Key Outcomes of Russian Internet Regulation in 2018
In 2018, the Russian State Duma continued its policy of tightening state regulation of the internet, a trend that began in 2012. Numerous new laws were enacted, significantly expanding the government’s ability to control information, punish information intermediaries, and increase online censorship and surveillance. The enforcement of these new regulations has had a serious impact on human rights in cyberspace.
Enacted Laws
Law on Columbine Communities
Russian online censorship and blocking legislation began in 2012 under the banner of protecting children. Despite little evidence that these measures have reduced drug use or child suicides, authorities continue to pass new laws in response to social events, claiming to protect children from harmful online content.
After several incidents involving weapons in schools, Irina Yarovaya and other deputies introduced a bill amending the laws “On Information” and “On Protecting Children from Harmful Information.” The law expands the list of information prohibited for distribution among children. Not only will resources that encourage minors to commit illegal acts be blocked, but also any content that incites actions dangerous to the life or health of children or others. This includes sites, groups, and media covering activities of roofers, train surfers, and other extreme communities. The law allows Rosmolodezh to add information to the banned sites registry without a court order. It took effect on December 18, 2018.
Laws on Penalties and Blocking for Refusal to Remove Information
The growing number of bloggers and independent media exposing corruption in Russia has irritated authorities. In April 2018, a bill was passed empowering bailiffs to restrict access to sites that refuse to remove information damaging to a citizen’s honor or a company’s business reputation. This law, effective April 23, 2018, created another body with online censorship powers—the Federal Bailiff Service (FSSP).
In May 2018, another bill introduced penalties for failing to comply with court orders to stop spreading illegal information or to publish retractions. Fines can reach up to 20,000 rubles for individuals, 50,000 for officials, and 200,000 for legal entities. Repeat offenders can face up to 15 days of arrest. Criminal liability applies to those previously administratively punished for similar violations, with penalties up to 50,000 rubles, compulsory or corrective labor, up to three months’ arrest, or up to two years in prison. This law took effect on October 13, 2018.
The “Yarovaya Package”
The so-called “anti-terrorism package” (Law 374-FZ), signed by President Putin in July 2016, requires telecom operators and internet companies to store users’ communications, including photos, videos, and audio files, for law enforcement access. As of July 1, 2018, these rules expanded SORM (System for Operative Investigative Activities) to require six months of traffic storage by telecom operators and similar obligations for internet services listed in a special registry maintained by Roskomnadzor at the FSB’s direction. Major Russian services like Yandex, Mail.Ru, VKontakte, Odnoklassniki, and various messengers are already included.
For ISPs, the requirement to store all user internet traffic for one month began October 1, 2018, with the storage period increasing by 15% annually for five years. Major operators expect to spend tens of billions of rubles to comply, costs likely to be passed on to consumers through higher rates.
Law on Fines for Search Engines and Hosting Providers
In September 2018, a law came into force imposing fines on search engines and hosting providers for failing to comply with strict VPN, proxy, anonymizer, and search engine regulations. Search engines that do not remove links to banned sites can be fined up to 700,000 rubles, and hosting providers up to 300,000 rubles for not providing information about VPN and proxy owners. VPN owners themselves are not currently subject to fines for accessing banned resources, but their services can be blocked.
Law on Decriminalization of Hate Speech (Article 282 of the Criminal Code)
Prosecution of users for reposts and likes on social media peaked in 2018, sparking widespread public debate. In October 2018, President Putin submitted bills to partially decriminalize Article 282 (incitement of hatred or enmity, or humiliation of human dignity). The amendments replace criminal with administrative penalties for first-time extremist statements online. Criminal liability now applies only if a person has already been administratively punished for a similar offense within a year. The new laws, signed December 27, 2018, have retroactive effect, meaning ongoing criminal cases for likes and reposts will be closed and sentences reviewed. However, experts note that these changes do not address the broader problem, as other “anti-extremist” articles remain unchanged, and administrative cases for social media activity are expected to rise in 2019.
Proposed Legislation (2018 Initiatives and What to Expect in 2019)
Bill on a Sovereign Runet
The most controversial initiative of 2018 was a bill introduced by senators Andrey Klishas and Lyudmila Bokova, along with deputy Andrey Lugovoy, in December. The bill claims to respond to the “aggressive” U.S. National Cybersecurity Strategy but lacks a clear link between threats and proposed measures. Existing distributed DNS and traffic routing systems do not pose a risk of external internet shutdowns.
However, the bill would greatly expand the government’s ability to monitor all user traffic and implement effective online censorship, potentially creating a “Great Russian Firewall” similar to China’s. This would allow strict control over cross-border traffic exchange points and the ability to disconnect the internet or block access to specific resources for certain users, groups, regions, or times using advanced DPI systems. Net neutrality would be compromised, and services like Telegram could be affected. The law’s implementation could cost the industry over 100 billion rubles and significantly increase internet access costs for users. Despite expert criticism, the Duma is likely to consider the bill in early 2019, and its passage would mark a major shift in Russian online censorship and surveillance, severely restricting digital rights.
Bill on Punishment for Insulting State Symbols and Authorities
This bill, introduced in December 2018 by senators Klishas and Bokova, proposes fines up to 5,000 rubles or up to 15 days’ arrest for internet users who express blatant disrespect for society, the state, or government bodies in an offensive manner. It also allows for immediate extrajudicial blocking of such content at the request of the Prosecutor General’s Office. The bill is under discussion and likely to be adopted in the next parliamentary session.
Bill on False Information
The same group of senators also introduced a bill banning “false information that poses a threat to citizens’ lives or mass public order.” The first bill amends the law “On Information,” while the second adds a new administrative offense. The draft prohibits the dissemination of “socially significant false information presented as reliable, which threatens life, health, public order, safety, or the functioning of vital infrastructure.” Fines range up to 5,000 rubles for individuals, 50,000 for officials, and 400,000–1,000,000 rubles for legal entities, with possible confiscation of servers. The trend is clear: authorities seek to protect the official narrative and deter content providers and media from spreading what could be deemed “fake news.” Both bills are likely to pass.
Bill on Cyber Patrols
2018 saw the creation of several pseudo-public organizations—cyber patrols and cyber Cossacks—whose sole purpose is to identify protest statements and so-called extremism online and report users and suspicious posts to law enforcement. These groups are becoming low-cost helpers in online censorship and user persecution, supported at both regional and national levels. In November, deputies from the United Russia party prepared a bill to legalize these groups, which are already receiving local support.
According to the bill, cyber patrols will combat the posting of information banned in Russia, including war propaganda, incitement of hatred, and other content subject to criminal or administrative liability. They will be formed as public organizations, registered with Roskomnadzor, and open to Russian citizens over 18. Authorities must cooperate with cyber patrols, and members will be granted special access to closed social media groups. These organizations are expected to participate in regional procurements, increasing their influence. Despite media promotion, the bill has not yet been officially registered in the State Duma.
Bills on Digital Currency Control
In December 2018, several bills were introduced to expand the Central Bank’s authority over the digital currency market. Two bills aim to strictly regulate payment services in Russia, requiring foreign payment systems to have a local representative and comply with Russian risk management and information security standards. Unregistered services will be deemed illegal.
Significant changes are also proposed for payment aggregators, such as Yandex.Kassa, which will need to become banking payment agents, sign contracts with merchants on behalf of banks, and comply with strict security requirements. This could increase fees for merchants. Another bill would expand the list of government agencies filtering the Russian internet and give the Central Bank the power to block sites violating financial laws or used for fraud, including fake bank sites, illegal financial services, and sites offering unauthorized access to financial systems. Some experts believe this could also allow blocking of ICO sites offering utility or security tokens.
Bill on Big Data
The “big data” market in Russia has long operated in a gray area, with IT companies offering data analysis and scoring services under the radar due to personal data laws. A bill was drafted to legalize and monopolize this market, separating big user data from personal data to avoid requiring user consent for processing and transfer. The bill defines “big user data” and “big data operators” and regulates their collection, transfer, and processing.
However, the expert group under the Russian government, Roskomnadzor, and major businesses like Sberbank and the “big three” telecom operators strongly opposed the bill, citing legal conflicts, unjustified regulatory barriers, and increased costs. The Duma’s Information Policy Committee noted that creating a federal registry of big data operators would require significant funding, which the bill’s authors did not account for. The bill was returned for revision in November, but it is expected to reappear in 2019 in a revised form.
Read the continuation of the article here!