The Russian State Parliament (‘Duma’) announced, on 1 May 2019, that the President of the Russian Federation, Vladimir Putin, had signed Federal Law of 1 May 2019 No. 90-FZ on Amendments to the Federal Law on Communications and the Federal Law on Information, Information Technologies and Information (‘the Law’) and that it had issued Frequently Asked Questions (‘FAQs’) on the same. In particular, the Chairman of the Committee for Information Policy, Information Technologies and Communications, Leonid Levin, outlined in the FAQs that the Law will, among other things, allow the government to centrally manage the Russian internet (‘Runet’), and protect it from external threats and attacks.
Maria Ostashenko, Partner at ALRUD Law Firm, told DataGuidance, “Russian lawmakers are concerned with the content of the National Cybersecurity Strategy of the USA which was adopted in 2018, [in which] Russia […] is accused of various cyberattacks. In such circumstances [legislators deemed it] necessary to introduce security measures for ensuring a long-term and stable operation of the internet in Russia […] The Law authorises the Federal Service for Supervision in the Field of Communications, Information Technology and Mass Communications (‘Roskomnadzor’) to carry out monitoring of the internet and public telecommunication networks for the purposes of detecting threats […] If these threats occur, it may carry out centralised administration of the mentioned networks, which includes giving instructions to telecommunications operators, owners of telecommunication networks or other traffic exchange points, etc.”
The focus of the Law is the imposition of additional obligations for telecommunication businesses
In addition, the Law creates a national domain name system, as well as a national internet traffic routing system which would require internet service providers to direct their web traffic through ‘traffic exchange points’ controlled by Roskomnadzor. In response to queries on whether the Law would isolate the Runet from the World Wide Web, Levin stated that the Runet was part of the global digital space, and that the Russian IT community’s international success was based upon the principles of openness and availability of network resources.
Ilya Goryachev, Senior Lawyer at Gorodissky & Partners, highlighted, “The focus of the Law is the imposition of additional obligations for telecommunication businesses […] that may lead to substantial expenses. In particular, telecommunications operators that provide access to the internet will be obliged to ensure installation of certain technical devices aimed at preventing threats to the ‘stability, safety and integrity’ for the operation of the internet in Russia. [Furthermore], the restructuring of traffic routing may lead to a decrease of the amount of data transferred out of Russia, [and thus] have a negative impact on further development of Internet of Things (‘IoT’) […] In this regard, companies engaged in IoT will need to carefully monitor the issuance of by-laws which will emerge after adoption of the law to navigate between the relevant requirements. [Additionally], the specific provisions on the operation of the national system of domain names are not yet approved. This is among the issues to monitor in the next few years to see which particular benefits may be created for businesses operating in Russia.”
TOOBA KAZMI Junior Privacy Analyst