On May 18, RUS PRL passed bill to protect critical IT infrastructures.
RUS PRL passed law to ensure the safety of critical information infrastructure facilities.
The disruption of which can lead to the failure of facilities to support the life of the population, transport infrastructure, communication networks, termination or disruption of the provision of public services, damage to life and health of people.
Proposals
Fines of 10k-50k for officials, 50k-100k for legal entities that violate requirements for creating security systems for significant objects of critical information infrastructure, ensuring their operation and security within the framework of current laws/regulations.
Fines of 10k-50k for officials, 100k-500k for legal entities for failure to comply with the procedure for providing information regarding computer incidents, responding to such incidents and failure to take measures to eliminate consequences of computer attacks.
Fines of 20k-50k for officials, 100k-500k for legal entities for violating the procedure for the exchange of information on computer incidents between infrastructure entities and authorized bodies of foreign states, international organizations, international non-governmental, foreign organizations that work in area of responding to such incidents.
Fines of 10k-50k for officials, 50k-100k for legal entities for violation of the deadlines or failure to provide relevant information to the state system for detecting, preventing, eliminating consequences of computer attacks, as well as authorized executive body.
Effectiveness
The law is awaiting Presidential approval.
May 26, 2021 Law Signed
On May 26, 2021, RUS GVT announced President Putin had signed Federal lawOn Amendments to the Code of Administrative Offenses of the Russian Federation.
Establishes administrative responsibility for violating critical information infrastructure security and for failure to provide information provided for by legislation in this area.
The law enters into force Jun. 7, 2021, ten days after official publication date of May 26, 2021, with the exception of provisions that will enter into force on Sep. 1, 2021.
Mar. 2022 Foreign Software
On Mar. 30, 2022, RUS GVT issued decree 166 on measures to ensure technological independence and security of critical information infrastructure of Russian Federation.
As from Jan. 1, 2025 the law bans purchase of software for use in critical information infrastructure of the Russian Federation without prior agreement of the RUS GVT.
Nov. 2023 Amendments
On Nov. 22, 2023, RUS GVT issued order 887 on amendments to decree of the president of Russia 166 on measures to ensure technological independence and security of critical information infrastructure of Russia effective from Nov. 22, 2023.
The order establishes that critical infrastructure facilities should consult RUS CB on the possibility of procurement with the federal executive body authorized by RUS GVT.
Regulators
RUS CB; RUS GVT; RUS PRL
Entity Types
Corp
Reference
PR, Order 166, 11/22/2023; PR 3/30/2022; PR 5/26/2021; PR, 5/18/2021; Bill 1048574-7; Law 99-FZ, 4/1/2021; Law 166, 3/30/2022
