The legislator has adopted Act CXXXV of 2025 amending the relevant legislation, which introduces fundamental changes to the Hungarian cybersecurity regulatory framework.
The purpose of the amendment is twofold: on the one hand, to implement the EU Cyber Resilience Act (CRA) at national level, and on the other hand, to clarify and extend the cybersecurity rules already in force in Hungary. The changes will enter into force gradually from 2026 and will affect a wide range of organisations that have previously not been subject to cybersecurity obligations, or only to a limited extent.
