Cybersecurity 2025

HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners

• The resilience of critical organisations is a key component of the national resilience system. • Ensuring the continuity of essential services and the resilience of critical organisations and infrastructures is a national interest. • Authorities, critical organisations, and indi - viduals must respect each other’s rights and cooperate in good faith. • Critical organisations must consider available resources, risks, and the impacts of extraordi - nary events when meeting resilience require - ments. • Attention must be given to cross-border interdependencies of essential services, criti - cal infrastructures, organisations, subsectors, and sectors. • Data related to critical organisations must be accessed only by those with a legitimate need for their duties, with confidentiality obli - gations persisting even after the relationship ends, and must not be disclosed to unauthor - ised individuals. • Measures regarding the resilience of critical organisations must comply with the princi - ple of proportionality, being necessary and appropriate to achieve the desired goal. • In matters involving nuclear energy, the authority of the nuclear regulatory body must be respected, and safety must take prec - edence over all other considerations. Critical organisations must enhance their resil - ience while ensuring the continuous delivery of essential services. The responsibility for main - taining and improving resilience, as well as implementing necessary measures, rests with the critical organisation. Resilience assessments and improvements should consider national risk assessments, resilience plans, risk man - agement strategies, emergency prevention and recovery measures, physical security, organisa - tional specifics, and applicable regulations. To

fulfil resilience requirements, authorised secu - rity personnel may inspect individuals, vehicles, and objects entering or leaving critical infrastruc - ture, and restrict or prevent access if necessary. Employees, suppliers, and contractors must co- operate and fulfil assigned tasks, while employ - ees in critical roles must adhere to the resilience plan. Suppliers are required to meet the organi - sation’s standards, and individuals entering facilities must comply with organisational restric - tions. These measures aim to safeguard critical infrastructure and enhance national resilience. Risk Management Critical organisations must assess, identify, evaluate, and manage risks that may impact the secure and continuous operation of critical infra - structure and the delivery of essential services. Risk assessments and the development of a resilience matrix must address mandatory gen - eral and sector-specific risks and additional risks identified by the organisation. The assessment and matrix must consider the potential conse - quences of risks that could lead to extraordinary events threatening the secure and continuous operation of the organisation and infrastructure. The detailed criteria for risk assessment and resilience matrix development are defined by government decree. Resilience Plan and Responsible Person for the Resilience of a Critical Organisation Critical organisations must prepare a resilience plan and its accompanying resilience matrix by the deadline set by the designation authority. These documents must be completed using a standardised form provided by the authority and submitted electronically for approval. The general designation authority, with input from sector-specific or energy-related authori - ties, evaluates the submitted plan and matrix

102 CHAMBERS.COM

Powered by