NIS2 Implementation in the EU |
|
Hungary |
|
|
(Europe)
Firm
Lakatos Köves & Partners
Contributors
Dávid Nagy |
|
| Status of the legislative process | Enacted |
| Status of the NIS2 Implementation Act | Hungary implemented the NIS2 Directive into Act LXIX (“Cybersecurity Act”) in 2024. It aims to regulate market participants, government entities and municipalities, along with cyber certification, comprehensively and in more detail, and consolidate the Hungarian respective legislation into one act to comply with the NIS2 Directive and CER Directive from a cybersecurity perspective. The most significant requirements of the NIS2 Directive—such as registering with the competent authority, implementing security measures, engaging auditors, and preparing audits on the company’s electronic information systems—are included in the Cybersecurity Act. |
| Significant deviations of the National Implementation Act from the NIS2 Directive, if any | In general, there are no significant deviations, with one exception regarding the main establishment principle under Article 26 of the NIS2 Directive. Unlike the sequential conditions set out under Article 26(2) of the NIS2 scope provision, the Cybersecurity Act establishes an alternative relationship between the conditions. |
| Date of entry into force of the Implementation Act | The whole Cybersecurity Act and the required decrees are in force. |
NIS2 Implementation in the EU
Hungary
(Europe) Firm Lakatos Köves & PartnersContributors Dávid Nagy Iván Sólyom
Updated 05 Feb 2026Enacted
Hungary implemented the NIS2 Directive into Act LXIX (“Cybersecurity Act”) in 2024. It aims to regulate market participants, government entities and municipalities, along with cyber certification, comprehensively and in more detail, and consolidate the Hungarian respective legislation into one act to comply with the NIS2 Directive and CER Directive from a cybersecurity perspective. The most significant requirements of the NIS2 Directive—such as registering with the competent authority, implementing security measures, engaging auditors, and preparing audits on the company’s electronic information systems—are included in the Cybersecurity Act.
In general, there are no significant deviations, with one exception regarding the main establishment principle under Article 26 of the NIS2 Directive. Unlike the sequential conditions set out under Article 26(2) of the NIS2 scope provision, the Cybersecurity Act establishes an alternative relationship between the conditions.
The whole Cybersecurity Act and the required decrees are in force.