HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners
three resilience levels, determined by the scope and impact of their services, geographic cov - erage, and the number of users reliant on their operations. These levels dictate the organisa - tion’s obligations to ensure preparedness and continuity in the face of extraordinary events. Designation decisions are reviewed every four years or sooner if significant changes occur in the organisation’s status or the broader oper - ating environment. Critical organisations must comply with tailored obligations, including the development of resilience plans and implemen - tation of specific measures to address identified risks. The designation process also emphasises cross-sectoral and cross-border dependencies, ensuring a comprehensive approach to resil - ience. The decisions are formally communicated to relevant oversight bodies, sectoral authorities, and stakeholders, including those responsible for cybersecurity and emergency communica - tions. This collaborative and structured approach supports the integration of critical organisations into Hungary’s national resilience framework, ensuring the continuity of essential services and preparedness for potential threats. Designation of Critical Infrastructure The process of designating critical infrastruc - ture involves organisations providing data on their infrastructure and identifying those con - sidered critical. The designation authority, with input from sectoral authorities, designates infra - structure as critical if it is essential for the basic services provided by a critical organisation, is located within Hungary, and meets at least one horizontal or sectoral criterion. The resilience level of the critical infrastructure is determined in the designation decision. A critical infrastruc - ture cannot be designated in multiple sectors or subsectors. If eligible under multiple sectors, its
designation is based on the primary essential service it supports. Supervision of Critical Organisations The oversight of critical organisations and infrastructure is carried out by a designated supervisory authority through comprehensive inspections. These inspections are conducted regularly, periodically, and on an ad hoc basis, often involving relevant sectoral authorities to ensure a thorough evaluation. The primary focus is on assessing compliance with applicable laws, regulations, and directives issued by the desig - nation authority. The inspections aim to verify the effectiveness of measures taken to maintain and enhance the resilience of critical organisa - tions and infrastructure. Key elements of these evaluations include the adequacy of resilience plans, risk assessments, resilience matrices, leadership performance, and the organisation’s collaboration with supply chain partners and other entities. Sector-specific oversight is also conducted independently by sectoral authorities with exper - tise in their respective areas. These inspections follow an agreed methodology, and their plans are finalised annually after consultations with the supervisory authority. This ensures consistency and alignment with broader resilience objectives. Resilience leaders within critical organisations play a crucial role in ensuring compliance and readiness through internal audits. They are responsible for evaluating the implementation of resilience measures, the accuracy of resilience plans, and the organisation’s overall prepared - ness. If any deficiencies are identified, they are required to propose corrective actions to senior management or the organisation’s leadership.
107 CHAMBERS.COM
Powered by FlippingBook