(Status 01.03.2024, subject to change due to pending implementing regulations, in which case the information below will be amended)

A data intermediation services provider planning to provide a service within the meaning of Article 10 of the Data Governance Act may only carry out such an activity if it submits a notification to the Authority before starting such activity. Pursuant to Article 12(a) of the Data Governance Act, data intermediation services may only be provided through a separate legal entity not carrying out any other activity.

Registration pursuant to the notification alone does not entitle the data intermediation services provider to use the title and logo of "data intermediation services provider recognised in the Union", which requires a certificate of compliance to be obtained after registration, in a separate procedure.

As long as no dedicated online interface is provided on the website of the Authority, the notification shall be in the form and content required for legal persons subject to electronic administration under the Hungarian Code of General Administrative Procedure (https://njt.hu/jogszabaly/en/2016-150-00-00) and shall be submitted through ePapír service (template "Egyéb (NAIH)" under the menu item "Nemzeti Adatvédelmi és Információszabadság Hatóság eljárásai" on https://epapir.gov.hu/).

Pursuant to Article 11(6) of the Data Governance Act, the registration application submitted by the data intermediation services provider shall contain at least the following information in addition to the information specified in the Hungarian Code of General Administrative Procedure (data and contact details necessary to identify the client and its representative):

(a) the name of the data intermediation services provider;

(b) the data intermediation services provider’s legal status, form, ownership structure, relevant subsidiaries and, where the data intermediation services provider is registered in a trade or other similar public national register, registration number;

(c) the address of the data intermediation services provider’s main establishment in the Union, if any, and, where applicable, of any secondary branch in another Member State or that of the legal representative;

(d) a public website where complete and up-to-date information on the data intermediation services provider and the activities can be found, including as a minimum the information referred to in points (a), (b), (c) and (f);

(e) the data intermediation services provider’s contact persons and contact details;

(f) a description of the data intermediation service the data intermediation services provider intends to provide, and an indication of the categories listed in Article 10 of the Data Governance Act under which such data intermediation service falls;

(g) the estimated date for starting the activity, if different from the date of the notification.

The Authority will review the notification using information from the company register and from the website indicated in the notification. If the notification is incomplete, the Authority will issue an order requiring the applicant to remedy the deficiencies in accordance with the Hungarian Code of General Administrative Procedure.

The Authority will decide on the above notification within 7 days by means of a decision in accordance with the Hungarian Code of General Administrative Procedure. Pursuant to Article 11(8) of the Data Governance Act, the deadline shall be calculated only from the date of receipt of a duly and fully completed notification.

(The procedure is subject to the payment of a procedural fee at the rate specified in a ministerial decree. This ministerial decree has not yet been issued, so the procedure is currently free of charge.)

A data intermediation services provider registered at the Authority shall notify the Authority of any change to the notified data within 14 days of the change occurring. The procedure for the notification of changes shall be subject to the provisions governing the registration procedure.

A data intermediation services provider registered by the Authority which ceases its activity shall notify the Authority within 15 days of the date on which it ceases its activity, following which the Authority shall remove the data intermediation services provider from the register.

The Authority shall notify the European Commission without delay of the above notifications, change notifications and deletions as specified in the Data Governance Act (in a way specified in a Government Decree still to be issued).