The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Act CLV of 1997 on Consumer Protection (as amended in September 2019).

Hungary has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Hungary has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Hungary has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Although Art. 73 of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services provides that intermediary service providers are not required to monitor the content of the information they transmit, store, or provide access to, nor are they obliged to actively seek facts or circumstances indicating unlawful activity, subsequent EU legislation has introduced stricter obligations for certain categories of platforms.
In particular, Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790, Hungary has adopted Act XXXVII of 2021, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Hungary, the EU Directive was transposed into domestic law through the amendment of Act CLXXXV on Media Services and Mass Communication of July 2021 (LXIII of 2019 law on the amendment of certain laws related to media services). According to Art. 20 of the Act, at least 30% of the total aggregated length of programmes made available in a given calendar year in the programme schedule of on-demand audiovisual media services must consist of European works, with a minimum of 10% comprising Hungarian works.
Furthermore, pursuant to Art. 136, a media service provider with significant influence that offers a linear audiovisual media service is obligated to allocate 2.5% of its annual advertising revenue to the promotion of new Hungarian cinematographic works. This obligation can be satisfied either through a payment to the Fund or by providing financial support for a new film production, as mutually agreed upon between the Fund and the media service provider.

Section 3 of "Act L of 2013 on the Information Security of State and Municipal Bodies" imposes local processing requirements on state and local government entities as well as organisations providing essential services. Under this provision, data within the scope of the Act must be processed in electronic information systems that are operated and stored in Hungary. Exceptions are narrowly defined: data may be processed outside Hungary only within the territory of an EEA State and only where the supervisory authority for the security of electronic information systems grants approval or an applicable international treaty provides for such processing. For entities delivering services classified as critical, such as those in the energy, transport, agriculture and healthcare sectors, electronic information systems may only be hosted within EU Member States.
The Cybersecurity Act adopted in December 2024 repeals Act L of 2013 with effect from 1 January 2025.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Hungary implemented the GDPR by amending the Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned. This is the case in Hungary. Under Art. 159/A of Act C of 2003 on Electronic Communications, internet service providers have to store connection data for 12 months at least.

Art. 159/A of Act C of 2003 provides that mobile service providers and ISPs must provide user data to the authorities upon request. The Constitutional Court found this law unconstitutional in 2022 and called on parliament to amend the legislation by the end of the year, but it is reported that parliament failed to comply.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under Section 7/3 of the Act CVIII on Electronic Commerce, which transposes Directive 2000/31/EC, service providers and intermediaries are protected from liability for third-party content. However, this exemption does not cover disguised advertising, as regulated in Section 14/A.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under Section 7/3 of the Act CVIII on Electronic Commerce, which transposes Directive 2000/31/EC, service providers and intermediaries are protected from liability for third-party content. However, this exemption does not cover disguised advertising, as regulated in Section 14/A.

According to Art. 6.2 of Act CXXVIII of 2016, which amends Act XXXIV of 1994 on the Police (and Act C of 2003 on Electronic Communications), telecommunications service providers are required to verify the identity of individuals before entering into a contract for prepaid mobile telephony services (SIM cards). If the identity verification is unsuccessful, the subscription contract cannot be finalised, and the service provider is prohibited from initiating service. Additionally, for contracts exceeding one year, identity verification must be repeated annually on the contract anniversary or through third-party data matching. This identity verification can also be conducted online, either prior to the contract's conclusion or during data reconciliation processes.

The Hungarian Government holds shares in certain telecommunications companies. Historically, the State has held shares in Antenna Hungária Zrt., which, as of 2024, is owned by 4iG Plc. (78.76%) and the Hungarian State (23.22%). Furthermore, in January 2023, Antenna Hungária Zrt, together with Corvinus International Investment Zrt. (representing the Hungarian State) and Vodafone Europe B.V., signed a binding agreement for the acquisition of 100% of the shares in Vodafone Magyarország Zrt. (‘Vodafone Hungary’). Following the financial closing, Antenna Hungária Zrt. acquired an indirect controlling stake of 51%, while the Hungarian State retained an indirect stake of 49%.

It is reported that Hungary does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, accounting separation is required by law. According to Sections 68 and 105 of Act C of 2003 on Electronic Communications, the National Media and Communications Authority (NMHH) may, by decision, impose detailed obligations of accounting separation in relation to specific activities concerning interconnection or access for service providers with significant market power in wholesale service markets. A service provider subject to accounting separation obligations is required to submit an accounting separation statement, prepared in accordance with the requirements set out in this Act, the NMHH Decree on the detailed rules for keeping separate accounting records, and the President’s resolution. This statement must be submitted to the President for approval within 45 days of the adoption of the annual report pursuant to the Accounting Act.