art. 30 contract clauses; MaRisk AT 9 documentation; VAIT/BAIT alignment | Per-sector |
A vendor pitching only "SOC 2 + GDPR DPA" into a German bank or insurer in 2026 is positioned for the 2018 buyer. The 2026 buyer's procurement checklist is the table above.
8. Frequently asked questions
Can BSI C5 substitute for SOC 2? For DACH-only buyers, often yes. For global buyers, no — SOC 2 is the lingua franca. Most credible AI vendors selling into DACH regulated industries maintain both.
Is BSI C5 mandatory under EU AI Act? No. The EU AI Act does not specify a security framework. BSI C5 is referenced through national German guidance (BSI cloud guidance, BaFin VAIT/BAIT) and sectoral expectations, not directly in Regulation (EU) 2024/1689.
Is ISO/IEC 42001 a replacement for ISO 27001 for AI vendors? No. ISO/IEC 42001 governs AI management systems; ISO/IEC 27001 governs information security management systems. They are complementary. Most AI vendors pursuing 42001 already hold 27001.
What if my AI vendor has SOC 2 but not BSI C5 — can I still procure them for a German bank? Possibly, with compensating controls and clear remediation path. The acceptance hinges on: (a) whether the bank's BaFin examiner has previously accepted SOC 2 for similar services, (b) whether the vendor has a credible C5 roadmap, (c) whether the rest of the documentation stack (Annex IV, DORA contract clauses, MaRisk AT 9 alignment) is strong. PartnerScope assessments document these compensating-controls trade-offs explicitly.
How does the 13-dimension scorecard handle these three frameworks? Dimension 3 (Security certifications) captures all three, with type/scope/period/auditor/findings analyzed. Dimension 12 (Documentation completeness) captures Annex IV, DPA, SBOM. The output flags where the certification stack matches DACH-regulated expectations and where compensating evidence is needed.
CTA
Run a free 60-second EU AI Act Snapshot at partnerscope.eu — every assessment classifies your vendor's BSI C5, SOC 2, and ISO 27001 stack against EU AI Act, DORA, and DACH-specific expectations. Or read the complete pillar guide.
Try PartnerScope
Run a free 60-second EU AI Act Snapshot — classifies your vendor's AI under the Act and produces a starter scorecard before any commitment.