Regulated, Audited, and Transparent: VAIOT’s 2023 MDIA Audit

4 min readApr 26, 2023

As many of you may know, in 2020 VAIOT became first ever project regulated under Virtual Financial Assets Act (VFA Act) in Malta, and in 2021 the $VAI token itself was issued via an IVFAO (Initial Virtual Financial Assets Offering.) Malta was the first country to implement a comprehensive regulatory framework for ICOs. Because of this fact alone VAIOT is set up for success by having a future framework laid out that not only protects VAIOT but investors as well. This combined with the cutting edge AI Assistants and platforms in development set VAIOT as industry leaders not only in the cryptocurrency market, but in the technology sphere as a whole.

But what does all of this actually mean?

VAIOT is regulated by the Virtual Financial Assets Act, or VFAA, and must therefore adhere to the provisions of Malta’s regulatory framework supervised by the Malta Financial Services Authority, or MFSA. The project is closely monitored and audited by relevant Maltese Authorities and auditors and our VFA Agent, Grant Thornton. It allows us to build a trusted ecosystem and ensure transparency and security to our investors, token holders, and business partners. Therefore the $VAI tokens hold the status of Virtual Financial Assets (VFAs), which makes VAI Token the first-ever, regulated digital asset in Malta, in terms of the applicable Virtual Financial Assets Act. A Virtual Financial Asset is defined by the law as being any form of digital medium recordation that is used as a digital medium of exchange, unit of account, or store of value and that is not electronic money, a financial instrument or a virtual token.

Issuers of VFAs, which VAIOT is one, are required to shall act in an ethical manner taking into consideration the best interest of investors and the integrity of Malta’s financial system. Open and honest cooperation with, as well as adherence to the compliance measures set out by the MFSA are also requirements to be considered VFAA regulated.

Some of these compliance measures are, but are not limited to:

  • Drawing up a yearly compliance report.
  • The appointment of a VFA agent, which reviews the compliance report for accuracy and competency. (Which is Grant Thornton Limited.) The VFA Agent also assisted, monitored, and provided guidance throughout the whitepaper registration process, oversaw the operations of the IVFAO, and ensured regulatory compliance throughout.
  • The appointment of, and to at all times have in place, a Systems Auditor. (Which is the FACT Group,
  • Have its Systems Auditor prepare an annual systems audit report on its Innovative compliance with any qualitative standards set and guidelines issued by the Malta Digital Innovation Authority, or MDIA, who is a regulator focused on innovative technology and forms part of the entities strategically established in the Maltese ecosystem.

In summary, VAIOT as a company, being the Issuer of $VAI as a VFA, is subject to the above requirements. With all of that being said, it is time for VAIOT’s annual MDIA audit.

The 2023 MDIA Audit

VAIOT is required to undergo a type 2 MDIA systems audit as part of its ongoing licensing requirements by the MFSA, and the audit is already underway.

In a type 2 systems audit a Systems Auditor expresses an opinion on whether the description of the ITA, Innovative Technology Arrangement, is fairly presented and whether the controls included in the description are suitably designed to meet the following applicable criteria:

  • Security
  • Processing Integrity
  • Availability
  • Confidentiality
  • Protection of Personal Data
  • Operating Effectiveness

The main difference between a type 2 and a type 1 audit is that an opinion on the operating effectiveness of the controls during the period covered by the audit is also required.

What does this audit Include?

Exercises mainly consist of reviewing the company’s policies and procedures and establishing tests which can be utilized to determine that the outlined controls are actually being implemented in practice, ensuring that the forensic node is running as expected, and assessing the company’s information security level. This time, however, the audit included a code review of the single assets staking platform’s code.

How long will the audit last?

Usually, it’s 5–7 weeks from signing the agreement and always has to be finalized at the latest on the date of the conclusion of the last year’s audit, to which the deadline this year is June 21st.
After the audit has been concluded and after receiving an official report from our systems auditor, a copy of such report has to be held in Malta at ours’s registered address and be made accessible to the MFSA upon request.

What now?

VAIOT’s security, operations, and development teams are, as always, working closely together to provide everything required in a timely-manner and delivering any and all information our auditor may need. Over the next days we will be having meetings with our auditors in order to thoroughly discuss audit-related topics and tasks. We will keep our community updated with pertinent information as it is available.


VAIOT offers a portfolio of blockchain-based AI Assistants for businesses and consumers to provide automated services and transactions. Faster, easier, and affordable.

Read our AI Legal Assistant Lightpaper here.

For more information about VAIOT, visit our website, or have a look at the Twitter and Telegram Community.




VAIOT is combining AI & Blockchain to develop IVAs – Intelligent Virtual Assistants, for both consumers and businesses.