Facing a “digital tsunami,” VJT & Partners has been busy helping clients navigate the AI Act, NIS2, and other rapidly expanding areas of digital regulation, according to Partner Endre Varady. Cybersecurity and AI use-case development now dominate Hungary’s fast-evolving TMT landscape.
CEELM: What work has been keeping your TMT practice busy over the past year?
Varady: Recently, we have really experienced what can only be described as a digital tsunami at the EU level.
The AI Act, Data Act, Cyber Resilience Act, MiCA, NIS2 Directive, and DORA and eIDAS 2 have all started to take shape almost simultaneously, creating an exceptionally dense regulatory environment – just to name a few of the new frameworks currently reshaping Europe’s digital landscape.
The Hungarian legislature has been equally active in transposing these rules – sometimes even adding local flavours – while national regulators are also raising expectations in areas ranging from data protection and cybersecurity to sector-specific oversight.
These developments have been directly reflected in our work. Our portfolio has become very diverse – from online gatekeeper advisory and large-scale digitalisation projects to telecom regulation, tech M&A, and data-governance mandates – practically all aspects of the TMT sector are covered. Within that scope, AI and cybersecurity have been the most prominent themes, now part of everyday operations even for traditional industries. It has been a particularly strong year for us: we have gained major new mandates and deepened relationships with existing clients.
CEELM: What has been the primary driver behind these levels of activity?
Varady: The primary driver is that digitalization has become universal, and this wave is especially powerful in Hungary. Even the most traditional, brick-and-mortar businesses are now transforming their operations through technology. As a result, digitalisation plays a pivotal role across every industry – from manufacturing and retail to insurance and energy. This is why our portfolio today spans such a diverse range of digital mandates, and why the first “T” in TMT – Technology – has become much more dominant than media or telecom.
Within this digitalization wave, AI and cybersecurity stand out as the most prominent topics. There is an enormous race among companies to develop practical AI use cases for everyday workflows, while cybersecurity has moved to the top of every boardroom agenda. For now, much of this activity is driven by NIS2 compliance, but we believe Hungarian businesses will soon recognise that this is ultimately a matter of business survival. Without a proper framework combining legal, security, cyber-insurance, and crisis-communication controls, a single cyber incident can cause serious operational and reputational damage. The Jaguar ransomware case was a vivid reminder of how high those stakes have become.
CEELM: Finally, what do you think the next 12 months will look like?
Varady: AI will definitely remain in the spotlight – neither regulators nor technology ever sleeps. The pace of new legislative initiatives and guidance is accelerating, and the main challenge for businesses will be to stay ahead of these developments. Success will come from staying agile and proactive, constantly tracking both EU and Hungarian changes, and focusing on what truly matters amid the flood of new rules. At the same time, innovation must not outpace risk management – a particular challenge in Hungary, where companies often recognise issues late, and there is still a myth that the AI Act applies only to developers.
In the financial sector, it will be worth watching whether the Hungarian Central Bank issues guidance to help banks and insurers align their AI-compliance efforts.
At the European level, insurance sector regulator EIOPA’s guidance on the use of AI in insurance highlights that even low-risk AI systems must comply with sector-specific rules that, to a large extent, resemble the AI Act’s key requirements for high-risk systems – such as transparency, human oversight, data governance, and fairness. This suggests that, in practice, the insurance sector is already operating under high standards of AI governance, giving insurers another strong reason to treat it as a business priority.
Cybersecurity will remain another key issue, as companies must now complete their NIS2 audits. Given the market’s tendency to handle compliance at the eleventh hour, we expect another wave of NIS2-related mandates next year.
AI in HR is still not a “hot” topic in Hungary, but interest should rise as employers realise that AI tools used in recruitment or promotion may fall under the high-risk category of the AI Act.
Looking beyond compliance, the Data Act could become a real game-changer. It has the potential to spark a new data economy, yet many Hungarian businesses have not recognised its advantages.
As these frameworks grow increasingly complex, companies that fail to manage risks may face serious operational and reputational consequences, while those that handle them well can turn compliance into a competitive advantage.
