- Services
- Accounting and Tax automation
-
-
InvoiceProxy
Seamlessly switch from paper to electronic
We offer you the experience of fully data-driven electronic invoicing, with the security of the infrastructure provided by the National Tax and Customs Administration (NAV).
More…
-
TaxConsole
Automate your Invoices with TaxConsole
Our TaxConsole application allows access to NAV’s digital services directly from your computer.
More…
-
-
- Accounting and Tax automation
How should companies decide for the 2026 reporting year?
On 6 May 2026, the European Commission (EC) published the draft delegated act intended to adopt the amended (simplified) European Sustainability Reporting Standards (ESRS), aimed at reducing reporting burdens. The draft builds on the earlier technical recommendations of the European Financial Reporting Advisory Group (EFRAG) and explicitly aims to significantly reduce the costs of sustainability reporting while maintaining the quality of disclosures.
In its announcement, the EC also stated that it expects the proposals to generate cost savings exceeding 30% per company in the area of sustainability reporting.
The following summary outlines the key elements of the draft and the accompanying explanatory materials published by the Commission.
Although the Omnibus package has increased the reporting thresholds, market demand for data remains. Banks, investors and global supply chains continue to expect transparency. Companies therefore need to consider carefully which reporting standard is worth applying.
The most important changes in the simplified ESRS
The draft simplifies reporting obligations in several areas while also introducing more precise professional guidance:
- “Top-down” materiality approach: during the double materiality assessment (DMA), companies are expected to focus on strategically significant impacts and risks. As a result, there is no need to analyse every individual IRO (impact, risk, opportunity) separately if they are not materially relevant at a systemic level.
- Faithful representation: this principle will now apply to sustainability reporting as a whole, rather than to each individual data point separately.
- More flexible emission boundaries: for greenhouse gas accounting, companies may choose between the financial control approach (ownership-based) and the operational control approach (based on day-to-day decision-making authority).
- Grace periods: a one-year delay is introduced, for example, for reporting substances of very high concern (SVHC).
- Forward-looking data: estimates of future financial effects may be based on assumptions that can be updated year by year without such modifications being considered errors.
VS or simplified ESRS? – The decision dilemma
Medium-sized companies that are not formally subject to reporting obligations but are increasingly expected to provide ESG data essentially face two main options:
VS (Voluntary Standard): a simplified, minimum-data framework specifically designed for SMEs. It can serve as an excellent entry-level solution when the primary objective is to respond efficiently to banking or supplier questionnaires.
Simplified ESRS: retains the full logic and comparability of the original standards while requiring 60–70% fewer data points. This may represent the more strategic option for companies seeking decision-support capabilities and long-term resilience.
“The era of non-standardised sustainability reporting is over. Whether reporting is mandatory or voluntary, it is still worth conducting a double materiality assessment, as this helps companies identify where resources should be focused.”
Practical considerations when choosing
When is the VS (voluntary standard) sufficient?
If a company is still at the beginning of its sustainability journey and stakeholders (banks, customers) exert limited pressure for deeper and more structured disclosures, the VS may represent a cost-efficient solution.
When is the simplified ESRS the better option?
It is generally recommended if management wants to create business value from reporting (e.g. reducing employee turnover or improving energy efficiency) and comparability with competitors is important. For suppliers of large corporations, it may also provide a form of assurance for remaining within supply chains.
What is the market reality?
Banks often still send individual questionnaires because they are not yet able to process sustainability reports in a standardised manner. However, once a company prepares a standardised report, the necessary data will already be available, avoiding the need to repeatedly provide the same information.
How should companies get started?
If a business plans to prepare a voluntary sustainability report for the 2026 financial year, preparations should begin this summer.
The first three recommended steps are:
Assign responsibility: this may fall under finance, quality management or corporate governance functions — a dedicated ESG department is not necessarily required.
Build an internal team and provide training: it is important to involve key business areas so that stakeholders understand the expectations of the standards.
Conduct a materiality and GAP analysis: a diagnostic assessment is recommended to identify missing data and determine the areas requiring the greatest focus.
The draft delegated act is currently subject to a four-week public consultation period. During this time, stakeholders across Europe may provide feedback on the revised ESRS before the final requirements are adopted.
The final text is expected to be adopted in mid-June, after which the reporting obligations applicable to FY2026 are expected to become clearer.
By 30 June 2026, thousands of Hungarian companies will be required to complete their first NIS2 audit. Over the past year, we have supported numerous clients throughout their preparation process, from the initial assessment phase to the successful completion of the audit. During these projects, it became increasingly clear how the Hungarian NIS2 system operates in practice, what challenges it creates for companies, and where compliance begins to diverge from genuine information security.
An ambitious local implementation
NIS2 (Network and Information Security Directive 2) is the second generation of the European Union’s cybersecurity directive, which Hungary was among the first to transpose into national law through Act LXIX of 2024, commonly referred to as the Cybersecurity Act.
The Hungarian regulation attracted significant attention from the outset, partly because of the rapid implementation and partly because of the complexity of the regulatory environment.
A complex and multilayered regulatory framework
The system is built on four main pillars:
- the Cybersecurity Act itself,
- the decree on security classification and protective measures,
- the regulation governing auditors,
- and the decrees defining the audit methodology, fees and supervisory fee obligations.
Together, these form a regulatory framework spanning several hundred pages that is difficult to process from both technical and legal perspectives. Even understanding the requirements themselves required substantial resources from the affected companies.
An American framework in a Hungarian environment
The Hungarian implementation is based on the NIST SP 800-53 rev. 5 control framework, originally developed for US federal institutions and their suppliers.
The framework is internationally recognised and built on strong professional foundations, but in the private sector it is typically used on a voluntary basis. In Hungary, however, it became a mandatory legal requirement for many companies, including environments where operations heavily rely on cloud services or industrial control technologies.
High administrative costs
Companies faced significant costs already at the beginning of the preparation process. Supervisory fees appeared alongside the cost of the first audit and, in many cases, the need for external expert support.
The issue is not only the amount of these costs, but also the fact that a substantial portion of the resources is spent on administrative compliance rather than on actual technological or organisational security improvements.
Audit optimisation instead of security
Many affected companies encountered deeper information security requirements for the first time. In practice, however, the focus often shifted away from understanding risks or improving defensive capabilities, and towards finding ways to successfully complete the audit.
As a result, the central question was no longer “What threats are we facing?” but rather “What documents and evidence will we need during the audit?”. Consequently, many companies started building compliance programmes instead of security programmes.
The audit as the central organising principle
Within the Hungarian system, the role of the audit extends beyond simple verification: in many cases it became the primary driver of the entire preparation process.
A significant portion of corporate resources was consumed by preparing regulatory documents, collecting evidence and administratively fulfilling detailed audit requirements. As a result, the focus can easily shift towards proving compliance instead of developing actual security maturity.
EIR mathematics
The logic used to calculate audit costs further reinforced this optimisation mindset. Under the regulation, companies became financially incentivised to minimise the number of EIRs.
As a result, professionally difficult-to-justify system consolidations emerged in many cases, where the primary objective was not greater transparency or stronger security, but rather simplifying and reducing the cost of the audit process.
The greatest risk: a false sense of security
One of the greatest dangers of the system is that it can easily create a false equivalence between compliance and security.
A successful audit, proper documentation and collected evidence do not automatically mean that a company has become more resilient against cyberattacks. In many cases, what emerges instead is a well-auditable operating model that complies with administrative expectations but does not necessarily improve real defensive capabilities proportionally.
What should companies keep in mind?
1. Take documentation seriously – but understand why it matters.
The Hungarian NIS2 system is highly documentation-centric, yet most requirements are clearly defined and predictable. If a company understands what documents and evidence the auditor is looking for, preparation becomes significantly more transparent and efficient.
2. Clearly define the boundaries of the IT environment.
It is essential to clearly document responsibilities for systems, services and operational areas, especially in parent-company or cloud-service-provider environments. Well-defined roles and system boundaries simplify not only the audit itself, but also future security operations.
3. Accept that the audit is a mandatory milestone – but do not stop there.
A successful audit alone does not represent genuine information security maturity; it is merely an important compliance milestone. Long-term value is created when companies build real security improvements on the processes and controls established during the audit.
***
NIS2 compliance is no longer purely a technological or legal issue, but also a long-term operational and risk management decision. In our experience, companies gain the greatest advantage from the preparation process when they view the audit not as an end goal, but as the starting point of a more conscious and mature information security operation.
Our experts provide support in NIS2 preparation, the interpretation of documentation and audit requirements, as well as the development of practical information security operations.
After the May 20 deadline for submitting personal income tax returns, many taxpayers only later realize that some information was omitted, entered incorrectly, or that an additional certificate or document has arrived afterwards. In such cases, there is still no need to start an entirely new process or rely on paper-based administration.
The Hungarian Tax Authority’s eSZJA platform provides a lesser-known but particularly practical option: the self-revision support function, which helps users modify an already submitted tax return.
What does self-revision mean?
Self-revision means that a previously submitted tax return can be corrected afterwards. This may become necessary, for example, if:
- a source of income or tax allowance was omitted,
- incorrect data was entered in the return,
- a relevant certificate or document was received after submission.
Importantly, this does not mean filing a completely new tax return, but rather correcting the previously submitted one.
How does the eSZJA platform support corrections?
One of the advantages of the eSZJA platform is that during the self-revision process it automatically loads the previously submitted tax return. This significantly simplifies the correction process, as users do not need to re-enter all information from the beginning.
The system:
- displays the modified data,
- helps users review the differences,
- calculates any resulting balance,
- automatically handles the self-revision-related fields.
As a result, the process is easier to manage even for those who do not deal with taxation matters on a daily basis.
How can self-revision be initiated?
The self-revision process can be started in a few simple steps on the eSZJA platform:
- Log in to the eSZJA platform
- Select the previously submitted tax return in the “Retrieve and modify return” menu
- Start the “self-revision support” function
- Correct the necessary data and submit the self-revision after validation
The system guides users through the required steps during the entire process.
Why is it worth taking action in time?
A mistake or missing information discovered afterwards does not necessarily mean a serious problem — the more important question is how quickly and properly the correction is made. Self-revision allows taxpayers to correct their tax return digitally and efficiently, without unnecessary administration.
Do you have questions regarding your taxation or accounting processes?
If you have any questions regarding the self-revision of personal income tax returns, taxation obligations or accounting processes, our experts are ready to assist you. Accurate and up-to-date financial administration provides long-term operational security for businesses.
The global minimum tax framework enters a new phase in 2026: for the affected corporate groups, the closing of the 2024 tax year and the preparation tasks for 2025 become relevant simultaneously. In the coming months, the parallel handling of reporting, data reporting and accounting obligations will therefore come into focus, while uncertainty remains in several practical areas.
The practical application of the global minimum tax (Pillar 2) rules enters a new, substantive compliance phase in 2026, making the closing of 2024 and the year-end tasks for 2025 simultaneously relevant for several corporate groups, thus requiring the parallel management of reporting and tax planning processes.
The 2024 tax year cannot yet be considered closed from the perspective of the Qualified Domestic Minimum Top-up Tax (QDMTT), as the final settlement return has not yet been submitted, while calculation/accounting tasks already arise in relation to the 2025 tax year, considering that these items must also be presented in the annual financial statements as accrued expenses and deferred charges.
The final QDMTT filing deadline expires on 30 June
An important amendment is that although many taxpayers regard the QDMTT as an advance payment and therefore already consider it closed, a final QDMTT return and an Income Inclusion Rule (IIR) return relating to the additional tax under the income inclusion rule must still be submitted for the 2024 tax year in addition to the advance tax return. The legislator has expanded the function of the previous advance return, therefore this form will also serve for the submission of the full settlement return.
The filing deadline for the first QDMTT return relating to calendar-year groups for 2024 expires on 30 June 2026, as the extended 18-month deadline expires on that date. This applies to all affected taxpayers, regardless of whether an actual tax payment obligation arises.
According to the latest information, the tax authority is already working on the final filing structure:
- the draft version of form 24GLBADO, expanded with final settlement return sections, has already been prepared and is available on the tax authority’s website,
- the completion guide has been published,
- and documentation supporting the preparation of the XML file has also been released.
During the development process, the content of the global minimum tax reporting obligation under DAC9 is also being taken into account, considering that the introduction of this obligation is closely linked to the already known global minimum tax rules and their international harmonisation. The return will continue to be submitted through the Online Form Filling Application (ONYA) web platform.
The safe harbour election cannot be made retrospectively
It is particularly important that the application of the so-called safe harbour exemptions must be expressly indicated in the tax return, and failure to do so cannot subsequently be remedied. This may have long-term consequences for the determination of the tax liability, considering that in the absence of the initial election, the affected taxpayers may not apply the exemption in subsequent tax years either.
In addition to the QDMTT, the submission of the GloBe Information Return (GIR) may also be required. If the company itself does not submit the GIR, the Hungarian tax authority must also be informed which related party entity fulfils the GIR obligation. A further 6-month deadline applies to this notification obligation.
Data collection and reconciliations may be time-consuming
Due to the current uncertainties, corporate groups should begin preparations already now, as compliance represents not only a tax challenge, but also a data and process-related challenge.
Based on our experience, the collection and reconciliation of the required data and the assessment of safe harbour eligibility may take several weeks, therefore preparations should not be postponed.
Non-compliance may involve significant financial risks
The Hungarian tax authority treats compliance with the global minimum tax rules as a priority area, therefore failure to meet deadlines or incomplete reporting may result in actual financial risks.
Failure to comply with filing and reporting obligations may result in a default penalty of up to HUF 10 million if the return relating to the fulfilment of the obligations is submitted incompletely or late.
How can Grant Thornton help?
Should you have any questions regarding the application of the global minimum tax rules, the assessment of safe harbour eligibility or the fulfilment of filing obligations, Grant Thornton’s experts are ready to support you and your company.
***
This newsletter has been prepared exclusively for general information purposes, based on the information available on the date of publication, and therefore does not qualify as personalised tax advice in any respect and does not replace such advice.
Electronic auditor’s reports from 2025: new rules in the e-reporting system
From 1 January 2025, significant changes entered into force regarding the handling of auditor’s reports in Hungary. Under the new regulation, auditor’s reports may only be issued as electronic documents, authenticated with an electronic signature and timestamp by the auditor. The change affects not only auditors, but also all companies publishing annual financial statements in the e-reporting system.
In practice, the new rules may lead to simpler and more transparent document management, while also introducing new operational considerations for corporate administration and accounting processes.
What changed in the handling of auditor’s reports?
Based on the amendment to Act LXXV of 2007 on the Hungarian Chamber of Auditors, auditing activities and public oversight of auditors, from 2025 auditors are required to prepare auditor’s reports electronically and authenticate them with an electronic signature and timestamp.
Under the new regulation, only electronically authenticated auditor’s reports may be uploaded when publishing financial statements in the e-reporting system. The previously common practice of separately handling unsigned PDF versions is no longer necessary.
If the client still requires a paper-based copy, it must in all cases be issued based on the electronically prepared auditor’s report.
What does this mean for companies?
The digitalisation of auditor’s reports goes beyond a simple technical change. The preparation and publication of financial statements rely on the coordinated work of several parties, including finance teams, accounting departments, management approvers, external service providers and auditors.
Under the new operating model, it is particularly important for companies to establish clear internal processes for handling electronic documents. This includes, for example:
- receiving the authenticated electronic report;
- storing the correct document version;
- verifying the upload to the e-reporting system;
- ensuring the retrievability of documents.
One of the greatest advantages of digital auditor’s reports is the reduction of parallel document versions and administrative errors. At the same time, the electronic signature and timestamp become integral parts of the document, meaning that greater care is required when handling and forwarding files.
Digitalisation is transforming accounting processes as well
The electronic authentication of auditor’s reports clearly demonstrates the direction of digital transformation in finance and accounting. In addition to regulatory compliance, it is becoming increasingly important for companies and accounting firms to establish modern and well-structured digital processes.
In a rapidly changing regulatory environment, efficient document management is no longer merely an administrative matter, but also a key requirement for secure and transparent operations.
Digital solutions for more efficient operations
At Grant Thornton, we are consciously preparing for the digital transformation of finance and accounting processes. Through modern and continuously evolving digital solutions, we support our clients in meeting current regulatory requirements while making their operations more efficient and transparent.
Our goal is to ensure that our clients continue to receive up-to-date, secure and high-quality professional support in an increasingly dynamic business environment.
By June 30, the affected companies must prepare their certified ESG-reports. For many companies, it is now becoming a truly practical question how well-organised their ESG-data are, how traceable their internal processes are, and whether they will be able to find an accredited ESG-certifier in time.
There is visible uncertainty in the market. Companies are preparing for reporting at the same time, while certification capacity is still developing. In this situation, it is particularly important that preparation is not left to the final weeks.
Our sustainability team, which has gained significant experience in recent years in carbon footprint calculation, EHS-data and the assurance of sustainability reports, was among the first to obtain ESG-certification accreditation.
What can be expected?
- By June 30, the affected companies must prepare a certified ESG-report.
- Certification capacity may be limited, so timing may become a business risk.
- ESG-certification examines whether the statements in the report are supported by data, evidence and a consistent methodology.
- With good preparation, certification is not only a compliance task, but also useful management feedback.
- Grant Thornton supports companies in the process as an accredited ESG-certifier.
Why is ESG-certification now coming into focus?
For a long time, the ESG-report seemed more like a reporting task. Certification, however, creates a different situation: it is not enough to present the company’s sustainability performance; it must also be supported by appropriate data and documents.
This is particularly challenging when ESG-information comes from several organisational units, is available in different formats, or has no clearly defined owner responsible for data collection. In such cases, certification quickly shows where the system works well and where clarification is needed.
The June 30 deadline will therefore be the first real test for many companies of how far ESG-data management has been integrated into operations.
What does the ESG-certifier examine?
The purpose of ESG-certification is to independently confirm that the statements included in the company’s ESG-report comply with the criteria defined by law.
The certifier examines whether the statements in the ESG-report:
- are free from material misstatement,
- can be traced back to original data,
- are supported by evidence,
- are based on a consistent methodology.
The assessment may also cover the content and formal compliance of the ESG-report, the accuracy of completed ESG- and supplier questionnaires, and the operation of the applied risk management system.
The materiality assessment is also an important element. It shows whether the company is truly focusing on the environmental, social and governance topics that have a material impact from the perspective of its operations and stakeholders.
How does the certification process work?
ESG-certification consists of several steps and starts even before the cooperation begins.
In the preparation phase, conflicts of interest are reviewed, the scope of the engagement is defined, and a preliminary risk assessment is carried out. This helps determine the focus and resource needs of the certification.
This is followed by contract signing and notification to the authority. In the planning phase, a readiness assessment is prepared, and based on this, the certification plan is developed. This sets out the schedule, the areas to be examined and the methodology to be applied.
During implementation, document analysis, interviews and an on-site visit take place. Based on the evidence collected, a professional conclusion is prepared, which forms the basis of the certification report.
The process is closed by an independent review. In the case of a positive result, the company receives an ESG-certificate, which is valid for five years.
Where do companies usually get stuck?
In certification, the greatest difficulty is often not the writing of the report itself, but the traceability of the data.
Common questions include:
- exactly where the given ESG-data comes from;
- who approved it;
- what methodology was used to calculate it;
- whether there is documented evidence behind it;
- whether the same logic was applied throughout the entire report.
If there is no quick and clear answer to these questions, certification may become more time-consuming. This is why it is worth assessing at the beginning of the process how ready the organisation is for the review.
Why is certification useful beyond compliance?
A certified ESG-report builds trust among investors, clients and business partners. It also provides valuable feedback to management on how reliable the sustainability data are and where internal processes should be improved.
Certification helps filter out uncertain statements, strengthens data quality, and makes responsibilities clearer. This is particularly important where ESG-data already play a role in financing, procurement or reputational decisions.
In sustainability communication, what is verified has increasing value. ESG-certification provides a point of reference here: it helps separate intention from provable performance.
Why is it important to choose a certifier in time?
In the coming period, several companies may be preparing for the certification of their ESG-reports at the same time. This may create a practical risk because of certification capacity, especially for those who start the process late.
Choosing an accredited certifier is not merely a procurement matter. The partner must understand the regulatory environment, corporate data processes and the business logic behind ESG-reports.
Grant Thornton’s ESG-certification methodology is based on the MSZ EN ISO/IEC 17029:2020 and MSZ EN ISO 14065:2022 standards, as well as the relevant Hungarian legal environment. This ensures that certification is a controlled, consistent and professionally grounded process.
Prepare for ESG-certification in time
If your company is affected by the June 30 deadline, it is worth reviewing the status of your ESG-data, internal processes and responsibilities now.
Grant Thornton, as an accredited ESG-certifier, supports its clients in the preparation and in carrying out the certification process. Contact our experts so that we can clarify the next steps in time.