The implementation of the DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) has been completed. According to NIS Directive the Act CVIII of 2001 on certain issues of electronic commercial transactions and information society services have been modified.
The new regulations are designed to increase the security of the network and information systems they use to prevent, mitigate, and reduce the impact of security incidents on their network and information systems, thereby increasing the security of the services they provide. Due to the widespread availability of notifiable services and their integration into other important services, their economic and social activities can be relied upon their reliable, continuous operation. Goals based on this, as well as the security and continuity of cyberspace operation, are supported by the event management center and the authority.
In favour of cyber security the EU regulation requires network and information systems to be protected in proportion to the risks involved and the security features to be applied.
The act requires the reporting actors to register at the authority and notify the event management center of significant security incidents in their network and information systems. The act has designated the Special Service for National Security (SSNS) to perform regulatory and incident management tasks related to reporting service providers.
The purpose of this description is to provide a comprehensive overview of the essential elements of the new regulation, the statutory obligations of prospective clients, and the authority’s procedures.
Who is affected by the new legal requirements?
A Hungarian HQ company providing one of the following services is considered to be a service provider subject to notification:
- ‘online marketplace’ means a digital service that allows consumers and/or traders as respectively defined in point (a) and in point (b) of Article 4(1) of Directive 2013/11/EU of the European Parliament and of the Council (1) to conclude online sales or service contracts with traders either on the online marketplace’s website or on a trader’s website that uses computing services provided by the online marketplace
- ‘online search engine’ means a digital service that allows users to perform searches of, in principle, all websites or websites in a particular language on the basis of a query on any subject in the form of a keyword, phrase or other input, and returns links in which information related to the requested content can be found;
- ‘cloud computing service’ means a digital service that enables access to a scalable and elastic pool of shareable computing resources.
Service providers as micro and small businesses are not covered by the above legislation. In addition, these requirements are not applicable to persons covered by Section 2 (2) (a) and (b) of Act L. of 2013.