Cybersecurity 2025

HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners

National Strategy for Enhancing the Resilience of Critical Organisations

• general and sector-specific risks and defence plans; • EU-based regulations addressing terrorism, energy supply security, flood risk, and hazard - ous materials; • tasks related to defence and security plan - ning under national law; and • reporting and management of extraordinary events. The assessment evaluates critical organisa - tions’ development of risk evaluations, resilience matrices, and resilience measures. It is reviewed every four years, and relevant information is sub- mitted to the European Commission within three months of adoption. Designation of Critical Organisations The process for designating critical organisa - tions in Hungary is governed by a comprehen - sive framework designed to ensure national resilience and the continuity of essential ser - vices. This involves evaluating both horizontal and sector-specific criteria to identify organi - sations that play a critical role in maintaining societal and economic stability. Horizontal cri - teria include factors such as the organisation’s dependency on or relationship with other criti - cal entities, its financial significance (eg, annual revenue exceeding HUF10 billion), or its role as the sole provider of a critical service in Hun - gary. Sector-specific criteria address risks and dependencies within specific industries, such as energy, transportation, or public health. Designation authorities, in collaboration with sectoral authorities, monitor and evaluate the resilience of sectors, subsectors, and infra - structures. They initiate the designation pro - cess based on national resilience strategies, risk assessments, and relevant data. Organisations meeting the criteria are categorised into one of

The National Strategy for the Resilience of Criti - cal Organisations is a medium-term strategic planning document issued by the government. Based on the National Security Strategy and other sectoral strategies, it outlines goals and measures to enhance the general resilience of critical organisations and ensure the continuity of essential services. Key elements include: • strategic objectives and priorities considering cross-border and sectoral interdependencies; • governance frameworks defining roles and responsibilities of critical organisations and involved authorities; • measures to strengthen resilience and proce - dures to support critical organisations; • actions to promote public-private collabora - tion; • identification of key authorities, stakeholders, and processes for co-ordination; and • a policy framework for co-ordinating cyberse - curity risks, threats, and incidents under NIS2 compliance. The strategy is reviewed every four years and provided to the European Commission within three months of its adoption. National Risk Assessment for Enhancing the Resilience of Critical Organisations The National Risk Assessment for Critical Organ - isations’ Resilience (National Risk Assessment), approved by the Hungarian government, serves as a planning document to support the resilience of critical organisations and infrastructure. It covers: • sectors listed in Annex 1 of the Critical Infra - structure Act; • Hungary’s national disaster risk assessment;

106 CHAMBERS.COM

Powered by