AI in Hungary: Legal Considerations for Businesses
Artificial Intelligence (AI) is rapidly transforming the business landscape in Hungary and across Europe. From customer service automation to predictive analytics, AI offers significant opportunities — but also introduces complex legal challenges that companies must address proactively.
Key Regulations Affecting Hungarian Businesses
1. EU AI Act Implementation
Hungary is set to enforce the EU AI Act, which introduces a risk-based framework categorizing AI systems into:
-
-
-
- Unacceptable Risk: Prohibited AI practices, such as systems that manipulate human behaviour or exploit vulnerabilities.
- High Risk: AI applications in critical sectors like healthcare, education, and employment that require stringent compliance measures.
- Limited or Minimal Risk: Lower-risk AI systems with fewer regulatory obligations.
-
-
From February 2, 2025, businesses must ensure AI literacy among their staff, assessing current knowledge levels and implementing tailored training programs. Additionally, transparency in AI usage, especially in consumer-facing services, is mandated.
2. Cybersecurity Act (Effective January 2025)
The new Cybersecurity Act consolidates Hungary's cybersecurity legislation, aligning with the EU's NIS2 Directive. It imposes obligations on organizations to classify information systems, conduct risk assessments, and implement security measures. Non-compliance may result in significant fines, potentially up to 2% of a company's global annual turnover.
3. Data Protection and Privacy
Under the General Data Protection Regulation (GDPR) and Hungary's Act CXII of 2011, businesses must ensure transparency in AI systems, especially regarding data sources and processing methods. The National Authority for Data Protection and Freedom of Information (NAIH) enforces these regulations, emphasizing the need for informed consent and accountability in data handling.
Legal Areas in focus
1. Data Protection & GDPR
Any AI system processing personal data must comply with the General Data Protection Regulation (GDPR). This includes strict rules on profiling, automated decision-making, and data subject rights — all of which can carry significant financial and reputational risks if mishandled.
2. Contracting and Liability
At present, Hungary lacks dedicated AI liability laws. This creates uncertainty around who is accountable when AI causes harm or makes an error. Businesses should ensure contracts with AI vendors clearly define liability, responsibilities, and compliance measures.
3. IP and Innovation
As companies develop proprietary AI solutions, issues around intellectual property (IP) become critical. Protecting algorithms, data models, and outputs — while respecting third-party rights — should be a key part of any AI deployment strategy.
4. Ethical and Reputational Risk
Legal compliance alone is no longer enough. Increasingly, businesses are expected to ensure their AI systems operate fairly and without bias. Ethical use of AI can enhance brand reputation and build trust with clients, regulators, and the public.
Businesses should stay informed about evolving AI regulations — both at the EU level and locally. Conducting legal risk assessments, updating compliance policies, and reviewing AI-related contracts are essential steps for mitigating exposure.
