Imposing restrictions on the use of IT-products in the government and financial sectors
11 July 2023Please be informed of the adoption of a number of legislative and regulatory acts that impose restrictions on the use of foreign programs and products in the government and financial sectors.
Ban on the use of foreign messengers
As of March 1, 2023 restrictions on the use of a number of foreign messengers1Federal Law No. 584-FZ dated December 29, 2022 “On Amending the Federal Law “On Information, Information Technologies, and Information Protection” for specific operations related to the transfer of payment documents and personal data are imposed on certain organizations in Russian government and financial sectors:
| To whom the ban applies? | |
|---|---|
| Prohibited Operations | |
| Banned foreign messengers (as of March 1, 2023)2The list of banned foreign messengers is adopted by Roskomnadzor: https://rkn.gov.ru/news/rsoc/news74672.htm | |
| What is allowed? | Companies may still use the messengers listed above as long as their use does not fall within the Prohibited Operations. |
As an extension of this ban, liability in the form of fines for the use of foreign messengers was imposed as of June 24, 20233Federal Law No. 277-FZ dated June 24, 2022 “On Amending the Code of Administrative Offenses of the Russian Federation”:
For officials – from RUB 30 000 to 50 000,
For legal entities – from RUB 100 000 to 700 000.
Control of the Bank of Russia over the Russian financial sector organizations’ transition to domestic software
As of March 1, 2025, a ban on the use of foreign software at significant critical information infrastructure facilities (“SCIIF”) owned by state authorities and customers under the Law No. 223-FZ (except for entities with municipal participation) is imposed4Decree of the President of the Russian Federation dated March 30, 2022 No. 166 “On measures to ensure technological independence and security of the critical information infrastructure of the Russian Federation”.
This ban will affect large Russian banks and non-credit financial institutions that are subject to legislation regulating security of critical information infrastructure.
Furthermore, as of September 2023 the Bank of Russia will be authorized to coordinate and control the transition of credit institutions and non-credit financial institutions5Federal Law No. 243-FZ dated June 13, 2023 “On Amending the Federal Law “On the Central Bank of the Russian Federation (Bank of Russia)” to domestic software, domestic radio electronic products, and telecommunication equipment.
The Regulator will control purchases of foreign software and services falling within its competence.
The Bank of Russia will also manage and monitor credit institutions and non-credit financial institutions in order to implement measures ensuring security of critical information infrastructure.
Federal Law No. 584-FZ dated December 29, 2022 “On Amending the Federal Law “On Information, Information Technologies, and Information Protection” The list of banned foreign messengers is adopted by Roskomnadzor: https://rkn.gov.ru/news/rsoc/news74672.htm Federal Law No. 277-FZ dated June 24, 2022 “On Amending the Code of Administrative Offenses of the Russian Federation” Decree of the President of the Russian Federation dated March 30, 2022 No. 166 “On measures to ensure technological independence and security of the critical information infrastructure of the Russian Federation” Federal Law No. 243-FZ dated June 13, 2023 “On Amending the Federal Law “On the Central Bank of the Russian Federation (Bank of Russia)”
We hope that the information provided herein will be useful for you.
