Blog
Blog » NEW HUNGARIAN CYBERSECURITY LAWS INTRODUCE IMPORTANT OBLIGATIONS – THE COUNTDOWN BEGINS
NEW HUNGARIAN CYBERSECURITY LAWS INTRODUCE IMPORTANT OBLIGATIONS – THE COUNTDOWN BEGINS
14 December 2023
From 1 January 2024, companies operating in Hungary will face new significant cyber security related obligations under the Hungarian legislation implementing the EU NIS2 Directive. In this short article, we describe which companies will be affected by the new regulation and what are the most important tasks in the new year.
As regards to the background, the NIS2 Directive which is the strengthened European cybersecurity legislation entered into force in January 2023. To implement the provisions of the NIS2 Directive to the Hungarian legislation, the parliament enacted Act XXIII of 2023 on cybersecurity certification and cybersecurity supervision (“Cybersecurity Certification Act”).
1. The companies concerned
Service providers and organisations operating in “high-risk” and “risky” sectors are covered by the new law. High-risk sectors include for example energy, transport, healthcare, digital infrastructure and electronic communication. Among others, postal services, food and chemical manufacturing, electronic product manufacturing and digital services are classified as risky sectors.
As a main rule, the Hungarian Cybersecurity Certification Act does not apply to SMEs, only companies that employ at least 50 employees or have an annual net turnover or a balance sheet total exceeding 10 million Euros.
However, companies electronic communications service providers, trust service providers, DNS service providers, top level domain name registrars and domain name registration service providers are covered by the law regardless of their size.
2. Major obligations
The Cybersecurity Certification Act requires basic cybersecurity measures for the electronic information systems of the entities covered by the act.
As a part of the basic cybersecurity measures, companies concerned by the law shall classify their electronic information systems. Based on the risk of confidentiality, integrity, or availability being compromised, "basic", "significant" or "high" security class shall be applied.
The specific security measures applicable to each security class will be laid down in a ministerial decree and shall be applicable as of 18 October 2024.
The companies covered by the act have until 30 June 2024 to register with the Regulated Activities Supervisory Authority.
Further, until 31 December 2024 the companies shall appoint an independent auditor who shall conduct the first NIS2-compliant cybersecurity due diligence until 31 December 2025.
3. Fines
In accordance with the NIS2 Directive, the companies concerned that fail to comply with the cybersecurity related obligations may face administrative fines of a maximum of 10 million euros or 2% of their total worldwide annual turnover.
Based on the above, we advise companies operating in Hungary to check whether they are covered by the new Cybersecurity Certification Act and if yes, to start the preparation of the necessary measurements.
-
WHAT ARE THE FORMAL AND CONTENT REQUIREMENTS OF COMPANY DOCUMENTS IN B2B TRANSACTIONS IN HUNGARY?
Few people may know, but legislation often imposes formal and content requirements for certain documents. In most cases, these rules are for the sake of identification, which is in the interest of both parties, so it is important to pay attention to them to avoid misunderstandings. In this article, we examine the content requirements for documents used in business to business (B2B) transactions.
Read more » -
HOW FAR THE EMPLOYER’S SPHERE OF CONTROL EXTENDS IN HUNGARY, ACCORDING TO THE SUPREME COURT?
Under Hungarian labour law, the employer may be exempted from compensating the employee for damage caused in connection with the employment relationship if the damage was caused by circumstances beyond the employer’s control. But how far does the employer's control extend, and does it really have to take every eventuality into account, even the most unpredictable? In its recent decision, the Hungarian Supreme Court addressed this question.
Read more » -
WE ARE 15!
Recently we celebrated our 15th Anniversary, which is a very important milestone for us. Looking back, our Office went through a long improvement until the formation of our present profile: providing legal support in domestic and international commercial law issues and helping our clients doing business in Hungary.
Read more »