Digital governance and nuclear innovation: R&R Software contributes to the development of the Management System of the Licensee (EIR) for Paks II.
2025-10-24

R&R Software successfully completed the NIS2 Cybersecurity Audit”

R&R Software Zrt. has always placed strong emphasis on cybersecurity across its operations, development activities, and services.
Even before the NIS2 Directive and the Hungarian Cybersecurity Act came into force, we treated information security as a key requirement. Guided by our ISO-certified policies and processes, we performed regular reviews, security audits, and vulnerability assessments — particularly to meet the oversight and compliance expectations of our clients in the banking and financial sectors.

This prior level of preparedness and experience enabled us to successfully complete the NIS2 audit within a short timeframe, well ahead of the statutory compliance deadline.


NIS2 audit certificate – R&R Software

Under the European Union’s NIS2 Directive (2022/2555/EU), the Hungarian Cybersecurity Act of 2024 (Act LXIX of 2024) and its implementing regulation, Decree 7/2024 (VI. 24.) MK, define the mandatory security measures and certification obligations for critical IT service providers. Our company qualifies as a NIS2-obligated service provider*, as we operate and deliver software services for a wide range of clients.

R&R Software began its preparations for the NIS2 audit in March 2025, aligning the process with its current ISO certification activities, as well as its information security policies and procedures.
The cybersecurity audit was carried out by the accredited auditing organization HUNGUARD Kft., and was concluded on 4 December 2025. According to the audit results, the company successfully met the requirements of the NIS2 Directive and the applicable Hungarian legislation.

Based on the assessment carried out by HUNGUARD Kft.:

  • Resilience Index: 86
  • Rating: “Compliant with Medium Risk”
  • Evaluation Result: “Audited”

R&R Software not only ensures its own compliance, but also actively supports its clients in achieving cybersecurity compliance as a NIS2 contributor and professional partner.

This support extends to organizations subject to NIS2 requirements, as well as to stakeholders in the financial sector, for whom the DORA (Digital Operational Resilience Act) framework defines cybersecurity and operational resilience obligations.

In 2025, our company conducted a self-assessment and system capability validation across the affected software products in order to:

  • provide targeted information support for our clients’ NIS2 and DORA audits, and
  • strengthen our partners’ confidence in the company’s cybersecurity maturity, service stability, and compliance capabilities.

Download the English certificate here.

We would like to express our gratitude to our advisory partners and to our development, service, operations, and IT security professionals, whose dedicated work and expertise contributed to the successful completion of the audit.

*The NIS2 Directive (Network and Information Systems Directive 2) is the second generation of the European Union’s cybersecurity framework, establishing strict information security requirements for critical and important service providers across the Member States. In Hungary, approximately 3,000 organizations are currently classified as NIS2-obligated entities.