NIS2 Compliance

NIS2 Compliance

Facing the Challenges of NIS2 Compliance? We’ve Got You Covered.

Facing the Challenges of NIS2 Compliance? We’ve Got You Covered.

We offer more than just a service—we provide a trusted partner who stands by your side throughout every step of your NIS2 compliance journey. Navigating the complexities of regulation can be daunting, but with our expert guidance, you are never alone.

Turn the challenges and opportunities of NIS2 to your advantage with our support.

Show Services
Request a Consultation

What Exactly is NIS2?

The (EU) 2016/1148 Directive, issued by the European Parliament and Council, came into effect at the end of December 2022.

As part of legal harmonisation, national regulations have already been introduced:

  • Act XXIII of 2023 on cybersecurity certification and cybersecurity supervision (referred to as the Cybersecurity Act)
  • 23/2023. (XII.19.) SZTFH Decree on the regulatory registry of organisations under cybersecurity supervision

What is the Purpose of NIS2?

NIS2 aims to strengthen cybersecurity capabilities across the European Union, mitigate threats to network and information systems used for essential services in key sectors, and ensure service continuity in the event of cybersecurity incidents affecting IT systems.

By doing so, NIS2 contributes to the security of the EU and the efficient functioning of its economy and society.

Why is it important to address this now?

The Act XXIII of 2023, introduced last year, lays the foundation for integrating the NIS2 directive into the Hungarian legal framework. This legislation defines the tasks and deadlines following its enactment, making it essential for affected organisations to begin preparing now.

Important: The regulation outlining specific requirements has not yet been published, though it is currently under public consultation.

show services

Learn more about NIS2

Who Does It Apply To?

The regulation determines compliance requirements based on both company size and industry sector.

The following service providers must comply with NIS2 requirements, regardless of company size:

  • Electronic communications service providers
  • Trust service providers
  • DNS service providers
  • Top-level domain registries
  • Domain name registration service providers

For other businesses, company size is the determining factor. The directive applies to companies that meet the EU SME definition, meaning organisations with at least 50 employees or an annual turnover or balance sheet total of at least €10 million must comply with the NIS2 requirements.

Industries Affected by NIS2 Requirements

High-Risk Sectors

  • Energy
  • Transport
  • Healthcare
  • Drinking water and wastewater
  • Telecommunications services
  • Digital infrastructure
  • Outsourced ICT services
  • Space-based services

Risk Sectors

  • Postal and courier services
  • Food production, processing, and distribution
  • Waste management
  • Chemical production and distribution
  • Manufacturing
  • Digital service providers
  • Research

Key Changes Introduced by NIS2

  • Security across the entire supply chain
  • Cybersecurity incident reporting system
  • Risk-based approach to operations
  • Certified ICT services and products
  • Centralised registry for information systems (mandatory reporting)
  • Centralised registry for public services (mandatory reporting)
  • Introduction of responsibility for electronic information system security

Cybersecurity risk management measures must follow an all-hazards approach, ensuring the protection of network and information systems, along with their physical environments, against potential incidents.

What are the deadlines?

What are the deadlines?

IMPORTANT: with regard to the deadlines, the legislation distinguishes between organisations that started their activities before 01.01.2024 and those that start their activities after that date.

If your company was registered or started operating before 1st of January 2024, the following deadlines apply to your company:

Until 2025.12.31

Organisations registered with the SZTFH, including your company, will be required to undergo an initial cybersecurity audit, which will provide a detailed assessment of the effectiveness of the security measures in place and their NIS2 compliance.

Request a quote

We recommend the following services

Basic Package

Our Basic Package provides a simplified approach to help organisations understand and identify their obligations under the new security regulations. It supports them in taking the necessary steps, including the registration of Electronic Information Systems (EIR) and proper security classification.

With the Basic Package, organisations can identify relevant control requirements and receive guidance throughout the registration process, reducing the risk of errors and ensuring compliance with minimal complexity.

Included Services:

  • Support for self-identification
  • Defining and registering Electronic Information Systems (EIR)
  • Assistance with security classification
  • Defining control requirements
  • Support for registration

Advanced Package

The Advanced Package builds upon the Basic Package, incorporating additional key services such as NIS2 professional project management and executive presentation with an action plan proposal. These elements help make every stage of the compliance process clearer and more manageable.

These additional services provide in-depth analysis and structured guidance, ensuring organisations can successfully meet compliance requirements with confidence.

Included Services:

  • All features of the Basic Package
  • NIS2 professional project management
  • Executive presentation
  • Action plan proposal

    Premium Package

    The Premium Package offers a comprehensive solution for organisations seeking full support in managing all aspects of NIS2 compliance within a single package.

    Beyond the Enhanced Package, we provide expert assistance through the appointment of an Information Security Officer and the effective implementation of predefined security measures.

    We conduct detailed assessments of IT systems and organisational processes to identify and evaluate potential security risks. A customised action plan is developed to minimise risks and enhance cybersecurity resilience.

    We also establish an Information Security Management System (ISMS) and provide ongoing support to ensure its efficient operation and continuous improvement.

    Included Services:

    • All features of the Advanced Package
    • Support for action plan implementation
    • Provision of an Information Security Officer
    • Comprehensive risk assessment
    • ISMS development and continuous support

      NIS2 Compliance for Obligated Entities and Suppliers

      Do you have questions about compliance?

      Fill out the form below, and our experts will contact you for a free consultation.