In addition to challenges, NIS2 also holds opportunities for Hungarian companies

The European Union cybersecurity rules introduced in 2016 were updated by the NIS2 directive, which entered into force in 2023, in order to keep pace with digitalization and constantly changing cybersecurity threats. The directive extends the scope of cyber security rules to new sectors and organizations. In Hungary, the Act on Cyber ​​Security Certification and Cyber ​​Security Supervision, which entered into force in January of this year, transposed NIS2 into the domestic legal order.

On October 18, we reached an important milestone: from now on, the organizations concerned must comply with the provisions of the law.Dr. Balázs Bencsik, on behalf of the Supervisory Authority for Regulated Activities, emphasized that the new requirements imposed by the NIS2 directive mean more serious obligations for Hungarian businesses. The directive adapts cyber security regulation to increasingly complex digital threats and pays special attention to companies operating in risky sectors that employ at least 50 people or whose annual turnover exceeds 10 million euros.

In case of non-compliance with the NIS2 regulations, a company can expect serious consequences, as the penalty can reach 2% of the annual sales revenue.

Dr. Balázs Bencsik also touched on the auditing process, which begins with classifying the company’s IT systems into a security class and includes a number of tests, including vulnerability and penetration tests. The authority is introducing a new indicator for the evaluation of organizations: the metric formed from the defense compliance and organizational resilience index will be an indicator for companies that successfully complete a cyber security audit, which will paint a favorable image of them in the eyes of their business partners.