In June 2016, the Russian Parliament adopted Federal Law
"On Amendment of the Federal Law 'On Counterterrorism'
and Related Laws of the Russian Federation Establishing Additional
Counterterrorism and Public Security Measures"
("Amendments"). These Amendments have a number of
provisions affecting the technology sector.
The Amendments also introduce changes to Russian legislation
related to telecommunications and the internet—specifically,
Federal Law No126-FZ "On Telecommunications" dated July
7, 2003 ("Telecom Law") and Federal Law No149-FZ "On
Information, Informational Technologies and Protection of
Information" dated July 27, 2006 ("Information
Law"). Changes in the legislation proposed by the Amendments
for the Telecom Law and Information Law require Russian
communications service providers ("CSP") and
"facilitators of information dissemination on the
Internet" ("FIDI") to store in Russia all
information on their customers' and internet users'
communications and messages for specified periods. Article 10.1(1)
of the Information Law defines "FIDI" as "a person
who operates information systems and/or computer software designed
or used for receiving, transmitting, delivering and/or processing
of Internet users' electronic messages." The definition of
FIDI in the Information Law includes messaging service providers,
public email service providers, social media, blogging, news and
other platforms, and IP-telephony providers. The Russian Federal
Service for Supervision of Communications, Information Technology
and Mass Media maintains a register of FIDIs.
The Amendments require CSPs to keep all metadata information on
customers' communications and messages (i.e., "information
on receipt, transmittance, delivery and/or processing of voice
data, texts, pictures, sounds, video- or other types of
messages") for three years. FIDIs are mandated to maintain an
archive data on internet users and their communications and
messages for one year. Article 10.1(3) of the Information Law
prescribes FIDIs to keep archived data for a six-month period,
while CSPs do not have this obligation. Article 64(1) of the
Telecom Law imposes a general obligation on CSPs to disclose any
data to Russian law enforcement authorities upon their
The Amendments impose an additional obligation on CSPs and FIDIs to
retain the content of customers' and internet users'
communications and messages (in addition to metadata) for up to six
months. The procedure, retention periods, and scope of the retained
content are not specified and are to be further determined by the
Russian government in special regulations.
The Amendments also require FIDIs that use encryption for
electronic messaging services and/or provide encryption
functionality to internet users to disclose relevant decryption
tools to the Russian Federal Security Service. Failure to comply
with these requirements may lead to administrative fines of up to 1
million rubles (approximately US$15,500).
CSPs and FIDIs will thus experience significant financial and
organizational burdens, and compliance risks, under the Amendments.
It is expected that both the scope of data archiving and mandatory
retention periods for CSPs and FIDIs would increase dramatically.
In addition, the Amendments prohibit encryption unless decryption
tools are provided to the Russian Federal Security Service, thus
potentially affecting adoption of these services by the
The Amendments were approved by the Duma (the lower chamber of the
Russian Parliament) as well as by the Federation Counsel in late
June 2016 and signed by President Putin on July 7, 2016. The
current timeline for implementation is from July 2016 through July
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).