Recently, several news and professional opinions have appeared about the Act CXXXV of 2025 The scope of organizations subject to the Cybersecurity Act may change as a result of the amendment. Many have raised the question: can certain companies be exempted from the mandatory cybersecurity audit?
A comprehensive professional analysis was prepared on the topic. Attila Savai, the Andrews IT Engineering Ltd. cybersecurity expert and lead auditor. In his writing, he explains in detail that the amendment is not actually aimed at reducing the number of obligated organizations, but rather serves to clarify the law: the conditions of the obligation – for example, based on sales revenue, budget income and balance sheet total – are now directly contained in the law.
The details and full professional interpretation are available at the link below:
https://www.linkedin.com/feed/update/activity:7416419093257486336/