Cybersecurity 2025

HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners

rity Act outlines requirements for administrative bodies, state-owned enterprises, and entities designated as essential or important, which also apply to software and system development. These requirements must be adhered to when procuring or developing AI solutions. Additionally, Hungary has not yet established a dedicated AI supervisory authority. Data protec - tion-related requirements for the use and devel- opment of AI systems are currently overseen by the NAIH. 6.3 Cybersecurity in the Healthcare Sector In general, the EU Medical Device Regulation’s cybersecurity requirements apply to medical devices. Moreover, public and private healthcare provid - ers must connect to the Electronic Health Ser - vice Space (EESZT). IT systems used to connect to the EESZT must comply with strict require - ments, including secure access, identification, communication protection, service handling, and adherence to technical and security stand - ards. Developers with appropriate rights can apply for authorisation, specifying the system’s intended use.

Authorised systems must ensure continuous compliance during updates, version changes, or technical modifications for system integration, with significant changes reported within eight days. Operators monitor system performance to verify ongoing compliance, with the authority to revoke authorisation if requirements are unmet. Additionally, operators maintain and publish a registry of authorised systems for transparency. These regulations aim to enhance the security, functionality, and reliability of IT systems, ensur - ing they meet technical and operational stand - ards.

113 CHAMBERS.COM

Powered by