Hungary has just sealed a two‑pronged digital masterplan that turns the internet into a state‑run surveillance tool. The Cybersecurity Act, rubber‑stamped on 19 December 2024 and slated to kick in on 1 January 2025, forces any foreign firm handling Hungarian data to appoint a domestic representative, while a biometric “digital ID” app, launched in September 2024, makes it illegal to use state services without a fingerprint‑linked smartphone. In Orbán’s own words, these measures are not conveniences but “digital sovereignty” weapons designed to deepen citizen control.
The Cybersecurity Act is a heavyweight transposition of the EU’s NIS‑2 Directive, but it is anything but a faithful copy. It splits covered entities into “essential” and “important” tiers, expands the powers of the National Cybersecurity Authority, and – crucially – cherry‑picks which NIS‑2 provisions apply, leaving out a swathe of online platforms such as social‑network services and cloud providers. The law also obliges non‑resident organisations to name a Hungarian‑based representative who becomes the point of contact for every data‑request, effectively creating a legal conduit for state‑directed surveillance.
The e‑identity law, announced by Secretary of State Csaba Dömötör on 30 July 2024, adds a biometric layer to everyday life. Citizens must enrol their face and fingerprint in a central database, then carry the digital passport on a phone app to prove identity to police, sign documents, and book public services. While the physical ID card remains compulsory, the digital version becomes a de‑facto prerequisite for any online interaction with the state, turning personal biometrics into a gate‑keeper for public benefit.
Civil‑society watchdogs have sounded the alarm, but they have no hard numbers to back up their warnings. Reports from Háttér Society, the Hungarian Civil Liberties Union, the Helsinki Committee, Transparency International Hungary and the Civic Space Report 2024 all flag the same risks – state‑driven data requests, profiling, and a chilling effect on online activism – yet none publish quantitative evidence linking the new statutes to drops in voter turnout, protest permits or digital petitioning. The “Unhack Democracy” election portal likewise offers no statistical analysis of the laws’ impact on electoral behaviour. The vacuum of data leaves a dangerous blind spot for anyone trying to gauge how far the digital leash truly reaches.
What is clear from the qualitative commentary is a growing perception that the mandatory representative clause and the biometric ID system could deter dissent. Knowing that every click may be traced to a state‑controlled identity is likely to make citizens think twice before signing an online petition or joining a protest forum. Moreover, the requirement to own a compatible smartphone and undergo biometric enrolment may marginalise the elderly, low‑income and rural populations, effectively pruning the base of civic participation.
Neighbouring Poland and the Czech Republic are watching the Hungarian experiment with a mixture of curiosity and unease. Both states are also aligning their national cybersecurity frameworks with NIS‑2, yet they have not introduced the same sweeping representative mandate that Budapest has imposed. Hungary’s selective adoption – coupled with a state‑run biometric ID – therefore stands out as a more aggressive model of digital sovereignty, one that could pressure regional tech firms to redesign compliance strategies or risk exclusion from the Central European market.
The absence of transparent impact data makes it impossible to move beyond speculation, but the architecture of the new laws leaves little doubt about their intent. As the Cybersecurity Act and the e‑identity system roll out, Hungary is not merely tightening its digital defences; it is building a legal scaffold that can monitor, control and potentially silence the very citizens it claims to protect. Without rigorous, independent monitoring and a clear public record of how these tools affect democratic engagement, the “digital citizen” narrative risks becoming nothing more than a high‑tech veneer for authoritarian consolidation.
Image Source: fity.club
