diff --git a/internal/v2/business/iam/converter.go b/internal/v2/business/iam/converter.go
index db6ed02bed..35f3c1a012 100644
--- a/internal/v2/business/iam/converter.go
+++ b/internal/v2/business/iam/converter.go
@@ -135,62 +135,62 @@ func readModelToMember(readModel *member.ReadModel) *model.IAMMember {
 
 func writeModelToMember(writeModel *iam.MemberWriteModel) *model.IAMMember {
 	return &model.IAMMember{
-		ObjectRoot: writeModelToObjectRoot(writeModel.Member.WriteModel),
-		Roles:      writeModel.Member.Roles,
-		UserID:     writeModel.Member.UserID,
+		ObjectRoot: writeModelToObjectRoot(writeModel.WriteModel.WriteModel),
+		Roles:      writeModel.Roles,
+		UserID:     writeModel.UserID,
 	}
 }
 
 func writeModelToLoginPolicy(wm *login.WriteModel) *model.LoginPolicy {
 	return &model.LoginPolicy{
-		ObjectRoot:            writeModelToObjectRoot(wm.Policy.WriteModel),
-		AllowUsernamePassword: wm.Policy.AllowUserNamePassword,
-		AllowRegister:         wm.Policy.AllowRegister,
-		AllowExternalIdp:      wm.Policy.AllowExternalIDP,
-		ForceMFA:              wm.Policy.ForceMFA,
-		PasswordlessType:      model.PasswordlessType(wm.Policy.PasswordlessType),
+		ObjectRoot:            writeModelToObjectRoot(wm.WriteModel.WriteModel),
+		AllowUsernamePassword: wm.AllowUserNamePassword,
+		AllowRegister:         wm.AllowRegister,
+		AllowExternalIdp:      wm.AllowExternalIDP,
+		ForceMFA:              wm.ForceMFA,
+		PasswordlessType:      model.PasswordlessType(wm.PasswordlessType),
 	}
 }
 
 func writeModelToLabelPolicy(wm *label.WriteModel) *model.LabelPolicy {
 	return &model.LabelPolicy{
-		ObjectRoot:     writeModelToObjectRoot(wm.Policy.WriteModel),
-		PrimaryColor:   wm.Policy.PrimaryColor,
-		SecondaryColor: wm.Policy.SecondaryColor,
+		ObjectRoot:     writeModelToObjectRoot(wm.WriteModel.WriteModel),
+		PrimaryColor:   wm.PrimaryColor,
+		SecondaryColor: wm.SecondaryColor,
 	}
 }
 
 func writeModelToOrgIAMPolicy(wm *org_iam.WriteModel) *model.OrgIAMPolicy {
 	return &model.OrgIAMPolicy{
-		ObjectRoot:            writeModelToObjectRoot(wm.Policy.WriteModel),
-		UserLoginMustBeDomain: wm.Policy.UserLoginMustBeDomain,
+		ObjectRoot:            writeModelToObjectRoot(wm.WriteModel.WriteModel),
+		UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
 	}
 }
 
 func writeModelToPasswordAgePolicy(wm *password_age.WriteModel) *model.PasswordAgePolicy {
 	return &model.PasswordAgePolicy{
-		ObjectRoot:     writeModelToObjectRoot(wm.Policy.WriteModel),
-		MaxAgeDays:     wm.Policy.MaxAgeDays,
-		ExpireWarnDays: wm.Policy.ExpireWarnDays,
+		ObjectRoot:     writeModelToObjectRoot(wm.WriteModel.WriteModel),
+		MaxAgeDays:     wm.MaxAgeDays,
+		ExpireWarnDays: wm.ExpireWarnDays,
 	}
 }
 
 func writeModelToPasswordComplexityPolicy(wm *password_complexity.WriteModel) *model.PasswordComplexityPolicy {
 	return &model.PasswordComplexityPolicy{
-		ObjectRoot:   writeModelToObjectRoot(wm.Policy.WriteModel),
-		MinLength:    wm.Policy.MinLength,
-		HasLowercase: wm.Policy.HasLowercase,
-		HasUppercase: wm.Policy.HasUpperCase,
-		HasNumber:    wm.Policy.HasNumber,
-		HasSymbol:    wm.Policy.HasSymbol,
+		ObjectRoot:   writeModelToObjectRoot(wm.WriteModel.WriteModel),
+		MinLength:    wm.MinLength,
+		HasLowercase: wm.HasLowercase,
+		HasUppercase: wm.HasUpperCase,
+		HasNumber:    wm.HasNumber,
+		HasSymbol:    wm.HasSymbol,
 	}
 }
 
 func writeModelToPasswordLockoutPolicy(wm *password_lockout.WriteModel) *model.PasswordLockoutPolicy {
 	return &model.PasswordLockoutPolicy{
-		ObjectRoot:          writeModelToObjectRoot(wm.Policy.WriteModel),
-		MaxAttempts:         wm.Policy.MaxAttempts,
-		ShowLockOutFailures: wm.Policy.ShowLockOutFailures,
+		ObjectRoot:          writeModelToObjectRoot(wm.WriteModel.WriteModel),
+		MaxAttempts:         wm.MaxAttempts,
+		ShowLockOutFailures: wm.ShowLockOutFailures,
 	}
 }
 
diff --git a/internal/v2/business/iam/member.go b/internal/v2/business/iam/member.go
index 4755392c54..66358f4d68 100644
--- a/internal/v2/business/iam/member.go
+++ b/internal/v2/business/iam/member.go
@@ -22,11 +22,11 @@ func (r *Repository) AddMember(ctx context.Context, member *iam_model.IAMMember)
 	if err != nil {
 		return nil, err
 	}
-	if addedMember.Member.IsActive {
+	if addedMember.IsActive {
 		return nil, errors.ThrowAlreadyExists(nil, "IAM-PtXi1", "Errors.IAM.Member.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedMember.Member.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedMember.WriteModel.WriteModel).
 		PushMemberAdded(ctx, member.UserID, member.Roles...)
 
 	err = r.eventstore.PushAggregate(ctx, addedMember, iamAgg)
@@ -50,7 +50,7 @@ func (r *Repository) ChangeMember(ctx context.Context, member *iam_model.IAMMemb
 		return nil, err
 	}
 
-	iam := iam_repo.AggregateFromWriteModel(&existingMember.Member.WriteModel).
+	iam := iam_repo.AggregateFromWriteModel(&existingMember.WriteModel.WriteModel).
 		PushMemberChangedFromExisting(ctx, existingMember, member.Roles...)
 
 	events, err := r.eventstore.PushAggregates(ctx, iam)
@@ -75,7 +75,7 @@ func (r *Repository) RemoveMember(ctx context.Context, member *iam_model.IAMMemb
 		return nil
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&m.Member.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&m.WriteModel.WriteModel).
 		PushEvents(iam_repo.NewMemberRemovedEvent(ctx, member.UserID))
 
 	return r.eventstore.PushAggregate(ctx, m, iamAgg)
@@ -104,7 +104,7 @@ func (r *Repository) memberWriteModelByID(ctx context.Context, iamID, userID str
 		return nil, err
 	}
 
-	if !writeModel.Member.IsActive {
+	if !writeModel.IsActive {
 		return nil, errors.ThrowNotFound(nil, "IAM-D8JxR", "Errors.NotFound")
 	}
 
diff --git a/internal/v2/business/iam/org_iam_policy.go b/internal/v2/business/iam/org_iam_policy.go
index 8cdf2f9ddf..990dc8da6b 100644
--- a/internal/v2/business/iam/org_iam_policy.go
+++ b/internal/v2/business/iam/org_iam_policy.go
@@ -19,7 +19,7 @@ func (r *Repository) AddOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgI
 		return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.OrgIAMPolicy.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel.WriteModel).
 		PushOrgIAMPolicyAddedEvent(ctx, policy.UserLoginMustBeDomain)
 
 	err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
@@ -36,7 +36,7 @@ func (r *Repository) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.O
 		return nil, err
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel.WriteModel).
 		PushOrgIAMPolicyChangedFromExisting(ctx, existingPolicy, policy.UserLoginMustBeDomain)
 
 	err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
diff --git a/internal/v2/business/iam/policy_label.go b/internal/v2/business/iam/policy_label.go
index 8d2c7b0c76..62b246ff2a 100644
--- a/internal/v2/business/iam/policy_label.go
+++ b/internal/v2/business/iam/policy_label.go
@@ -24,7 +24,7 @@ func (r *Repository) AddLabelPolicy(ctx context.Context, policy *iam_model.Label
 		return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LabelPolicy.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel.WriteModel).
 		PushLabelPolicyAddedEvent(ctx, policy.PrimaryColor, policy.SecondaryColor)
 
 	err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
@@ -45,7 +45,7 @@ func (r *Repository) ChangeLabelPolicy(ctx context.Context, policy *iam_model.La
 		return nil, err
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel.WriteModel).
 		PushLabelPolicyChangedFromExisting(ctx, existingPolicy, policy.PrimaryColor, policy.SecondaryColor)
 
 	err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
diff --git a/internal/v2/business/iam/policy_login.go b/internal/v2/business/iam/policy_login.go
index a92a04fecf..48ffdd066c 100644
--- a/internal/v2/business/iam/policy_login.go
+++ b/internal/v2/business/iam/policy_login.go
@@ -28,7 +28,7 @@ func (r *Repository) AddLoginPolicy(ctx context.Context, policy *iam_model.Login
 		return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LoginPolicy.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel.WriteModel).
 		PushLoginPolicyAddedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIdp, policy.ForceMFA, login.PasswordlessType(policy.PasswordlessType))
 
 	err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
@@ -49,7 +49,7 @@ func (r *Repository) ChangeLoginPolicy(ctx context.Context, policy *iam_model.Lo
 		return nil, err
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel.WriteModel).
 		PushLoginPolicyChangedFromExisting(ctx, existingPolicy, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIdp, policy.ForceMFA, login.PasswordlessType(policy.PasswordlessType))
 
 	err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
@@ -96,14 +96,14 @@ func (r *Repository) AddSecondFactorToLoginPolicy(ctx context.Context, iamID str
 		return iam_model.SecondFactorTypeUnspecified, err
 	}
 
-	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.SecondFactor.WriteModel).
+	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.SecondFactorWriteModel.WriteModel).
 		PushLoginPolicySecondFactorAdded(ctx, factors.SecondFactorType(secondFactor))
 
 	if err = r.eventstore.PushAggregate(ctx, writeModel, aggregate); err != nil {
 		return iam_model.SecondFactorTypeUnspecified, err
 	}
 
-	return iam_model.SecondFactorType(writeModel.SecondFactor.MFAType), nil
+	return iam_model.SecondFactorType(writeModel.MFAType), nil
 }
 
 func (r *Repository) RemoveSecondFactorFromLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.SecondFactorType) error {
@@ -112,7 +112,7 @@ func (r *Repository) RemoveSecondFactorFromLoginPolicy(ctx context.Context, iamI
 	if err != nil {
 		return err
 	}
-	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.SecondFactor.WriteModel).
+	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.SecondFactorWriteModel.WriteModel).
 		PushLoginPolicySecondFactorRemoved(ctx, factors.SecondFactorType(secondFactor))
 
 	return r.eventstore.PushAggregate(ctx, writeModel, aggregate)
@@ -125,14 +125,14 @@ func (r *Repository) AddMultiFactorToLoginPolicy(ctx context.Context, iamID stri
 		return iam_model.MultiFactorTypeUnspecified, err
 	}
 
-	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.MultiFactor.WriteModel).
+	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.MultiFactoryWriteModel.WriteModel).
 		PushLoginPolicyMultiFactorAdded(ctx, factors.MultiFactorType(secondFactor))
 
 	if err = r.eventstore.PushAggregate(ctx, writeModel, aggregate); err != nil {
 		return iam_model.MultiFactorTypeUnspecified, err
 	}
 
-	return iam_model.MultiFactorType(writeModel.MultiFactor.MFAType), nil
+	return iam_model.MultiFactorType(writeModel.MultiFactoryWriteModel.MFAType), nil
 }
 
 func (r *Repository) RemoveMultiFactorFromLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.MultiFactorType) error {
@@ -141,7 +141,7 @@ func (r *Repository) RemoveMultiFactorFromLoginPolicy(ctx context.Context, iamID
 	if err != nil {
 		return err
 	}
-	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.MultiFactor.WriteModel).
+	aggregate := iam_repo.AggregateFromWriteModel(&writeModel.MultiFactoryWriteModel.WriteModel).
 		PushLoginPolicyMultiFactorRemoved(ctx, factors.MultiFactorType(secondFactor))
 
 	return r.eventstore.PushAggregate(ctx, writeModel, aggregate)
diff --git a/internal/v2/business/iam/policy_password_age.go b/internal/v2/business/iam/policy_password_age.go
index d80d7b4e23..c10f1aec48 100644
--- a/internal/v2/business/iam/policy_password_age.go
+++ b/internal/v2/business/iam/policy_password_age.go
@@ -19,7 +19,7 @@ func (r *Repository) AddPasswordAgePolicy(ctx context.Context, policy *iam_model
 		return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-6L0pd", "Errors.IAM.PasswordAgePolicy.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel.WriteModel).
 		PushPasswordAgePolicyAddedEvent(ctx, policy.ExpireWarnDays, policy.MaxAgeDays)
 
 	err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
@@ -36,7 +36,7 @@ func (r *Repository) ChangePasswordAgePolicy(ctx context.Context, policy *iam_mo
 		return nil, err
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel.WriteModel).
 		PushPasswordAgePolicyChangedFromExisting(ctx, existingPolicy, policy.ExpireWarnDays, policy.MaxAgeDays)
 
 	err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
diff --git a/internal/v2/business/iam/policy_password_complexity.go b/internal/v2/business/iam/policy_password_complexity.go
index f54977e3d9..cfbadfa3b7 100644
--- a/internal/v2/business/iam/policy_password_complexity.go
+++ b/internal/v2/business/iam/policy_password_complexity.go
@@ -23,7 +23,7 @@ func (r *Repository) AddPasswordComplexityPolicy(ctx context.Context, policy *ia
 		return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel.WriteModel).
 		PushPasswordComplexityPolicyAddedEvent(ctx, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
 
 	err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
@@ -44,7 +44,7 @@ func (r *Repository) ChangePasswordComplexityPolicy(ctx context.Context, policy
 		return nil, err
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel.WriteModel).
 		PushPasswordComplexityPolicyChangedFromExisting(ctx, existingPolicy, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
 
 	err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
diff --git a/internal/v2/business/iam/policy_password_lockout.go b/internal/v2/business/iam/policy_password_lockout.go
index 943f3022b4..888416a574 100644
--- a/internal/v2/business/iam/policy_password_lockout.go
+++ b/internal/v2/business/iam/policy_password_lockout.go
@@ -19,7 +19,7 @@ func (r *Repository) AddPasswordLockoutPolicy(ctx context.Context, policy *iam_m
 		return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-0olDf", "Errors.IAM.PasswordLockoutPolicy.AlreadyExists")
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel.WriteModel).
 		PushPasswordLockoutPolicyAddedEvent(ctx, policy.MaxAttempts, policy.ShowLockOutFailures)
 
 	err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
@@ -36,7 +36,7 @@ func (r *Repository) ChangePasswordLockoutPolicy(ctx context.Context, policy *ia
 		return nil, err
 	}
 
-	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.Policy.WriteModel).
+	iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel.WriteModel).
 		PushPasswordLockoutPolicyChangedFromExisting(ctx, existingPolicy, policy.MaxAttempts, policy.ShowLockOutFailures)
 
 	err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
diff --git a/internal/v2/repository/iam/policy/label/events.go b/internal/v2/repository/iam/policy/label/events.go
index 78c668d0a5..c29b5d4827 100644
--- a/internal/v2/repository/iam/policy/label/events.go
+++ b/internal/v2/repository/iam/policy/label/events.go
@@ -54,7 +54,7 @@ func ChangedEventFromExisting(
 			ctx,
 			LabelPolicyChangedEventType,
 		),
-		&current.Policy,
+		&current.WriteModel,
 		primaryColor,
 		secondaryColor,
 	)
diff --git a/internal/v2/repository/iam/policy/login/events.go b/internal/v2/repository/iam/policy/login/events.go
index 779664703d..951fc016ac 100644
--- a/internal/v2/repository/iam/policy/login/events.go
+++ b/internal/v2/repository/iam/policy/login/events.go
@@ -67,7 +67,7 @@ func ChangedEventFromExisting(
 			ctx,
 			LoginPolicyChangedEventType,
 		),
-		&current.Policy,
+		&current.WriteModel,
 		allowUsernamePassword,
 		allowRegister,
 		allowExternalIDP,
diff --git a/internal/v2/repository/iam/policy/org_iam/events.go b/internal/v2/repository/iam/policy/org_iam/events.go
index 2b5c5c4b67..6619ef518b 100644
--- a/internal/v2/repository/iam/policy/org_iam/events.go
+++ b/internal/v2/repository/iam/policy/org_iam/events.go
@@ -52,7 +52,7 @@ func ChangedEventFromExisting(
 			ctx,
 			OrgIAMPolicyChangedEventType,
 		),
-		&current.Policy,
+		&current.WriteModel,
 		userLoginMustBeDomain,
 	)
 	return &ChangedEvent{
diff --git a/internal/v2/repository/iam/policy/password_age/events.go b/internal/v2/repository/iam/policy/password_age/events.go
index 464c9a2028..166ecde756 100644
--- a/internal/v2/repository/iam/policy/password_age/events.go
+++ b/internal/v2/repository/iam/policy/password_age/events.go
@@ -54,7 +54,7 @@ func ChangedEventFromExisting(
 			ctx,
 			PasswordAgePolicyChangedEventType,
 		),
-		&current.Policy,
+		&current.WriteModel,
 		expireWarnDays,
 		maxAgeDays,
 	)
diff --git a/internal/v2/repository/iam/policy/password_complexity/events.go b/internal/v2/repository/iam/policy/password_complexity/events.go
index 7ffc049a67..a8c8f1a894 100644
--- a/internal/v2/repository/iam/policy/password_complexity/events.go
+++ b/internal/v2/repository/iam/policy/password_complexity/events.go
@@ -63,7 +63,7 @@ func ChangedEventFromExisting(
 			ctx,
 			PasswordComplexityPolicyChangedEventType,
 		),
-		&current.Policy,
+		&current.WriteModel,
 		minLength,
 		hasLowerCase,
 		hasUpperCase,
diff --git a/internal/v2/repository/iam/policy/password_lockout/events.go b/internal/v2/repository/iam/policy/password_lockout/events.go
index ab6a459a2d..68ebf15c39 100644
--- a/internal/v2/repository/iam/policy/password_lockout/events.go
+++ b/internal/v2/repository/iam/policy/password_lockout/events.go
@@ -54,7 +54,7 @@ func ChangedEventFromExisting(
 			ctx,
 			PasswordLockoutPolicyChangedEventType,
 		),
-		&current.Policy,
+		&current.WriteModel,
 		maxAttempts,
 		showLockoutFailure,
 	)