It is reported that the National Media and Infocommunications Authority (NMHH), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Under Section 3 of Act L of 2013 on Electronic information security of state and local government organisations, data processing for certain institutions, including governmental bodies, National Bank, or local municipalities, must be provided from the territory of Hungary.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Hungary implemented the GDPR by amending the Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned. This is the case in Hungary. Under Art. 159/A of Act C of 2003 on Electronic Communications, internet service providers have to store connection data for 12 months at least.

Art. 159/A of Act C of 2003 provides that mobile service providers and ISPs must provide user data to the authorities upon request. The Constitutional Court found this law unconstitutional in 2022 and called on parliament to amend the legislation by the end of the year, but it is reported that parliament failed to comply.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under Section 7/3 of the Act CVIII on Electronic Commerce, which transposes Directive 2000/31/EC, service providers and intermediaries are protected from liability for third-party content. However, this exemption does not cover disguised advertising, as regulated in Section 14/A.

The Directive 2016/943 on the protection of undisclosed know-how and business information (trade secrets) is key in harmonising national laws concerning trade secrets. Hungary transposed the Directive through Act LIV of 2018 on the protection of trade secrets.

Under Art. 62. k of the Act CLXLIII on Public Procurement, foreign firms are excluded from government procurement if they are registered in a country that is neither an EU member nor a member of the WTO Government Procurement Agreement nor if they are registered in a country that has no double taxation treaty with Hungary or the EU.

Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
In Hungary, the Directive has been transposed with Act CXLIII of 2015 on Public Procurement.

It is reported that the lack of transparency is a challenge for public procurement procedures in Hungary, especially for foreign bidders, including with respect to overly narrow definitions of tenders and implicit biases in favour of local vendors and state-owned enterprises. Moreover, it is reported that in April 2022, the European Commission launched a budget conditionality mechanism against Hungary over the “systemic irregularities, deficiencies and weaknesses” in its public procurement procedures.

There are no foreign ownership limitations in sectors relevant for digital trade.

Act LVII of 2018 on Controlling Foreign Investments Violating Hungary’s Security Interests establishes a national security-related screening mechanism. According to Art. 2 of the law, foreign investment needs prior ministerial approval is required, when (i) 25% of the shares (10% in publicly traded companies) are acquired in companies important to the national security; (ii) decisive influence over such companies is acquired; (iii) a branch office is established in Hungary; or (iv) a right to use/operate a sensitive infrastructure or asset is acquired. Companies whose activities are important to national security include active cryptography, electronic communication and public communication systems. According to Art. 1 of the Decree, A foreign investor is (i) a person or organisation from outside the European Union (EU), European Economic Area (EEA), or Swiss Confederation; and (ii) a legal entity registered in the EU, EEA, or Swiss Confederation that acquires ownership or interest in a Hungarian company, if the controlling person or entity is from outside the EU, EEA, or Swiss Confederation.

Since May 2020, the Alternative FDI Regime, outlined in Chapter 85 of Act LVIII of 2020 and its implementing Governmental Decree, has supplemented existing FDI regulations under the FDI Act. Initially set to expire at the end of 2021, the regime was later extended indefinitely and reinstated through a new Governmental Decree in late 2022. According to Section 276 of Act LVIII of 2020, acquisitions of Hungarian companies in strategic sectors, including information technology, by foreign entities require authorisation.
In addition to share acquisitions under the FDI Act, the Alternative FDI Regime covers other deal structures, such as acquiring convertibles, usufruct rights, corporate transformations, asset acquisitions, capital injections, and in-kind contributions. These transactions are included if they result in at least a 10% stake in a strategic company, regardless of whether the deal is paid or free. The industries covered by the Alternative FDI Regime are extensive, encompassing sectors such as manufacturing, chemicals, food and agriculture, health, medical, waste, building materials, transport, logistics, education, communication, and even retail and wholesale, as long as they involve critical infrastructure.

Under Art. 51 of Act XXXIII of 1995 on the protection of inventions, foreign applicants that have no residency within the EU or the European Economic Area (EEA) have to be represented by an authorised attorney-at-law in front of the Hungarian Intellectual Property Office.