The Hungarian Cybersecurity Cluster and the Software Industry Innovation Pole Cluster jointly organized a professional workshop at Óbuda University on the practical challenges of NIS2 regulation.
NIS2 is the EU's new minimum cybersecurity regime, which requires not only a declaration of security but also practical demonstration of it. Organisations operating critical services and supply chains must have a responsible person, plans and working processes in place for prevention, detection, response and reporting.
A key deadline is June 30, 2026, by which the first cybersecurity audit must be completed at the affected companies. Experts at the workshop emphasized that NIS2 is not just an IT issue, but a market entry card, as partners may turn away from companies that are not guaranteed to be secure.
Márton Miklós (Hungarian Cybersecurity Cluster) highlighted the importance of practical operation instead of "if you have it, you can do it".
Alexandra Enyedi (White Hat IT Security Kft.) urged a change in management's approach, with measurable controls and clear lines of responsibility. According to Attila Hinkel (Alverad Technology Focus Kft.), a company can be prepared in 90 days with a GAP analysis and a precise timeline.
Attila Szávai (Andrews IT Engineering Kft.) focused on traceable daily routines from the auditors' perspective.
Dr. Anett Novák (ACPM IT Zrt.) highlighted the legal aspects, emphasizing the audit rights and responsibilities to be recorded in contracts.
The roundtable discussion revealed that many companies can get into trouble with procrastination, while the essence of NIS2 is to establish routinely functioning processes. The conclusion is therefore clear: in the case of timely and well-planned processes, the audit will be a confirmation conversation, and handling a cyber attack is the task of professionals.
