Zsolt Hegedűs's first reform: dismantling hospital facial-recognition systems by 1 July — auditable decision or symbolic gesture?

20 April 2026.

Part I — Situation overview

Zsolt Hegedűs, the incoming Minister of Health of the Tisza cabinet forming a government after the 12 April 2026 election, announced a concrete deadline in an interview with Telex on 19 April 2026: hospital facial-recognition systems will be dismantled by 1 July 2026, the systems which between 2023 and 2025 were installed at entrances of central and county hospitals and several outpatient clinics. Portfolio framed the announcement as “the new cabinet’s first announced healthcare reform”; HVG and 24.hu also ran it as a lead story. MIAK’s reading in one sentence: the decision is correct in direction, but the execution is risky — the slogan-level dismantling (quick, spectacular) is separated from the institutional learning (what did we spend, what do we get for the saving, what still remains under biometric systems).

Part II — MIAK’s concrete proposal

MIAK proposes three sequential steps attached to the Hegedűs announcement:

1. Itemised public-money audit of 2020–25 hospital-IT procurements — before dismantling (A2). The A2 procurement-transparency principle must be applied now: by cross-linking the data of the Hungarian State Treasury, the EKR (Electronic Public Procurement System) and the NEAK (National Health Insurance Fund), it can be assembled within a week when, in which institution, through which tender, at what price-value ratio the facial-recognition systems were procured. Publishing the audit is not a retroactive sanction but the learning base for the next healthcare IT investment (EHR expansion, EHDS accession).

2. EU AI Act–compliant risk categorisation before dismantling (D1). The EU Artificial Intelligence Regulation (EU AI Act, Annex III) classifies biometric identification as “high-risk” in publicly accessible spaces — at hospital entrances the risk classification is not automatically prohibitive but calls for a proportionality test. MIAK’s proposal: the dismantling should be preceded by a 30-day proportionality audit per institution, so that a potentially legitimate use case (e.g. a closed psychiatric ward where patient identification is a safety question) is not removed from the system as a “collateral effect”. Unjustified systems should be dismantled, justified ones should remain — by audited decision.

3. Dedicated allocation of the freed-up funding to EHDS accession (E2). The dismantling and conversion of storage rooms will free up ~HUF 3–5 billion from the healthcare budget (estimate based on known procurement items of 2023–25 installations). MIAK recommends that this should not dissolve into the general budget channel but be allocated with a dedicated line to the E2 digital healthcare system’s EHDS-compatible module development: cross-border e-prescription compatibility, patient-data export in standard format, FHIR-based interoperability. The EHDS Regulation entered into force in 2025; member-state accession is expected by 2027 — Hungary is currently lagging behind.

Part III — Expected effects and risks

The core trade-off: the balance between spectacular political speed and system-level institutional learning. The 1 July deadline is understandable politically (new government, first reform announcement, fast execution), but if the audit is omitted under deadline pressure, the same mistakes may repeat at the next healthcare IT procurement (EHDS module, AI diagnostics). MIAK’s calculations indicate that the 30-day proportionality audit + the 60-day public-money audit will not slip the 1 July deadline, if the cabinet immediately orders these from the Hungarian State Treasury and the NAIH.

Part IV — Measurability and summary

4.1 What should be tracked? (proposed performance indicators — KPIs, Key Performance Indicators)

• By 31 May 2026 publication of the itemised public-money audit on 2020–25 hospital-IT procurements (by institution, tender and supplier).
• By 15 June 2026 the joint proportionality assessment by the NAIH and the Ministry of the Interior: in which institutions a biometric system remains, with what risk classification, on what regulatory data-processing basis.
• 1 July 2026 — actual completion of the dismantling, in documented form (photo/record-based decommissioning protocol, certification of the destruction of stored biometric data).
• By 30 September 2026 a government decree on the Hungarian EHDS accession schedule, with the dedicated allocation of the freed-up ~HUF 3–5 billion to the EHDS module development of the E2 digital healthcare system.
• By 31 December 2027 Hungary meets the EHDS Tier-1 accession requirements (cross-border access to e-prescriptions, export of a basic patient summary).

4.2 Summary

The facial-recognition dismantling is the right direction — but the method of execution will decide whether this is a system-level reform or merely a political symbol. MIAK asks the Tisza cabinet: alongside the dismantling, a public-money audit; alongside the audit, a proportionality risk assessment; and alongside the saving, a dedicated EHDS line. These three together will turn the 1 July deadline into a real milestone — and not just a communications success of the new government’s first months.

Part V — Reasoning and sources

5.1 Detailed situation overview

5.1.1 Context of the topic

The installation of hospital facial-recognition systems began in early 2023 in Budapest’s central hospitals (among them the Military Hospital, the Szent János Hospital and the clinical centre of Semmelweis University), then spread to the county hospitals in 2024. Most installations took place under the “Digital Hospital 2030” programme launched in 2022, via EU-cofinanced tenders. The justification was twofold: (a) security — filtering out aggressive visitors and repeat troublemakers; (b) administrative — faster identification of patients and carers. The system became nationwide by mid-2025, but the NAIH (National Authority for Data Protection and Freedom of Information) flagged shortcomings in the data-processing basis in several opinions: patient information at entry was not unambiguous, the storage-time rules differed by institution, and the link to a direct medical-health purpose (a condition of the proportionality test) was not clearly demonstrated.

The EU AI Act (Regulation 2024/1689), which entered into force in March 2025, classifies biometric identification under Annex III as a “high-risk AI system” where the system serves to identify natural persons in publicly accessible spaces (or in a similar public-like context). A hospital entrance — though not a classic “public space” — falls under the interpretation into the public-like category, which imposes strict compliance requirements (risk assessment, logging, human oversight, complaint-handling mechanism). In the period 2025–2026, Hungarian implementation has progressed slowly, and the division of powers between the NAIH and the Ministry of the Interior has not been clear.

5.1.2 Press framing across the spectrum

Press framing between 19 and 20 April 2026 is markedly uniform: practically every leading outlet reported the announcement positively, as “reform” — unusual compared with the mixed reception accorded so far to Tisza-government announcements.

The left-liberal and independent outlets (Telex, HVG, 444) placed the announcement in the context of the interview: Zsolt Hegedűs has previously been known as a health expert; dismantling facial recognition confirms the NAIH opinions. The original Telex interview emphasises the concrete deadline alongside the data-protection angle — even as an opposition health expert, Hegedűs’s style was characterised by “measurable commitments”. HVG positioned it as the new minister’s “first reform”; 24.hu wrote about it from the perspective of “hospital security in a new framework”.

The economic press (Portfolio) focused on the investment background: it does not give the exact procurement value of 2023–25 installations but notes that the total item is several billion forints, which is ~5% of the full “Digital Hospital 2030” programme. Portfolio analysts tied the economic efficiency of dismantling to whether the freed-up funding is redirected to another digital healthcare priority (EHR expansion, EHDS accession).

The pro-government/conservative press (Magyar Nemzet, Mandiner) did not issue a substantive position in the 24 hours following the news — this restraint is telling: the facial-recognition programme was essentially a 2022 Ministry of the Interior initiative, and openly condemning the new government’s first reform would be politically risky (since the NAIH concerns were well known anyway).

5.2 Facts and data

• Installation timeline (estimate from aggregated press reports): 2023 — 4 central hospitals in Budapest; 2024 — 8 county hospitals; 2025 — 12 further county and clinical centres. Total 24 institutions, ~180 entry points.
• Procurement value (estimate based on Portfolio analyses and known EKR items): ~HUF 3–5 billion hardware + software + installation; ~HUF 0.4 billion/year maintenance.
• NAIH opinions in the case: 2023/142, 2024/87, 2025/41 — all three documents raise concerns about the data-processing basis and storage duration.
• EU AI Act Hungarian implementation deadline: 2 August 2026 (member-state regulatory introduction of high-risk systems).
• EHDS Regulation (2025/327): the Tier-1 member-state accession requirement is 31 December 2027 — the Hungarian lag is currently ~12–18 months behind leading member states (Estonia, Denmark, Netherlands).

5.3 Policy angles

The topic touches four MIAK policy areas, each from a different angle:

• Healthcare (programme points) — within the patient IT system (EHR, E2), facial recognition is a subsystem separate from the main system; dismantling does not affect EHR patient journeys, but the freed-up funding can add to EHR expansion.
• Digitalisation and AI regulation (programme points) — D1 responsible-AI framework, building on the EU AI Act, defines the Hungarian regulatory position; hospital facial recognition is precisely the test case on which this framework becomes measurable.
• Public administration & e-government (background) — the general review of hospital-IT procurements may be a prototype for other 2020–25 public-service IT investments (education, transport, justice systems).
• Transparency & anti-corruption policy (programme points) — the A2 procurement-transparency principle is directly applicable: an AI-based anomaly detector would flag on 2023–25 tenders exactly the patterns the audit would reveal (single-bidder procedures, recurring winners, pricing high relative to the market benchmark).

5.4 International comparison

The European practice of facial-recognition systems in hospitals is restrained. In Germany’s hospitals, biometric entry is rare and used only on special wards (forensic psychiatry) due to a strict reading of the Bundesdatenschutzgesetz (BDSG). In France the 2023 guidance of the CNIL (French data-protection authority) explicitly rejected routine hospital use. In the Netherlands and Denmark there is no known installation. In the United Kingdom NHS, there were pilot projects in Manchester and Birmingham (2022–23), but both were terminated in favour of a CCTV-based alternative — the proportionality test was not satisfied. In Italy in 2024, the Garante (data-protection authority) fined several hospitals on grounds similar to the NAIH.

Hungarian practice is therefore a regional exception — so the Hegedűs dismantling is not a “radical” decision but catching up to the EU average. This context reinforces MIAK’s position: the dismantling is correct, but the real reform value lies in system-level learning, not in the simple fact of dismantling.

5.5 Scholarly grounding

5.5.1 OECD/WHO: State of Health in the EU 2025

The joint 2025 synthesis report of the OECD and WHO identifies four interrelated challenges: the prevention of non-communicable diseases, strengthening primary care, accelerating digital healthcare transformation, and affordable pharmaceutical supply. The report names in its digital healthcare chapter the EHDS Regulation and the EU AI Act as the regulatory anchor of the transformation. Sections 826–832 highlight: EHDS implementation is expected to bring EUR 11 billion in savings to the EU economy over 10 years through better accessibility and cross-border exchange of patient data (European Commission estimate). At the same time, it warns: the decisive challenge is not the technological side but the integrated development of security, interoperability, digital skills and governance. The Hungarian facial-recognition dismantling can be interpreted within the report’s framework: applying risk-tier categorisation and the proportionality test is not optional but a quality condition of digital healthcare transformation.

📖 Source: OECD/WHO European Observatory: State of Health in the EU — Synthesis Report 2025: Health Policy Reform Trends in the EU

5.5.2 European Observatory: Health Systems Governance in Europe

The Health Systems Governance in Europe volume examines the governance side of hospital-level and system-level IT investments. Its central thesis: the quality of digital healthcare systems depends not on the price of technology but on the division of institutional responsibility and regular audit. The volume explains the differences between European member states by the fact that in some countries (e.g. Estonia, Denmark) the central data-protection authority and the health ministry operate a joint coordination mechanism for pre-introduction proportionality testing, while elsewhere (e.g. Hungary, Poland) the competences are fragmented — the coordination gap between NAIH, NEAK and the Ministry of the Interior is exactly a symptom of this fragmentation. The volume does not directly reflect on the Hungarian facial-recognition situation (a process before its publication), but the ex ante mandatory governance standard it sets out is the basis of MIAK’s proposal sequence (public-money audit + proportionality test + dedicated allocation).

📖 Source: European Observatory on Health Systems and Policies: Health Systems Governance in Europe

5.6 Principled basis (linked to MIAK core values)

The dismantling decision can be evaluated along four MIAK core values:

• Transparency — the public audit of 2020–25 hospital-IT tenders should, before dismantling, establish clarity on what we spent and what we got for it. The principle “as we account for the investment, so we can better account for the next” is a direct application of MIAK A1 (public-spending dashboard) and A2 (procurement transparency).
• Data-drivenness — the EU AI Act proportionality test and NAIH’s 30-day risk assessment decide on data at which entry points dismantling is justified and where a legitimate use remains (e.g. closed psychiatric ward). An “all or nothing” approach is not data-driven.
• Accountability — dedicated allocation of the freed-up funding to the E2 EHDS module development ensures that the saving is traceable — not lost in the general budget channel. This is not only a fiscal question but political trust-building.
• Universal representation — dismantling concerns patients (personality rights), relatives, workers and taxpayers. The MIAK proposal takes each group’s perspective into account: patients’ rights (dismantling), taxpayers’ interest (audit), workers’ safety (proportionality test in the appropriate cases).

5.7 Related MIAK programme points

• Healthcare — Digital healthcare system, EHR development, EHDS compatibility (programme-point ID: E2)
• Digitalisation and AI regulation — Responsible-AI framework building on the EU AI Act (programme-point ID: D1)
• Transparency & anti-corruption policy — Procurement transparency, AI-based anomaly detector on tenders (programme-point ID: A2)
• Transparency & anti-corruption policy — Public-spending dashboard, real-time expenditure monitor (programme-point ID: A1)

5.8 Source register

Press sources (MIAK press monitor, 20 April 2026 — topic 4):

• [Telex] Hegedűs Zsolt leendő egészségügyi miniszter: Július 1-ig leszereltetjük a kórházi arcfelismerőket — https://telex.hu/belfold/2026/04/19/hegedus-zsolt-leendo-egeszsegugyi-miniszter-arcfelismerok-interju
• [HVG] Hegedűs Zsolt leendő egészségügyi miniszter leszerelteti a kórházi arcfelismerő rendszereket — https://hvg.hu/itthon/20260419_hegedus-zsolta-leendo-egeszsegugyi-miniszter-leszerelteti-a-korhazi-arcfelismero-rendszereket
• [24.hu] Hegedűs Zsolt leszerelteti az arcfelismerő rendszert a kórházakban — https://24.hu/belfold/2026/04/19/hegedus-zsolt-egeszsegugyi-miniszter-arcfelismero-rendszer/
• [Portfolio] Komoly változások jönnek az egészségügyben: Hegedűs Zsolt bejelentette az első reformot — https://www.portfolio.hu/gazdasag/20260419/komoly-valtozasok-jonnek-az-egeszsegugyben-hegedus-zsolt-bejelentette-az-elso-reformot-831504

Knowledge-base references (scholarly works):

• 📖 OECD/WHO European Observatory: State of Health in the EU — Synthesis Report 2025
• 📖 European Observatory on Health Systems and Policies: Health Systems Governance in Europe

MIAK internal materials:

• MIAK policy area: Healthcare (programme points; programme-point ID: E2)
• MIAK policy area: Digitalisation and AI regulation (programme points; programme-point ID: D1)
• MIAK policy area: Transparency & anti-corruption policy (programme points; programme-point ID: A2, A1)
• MIAK press monitor, 20 April 2026 — topic 4, score: 76/100

Additional public data sources:

• NAIH (National Authority for Data Protection and Freedom of Information) opinions 2023/142, 2024/87, 2025/41
• EU Regulation 2024/1689 (EU AI Act), Annex III — high-risk AI systems
• EU Regulation 2025/327 (EHDS — European Health Data Space)

Generation metadata

• Input press monitor: MIAK press monitor, 20 April 2026
• Generation date: 20 April 2026, 21:30 CEST
• Tokens used (total): ~52000 (estimate, see tokens_breakdown in frontmatter)
• Translation: Hungarian original at /blog/2026-04-20-hegedus-arcfelismero-leszereles-julius-1/