Roskomnadzor Warns of Possible Restrictions on Foreign Hosting Providers

Roskomnadzor has informed the media that the regulator may restrict the operations of foreign hosting providers due to risks posed to Russian resources. The agency reminded that, to protect resource owners from threats, Law No. 406-FZ was adopted. This law established several requirements for companies providing hosting services, including ensuring information security within their infrastructure, cooperating with the Center for Monitoring and Management of the Public Communications Network (CMU SSOP) to counter DDoS attacks, participating in exercises to ensure the stability of the Russian segment of the internet, and applying for inclusion in the register of hosting providers. Some foreign companies have not met these requirements but continue to provide hosting services to Russian organizations.

“Foreign hosting providers can terminate cooperation with a resource owner at any time, for example, due to political reasons or internal company decisions, leaving the website inaccessible to users. Information on the servers of foreign providers is not always protected from unauthorized access. This threatens the confidentiality of user data and business security, as information leaks can lead to financial and reputational losses.

Foreign providers may use resources hosted on their platforms to bypass blocks, such as distributing prohibited content, which increases the likelihood that a site will be blocked in Russia.

Given the risks faced by resources hosted on these companies’ infrastructure, the operation of such hosting providers may be restricted in Russia. In this case, they will not be able to provide hosting services to Russian organizations,” Roskomnadzor stated.

Roskomnadzor also noted that it cannot protect websites of companies in Russia that are hosted on foreign providers’ platforms from DDoS attacks and other threats. “This makes resources vulnerable to cybercriminals who can take down a site, steal data, or commit other violations. Roskomnadzor recommends hosting websites with organizations that comply with Russian laws and are included in the register of hosting providers,” the agency added.

Recent Developments and Recommendations

On April 2, 2025, Roskomnadzor recommended that owners of Russian internet resources stop using the default-enabled TLS ECH extension of Cloudflare’s CDN service, as it circumvents access restrictions to information banned in Russia.

Earlier, media reported that Roskomnadzor may block the operations of eight foreign hosting providers in Russia, including GoDaddy LLC, Kamatera Inc., Network Solutions LLC, Ionos Inc., HostGator LLC, DigitalOcean LLC, Amazon Web Services Inc., and Hetzner Online GmbH, because these foreign IT companies have not met the regulator’s requirements and Russian legislation (they are included in the list of foreign hosting providers subject to “localization” in Russia).

Legal Requirements for Hosting Providers

On February 1, 2024, Russia banned the operation of hosting providers and communications organizations not included in Roskomnadzor’s special register. Now, companies not in the RKN register are considered to be operating illegally and cannot legally provide hosting services to current or new clients in Russia. All hosting providers not in the register must notify RKN before starting to offer services in Russia.

As of today, 493 providers are included in the register, and several applications from communications companies are under review by RKN.

According to the RKN website dedicated to Federal Law No. 236 “On the Activities of Foreign Entities on the Internet” (the so-called localization law), which lists such legal entities, Roskomnadzor has taken enforcement measures against some hosting providers, including “complete restriction of access to the information resource of the foreign entity.”