Thursday, 18 December 2025
The Hungarian National Bank (MNB) has published Recommendation 13/2025 (XII.3.) on the digital transformation of credit institutions, setting out expectations for the responsible use of artificial intelligence (AI) in the banking sector. The new recommendation replaces the previous 4/2021 MNB Recommendation and introduces more detailed requirements for the governance, development and deployment of AI systems by banks .
Under the Recommendation, credit institutions are expected to develop a dedicated “AI sub-strategy” as part of their broader digital transformation strategy and submit it to the MNB by 30 June 2026. The central bank notes that the scope and depth of the AI sub-strategy requirements go beyond those set out in the EU AI Act, reflecting the supervisory authority’s focus on risk management and consumer protection in the financial sector.
The MNB has indicated that institutions and third-party AI providers should begin preparations immediately, as compliance will be monitored through ongoing supervisory and monitoring activities.
The Recommendation covers several key areas. These include AI-specific governance and internal frameworks, with banks expected to establish regulated structures and appoint a responsible leader for AI implementation. It also sets expectations around data governance, requiring high standards for data quality, handling and protection, including clear separation between raw and processed data and enhanced validation of training data used in AI models.
Further provisions address the development and procurement of AI systems. Banks developing AI in-house must meet detailed requirements, while those using third-party solutions are required to obtain assurance that providers comply with the Recommendation. The MNB highlights practices such as regular testing for bias or discrimination, the use of guardrail tools, human oversight of AI outputs and independent audits or certifications of AI systems as desirable approaches.
The Recommendation also introduces expectations for AI-specific risk management, including classification of AI-related risks and at least annual reviews, as well as enhanced IT security measures to protect training data, algorithms and system prompts. Institutions are encouraged to strengthen organisational expertise in AI, including setting internal rules for the use of generative AI and periodically testing staff AI literacy.
In addition, the MNB places emphasis on transparency and communication. Good practices include informing clients about the use of AI systems, providing educational materials, operating internal reporting mechanisms for AI-related errors and allowing clients to give feedback on AI-generated outputs.
Credit institutions must comply with the AI sub-strategy requirement by 30 June 2026, which is one month earlier than the deadline for compliance with high-risk AI system obligations under the EU AI Act. Other provisions of the Recommendation will apply from 1 April 2026. The MNB advises banks to align preparations for the Recommendation with their broader EU AI Act compliance efforts.
Source: CMS
