Cybersecurity 2025

HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners

critical assets and pieces of critical infrastructure were defined in Act CLXVI of 2012 on the Iden - tification, Designation and Protection of Critical Systems and Facilities. The 2020 National Security Strategy Hungary updated its National Security Strat - egy in 2020 (Government Decision 1163/2020) to address significant changes in the global security environment since 2012. The strategy highlights factors such as a shifting world order, climate change, migration, resource depletion, and technological advancements. It emphasises preserving security levels, national values, eco - nomic priorities, and defence industry develop - ment to ensure Hungary’s stability and growth amid global, European, and national challenges. Cybersecurity features prominently in the updat - ed strategy, which recognises cyberspace as a critical operational domain alongside land, sea, air, and space. It underscores the increasing frequency and sophistication of cyber threats, including attacks on critical systems by state and non-state actors such as cybercriminal groups and international terrorist organisations. The strategy prioritises enhancing resilience to hybrid attacks through national unity, strong democracy, efficient decision-making, and col - laboration across defence, law enforcement, and civilian infrastructure. Key measures include bolstering cybersecurity to protect critical infor - mation infrastructure and governmental IT sys - tems, addressing risks, and fostering public- private partnerships. The strategy highlights the importance of AI-based systems’ secure devel - opment, international co-operation, and the establishment of global norms for cyberspace security. It considers cyber capabilities causing physical harm or material damage as weapons, warranting potential physical responses, with attribution requiring careful governmental evalu -

ation. Hungary’s approach focuses on strength - ening cybersecurity through enhanced regula - tions, sectoral alignment with national security goals, and partnerships to address rising cyber threats targeting governmental platforms, utili - ties, and critical infrastructure. NIS2 Implementation and Harmonisation of Requirements In line with its National Security Strategy, Hun - gary has enacted several pieces of legislation to implement the EU’s NIS2 Directive into Hun - garian law. This included the Act XXIII of 2023 on Cybersecurity Certification and Supervision (“2023 Cybersecurity Act”), MK Decree 7/2024 (VI. 24.) on Security Classification Requirements (“MK Decree”), and SZTFH Decree 23/2023 (XII. 19.) on the cybersecurity register of affected enti - ties. However, due to significant shortcomings in implementing NIS2 Directive requirements in the 2023 Cybersecurity Act, the European Commis - sion initiated an infringement procedure against Hungary for failing to fully transpose the NIS2 Directive and ensure the protection of critical infrastructure and the resilience of critical enti - ties. Consequently, Act No LXIX of 2024 on Hungary’s Cybersecurity (“2024 Cybersecurity Act”), published in Hungarian Official Journal No 130 on 20 December 2024, and effective as of 1 January 2025, repealed the 2023 Cybersecu - rity Act. Additionally, Act No LXXXIV of 2024 on the Resilience of Critical Organisations (“Critical Infrastructure Act”), published in Official Journal No 131 on 20 December 2024, also took effect on 1 January 2025, albeit in stages, repealing the 2012 Act on the Identification, Designation, and Protection of Critical Systems and Facilities. Several lower-level pieces of legislation, such as the presidential decree of the supervisory authority regarding the applicable audit meth - odology and auditor fees, are not yet published.

94

CHAMBERS.COM

Powered by