Hungary succeeded in terms of NIS 2 Directive

Hungarian companies affected by the Network and Information Security Directive 2 / NIS2 must submit their application for registration to the Supervisory Authority for Regulated Activities (SZTFH). Companies that started their operations before January 1, 2024, have to complete NIS 2 registration by June 30, 2024. As concerns the Bulgarian Process of integrating the new measures for a high general level of cyber security(NIS2), you can find information here.

What is registration?

In the NIS2 registration process, affected companies are required to provide the following information:

  • company data,
  • contact data,
  • some technical details,
  • contact details of the person responsible for IT security. (responsibility in case something bad happens)

NIS 2 deadlines for Hungary, but expect soon in our latitudes as well, especially since the elections are now over:

  • Until 30 June 2024: All organizations affected by NIS2 need only identify themselves and apply for registration by completing the SZTFH 420 form.
  • Effective October 18, 2024: Organizations affected by NIS2 must implement security measures following the appropriate security class of their electronic information systems and pay the SZTFH supervision fee.
  • By 31 December 2024: organizations affected by NIS2 must sign a contract with a selected auditor.
  • By December 31, 2025: You must select an independent external auditor to conduct the first audit of your cybersecurity.

National differences

The following aspects characterize the Hungarian implementation of NIS2:

  • Multiple documents: The implementation of NIS2 in Hungary covers multiple details through separate government decrees. These include aspects such as penalty levels, required log data, specific security measures and reporting requirements. Section 28 lists any provisions that may be added.
  • Longer deadlines for reporting incidents: The Hungarian implementation of NIS2 establishes reporting obligations in Section 27, which refers to the Act on the Security of Electronic Information of State and Local Authorities. However, submitting a detailed report within 72 hours and 30 days is not required.

The Hungarian implementation of NIS2 adds some sub-sectors to the original NI2 sectors:

  • The Public Transport sector ( Tömegközlekedés ) has been added to the Transport sector.
  • The Cement, Lime and Gypsum Manufacturing sub-sector has been added to the Manufacturing sector.
  • The digital infrastructure and electronic communications services sectors form the EU digital infrastructure sector NIS2.
  • Water supply and sewerage are united in the water services sector.
  • Banking, financial market infrastructures and public administration sectors are not included in the Hungarian transposition of NIS2.

Cybersecurity has long been for professionals. This is a serious commitment for businesses that could potentially land someone in jail if they fail to comply with the NIS2 directive or ignore basic cybersecurity principles. Last but not least, organizations are exposed to huge penalties if they do not comply with NIS2.

We are here to help you with your journey in the world of cyber security, stay compliant and sleep easy! We can provide the following services:

  1. NIS2 audit – compliance assessment.
  2. NIS2 Consulting Service.
  3. NIS2 full transition from your current state in your organization to full compliance with the directive.
  4. NIS2 Awareness Training.

Reduce your information security risk to the desired level by taking advantage of our many years of experience in information security consulting services. If you have any questions or need advice about NIS 2, don't hesitate to contact us.