Food businesses are also affected by the new cyber security law

(Photo: Pixabay)

The new cyber security law published in May of this year establishes the domestic framework for certification and, in addition to the introduction of the official supervision system, defines the cyber security requirements for actors in major economic sectors. The law also applies to profit-oriented and non-profit public or private enterprises that participate in any stage of the production, processing or distribution of food. The regulations do not affect micro and small enterprises, i.e. those food enterprises in which the number of employees does not reach 50 people, or the annual net sales revenue or balance sheet total is less than HUF equivalent to 10 million euros.

The supervision of the area is carried out by the Supervisory Authority for Regulated Activities (SZTFH)

It is important that those organizations which, on 01.01.2024 start their operation before, they must register with the SZTFH by 30.06.2024 at the latest, and an essential requirement is that in their case the first cyber security audit must be carried out by 31.12.2025. If an organization is not in the carries out its activities in accordance with cyber security requirements, the SZTFH is entitled5 – taking into account the opinion of the authority authorizing or supervising the given activity – to ban the organization concerned from activities (which directly threaten the fulfillment of security requirements). In addition, according to the related decree6, the fines can range from HUF 50,000 to HUF 50,000,000.

Nébih