10 Jul
10Jul

To ensure a uniformly high level of cybersecurity across the European Union, the Cybersecurity Certification and Supervision Act (Cybersecurity Act) 2022/2555 (NIS2) aims to secure the EU's digital infrastructure and enhance the ability to defend against cyber threats.


The Act imposes a number of requirements on companies whose activities or organisations fall within its scope. Each company should check whether the provisions of this legislation apply to its business.

If the Cybersecurity Act applies to the company, it must submit an application for NIS2 registration to the Regulated Activities Supervisory Authority (RPAA) by 30 June 2024. In addition, the company must classify its activities into a security class and define specific security measures in accordance with the Cybersecurity Act, Decree No. 7/2024 (VI. 24.) MK. Furthermore, it is mandatory to choose a cybersecurity auditor, to conclude a contract with it and to carry out the cybersecurity audit.

These obligations apply mainly to medium and large enterprises, as defined in Act XXXIV of 2004 on Small and Medium Enterprises. Companies with at least 50 employees or an annual turnover of at least €10 million should take into account these obligations.

It is also important to consider the activity of the SME in question. The Cybersecurity Act. Annexes I and II of the KiP Directive set out in detail which firms fall into the critical and highly critical sectors.

Exceptions to the main rules include electronic communications trust service providers, DNS providers, top level domain name registrars and domain name registrars, as they are subject to the provisions of the Act even if they are not medium-sized and large companies.

If a company is not directly covered by the Act but subcontracts to one of these companies, they must agree in their contract to comply with the Act.

Companies that fail to comply can face substantial fines and even be banned from doing business if their managers fail to comply.

Dr. György Zalavári, lawyer and partner at Ecovis Zalavári Legal Hungary, stresses that it is important to note that only a person who is authorised to use the company's company gate can apply for registration.


Dr. György Zalavári LL.M.
Ecovis Zalavári Legal Hungary
Lawyer | Mediator | Corporate Law and Data Protection Specialist
gyorgy.zalavari@ecovis.hu



Comments
* The email will not be published on the website.
Update cookies preferences