CRA Compliance in Hungary

SZTFH serves as Hungary's national competent authority for the CRA, with coordination from the Ministry of Interior's National Directorate General for Disaster Management (BM OKF) on critical infrastructure matters. Market surveillance for consumer and industrial products is coordinated with the Hungarian Trade Licensing Office (MKEH) and sector-specific regulators. Hungary's national cybersecurity framework was substantially updated through the Kibertérről szóló törvény (Cyberspace Act, 2023) transposing NIS2, which designates SZTFH as the primary national cybersecurity regulatory authority. Hungarian manufacturers in the automotive, electronics, and pharmaceutical sectors have significant CRA exposure.

Hungarian manufacturers submit Article 14 notifications to GovCERT Hungary or the SZTFH's designated reporting channel, depending on the sector classification of the manufacturer. The Kibertérről szóló törvény created an incident reporting framework with tiered notification requirements, and CRA Article 14 notifications will integrate with this structure. The Article 14 obligation requires an early warning within 24 hours of detecting active exploitation and a full notification within 72 hours. Manufacturers should confirm the appropriate reporting channel with SZTFH in advance and document this in their incident response procedures.

Market surveillance for CRA products in Hungary is coordinated between SZTFH and MKEH (Hungarian Trade Licensing Office), with customs authorities involved for imports. The full CRA penalty regime applies: up to €15 million or 2.5% of global annual turnover for violations of essential cybersecurity requirements. Hungary's market surveillance capacity under EU product safety regulations has been developing, and MKEH has conducted enforcement actions under the Radio Equipment Directive and General Product Safety Regulation. Hungarian manufacturers should maintain comprehensive technical documentation in both Hungarian and English.

SZTFH publishes cybersecurity guidance in Hungarian for businesses and coordinates with the National Cybersecurity Laboratory operated by the National University of Public Service (NKE). The Hungarian Investment Promotion Agency (HIPA) supports manufacturing investment including cybersecurity infrastructure. The Hungarian Chamber of Commerce and Industry (MKIK) provides SME guidance on EU regulatory compliance. Hungary's accreditation body (NAH) accredits conformity assessment bodies for CRA product evaluations. EU Cohesion Funds administered through the Ministry of Economic Development support Hungarian manufacturer cybersecurity investments.