The Government of Hungary has recently adopted Government Decision 1089/2025 (III. 31.) on the country's Cybersecurity Strategy, effective between 2025–2030.
The Strategy is an essential read for legal practitioners, cybersecurity professionals, and public or private sector stakeholders, as it lays down a comprehensive and binding national framework aligned with the EU’s NIS 2 Directive, integrating cybersecurity into public administration, critical infrastructure, digital services, and supply chains. It provides the regulatory context and legal obligations stemming from the Cybersecurity Act of 2024, including compliance, liability, certification, and enforcement mechanisms. It also outlines strategic and operational priorities—such as CSIRT structures, sectoral responsibilities, and incident response coordination—while also offering a roadmap for technological resilience and institutional preparedness. Overall, the Strategy serves as a practical reference point for navigating Hungary’s cyber governance model, ensuring regulatory alignment, risk management, and the secure digital transformation of both state and market actors. The Strategy is a transformative instrument that redefines cybersecurity in Hungary not just as a technical or defence-related issue, but as a core pillar of national policy.
Hungary’s strategy aims to build resilient cybersecurity capabilities, protect digital well-being, raise cybersecurity awareness, and foster cooperation across government, industry, and society. As digitalization accelerates, the strategy recognizes both the economic potential and increasing security risks associated with interconnected systems, ICT services, and state-sponsored cyber operations. To remain secure and competitive, Hungary seeks robust legislative frameworks, international collaboration aligned with EU and NATO standards, and joint responsibility among stakeholders.
Geopolitical tensions, cybercrime, disinformation, and data vulnerabilities represent key threats. The pandemic has intensified digital dependency and disrupted societal trust, while supply chain and infrastructure security now require urgent attention. Hungary’s approach includes not only defensive capabilities but also deterrence, intelligence-led threat identification, and the coordination of crisis-specific responses. The strategy emphasizes that cyberattacks could, under certain conditions, trigger collective defense under NATO.
A strong focus is placed on innovation and cooperation. Priorities include trust-based information sharing, practical cybersecurity guidelines, public-private collaboration, and AI-based solutions for early detection and prevention of cyberattacks. Special support is planned for SMEs, especially those in supply chains. Cybersecurity awareness is to be promoted through national education and training programs, with a security-by-design mindset embedded into public education. A state-run bug bounty program and vulnerability disclosure framework support ethical hacking, as laid out in Hungary’s Cybersecurity Act.
National cybersecurity certification schemes will be developed in line with EU standards to address ICT product and service risks. Independent assessments will ensure product quality and reliability, particularly in critical sectors. Certified solutions will be prioritized in public procurement, enhancing both market performance and the competitiveness of Hungarian-made technologies.
The strategy also supports the secure adoption of cloud services through certifications, best practices, and alignment with the EU Cloud Services Scheme. These measures aim to improve procurement decisions and enable knowledge transfer, particularly in education and public administration. Enhancing cloud and data regulation will safeguard national sovereignty while enabling advanced technology adoption.
To support Hungary’s growing digital economy, especially software development, the strategy calls for financial and regulatory support for SMEs. Public-private funding models and EU funds will be leveraged to expand cybersecurity capabilities.
Sector-specific priorities are also identified. The digital infrastructure sector — viewed as the backbone of cyberspace — requires standardization, resilience, and consolidation in the public domain to enable efficient cybersecurity. In healthcare, digitalization increases cybersecurity risks, making compliance with security regulations critical for trust in e-health systems. Agriculture, with its vast and sensitive data ecosystem, also demands protection to ensure data confidentiality and economic stability.
The space sector, due to its strategic role in national operations and civilian services, now faces full-spectrum cyber threats across its value chain. The Strategy Articulates that a comprehensive defense approach is needed to protect data integrity and satellite operations. In the energy sector, the integration of renewable technologies and the growing number of distributed networks (e.g., household solar systems) require advanced protection and monitoring systems. Ensuring electricity supply is essential for all digital services, making energy infrastructure cybersecurity a top priority.
Finally, the Wtrategy underlines the need for sustainable, multi-source financing to support all planned cybersecurity initiatives. This includes state budgets, EU funds, and public-private partnerships. Adequate funding will enable capacity building, particularly in areas like education, certification, and critical infrastructure protection.
To implement the Strategy, the Cybersecurity Commissioner — along with relevant ministers — are tasked with developing the National Cybersecurity Action Plan (2025–2030) and updating the strategy as needed by the end of 2030.
In sum, Hungary’s Cybersecurity Strategy offers a comprehensive framework to address current and emerging threats, while fostering innovation and ensuring national sovereignty in the digital space. By aligning sectoral actions with international best practices, Hungary aims to lead in both resilience and digital competitiveness across Europe and beyond.
By Tamas Bereczki and Adam Liber, Partners, Provaris
