Russian Federation

[RU] Sovereign Internet Law adopted

IRIS 2019-6:1/22

Andrei Richter

Comenius University (Bratislava)

The wording of the Federal Statutes “On amendments to the Federal Statutes ‘On Communications’ and ‘On Information, Information Technologies and the Protection of Information’” states its aim to be that of enabling the Russian sector of the Internet to operate independently of the World Wide Web in the event of an emergency or foreign threat.

On 16 April 2019, the Russian State Duma approved the bill in its third reading, and on 22 April, the Federation Council (the upper house of the Russian Parliament) approved it. It was signed by President Vladimir Putin on 1 May 2019 and enters into force on 1 November 2019 (with the exception of some provisions).

The Statute adds a new chapter (7-1) to the Federal Statute “On Communications” giving control over Internet network routing either to the state regulator, Roskomnadzor, or the Federal Service for the Supervision of Communications, Information Technology and Mass Media (see IRIS 2012-8/36). It provides that Internet Service Providers (ISPs) should connect with other ISPs (or peers), at Internet exchange points (IXes) approved by Roskomnadzor and listed in a special register, and that these IXes should not allow unapproved ISPs to peer. The Statute also establishes a centralised system of devices capable of blocking Internet traffic. It requires ISPs to install devices enabling DPI (“Deep Packet Inspection”) - which the government would provide free of charge - in their networks. The Statute also details Russian ISPs’ existing obligations, under Russian law, to filter and block content using other methods.

Under the new system, Roskomnadzor will monitor threats to Russia’s Internet access and transmit (via special devices) instructions to ISPs about the countering of such threats. Cross-border Internet traffic will be kept under rigid state control. Any blocking will result from direct interaction between the Government and the ISP in question and will be extra-judicial and non-transparent for third parties.

The Statute states that the new measures will be activated in the event of a potential threat to the “stability, security and integrity” of the Internet. It does not define a “threat to security”, although it does differentiate it from an emergency situation or a state of emergency. The Statute gives the Government full discretion to decide what will constitute a security threat and what range of measures and procedures will be activated in order to put networks under the “centralised control” of Roskomnadzor. Technical support to Roskomnadzor shall be provided by a new department, to be established at the Government-owned General Radio Frequency Centre.

Furthermore, the Statute creates a national domain name system (DNS) and requires Internet providers to start using it from 2021. Roskomnadzor will found an NGO that will provide, register and store domain names in the national domain zone (.ru, .su, .рф) and serve as the national coordinator.