ImplementedNIS2
NIS2 in Hungary
Hungary transposed NIS2 via Act XXIII of 2023. SZTFH coordinates audits, registrations, and enforcement structures.
Transposition law
Act XXIII of 2023 on Cybersecurity (Kibertan.tv.)
In force
1 January 2024
Competent authority
Supervisory Authority for Regulatory Activities (SZTFH)
Max fine (Essential)
HUF 3.8 billion (~€10 million) or 2% of global annual turnover
Max fine (Important)
HUF 2.6 billion (~€7 million) or 1.4% of global annual turnover
Full enforcement
October 2024
Key Deadlines
Law in force
1 January 2024
Audit contract execution
31 December 2024
Competent Authority
Supervisory Authority for Regulatory Activities (SZTFH)
Central supervisor and audit oversight authority
https://sztfh.hu ↗SZTFH operates a strict oversight model requiring biennial independent cybersecurity audits executed by registered cyber audit firms.
Registration Process
Register via the SZTFH electronic service portal using formal governmental company gateways.
📊 Quick Test
Check NIS2 Scope →Find out if your company is in scope
Does your organisation fall under Annex I (Essential) or Annex II (Important) entities?
Key Requirements
- 1Registration with SZTFH within 30 days of falling under scope
- 2Mandatory selection of a licensed security auditor
- 3Strict incident reporting within 24 hours to national CSIRT
National Additions
★Hungary demands a designated Chief Information Security Officer (CISO) for all Important Entities, going beyond the EU baseline
FAQ: NIS2 in Hungary
Are independent audits mandatory in Hungary?
Yes, all entities under Act XXIII of 2023 must contract an accredited cybersecurity auditor for verification audits every 2 years.
Ready to assess your NIS2 compliance?
Use our free tools to check your NIS2 scope and run a gap assessment.