HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners
tems and procedures, are outlined in Govern - ment Decree 42/2015 (III. 12.) on the Protection of IT Systems for Financial Institutions, Insur - ance and Reinsurance Companies, and Invest - ment Firms and Commodity Exchange Service Providers. Additionally, EU-level legislation, such as the PSD2 Directive, has been incorporated into Hungarian law through amendments to vari - ous financial sectoral regulations. From 17 Janu - ary 2025, the DORA regulation, governing cyber - security and supply chain risk management requirements alongside Government Decree 42/2015 (III. 12.), came into effect in Hungary. Healthcare Providers Public and private healthcare providers must connect to the Electronic Health Service Space (EESZT). IT systems used to connect to the EESZT must comply with strict requirements, including with regard to secure access, identifi - cation, communication protection, service han - dling, and adherence to technical and security standards. Developers with appropriate rights can apply for authorisation, specifying the sys - tem’s intended use. Authorised systems must ensure continuous compliance during updates, version changes, or technical modifications for system integration, with significant changes reported within eight days. Operators monitor system performance to verify ongoing compli - ance, with the authority to revoke authorisation if requirements are unmet. Additionally, opera - tors maintain and publish a registry of authorised systems for transparency. These regulations aim to enhance the security, functionality, and reli - ability of IT systems, ensuring they meet techni - cal and operational standards. Criminal Law Act C of 2012 on the Criminal Code defines penalised behaviours related to cybersecurity, such as intercepting electronic communica -
tions, computer abuse, and fraud committed using computer devices. Act LXXVIII of 2024 on Combating Online Aggression, which entered into force on 1 January 2025, amends the Crimi - nal Code to introduce the offence of “Internet Aggression”. This offence penalises publishing or using expressions, depictions, or audio-visual content via electronic communication networks that express intent or desire for violent crimes (causing death or extreme cruelty) against iden - tifiable persons, with up to one year of imprison - ment unless a more severe crime is committed. Exceptions are provided for educational, scien - tific, artistic, or informational purposes, as long as the act does not incite fear. 1.3 Cybersecurity Regulators NIS2 Under the 2024 Cybersecurity Act, the cyber - security oversight of electronic information sys - tems under this law is handled by: • the national cybersecurity authority, the Spe - cial Service for National Security ( Nemzet- biztonsági Szakszolgálat , NBSZ) designated by government decree for systems of admin - istrative bodies, state-owned enterprises, entities designated as essential or important but not covered under the 2024 Cybersecurity Act or DORA (the NBSZ operates indepen - dently, with sole accountability to legal regu - lations, and performs its tasks autonomously, free from instructions, except for directives to complete tasks or address omissions); • the SZTFH for systems of NIS2-related organisations not covered by the above; and • for defence-related electronic information systems, the defence cybersecurity author - ity within the defence sector, the Hungarian Minister of Defence is responsible; its opera - tions follow the regulations applicable to the national cybersecurity authority.
98
CHAMBERS.COM
Powered by FlippingBook