KNP Blog

POTENTIAL MORATORIUM ON THE CYBERSECURITY COMPLIANCE DEADLINES
07. 05. 2025. KNP LAW

POTENTIAL MORATORIUM ON THE CYBERSECURITY COMPLIANCE DEADLINES

Legal Framework and Current Regulations

Pursuant to Act LXIX of 2024 on the cybersecurity of Hungary (the “Cybersecurity Act”), which entered into force on January 1, 2025, and in accordance with the provisions of European Directive 2022/2555 (the “NIS2 Directive”), entities deemed subject to mandatory cybersecurity audits were required to engage an auditor of their choice possessing an appropriate security classification by December 31, 2024.

This statutory deadline has been subject to an extension due to delays in the formal implementation of relevant regulations by the Supervisory Authority for Regulatory Affairs (“SZTFH”). As a result, enforcement measures, including fines for non-compliance, are currently suspended to accommodate this regulatory gap.

Joint Communication and Legislative Developments

Originally, the compliance deadline was set for December 31, 2025. Nonetheless, on May 5, 2025, the Hungarian Chamber of Commerce and Industry (“MKIK”) in conjunction with the SZTFH issued a joint statement proposing a legislative amendment seeking to:

  • Extend the cybersecurity audit deadline by a further six (6) months, to June 30, 2026; and
  • Allow affected organizations until August 31, 2025, to execute contractual arrangements with qualified auditors.

Rationale and Support from MKIK

The joint statement underscores the shared interest of MKIK and SZTFH in enabling organizations to enhance their cybersecurity posture beyond the current minimum requirements. The proposed extension aims to facilitate better implementation of security measures, ultimately ensuring more comprehensive and effective audit outcomes.

The statement also references past successful collaborations on administrative and audit fee optimization as precedent for this strategic approach. MKIK has also announced the development of an audit preparation advisory program. This initiative aims to provide targeted, accessible support, including both in-person and online assistance to smaller organizations to ensure they are adequately prepared and compliant with the upcoming audit requirements.

Implications

The proposed moratorium underscores the importance of closely monitoring legislative developments and regulatory updates to ensure timely adherence to evolving cybersecurity obligations and to mitigate potential compliance risks.

***

If you have any further questions, please feel free to contact us and request the assistance of KNP LAW experts.

Questions?

Contact

Connect with us.

Let us know how may we assist, one of our colleagues will follow up.

Data policy(Required)
Adatvédelem

CONTACT

Address:

Bartók Ház H-1114 Bartók Béla út 43-47. A/6 Budapest, Hungary

Telephone:

+ 36 1 302 9050

Mobile:

+36 70 410 5023

E-mail:

knplaw@knplaw.com

CONFERENCE BLEUE

KNP LAW has been a member of Conference Bleue since 2007. For further information, click here. KNP LAW joined the GBL Alliance in 2021. For further information, click here.