Legislation

Legislation affecting the procedures of the national cybersecurity authority

  • Act LXIX of 2024 on the cybersecurity of Hungary (Cybersecurity Act)
  • Act CL of 2016 on general administrative order
  • Government Decree 418/2024 (XII. 23.) on the implementation of the Act on the cybersecurity of Hungary
  • 7/2024. (VI. 24.) Decree of the Prime Minister's Cabinet Office on the requirements for security classification and the specific protection measures applicable to each security class
  • 17/2025. (VII. 24.) Decree of the Ministry of Energy on the requirements for qualifications, professional qualifications, training and further training under the Act on Cybersecurity of Hungary

Legislation on electronic administration:

  • Act CIII of 2023 on the Digital State and Certain Rules for the Provision of Digital Services (DÁP Act)
  • Government Decree 321/2024. (XI. 6.) on certain rules of digital citizenship
  • Government Decree 322/2024. (XI. 6.) on the detailed technical requirements for digital services, digital citizenship services and support services

Legislation on the national cybersecurity authority as a specialized authority related to aviation:

  • Act XCVII of 1995 on Air Transport
  • Government Decree 169/2010. (V. 11.) on the rules of civil aviation security and the powers, duties and operating procedures of the Aviation Security Committee
  • Government Decree 531/2017. (XII. 29.) on the designation of specialized authorities acting on certain compelling reasons based on public interest

Legislation relating to other administrative authorities in relation to the procedures of the national cybersecurity authority

Regulatory Activities Supervisory Authority (SARA):

  • Decree 15/2023. (VII. 31.) of the SARA on the administrative service fees for procedures related to the cybersecurity tasks of the Supervisory Authority for Regulated Activities
  • Decree 10/2023. (V. 15.) of the Hungarian Ministry of Finance on cybersecurity certification of information and communication technologies

National Directorate General for Disaster Management, Ministry of the Interior (NDGDM):

  • Act LXXXIV of 2024 on the Resilience of Critical Organizations (Kszetv.)
  • Act XCIII of 2021 on the Coordination of Defense and Security Activities (Act XCIII of 2021)
  • Government Decree 474/2024. (XII. 31.) on the implementation of the Act on the Resilience of Critical Organizations
  • Government Decree 475/2024. (XII. 31.) on the resilience of organizations significant for the defense and security of the country

National Media and Infocommunications Authority (NMIA)

  • Act C of 2003 on Electronic Communications (Eht. tv.)

European Union legal sources:

  • Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 concerning measures to ensure a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)
  • Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical organisations and repealing Council Directive 2008/114/EC (CER Directive)
  • Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience in the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) No 2016/1011 (DORA Regulation)
  • Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC, Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council