CLVPartners

CLV-02
Menu

Trade affairs

New developments in the regulation of energy cooperatives

Commercial Law, Corporate law, News, sustainability / / , , , ,

Reading time: 6 minutes

The Hungarian Act X of 2006 on Cooperatives (“Cooperatives Act”) has been amended with effect from 1 January 2026 with provisions governing energy cooperatives (“Amendment”). The purpose of this article is to briefly present the background to the Amendment, introduce the concept and key characteristics of energy cooperatives as a new legal institution, and provide an overview of the most important rules applicable to energy cooperatives.

The background of the Amendment

Legal basis and purpose of energy communities

In order to mitigate the adverse effects of climate change and promote the achievement of climate neutrality, the European Union adopted in 2019 the Directive (EU) 2019/944 on common rules for the internal market for electricity and amending Directive 2012/27/EU. This Directive introduced the legal framework for citizen energy communities within the EU.

An energy community is a voluntary association of energy producers and energy consumers. Its operation is based on open and voluntary participation, and it is governed by its members or shareholders, who may be natural persons, small enterprises, or local authorities.

Under EU regulation, energy communities may be established in various legal forms. For example, they may operate as associations, cooperatives, or non-profit companies.

The primary purpose of an energy community is not to generate financial profit, but to provide environmental, economic, and social benefits to its members, shareholders, or the area in which it operates. These benefits may be achieved, inter alia, through the generation, distribution, supply and consumption of energy, as well as through aggregation, energy storage and the provision of services aimed at improving energy efficiency. The activities of an energy community may also extend to solutions related to electric vehicle charging and to the provision of other energy-related services to its members or shareholders.

Energy community operations in practice

It is a legitimate question how an energy community operates in practice and how it can provide tangible benefits to its members.

An energy community can best be understood as a small-scale system that is partially or fully energy self-sufficient. Within the community, members with different roles cooperate with each other. Some are solely energy generators, others both generate and consume energy, while some participate exclusively as consumers. Energy producers may include, for example, households with their own solar panel systems, as well as biogas plants or even wind turbines. These production units are typically developed through community funding from the shared budget of the energy community.

Energy storage solutions form an integral part of the system, enabling the storage of energy that has been produced but not immediately consumed. The key to operation is the continuous interaction between generation, storage and consumption units. This is ensured by an intelligent management system, the so-called smart grid, which monitors production and consumption and directs energy to where it is needed at any given time.

Ideally, an energy community produces slightly more energy than its members consume, which may allow it to become fully independent from the public grid. However, if the balance between production and consumption cannot be maintained—meaning the community produces either too much or too little energy—the energy community may trade with the universal service provider to balance its energy needs.

In conclusion, it can be stated that by promoting energy communities, the European Union seeks to achieve interconnected short- and long-term objectives. In the short term, energy communities can contribute to alleviating energy poverty and strengthening local communities. In the long term, the EU aims to increase the share of renewable energy sources, establish a decentralized and sustainable energy system, and achieve its climate neutrality target set for 2050.

Regulation of energy communities in Hungary and practical experience

To fulfil its legislative obligations arising from EU law, Hungary established the legal framework for the operation of domestic energy communities through the amendment adopted in 2020 to Act LXXXVI of 2007 on electricity (“Electricity Act”).

According to the Electricity Act., an energy community is a legal entity operating in the form of an association, cooperative or non-profit company, whose purpose is to create environmental, economic and social benefits for its members or for the area of operation defined in its statutes. This purpose may be achieved, inter alia, through the generation, distribution, supply and consumption of energy—including the use of renewable energy sources—as well as through aggregation, energy storage and the provision of services aimed at improving energy efficiency.

In connection with energy communities, it should be noted that registration with the Hungarian Energy and Public Utility Regulatory Authority (MEKH) is a prerequisite for acquiring legal status. In addition, to conduct licensed activities—such as electricity generation, energy trading, aggregation or energy sharing—an energy community must obtain the relevant regulatory permits in the same way as any other market participant. According to the MEKH register, there are currently 17 registered energy communities in Hungary.

Rules applicable to energy cooperatives under the Cooperatives Act

It can be concluded that the concept of energy cooperatives has been present in the Hungarian legal system for several years as one of the possible legal forms of energy communities. Although the Electricity Act allows for the establishment of energy cooperatives, detailed and specific regulation had so far been lacking. This regulatory gap was addressed by the Amendment, as a result of which the Cooperatives Act has been supplemented with a separate chapter dedicated to energy cooperatives.

Cooperatives are legal entities established through the members’ capital contributions, with the objective of lending assistance to its members to satisfy their economic and societal needs. The primary obligations of members consist of making their capital contributions and providing the personal involvement specified in the articles of association. The general rules applicable to cooperatives are set out in Act V of 2013 on the Civil Code and in the general provisions of the Cooperatives Act. It is important to note that these general rules also apply to energy cooperatives, in accordance with the specific provisions applicable to them.

Under the Cooperatives Act, an energy cooperative is one form of energy community within the meaning of the Electricity Act, operating within a cooperative structure and conducting energy-related activities in the interest of its members. Its primary purpose is to improve the economic and social situation of its members, while also providing environmental, community and educational benefits, thereby serving the public interest.

Any natural or legal person who meets the statutory requirements may participate in the establishment and subsequent operation of an energy cooperative. At the same time, the regulation allows the energy cooperative to make membership subject to geographical or technical conditions as set out in its articles of association.

Due to the specific purpose and operation of energy cooperatives, members may contribute different amounts to the cooperative’s assets, but this does not affect the equality of membership rights. In decision-making, each member participates with equal weight, meaning that each member has one vote. The Cooperatives Act also allows for the admission of members who are not required to provide personal participation but support the operation solely through capital contributions; such members are referred by the law as investor members.

The operation of an energy cooperative must be conducted in a manner that is consistent with the interests of its members and is both efficient and sustainable. To ensure this, the Cooperatives Act provides that matters affecting the articles of association fall within the general meeting, thereby guaranteeing the cooperative’s autonomy. The legislation regulates in detail the procedure for transferring cooperative and investor shares and the related notification obligation and grants pre-emptive rights to members and the cooperative itself.

A key rule concerning the fiscal management of energy cooperatives is that the legislation requires the creation of mandatory reserves. In this context, the energy cooperative must establish a reserve fund amounting to 10% of the profit generated. The purpose of the reserve fund is to ensure the long-term financial sustainability of the energy cooperative. The regulation also requires the establishment of an education and information fund, which serves as the financial basis for the continuous training and knowledge-sharing of members. At least 2% of the profit from the previous fiscal year must be allocated to this fund.

Summary

Overall, it can be concluded that the amendment to the Cooperatives Act, in line with EU objectives, establishes the legal framework for the operation of energy communities in cooperative form. As non-profit organisations, energy cooperatives may participate in the energy market while promoting community, environmental and economic interests, thereby contributing to sustainability, energy efficiency and environmental protection. The regulation prioritises democratic decision-making, transparent operation and the protection of members’ interests, while also allowing for the involvement of external investors.

Photo source: pexels.com, Centre for Ageing Better

New developments in the regulation of energy cooperatives Read More »

The Scope of the NIS2 Directive and the Cybersecurity Act – Determining Involvement in Practice

Commercial Law, News / / , , , , , ,

Reading time: 6 minutes

The rapid advancement of digitalisation has brought new opportunities but also new types of risks. In business operations, the reliability of electronic information systems plays an increasingly important role, and ensuring the confidentiality, integrity, and availability of managed data and information has become a fundamental requirement. To address this, the Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (the “NIS2 Directive”), was adopted. Its national transposition in Hungary resulted in Act LXIX of 2024 on Cybersecurity (the “Cybersecurity Act”). These instruments aim to reduce risks to electronic information systems and ensure the continuity of services in key sectors such as energy, healthcare, transport, digital infrastructure, and manufacturing. Depending on their activities, size, and role, organisations are subject to different obligations. Each organisation must determine whether it falls within the scope of the Cybersecurity Act and which specific requirements apply to it. This article outlines the key aspects of self-identification, helping organisations comply with the NIS2 Directive and the Cybersecurity Act.

Who does the Cybersecurity Act apply to?

The Cybersecurity Act covers a wide range of sectors and activities. It applies to designated public administration entities, certain state-influenced enterprises, and defence-related organisations — though these are not detailed here. Beyond these, many private-sector organisations may also be affected. For them, both their activities and their size and turnover must be assessed.

Based solely on activity

Regardless of size, the Cybersecurity Act applies to organisations providing electronic communications services, trust services, DNS services, top-level domain name registry services, or domain name registration services.

These service providers can be identified by the authorities that maintain their registries, so the Cybersecurity Act applies to electronic communications service providers and trust service providers listed in the registry of the National Media and Infocommunications Authority (NMHH), DNS service providers, the top-level domain name registrar (currently the only such organization in Hungary is ISZT Nonprofit Kft.), and domain name registration service providers who are registrars available on the domain.hu website operated by ISZT).

Based on activity and size

The Cybersecurity Act applies to medium-sized and larger organisations — that is, companies with more than 50 employees and an annual net turnover or balance sheet total exceeding EUR 10 million, provided they carry out activities specified under the Cybersecurity Act.

Of the organizations that meet the size criteria, those operating in high-risk sectors, such as healthcare, telecommunications services, digital infrastructure (e.g., cloud service providers, data center service providers), as well as service providers and organizations operating in high-risk sectors, such as food production, processing, and distribution, the manufacture of computer, electronic, and optical products, and the manufacture of machinery and equipment.

Assessing and determining activities

If an organisation does not perform an activity that automatically falls within the scope of the Cybersecurity Act, both its size and its activities must be considered together. When size thresholds are met, the next step is to assess whether it operates within a high-risk or critical sector; this, however, is not always straightforward in practice.

The sector or activity to be examined and, consequently, the involvement in the case of activities subject to authorization, based on the records kept by the competent authorities (e.g., in the case of the transport sector, the Ministry of Construction and Transport as the transport authority; for activities in the food industry sector, the National Food Chain Safety Office; for the pharmaceutical industry and healthcare providers, the National Public Health and Pharmaceutical Center; and for electronic communications, trust and postal service providers, the National Media and Communications Authority).

In other cases — particularly in manufacturing — the relevant activity may be identified using the TEÁOR code (Hungarian equivalent of the NACE code) or similar classification numbers, which may indicate whether the company’s operations bring it under the scope of the Cybersecurity Act.

In most cases, the TEÁOR code makes identification relatively straightforward, for example:

manufacturing of electronic components or measuring instruments (computer, electronic, or optical products sector),

manufacturing of household electrical appliances (electrical equipment sector),

manufacturing of engines, turbines, or special-purpose machinery (machinery and equipment sector),

manufacturing of motor vehicle parts and accessories (road vehicle sector).

However, identification may be influenced by the interpretation of which sector the activities actually carried out belong to. For instance, an organisation engaged in IT consultancy and systems operation could qualify as a cloud service provider, thus falling within the scope of the Cybersecurity Act.

Furthermore, determining involvement may be complicated by the interpretation and practical application of the legal definitions of certain activities. For instance, in the case of a business engaged in the manufacture of plastic packaging materials or plastic products, the classification is not always clear-cut. According to the Cybersecurity Act, an organization is considered to be in a high-risk sector if it is classified as a food business within the food (i) production, (ii) processing, and (iii) distribution sector and is engaged in wholesale activities, industrial production, and processing. These criteria raise the need to clarify several concepts, namely whether such a manufacturing organization qualifies as a food business and whether the activities actually carried out qualify as activities related to any stage of food production, processing, or distribution.

The Limits and Risks of Self-Identification – Recommended Actions

It is clear that self-identification is not always straightforward. The TEÁOR code alone may not precisely reflect the organisation’s real activities, which may lead to misclassification under the Cybersecurity Act. In Hungary, it is common for companies to retain outdated or inaccurate TEÁOR codes in their official records. In such cases, the authority may still assess the company as falling under NIS2 obligations, resulting in unnecessary compliance burdens and administrative costs.

Incorrect or incomplete self-identification can also lead to fines and subsequent enforcement measures. Therefore, it is crucial that businesses regularly review their registered activities and maintain only those TEÁOR codes that accurately represent their actual operations.

Conclusion

Accurate self-identification is not only a legal obligation but also in the best interest of the organisation. Retaining inaccurate or unnecessary TEÁOR codes may result in misinterpretation by authorities and potential sanctions. Proper self-identification and conscious management of registered activities are not merely administrative tasks — they are essential elements of business security. Those who act proactively and with awareness can not only avoid sanctions but may also gain a competitive advantage through enhanced trustworthiness and compliance.

Photo source: pexels.com, Markus Spiske

The Scope of the NIS2 Directive and the Cybersecurity Act – Determining Involvement in Practice Read More »

Product liabilty rules are changing

Commercial Law, Competition law and consumer protection, News / / , , , ,

Reading time: 4 minutes

Considering modern technological developments, it has become necessary to rethink product liability regulations, as a result of which the European Parliament and the Council have adopted Directive 2024/2853 (“Directive“) on liability for defective products and repealing Council Directive 85/374/EEC. The aim of the Directive is to promote a balance between the responsibility of economic operators and a high level of consumer protection. To comply with the Directive, whose provisions must be implemented by Member States into their national legislation by 9 December 2026 at the latest, the Ministry of Justice has drafted amendments to private law, including a comprehensive review of the product liability rules of the Act V of 2013 on Civil Code (“Civil Code“). In this article, we present the new rules on product liability.

What is a product?

The comprehensive reform of EU regulations was prompted by technological developments: the spread of digital and smart devices has brought new risks, which are addressed by the Directive and, through its implementation, by Hungarian regulations. One of the most significant innovations is that, based on the Directive, the Civil Code extends the concept of a product: Under the new provisions, any movable item is considered a product, even if it is incorporated into or connected to another movable item or immovable property, including electricity, digital manufacturing files, raw materials, and software. This means that the new liability rules will apply to products placed on the market or put into service after 9 December 2026, including digital manufacturing files and software, whether they are sold as stand-alone products or integrated into other devices.

However, free and open-source software developed or made available in the course of non-commercial activities is exempt from these regulations.

Who bears the responsibility?

The basic principle of product liability is that, to protect consumers, it imposes obligations on economic operators who are responsible for damage caused by defective products. Under the new rules, the scope of persons who can be held liable is expanded, meaning that product liability may be imposed on the following economic operators:

The manufacturer of the product is primarily responsible for any defects in the product, i.e., the party who develops, manufactures, produces, labels the product as the manufacturer, or develops, manufactures, or produces the product for their own use.

If the defect is caused by an integrated component, the manufacturer of that component shall also be liable if the component was incorporated into a product under the manufacturer’s control.

If the product or its component parts originate from a manufacturer operating outside the European Union, responsibility lies with the company importing the product into the EU, i.e. the company placing the product on the EU market, and the manufacturer’s authorized representative.

If the importer or the manufacturer’s authorized representative is also not based in the EU, then the logistics service provider is responsible, i.e. anyone who offers at least two of the following services in the course of their commercial activities: storage, packaging, addressing, and shipping of a product, without owning the product in question.

The distributor shall also be liable if the person responsible cannot be identified and, at the request of the injured party, does not identify the economic operator or distributor listed above.

In addition, if a natural or legal person substantially modifies a product without the manufacturer’s knowledge or control and then distributes or puts it into service, that person is also considered a manufacturer under the law and may be liable for product damage.

A new provision is that the manufacturer of a defective product is jointly and severally liable for product damage with other economic operators cooperating with it, such as the component manufacturer or importer, so that the consumer can claim full compensation from any of them. The economic operator providing compensation to the injured party may then recourse against the other responsible economic operators.

When is a product considered defective?

A product is considered defective if it does not provide the level of safety that is generally expected of that type of product or that is required by EU legislation or relevant domestic regulations. When assessing the level of safety, factors such as the reasonably foreseeable use of the product, the date of placing on the market, and the reasonable expectations of consumers must be considered. At the same time, the mere fact that a more advanced or modern version becomes available after the product’s release—whether in the form of an update or a completely new product—does not in itself render the previous model defective. The basis for assessing a defective product is therefore not its comparison with the latest technological standards, but rather whether it provides the level of safety that could be expected at the time of its manufacture.

When can the manufacturer, importer, or other economic operator be exempt from liability?

Economic operators may be exempted from product liability under certain conditions if they can prove that the defect causing the damage did not arise within their sphere of responsibility or was not foreseeable.

The manufacturer or importer shall be exempt from liability if they can prove that they did not place the product on the market or put it into service. The distributor may be exempt if they can prove that they did not make the product in question available on the market.

Any economic operator may be exempted from liability if they can prove that the defect in the product was not likely to exist at the time of placing on the market, putting into service or distribution, or that it only arose after that time. However, this provision shall not apply if the defect of the product is related to a service associated with the product under the manufacturer’s control, to software accompanying the product (including software updates or upgrades), to the absence of software updates or upgrades necessary to maintain safety, or to a material modification of the product.

Liability shall also be excluded if the defect of the product results from compliance with legal requirements (e.g., adherence to a mandatory technical standard that caused the defect), or if the defect could not have been detected based on the state of scientific and technical knowledge at the time the product was placed on the market or put into use, or while the product was still under the manufacturer’s control.

Unchanged provisions

The manufacturer and other liable parties are subject to product liability for a period of 10 years. The injured party must still prove the defect in the product, the damage suffered, and the existence of a causal link between the defect and the damage. There is a three-year limitation period for asserting claims, which begins from the date on which the injured party became aware or could reasonably have become aware of the occurrence of the damage, the defect in the product, and the identity of the responsible economic operator.

Summary

The Directive and its domestic implementation bring significant changes to product liability regulations. With these amendments, both the definition of “product” and the scope of parties who may be held liable for damages caused by defective products are expanded. The concept of a product now includes software, digital manufacturing files, and related services, meaning that the liability framework also applies to modern, digital, and complex technologies. This implies that economic operators will need to act with greater caution and awareness in the design, manufacture, distribution, and modification of products in the future.

The aim of the new regulation is to strengthen consumer protection against modern product risks, while at the same time imposing greater liability on economic operators. In light of these changes, it is essential for the affected companies to review their operations, internal processes, contracts, and liability insurance practices.

Photo source: pexels.com, Lukas

Product liabilty rules are changing Read More »

5 misconceptions about the general terms and conditions (“GTC”)

Commercial Law, News, Trade affairs / / ,

Reading time: 5 minutes

In everyday life and when concluding contracts, we often encounter the concept of general terms and conditions, or GTC for short, yet they are often overlooked. The primary function of GTCs is to simplify the contracting process by providing a framework for recurring, template-like provisions that can be uniformly applicable to all contracting parties (e.g., performance deadlines, invoicing rules, dispute resolution mechanisms, or the choice of governing law in the case of a telephone subscription). As a result, individual agreements between the parties can remain concise and focused, containing only the specific terms – such as the parties’ details, the precise description of the product or service, and any deviations from the GTCs.

Pursuant to Act V of 2013 on the Civil Code (“Civil Code“), contractual provisions that are determined in advance, unilaterally, by one party without the involvement of the other party are considered GTS. We would like to point out that these provisions only become part of the specific contract if the applying party allows the other party to become familiar with them prior to the conclusion of the contract and the other party expressly or implicitly accepts them.

However, there are a number of misconceptions about GTCs in the public perception, which we would like to clarify in this article.

  1. Only a document named “GTC” qualifies as GTC

The first common misconception is that only documents labelled “GTC” can be considered GTC. However, the scope, form, method of recording, or the fact that the terms and conditions are included in the specific contract or appear separately from it are irrelevant for the purposes of classification as GTC. For example, an announcement or business regulations, or even a unilateral statement, may qualify as GTC if it complies with the definition of the Civil Code. In other words, whether something qualifies as GTC or not must be examined and assessed in terms of content, not form.

  1. It is not possible to deviate from the GTC

It is a common misconception that the GTC is a kind of “take it or leave it” agreement, i.e., that they must be accepted in their entirety and cannot be deviated from. The GTC can only become part of the contract with the consent of the other party, and furthermore, individual agreements between the parties may deviate from certain terms of the GTC. If the parties agree on a certain condition (e.g., the amount of the late payment penalty), the individually negotiated condition becomes part of the legal relationship between the parties, not the relevant provision of the GTC.

  1. General Terms and Conditions cannot be applied in parallel

A common misconception regarding GTCs is that only one party’s GTCs can be applicable in a contractual relationship. In practice, especially in B2B relationships, it often happens that both contracting parties have GTCs that they wish to apply in their relationship with each other. Of course, the partieshave the opportunity to do so.. At the same time, an important question arises as to which GTCs should be considered applicable in the event of the simultaneous application of two GTCs, especially in the case of conflicting provisions, and how their terms and conditions can be reconciled.

According to the Civil Code, if the provisions of the GTCs conflict with each other in terms of their essential content, no contract is concluded between the parties. If there is a conflict between the two GTCs, but the difference does not affect an essential element of the contract, the contract is concluded between the parties, and the non-conflicting provisions of the GTCs also become part of the contract. In the event that there is no conflict between the two GTCs, both GTCs will form part of the contract.

Although the Civil Code basically regulates the possibility and manner of applying parallel GTCs, it is easy to see that this involves a number of uncertainties that may give rise to disputes over interpretation (e.g., what constitutes an essential condition, a contradiction, or a practice that deviates from market standards). In order to avoid these uncertainties, it is highly recommended that the parties thoroughly review each other’s GTCs during the contract negotiation process and properly reconcile their contents.

  1. The GTC may be amended unilaterally at any time by the party applying them

As mentioned in the introduction, a pre-condition for the application of the GTC is that the contracting partner has the opportunity to become familiar with the GTC and then accept its contents. The explicit purpose of this provision is to enable the contracting partner to familiarize themselves with the conditions that are binding upon itself. For this reason, the Civil Code also stipulates that the drafter of the general terms and conditions has a separate obligation to provide information if they wish to amend the GTC or any of its provisions. This is because the amended provision only becomes part of the contract if the other party accepts it, at least by implied conduct. This information is particularly important because the amendment may result in the other party refusing to accept it and thus terminating the contractual relationship.

  1. Any contractual terms, even those that deviate from general or previously applied practice, may be included in the GTC without restriction

GTCs, especially in the case of contracts concluded with consumers, are often accepted without the contracting parties having thoroughly familiarized themselves with their content. Although this behavior cannot be attributed to the party applying the GTCs, it can easily lead to abuse of rights.

For this reason, the party applying the GTC must specifically inform the other party of any general contractual terms that differ significantly from the provisions of the law or that differ in any way from the usual contractual practice established between the parties. An example of the first case is the ruling of the Court of Appeal of Budapest-Capital, which stated that the stipulation of a one-year limitation period in the case of an insurance relationship differs significantly from the five-year limitation period stipulated by law. Accordingly, the clause only becomes part of the insurance contract if the insurer expressly draws the contracting party’s attention to it and the contracting party makes an express statement of acceptance in full knowledge of this.

Summary

The everyday presence of GTCs greatly facilitates the conclusion of contracts, but their use can also carry hidden risks. The provisions of the GTCs become part of the contract in the same way as the separately negotiated terms and conditions, so it is extremely important that the parties are aware of the content of it as well. We would like to point out that the contracting party has the option to initiate the amendment of disadvantageous GTC provisions and to deviate from them by means of an individual agreement. Accordingly, it is advisable to exercise increased caution when applying GTCs.

Image source: Kampus Production, pexels.com

5 misconceptions about the general terms and conditions (“GTC”) Read More »

Cybersecurity – new regulations, new tasks

News, Commercial Law / / , ,

On January 1 this year, Act LXIX of 2024 on cybersecurity in Hungary (the “Cybersecurity Act“) came into force, which was adopted in accordance with Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (“NIS2 Directive”) which aims to mitigate threats to electronic information systems due to threats to the information society and to ensure the continuity of services in key sectors. The Cybersecurity Act and related legislation impose strict requirements and provide for serious legal consequences in the event of non-compliance.

As we support many companies in preparing for compliance with the NIS2 Directive and the Cybersecurity Act, the purpose of this article is to draw the attention of all potentially affected companies to the provisions of the Cybersecurity Act that will become relevant in the near future, namely the obligations and deadlines related to contracting and conducting cybersecurity audits.

Scope of affected organizations

The Cybersecurity Act broadly defines the organizations that are required to monitor the security of their electronic systems and audit them. Private sector companies that reach a certain size and engage in activities classified as high-risk or risky fall into this category, as follows:

  • In terms of size, the companies concerned are those that qualify as medium-sized enterprises or exceed the thresholds set for medium-sized enterprises, i.e. those with a total workforce of more than 50 and an annual net turnover or balance sheet total exceeding the equivalent of EUR 10 million in Hungarian forints.
  • The condition relating to the scope of activity is that the enterprises operate in (highly) risky sectors, such as healthcare, telecommunications services, digital infrastructure (cloud service providers, data center service providers), food production, processing and distribution, computers, electronics, optical product manufacturing, or machinery and equipment manufacturing.

If it is unclear whether the obligations under the regulation apply to a given company, it is recommended to clarify this as soon as possible by reviewing the legislation.

Cybersecurity obligations

  • Audit contract:

The current obligation of the enterprises concerned is to enter into a contract with an independent economic operator authorized to perform cybersecurity audits registered by the Supervisory Authority for Regulatory Affairs of Hungary (SZTFH) in order to verify the cybersecurity of their electronic systems. The SZTFH is already sending out notifications to potentially affected parties, requiring them to provide proof of the conclusion of such a contract by September 15, 2025. Failure to comply with this obligation may result in a fine of between HUF 1 million and HUF 15 million being imposed on the company.

  • Cybersecurity audit:

Following the conclusion of the contract with the auditor, a cybersecurity audit must be carried out by June 30, 2026, during which the security classification of electronic information systems and the adequacy of protective measures according to the security classification will be checked. Failure to perform the audit may result in severe penalties, including fines of up to 2% of the previous year’s turnover, but at least HUF 1 million and up to HUF 150 million.

A cybersecurity audit may take longer depending on the size of the business and the technological and organizational complexity of its activities. For this reason, it is advisable to plan the timing and schedule of the review in advance so that the process not only serves the purpose of compliance, but also actually identifies areas where further action or deficiencies may exist. Examples include reviewing data protection compliance, updating information security policies, or fine-tuning risk management procedures.

The importance of compliance

Due to stricter cybersecurity regulations and the risk of high fines, compliance is not only a legal obligation but also a key business interest. Available benefits:

  • Reduced financial and reputational risk;
  • Strengthened cybersecurity protection and digital stability for the business;
  • With the right contract, the content, schedule, and definition of tasks and responsibilities of the audit become predictable;
  • At the same time, data protection aspects can be reviewed and, if necessary, data protection impact assessment documents can be revised, thus fulfilling the NAIH’s expectation of compliance with the principle of accountability.

Image source: Brian Penny, pixabay.com

Cybersecurity – new regulations, new tasks Read More »

Clarification on trusts

News, Commercial legal advice / / ,

The institution of trusts came into force more than 10 years ago, and the new Civil Code has designated them as a type of contract and introduced a separate law with detailed rules.

Fiduciary trusts are a responsible but also a great option for natural persons with large private assets, as they can offer tax advantages, and solve management, succession, matrimonial property, private property protection, succession challenges or even provide as a preparation for a sale. A well-constructed contract can plan the fate of the assets for years, or even decades, with regular review. We find that our clients who opt for this structure are at first reluctant, but then increasingly brave, to address issues during the provisions that affect their fundamental life situations:

  • How can I ensure the successful future of a company built up over many years of work, and the predictable future of employees?
  • What role can individual family members play in the fate of the company?
  • Do they want to be involved in management at all and is there a Plan B if I cannot hand over the running of the company to the person I care most about?
  • What happens to all the assets I have built up from my own resources after my death?
  • How can I ensure that my family members can live their own lives in peace and prosperity after I am no longer able to help them?

To consult on these issues is a matter of great trust for us, and we approach such trust with the same care and respect.

At the same time, however, we often come across offers and opinions on the market which identify the tax advantage of asset management – which is otherwise welcome – as the most important objective and which make everything subject to this – but, in our view, the goal does not justify the means in this case either.

The recent joint statement of the Tax and Information Department of the Tax Authority and of the Ministry of National Economy clarifies a position we have previously held under the Civil Code, the Accounting Act and the Income Tax Act, that dividend claims to be placed in trust (which can be done at the time of the conclusion of the trust deed or at a later date), does not alter the liability to pay public tax under the public law, i.e. if the dividend has already been declared in the concerned tax year, it is taxable as a dividend regardless of whether it is paid or placed in trust.

The fact that the Ministry-Tax Authority have published their position paper and that the audit of trusts is a priority in the 2025 audit plan means three things in our view:

  • those who have not assigned the assets in the above manner, based on the combined interpretation of the Civil Code, the Accounting Act and the Tax Act, are expected to be subject to self-audits;
  • those who have not paid due attention to the “substance principle” in the process of disposing of their assets are recommended to review their contracts and adapt the relevant provisions;
  • those who plan to set up a trust this year should take into account that there are different tax consequences for dividends already declared and amounts placed in the profit and loss reserve.

We believe that if we know the rules of the game well, it is possible to win by playing the game cleanly, even collectively.

Image source: Leeloothefirst, Pexels.com

Clarification on trusts Read More »

Sustainability reporting obligations

Company groups, Corporate law, Medium-sized companies, News, Start-ups, Trade affairs / / ,

 

COMPANIES COULD FACE NEW SUSTAINABILITY REPORTING OBLIGATIONS

Introduction

After a long period of time based on the warning signs of the environment, we may have come to realize at an individual level that the existence of the natural conditions around us is not self-evident. It is clear that rampant exploitation has serious natural consequences, and that our daily lives cannot be continued in their present form for long, as they are not sustainable. There are many national and international efforts to protect the environment, as well as awareness and willingness to act at an individual level is growing. Of course, enterprises are not to be left out of this list, as their importance is demonstrated by the fact that the revenue generated by some group of companies can rival the GDP of certain countries.

There is no requirement for companies to report on sustainability in a similar way to accounting reporting. Nevertheless, we see that more and more companies have some form of corporate social responsibility. One example is the widespread use of CSR (Corporate Social Responsibility). In order to make this commitment conscious, transparent and accountable, the European Commission presented a proposal in April 2021 (hereinafter: “Proposal”) to amend corporate sustainability reporting.

New Proposal

The Proposal seeks to reform the Non-Financial Reporting Directive (NFRD), which amends the Accounting Directive. The main objective is to require companies to report in a similar way to accounting reports. The Proposal would change the current system of voluntary commitments and obligations under the NFRD, which only affects a limited number of companies, as follows.

According to the plan the reporting obligations would affect approximately 30% more persons concerned and the known text also specifies in more detail the subject matter and the method of providing information.

The report should be presented in a standardized electronic format, ensuring quick and easy access, same file format, comparability and paperlessness.

One of the most important innovations of the Proposal is that it requires reporting according to uniform standards. This is of particular importance as it will allow companies’ reports to be retrieved chronologically and to be comparable with those of their competitors.

Another innovation is that the content of the report will also be subject to appropriate auditing to ensure its independent and objective validation.

Summary

Although the Proposal is still pending adoption and would only be phased in over a number of years, its practical implementation is of paramount importance. It gives cause for optimism that it will take corporate social responsibility for our environment to a new level. It will undoubtedly impose a significant additional burden on those concerned in the beginning, however it is in the interest of all of us in the long term.

Sustainability expectations will be transparent for companies that they need to meet. Another benefit is that companies will be able to benchmark themselves against their competitors on the basis of harmonized reporting standards. And those that have already committed to sustainability will be able to reduce the unfair advantage of their exploitative peers and even gain a competitive advantage. All of this suggests that there are many benefits to be gained from fulfilling reporting requirements, in addition to compliance, so it is worth making a gradual and conscious effort to prepare starting from now.

Should you have any questions regarding the above, feel free to contact us.

CLVPartners contact us

Sustainability reporting obligations Read More »

New COVID-19 restrictions in Hungary: consequences for employers

Company groups, Employment, labour law, Medium-sized companies, News, Start-ups, Trade affairs / / , , , , ,

The restrictions (of Gov. Decree 484/2020 (XI. 10.)) apply as of 11 November 2020 for the whole of Hungary, effective until 11 December 2020. These restrictions may be prolonged if necessary.
The current rules concerning wearing masks, social distancing and border crossing remain in effect, while wearing masks is now obligatory in public spaces designated by the local councils in cities exceeding 10,000 inhabitants.

I. Curfew between 20:00 and 5:00 with an exemption regarding going to work

During the curfew, only people going from their homes (place of residence) to work and back home from work can be in public spaces. A sample of the certificate to be issued by the employers can be found on the Government website: https://kormany.hu/hirek/kijarasi-tilalomrol-szolo-igazolas

II. Rules regarding education

Nurseries, kindergartens and primary schools remain open for those under 14 years of age. Online education has been introduced from grade 9 in middle schools and colleges/universities, and dormitories are closed.

III. General ban on events

All events are banned. This also applies to all professional events held in person (conferences, workshops, etc.).

IV. Restrictions on trade and catering

Restaurants are closed and only takeaway and home delivery are allowed, however, factory canteens may remain open. Shops, stores and other services except for pharmacies and petrol stations must close at 19:00, after which only those working there may stay on site. Hotels may only accommodate guests arriving on business, economic or education purposes.

V. Sanctions

In the event of violation of the rules applicable to events or institutions, shops and facilities, the police may close the area, premises or institution (except for educational institutions) for a period of one day to one year and impose a fine of HUF 100,000 to HUF 1,000,000.

VI. Economic protection measures

In order to protect jobs, the Government has also introduced economic protection measures (Decree no. 485/2020. (XI. 10.)), as follows.

1. Tax allowance
For November 2020 employers operating in the scope of activity listed in the Decree shall not need to pay social contributions and vocational training contributions. Small entrepreneurs within the scope of activity listed in the Decree do not need to count personal payments to their small business tax base relating to employees who would have been dismissed due to the state of emergency, provided that these employees are not dismissed and receive their salaries.

2. Provision for hotels
The state will reimburse 80% of the price (net income) of bookings booked for within the next 30 days and received by the hotels registered in the National Tourism Data Providing Centre (Nemzeti Turisztikai Adatszolgáltató Központ) until 8 November 2020, provided that the hotel employees are not dismissed and receive their salaries.

3. Wage subsidies
50% of the wages for November 2020 of the employees of restaurants and leisure facilities listed in the Decree will be reimbursed by the state in the form of a subsidy, provided that the employees are not dismissed and receive their salaries.

The ‘actual main activity’ is the activity which generated the most revenue, which must be at least 30% of the revenue in the previous six months.

There are still many open questions regarding the implementation of the governmental measures described above, we shall provide information on possible further measures after they have been published.

New COVID-19 restrictions in Hungary: consequences for employers Read More »

Certain Tax and Corporate Deadline and Processes

Company groups, Corporate law, Medium-sized companies, News, Start-ups, Trade affairs / / , , , , ,

During the state of emergency and the implemented partial curfew, the continuous decision-making of companies could easily become impossible. In order to prevent this, as of 11 April 2020 different rules apply to the decision-making process of the obstructed companies, and the mandate term of certain company officers is also extended for this period.

By definition, the decision-making rules do not apply to companies not obstructed by the exceptional circumstances, for example in the case sole member companies.

During the emergency and until the 90th day after its end, the term of managing directors, board members (e.g. supervisory board members) and auditor may not be terminated as a result of expiration or resignation and these officers shall continue to carry out their duties during this time. This provision also applies to unhindered companies, but of course it is also possible to elect new officers during the state of emergency.

A new rule to be applied to all taxpayers is that the deadline for preparing, disclosing, depositing, publishing and submitting financial statements of the Accounting Act due after 22 April 2020 is extended until 30 September 2020. In the case of the main types of tax (corporate and dividend tax, small business tax, local business tax, etc.), the tax assessment, declaration and payment obligations, as well as the tax advance assessment and declaration obligation to be fulfilled simultaneously with the annual tax returns can also be fulfilled by this extended deadline.

Certain Tax and Corporate Deadline and Processes Read More »

The right of exit and of entry following Brexit

Company groups, Medium-sized companies, News, Start-ups, Trade affairs / / , , , ,

The United Kingdom is set to leave the European Union on 31 January 2020. As the date draws ever so close, it is time to get acquainted with the rules to follow the departure of the country, most importantly the right of exit and of entry of union citizens.
Presently, union citizens can enter the UK with both their national identity cards or their passports and they do not need a visa to do so. Although 31 January 2020 is the day the UK shall officially leave the EU, it will be followed by a transition period, in which the rules of entry and exit shall remain unchanged.

According to the agreement between the UK and the EU, this transition period ends on 31 December 2020. The Joint Committee (comprising representatives of the EU and UK) may extend this transition period one time with an additional 1 or 2 years. As a result, the current system could hold out as late as 2022, but for now 31 December 2020 shall be deemed the relevant date.

Come 1 January 2021, – assuming no extension takes place – it will be entirely up to the British Parliament to determine the conditions of entry and exit into the country, specifically whether or not a passport and/ or visa is required.

The right of exit and of entry following Brexit Read More »

CLVPartners
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.