Category: Hungary

Digital transformation has become a priority for all major companies. This is being driven only further by the spread of artificial intelligence’s commercial use cases and ever-tightening data protection and cybersecurity regulations. However, procuring enterprise software (concerning both the development of custom-made software and “off-the-shelf” software developed for mass use) may give rise to various legal issues. Promptly identifying and addressing these issues can help prevent considerable legal and operational expenses, as well as other inconveniences.

In the case of custom-made software, it is important, among other things, to understand what rights remain with the developer. The software’s source code may be protected by copyright, and the solutions included in the software individually ordered by the buyer may be based on valuable trade secrets or know-how. A key issue may be whether the developer would be entitled to resell the developed software, either in its original or partially modified form, to third parties, including the buyer’s competitors. It is also prudent to consider which rights the buyer should acquire to meet their specific needs and have this reflected in the software development agreement. Is it necessary to acquire all economic rights in relation to the software to be developed, or is it sufficient to obtain a license to use the software? Naturally, if the buyer company chooses to obtain a license, the scope of the license is also crucial. As one may expect, the scope of rights obtained and the scope of a license might also have an impact on pricing.

In the case of “off-the-shelf” software, service providers often implement general terms and conditions. However, such terms and conditions are sometimes overly general or do not govern key matters, which might prevent the buyer company from using the software in the way it intended. A typical mistake is when the buyer procures the software to use it at the group-level or together with its retail network, but this is not reflected properly, from a legal perspective, in the license terms, which results in other group members or retailers not being entitled to use the software. In the event of unlawful use of the software or use that goes beyond the terms of the software license agreement (the license terms), the right holder of the software might, for example, make claims against the buyer for license fees after the unlawful use.

The buyer should also take the time to consider, even at the time of procurement whether they plan to later order unique additional developments (enhancements) to the software, as the case may be, from a software developer who is different from the original supplier. This is because the lawfulness of those enhancements may depend, to a great extent, on the technical details of the relevant enhancement and the license terms of the existing software.

The buyer’s to-do list is not completed just with the purchase of the software license. To use the software properly, it is essential to integrate it into the already-existing IT environment, handle any technical and user problems, install — and, as the case may be, develop — necessary updates and train employees to use the software. The buyer should already be considering these tasks at the time of concluding the contract in relation to the software. In the case of custom-made software, it is also worth considering whether the buyer “chains” itself to the software developer. If so, it is advised to agree on (and, ideally, include in the relevant contract) the magnitude of foreseeable technical support fees.

Finally, if the software’s operation involves the processing of confidential information (e.g., personal data or trade secrets), the buyer must comply with applicable law and, as the case may be, with the terms of its contracts with its business partners (e.g., provisions related to confidentiality and data processing) when using the software. Relevant regulatory and contractual breaches might not only have serious legal consequences but might also raise trust issues from the business partners’ perspective. Therefore, it is always recommended to analyze the software and the contract for its use from a data protection and confidentiality perspective and take the necessary measures. These include assessing and documenting the management of potential confidentiality and data protection risks, preparing the relevant data privacy documentation or updating existing documentation, and negotiating appropriate data privacy and confidentiality provisions for the contract with the vendor.

If the software transmits personal data to the supplier’s servers (e.g., in the case of cloud hosting), some servers may be located outside the European Economic Area, which might result in additional legal and practical risks for certain countries (e.g., India, China or, in certain cases, the United States). In such cases, the buyer should analyze whether the European Commission has adopted an “adequacy decision” regarding data protection for the country of destination. If there is none, the buyer should assess the measures under which the transfer may be lawful.

The protection of personal data is also important during software development and bug (defect) fixing. Such data may be processed for testing only in justified cases. In these instances, where possible, it is recommended to substitute personal data with fictive data.

By Andras Gaal, Attorney, Baker Mckenzie

The world of data centres is evolving at an unprecedented pace, driven by the ever-increasing demand for AI solutions. At the same time, sustainability challenges, energy efficiency and security of supply are becoming increasingly in focus due to the significant energy demands of data centres. The growth potential of the sector remains attractive, with 70% of investors expecting further growth over the next two years, according to a recent international report* by DLA Piper.

Increasing investment and dynamic M&A activity

The spread of AI-based solutions is driving demand for data centres, which could lead to a 30-50% increase in the investment volume in the future. Despite the challenges, data centres will continue to play a key role in the evolution of digital services. In the US, in particular, we have seen a strong recovery, driven by significant investments from large technology companies such as Microsoft and BlackRock. There has also been significant growth in both deal volume and deal value, with the number of global data centre acquisition deals up with 52% over the past year and the average deal value up with 42%.

Sustainability and ESG challenges

The rapid expansion of data centres poses a significant challenge, as providing an operational environment for AI applications is energy-intensive. Goldman Sachs Research estimates that the industry will require 160% more energy by 2030, which will require that regulations governing data centre development and related investments to address sustainability and ESG considerations.

In recent years, the European Union has taken a number of measures that focus on ESG aspects for large EU companies, including data centres. The Corporate Sustainability Reporting Directive (CSRD) and the Taxonomy Regulation impose reporting requirements covering a range of environmental issues. Under the latest Corporate Sustainability Due Diligence Directive (CSDDD), companies are required to put in place comprehensive due diligence policies and procedures to mitigate the adverse environmental and social impacts they identify.

The EU regulatory framework can provide a solid basis for more sustainable data centre operations, helping to increase their energy efficiency and reduce their environmental footprint. If operators effectively integrate these requirements into their ESG strategies and operations, data centres can become key elements in achieving the EU’s climate and environmental goals, not least to benefit from the growing demand for sustainable and responsible business practices.

Regional differences and future prospects

Data centres have different characteristics around the world: while in the US rapid growth and large investments have already strained the existing electricity grid to the point where new projects are prohibited in certain regions, in Europe the market is shaped by the regulatory environment and sustainability concerns, and developers have not faced similar constraints. While it is true that the Nordic countries are located further away from areas traditionally considered key for data centres, the typically cooler climate results in lower energy costs, while the essential high stability of the electricity grid, the wide range of renewable energy sources and the availability of development sites provide additional advantages. The Asia-Pacific region, particularly Japan, South Korea and Australia, also offers significant growth opportunities. In the Middle East, governments are increasingly investing to reduce their dependence on fossil fuel-based economies. One example is Khazna’s 100 MW artificial intelligence-optimised data centre in the UAE.

According to our report, the global data centre market is expected to reach USD 300 billion in the near future, and the industry participants surveyed expect growth by 10% per year over the next five years. Innovations such as more advanced cooling systems and more energy-efficient servers will be key to future growth.

The evolution of data centres is driven by the increasing demand for AI technologies and digital transformation. However, addressing the challenges of sustainability and energy supply will be key to long-term success. Industry players will need to continuously innovate to meet the changing market and regulatory environment while ensuring efficient and sustainable data centre operations. As technology continues to evolve, the role of data centres in the global economy may become more prominent, and companies that can adapt to, or even to predict, future trends will gain a significant competitive advantage.

* TMT Finance was commissioned by DLA Piper to conduct a survey in Q3 2024 of 176 industry leaders on data centre investment opportunities, emerging trends and the impact of artificial intelligence (AI). Respondents included industry leaders, investors, financiers, data centre operators and telecoms companies

By Tamas Balogh, Counsel, Real Estate Service Stream Leader, and Eniko Nyikes, Intern, Real Estate Group, DLA Piper Hungary

Last summer, the deposit return system (DRS) was introduced, under which 0.1-3 litres of drink products with a mandatory redemption fee can be bought in shops at a price increased by the redemption fee.

In the case of compulsory returnable reusable products, the manufacturer sets the redemption fee on a product-by-product basis. On 20 January 2025, the Hungarian tax authority clarified the tax treatment of the redemption fee for beverage packaging: under the mandatory redemption scheme, the redemption fee paid to an individual is considered tax-free income for the individual.

Under the Personal Income Tax Act, all income of an individual is taxable. Income is the total makings earned by an individual from another person. Makings are the value of property acquired by an individual under any title and in any form, whether in cash or in-kind. Accordingly, the well-known HUF 50 bottle redemption fee would be taxable income under the general rule described above.

However, from 29 November 2024, Annex 1 of the Act specifies the categories of exempt income, including the bottle redemption fee. This exemption from personal income tax was confirmed by the tax authority on 20 January 2025, and the detailed rules of practical relevance were also explained. The redemption fee is tax-free if it is paid by the distributor in cash or by bank transfer if the individual receives the proceeds in the form of a voucher issued by the automatic redemption machine. It is also exempt if the redemption fee is disposed of by the individual for the benefit of another person at the time of redemption. It was also underlined that the individual does not receive taxable income even if the product with the mandatory redemption fee is purchased by a paying party (a company), but the paying party does not take care of the redemption of the packaging but transfers the product with the redemption fee to the individual. Accordingly, it does not matter who bought the returnable bottle, if it is returned by the individual, it remains tax-free income.

By Krisztian Kiralyvolgyi, Attorney at Law, KCG Partners Law Firm

In 2024, EU data protection authorities imposed a total of EUR 1.2 billion in fines. This brings the total value of fines to EUR 5.88 billion since the GDPR became applicable, DLA Piper’s latest report reveals.* The technology sector has been hit the hardest, with data protection focusing on managerial responsibility and privacy issues in AI tools.

The total value of fines imposed in 2024 fell by 33% compared to the EUR 1.78 billion imposed in 2023. But this doesn’t mean the focus has shifted away from enforcement relating to privacy. The decrease is mainly due to the Irish DPC’s record EUR 1.2 billion fine imposed on Meta in 2023, the highest ever.

In 2024, the technology sector and social media were the most affected by data protection sanctions, with nine out of the ten highest fines being imposed on organisations in this sector. For example, the Irish authority fined LinkedIn EUR 310 million for breaching the principles of the GDPR on a number of grounds in relation to analysing user data and processing it for targeted advertising. Another significant sanction was also imposed in Ireland, where Meta was fined EUR 251 million for a data breach affecting 3 million users in the European Economic Area (EEA).

In addition to the technology sector, major fines were also imposed in the financial and energy sectors. The Spanish data protection authority imposed two fines totalling EUR 6.2 million on a major bank for inadequate security measures. And the Italian data protection authority fined a utility company EUR 5 million for using outdated or inaccurate customer data.

Hungary in the regional midfield

In terms of the total value of GDPR fines imposed since 25 May 2018, Hungary retained 17th place in the European ranking last year with around EUR 4.2 million (HUF 1.7 billion) in fines. Ireland (EUR 3.5 billion), Luxembourg (EUR 746 million) and France (EUR 597 million) made up the top three. Some of the high-profile cases in Hungary included the sanction imposed by the National Authority for Data Protection and Freedom of Information (NAIH) on a headhunting company for unlawfully processing and sharing the data of thousands of job applicants. Last year, the NAIH also issued a warning on the lawful handling of voice recordings.

Focus on AI and managerial responsibility

Privacy aspects of AI technologies are also in the focus of regulators’ attention. In Ireland, the data processing practices of X’s chatbot have been under scrutiny. And the Dutch data protection authority has imposed a record EUR 290 million fine on a ride-hailing app for transferring personal data to a third country. It also issued a EUR 30.5 million fine on AI company Clearview for GDPR breaches relating to data collection and facial recognition systems. The Dutch data protection authority is also investigating whether the company’s directors are personally liable for multiple breaches of the GDPR.

EU rules are increasingly focusing on the personal liability of company directors, with stricter compliance requirements. Whether authorities have the power to impose personal liability in the event of a breach of the GDPR varies from Member State to Member State.

What data protection challenges can we expect this year?

Much attention is expected to be paid this year to the “consent or pay” model, which was the subject of lively debate in 2024. Users can choose between two options: consent to the use of their personal data for behavioural advertising or pay for the service. Last April, the European Data Protection Board (EDPB) finally adopted an opinion stating that major online platforms have to allow users to choose an additional “equivalent alternative” that’s free and without behavioural advertising. While EDPB didn’t state that these models cannot be lawful in any case, it concluded that in most cases they don’t comply with the GDPR requirements for valid consent and are therefore unlawful.

The EDPB’s long-awaited opinion on data protection aspects of AI models, published in December, doesn’t provide clear guidance, so the boundaries of lawful use of personal data for AI tools remain uncertain.

With the rapid expansion of artificial intelligence and strict EU data protection legislation, we can expect a number of regulatory investigations, sanctions and court cases in the coming years.

*The GDPR fines and data breach survey report includes a country-by-country table of fines imposed between January 2024 and January 2025. The survey covers the 27 EU Member States, plus the UK, Norway, Iceland and Liechtenstein

By Zoltan Kozma, Partner, Head of the Intellectual Property and Technology, and Mark Almasy, Associate, DLA Piper Hungary

Schoenherr, working with Argo, has advised Group Vandamme on the sale of its Hungarian activities to ADM. Baker McKenzie advised the buyer.

Group Vandamme is a Belgian group active in the production and refining of agricultural products.

According to Schoenherr, the transaction included three Hungarian companies: Vandamme Hungaria, Aserco, and Dunalys Ingatlanforgalmazo.

The Schoenherr team included Partner Kinga Hetenyi and Attorneys at Law Adrian Menczelesz and Alexandra Bognar.

The Baker McKenzie team included Partners Akos Fehervary and Daniel Orosz, Senior Associate Nora Zsuzsanna Kovacs, and Junior Associate Gergo Halasz.

The Hungarian Government has made a significant amendment just weeks into 2025 by increasing the VAT exemption threshold for small and medium-sized enterprises (SMEs). Despite the autumn tax package for 2025 remaining silent on this matter, the new limit has been set at HUF 18 million, up from the longstanding HUF 12 million. This increase applies retroactively from 1 January 2025. Taxpayers have until the end of February to opt in for the exemption.

Background – better late than never

As we covered back in October 2024, an important amendment to Directive 2020/285/EU was set to enter into force on 1 January 2025. The ceiling of the VAT exemption threshold applicable by Member States has been increased to EUR 85,000 (i.e. HUF 26,222,500 in Hungary since the exchange rate to be used for the conversion is the one published by the European Central Bank on 18 January 2018, where EUR 1 = HUF 308.5). Member States have at their discretion to determine the VAT exemption cap, the amendment implies an opportunity – but not a requirement – for Member States to increase this cap, accordingly.

Historically, Hungary’s VAT exemption threshold has gradually increased since the adoption of the VAT Act (2007 – HUF 5 million, 2013 – HUF 6 million, 2017 – HUF 8 million, 2019 – HUF 12 million, 2025 – HUF 18 million (new threshold)).

Retroactive amendments – back to the future

On 25 January 2025 the Hungarian Government amended the VAT Act concerning the exemption threshold. According to the new provision, which entered into force on 26 January 2025, but applies retroactively as of 1 January 2025, the threshold for eligibility for the exemption has been raised from HUF 12 million to HUF 18 million. As usual, taxable persons may opt for a domestic exemption for the year 2025 if the total amount of the consideration, expressed in HUF and annualized, which they have received or are entitled to receive in return for the supply of goods or services in Hungary neither in the calendar year 2024, nor reasonably foreseeable or actual in the calendar year 2025 does not exceed the sum of money equivalent to HUF 18 million. Additionally, taxpayers who surpassed the previous HUF 12 million limit but remained under HUF 18 million over the past two years are now eligible for the exemption in 2025.

While the increase is a positive development, the retroactive nature of the change has caused certain complications. In response, the Hungarian Tax Authority has issued a quick practical guide, stating that (a) invoices already issued in 2025 with VAT should be corrected and re-issued without VAT, (b) VAT returns (if any) should be amended through self-revision for both VAT payable and deductible, and (c) Receipts – where invoices are not required – that include VAT should not be corrected.

Notably, VAT paid on receipts – e.g. issued for B2C transactions – remains with the taxpayer applying the exemption retroactively, effectively making it a ‘gift’ from the legislator. Taxpayers now have until the end of February at the latest to opt-in for the exemption (taxpayers already under the scheme from last year have no further to do).

By Balint Zsoldos, Head of Tax, KCG Partners Law Firm

Captive insurance has experienced significant growth globally in recent years, driven by hard market conditions, emerging risks and increased volatility. Statistics reveal a steady increase in the number of captives over the past four years, rising from 5,879 in 2020 to 6,181 by the end of 2023, according to the Captive Managers and Domiciles Rankings + Directory 2024 published by Business Insurance.[1] Captive insurance companies are also increasingly used by Forbes 1000 and Fortune 500 companies to manage complex and emerging risks.

Captive insurers, or “captives”, are wholly owned subsidiaries created to provide insurance to their non-insurance parent companies. These entities offer a form of self-insurance, allowing the insured to benefit from underwriting profits. Despite the global rise, the popularity of captives in Hungary remains low, with only OTP Bank and MOL Hungary having established captives.

Advantages of captive insurance

1. Captives provide more stable and lower insurance premiums compared to the traditional insurance market, which are cyclical and can disrupt budgeting and profit forecasting. Captives achieve this by eliminating marketing expenses, lowering wages and reducing risk-taking and operational costs.
2. Captives have easier access to the reinsurance market, which can further reduce insurance costs. Reinsurers are more willing to take on captive risks due to the parent company’s higher standards of risk management and loss control.
3. Premiums paid to captives are spread evenly throughout the year, enhancing cash flow retention and control. Claims are paid as they arise, allowing captives to earn investment income on collected premiums.
4. Captives can provide the exact insurance coverage for their parent company, even for specialised risks (“customised policies”) that would be difficult or expensive to insure in traditional markets, such as product liability, environmental pollution and professional liabilities.
5. Multinational corporations can apply greater financial net retention at the group level, reducing insurance expenses and centralising claims control within a single group captive.
6. Captives generally have lower capital requirements compared to commercial insurers.

Drawbacks of captive insurance

1. Establishing a captive requires significant initial capital investment, which can be a financial burden, especially for smaller companies.
2. Captives concentrate risks within the parent company, which can be a disadvantage compared to spreading risks across multiple insurers in the traditional market.[2]
3. Running a captive involves various ongoing costs, including management fees, operational expenses and regulatory compliance costs. Captives also need to maintain sufficient liquidity to pay claims, and the limited risk pooling can result in higher volatility in claims.
4. Captives must comply with complex regulatory requirements, which can be time-consuming and require expertise, particularly in Hungary’s challenging regulatory landscape. The tax treatment of captives adds another layer of regulatory issues to overcome, varying from one jurisdiction to another. In Hungary, the insurance tax regime is particularly challenging to navigate.
5. Captives often operate with limited capital, which can result in substantial out-of-pocket expenses for the parent company in the event of significant losses.

Hungary

The captive insurance market in Hungary faces unique challenges. Captives are treated the same as any other insurance undertakings, subjected to extensive administrative burdens and complex legislative requirements. This classification contradicts the European Insurance and Occupational Pensions Authority’s (EIOPA) Opinion on the supervision of captives, which recognises the special characteristics of captives.[3] Additionally, there is a lack of self-organisation and self-care within Hungarian corporate culture, further complicating the adoption of captive insurance models.

Despite these challenges, there are potential pathways for growth in the Hungarian captive insurance market. One promising avenue involves the formation of small groups of entities with similar insurance interests and no conflicting ownership stakes. For this reason, ideal candidates for captives in Hungary include municipalities, public utilities, state-owned companies, and universities.

In conclusion, while Hungary may not currently be the ideal location within the EEA region to establish a captive insurance company, there is a silver lining on the horizon. Unlike Malta[4], which boasts a sound regulatory and legal framework along with a favourable tax system for captives, Hungary faces significant administrative, legislative and cultural challenges. However, these obstacles are not insurmountable. There is increasing awareness and interest among potential candidates who are beginning to reconsider their approach to the idea of opening a captive in Hungary. With ongoing efforts and reforms, Hungary has the potential to evolve into a prominent destination for captives in the long term.

[1] https://www.businessinsurance.com/biresources/2024-captive-managers-and-captive-domiciles-rankings-directory/
[2] See US Tax Court: Rent-A-Center v. Commissioner, Avrahami v. Commissioner.
[3] https://www.eiopa.europa.eu/publications/opinion-supervison the superion-captives_en
[4] https://kpmg.com/mt/en/home/insights/2022/10/insurance-captives.html.

By Gabor Pazsitka, Partner, and Balint Bodo, Associate, Schoenherr

Hungary introduced new regulations for employing guest workers from third countries. These updates specify eligible countries and permit requirements to align with Hungary’s labour market needs and compliance standards.

Eligible Countries

The new rules designate Georgia and Armenia as eligible countries whose nationals can work in Hungary with employment-related or guest worker residence permits. Their eligibility is based on repatriation agreements between Hungary or the European Union and these countries. Additionally, the Ministry of Foreign Affairs has issued its first official update under the applicabée government decree, adding the Republic of the Philippines to the list of eligible countries. The Philippines’ inclusion stems from the presence of a state-recognized organization or office in Hungary. According to the decree, this entity shall be responsible for ensuring compliance with Hungarian and EU entry and residence regulations, and for the repatriation of Filipino nationals.

Permit Requirements

Nationals from the listed countries can apply for either (i) an employment-related residence permit, or (ii) a guest worker residence permit. These permits allow lawful employment in Hungary while adhering to Hungarian and EU laws.

The Government will periodically review the list of eligible countries. Updates will be published in the Hungarian Gazette (Magyar Közlöny) to ensure transparency and responsiveness to labour market demands.

Provisions for Existing Permit Holders

Guest workers already holding permits under earlier legislation may be subject to special exemptions. The previously defined list of eligible countries under the applicable government decree effective until 31 December 2024, still applies in the following cases:

• Workers with valid work-related residence permits (issued under previous legislation) on 31 December 2024, who later apply for a guest worker residence permit.
• Workers seeking to extend or reissue an existing guest worker residence permit.
• Applications for guest worker residence permits that were pending as of 31 December 2024.

Furthermore, as of 31 December 2024, the updated decree does not apply to employment-related residence permits issued under different circumstances, including extensions or pending applications.

Employers and stakeholders are encouraged to monitor official announcements and updates to remain informed about changes in guest worker regulations. Staying compliant with these rules is crucial for maintaining alignment with Hungary’s evolving labour and immigration policies.

By Reka Fulop, Associate, KCG Partners

Eva Kovacs has joined Jalsovszky as a Managing Associate and the firm’s new Head of Real Estate Practice.

Before joining Jalsovszky, Kovacs spent almost six years at the helm of Nagy-Kovacs, between 2019 and 2025. Earlier, she was a Special Counsel with Bird & Bird between 2018 and 2019 and, a Senior Associate with Weil, Gotschal & Manges between 2004 and 2018.

“After 15 years in international practice and six years running my own legal practice, I am excited to take on this new challenge,” Kovacs said. “I am particularly drawn to the opportunity to join a team that is widely recognized in both the Hungarian and international markets and is innovative and dynamic. Our goal is to build on the strengths of the already high-performing real estate group and further unlock the potential in this field.”

“We are seeing signs of a real estate market revival,” said Managing Partner Pal Jalsovszky. “This is precisely when a new leader can inject fresh momentum and open new opportunities for the practice. I have known Eva for over 15 years, and her extensive experience and business-oriented mindset made it incredibly easy to find common ground and shared goals.”

Jipyong Partner Ji Hye Lee has joined Oppenheim’s Korea desk in Budapest.

According to Oppenheim, “with her extensive experience in corporate law, cross-border transactions, and legal advisory services, she is set to play a key role in serving Korean clients operating in Central and Eastern Europe.”

Lee has been a Partner with Jipyong since 2017. Earlier, she worked for Kim Chang Lee as an Associate between 2016 and 2017.

In 2024, Oppenheim partnered with Jipyong to launch its Korea desk (as reported by CEE Legal Matters on November 12, 2024).

“Oppenheim’s Korea Desk provides dedicated legal support tailored to the unique needs of Korean businesses in Hungary and in the broader European market,” commented Managing Partner Istvan Szatmary. “With Ji Hye on board, we are confident in delivering even greater value through culturally attuned, insightful legal guidance. We look forward to her invaluable contribution and to strengthening our ties with the Korean business community.”