Overview of New Laws Impacting the Russian Internet in June
With the start of June, a series of new laws and regulations come into force in Russia, significantly affecting the country’s internet landscape and aiming to regulate the digitalization of the economy and other areas of life.
The Law on Educational Activities
One of the most notable legislative events this year is the adoption of the controversial Federal Law No. 85-FZ. This law introduces a definition of educational activities, establishes who is allowed to engage in such activities, and imposes restrictions on using these activities to incite discord or encourage actions that contradict the Constitution. The government will determine the procedures, conditions, and forms for conducting educational activities, as well as the rules for oversight.
The new regulations require educational organizations to coordinate any international cooperation agreements with the ministries they report to, with the only exception being agreements for training foreign students.
The law immediately drew criticism from the scientific community, which saw it as an attempt by the state to fully control and even “monopolize” education. Critics argue that the law “opens the door to a range of restrictive measures that will negatively impact educational outreach in our country,” and that many educational projects based on the enthusiasm of their participants “may be at risk of disappearing due to numerous bureaucratic requirements, licensing needs, and the necessity to approve the content of every lecture.”
Seventeen independent Russian educational projects, including “Synchronization,” Arzamas, and “PostNauka,” stated, “The regulation of educational activities in question is essentially a form of prior censorship reminiscent of the darkest pages of Russian history and directly limits freedom of speech and discussion in our society.” Additionally, all members of the Presidium of the Russian Academy of Sciences supported the call to withdraw the bill.
The IT sector also voiced its dissatisfaction, stating that the law imposes too many restrictions on lecturers in the field. Organizations expressed these concerns in a letter to Maksut Shadayev, the head of the Ministry of Digital Development, calling the new measures pointless. Critics fear the law will not only complicate independent educational activities but also make it impossible to hold online seminars, trainings, and conferences related to education.
Registration of Corporate SIM Cards
Promoted by its authors as a “law against false bomb threats,” Federal Law No. 533-FZ requires mobile operators to provide corporate mobile services only if SIM cards are registered in the Unified System of Identification and Authentication (ESIA). According to the new rules:
- Citizens can link a device’s unique identifier (IMEI) to their ESIA account. If a phone is lost, the owner can request authorities to block the device. The operator must stop servicing a subscriber if their identity cannot be confirmed.
- If a contract was signed before June 1, information must be entered by November 30, 2021.
Ivan Begtin, Director General of the “Information Culture” NGO and head of the “Open Data” project at the Accounts Chamber, expressed concern that entering IMEI data into ESIA accounts could eventually become mandatory. “The intentions are good, but in Russia, it’s a short step from a right to an obligation. It’s worrisome, as usual,” he said.
Additionally, ATMs, payment terminals, and video surveillance systems using such SIM cards are at risk. These devices cannot be registered in ESIA, which technically makes them illegal. The Ministry of Digital Development has promised to address this issue.
New Emergency Information Standards (GOST)
Starting June 1, a new GOST standard for informing the public about emergencies comes into effect. It prohibits spreading information that could provoke panic and requires that information from emergency zones be provided to the media at least four times a day. The information must be consistent, timely, and regularly published.
Reporting Unjustified Money Transfer Notifications
Money transfer operators serving payers are now required to report to the Bank of Russia any additional or clarifying information regarding previously reported unauthorized transfers within three business days of discovery. If, during risk management, cases of unjustified notifications about unauthorized transfers are found, operators must send a reasoned report to the Bank of Russia within three business days.
The regulator can also request opinions from both the payer’s and recipient’s operators on whether a transaction qualifies as an unauthorized transfer, based on previously submitted information. Operators must provide a reasoned response within the timeframe specified in the request.
Fines for Violating Critical Information Infrastructure (CII) Security Requirements
On June 5, a new law introduces fines for violating requirements related to the creation, operation, and security of significant CII objects. Fines range from 10,000 to 50,000 rubles for officials and from 50,000 to 100,000 rubles for legal entities.
For violating procedures for reporting, responding to, and mitigating the consequences of computer incidents, officials face fines from 10,000 to 50,000 rubles, and legal entities from 100,000 to 500,000 rubles.
For improper data exchange about incidents between CII entities, foreign authorities, international organizations, and NGOs working in cyber threat response, officials face fines from 20,000 to 50,000 rubles, and legal entities from 100,000 to 500,000 rubles.
If the authorized executive body is not notified (or notified late) about the assignment of a significance category to a CII object, the fine is 10,000 to 50,000 rubles for officials and 50,000 to 100,000 rubles for legal entities. The FSB will handle administrative cases under these articles.