Hungary: Priorities for 2026

Similar to the EU priorities, cybersecurity, roll-out of gigabit connectivity and addressing scam calls will remain key areas of focus for 2026. 

It is expected that Hungary's cybersecurity landscape will shift decisively from cyber readiness and compliance preparation to active enforcement, with the Supervisory Authority for Regulated Activities (SZTFH) and the National Cyber Security Centre (NKI) wielding substantial powers following the implementation of the Cybersecurity Act constituting major reform in cybersecurity legislation in Hungary, including the transposition of the NIS2 Directive in Hungary. Telecommunications operators and digital infrastructure providers will face heightened scrutiny, with fines reaching up to EUR 10 million or 2% of global turnover for essential entities, and mandatory cybersecurity audits becoming routine by mid-2026.

The immediate priority for the providers of electronic communication services is completing mandatory cybersecurity audits. The SZTFH has begun issuing official notifications requiring audit contracts, with first audits due by 30 June 2026. These audits will scrutinise compliance with risk management measures, incident handling procedures, supply chain security — all core obligations under Hungary's NIS2 framework.

Hungary's 2025-2030 Cybersecurity Strategy positions telecommunications networks as critical national infrastructure requiring enhanced resilience and standardisation. The strategy emphasises consolidating cybersecurity capabilities and strengthening digital infrastructure protection. The strategy recognises both the economic potential and increasing security risks associated with interconnected systems, ICT services, and state-sponsored cyber operations. Hungary's approach includes not only defensive capabilities but also deterrence, intelligence-led threat identification, and the coordination of crisis-specific responses. A strong focus is placed on innovation and cooperation, with priorities including trust-based information sharing, practical cybersecurity guidelines, public-private collaboration, and AI-based solutions for early detection and prevention of cyberattacks.

On the telecoms side, communications providers should prioritise finalising cyber governance frameworks, ensuring audit readiness, and establishing robust incident response capabilities as Hungary's cybersecurity regime matures from implementation to enforcement. 

More widely, Hungary's telecommunications sector will see regulatory developments stemming from recent legislative reforms. The amended Electronic Communications Act, implementing the EU Gigabit Infrastructure Regulation, simplifies building permit procedures and mandates greater transparency of physical infrastructure through a single information point, whilst introducing stricter sanctions for non-compliance to accelerate high-capacity network deployment towards the 2030 gigabit connectivity target. From 1 January 2026, mobile internet providers must offer subscribers a free filtered internet service option that blocks pornographic websites to protect minors, with larger fixed-line providers required to follow suit by 1 May 2026.  Additionally, NMHH Decree 9/2025, will be fully applicable throughout 2026, requiring telecommunications providers to implement detailed measures against caller ID spoofing (CLI spoofing), particularly screening international calls displaying Hungarian numbers to protect subscribers from spam and fraud.