Originally published by IAM media.
Russia's Law on Sovereign Internet, adopted in May 2019, came into force in November, amending an existing federal law on information, information technologies and the protection of information as well as a law on communications. The reasoning for adopting this law was to create a national network, which can operate independently in the event of disconnection from the global network. Its primary goal is to ensure that internet services - including online banking, e-services, online stores and social media websites - will continue to be available and accessible to Russian users in the face of internal and foreign threats.
A national network
The new law calls for the creation of two national systems: one for an internet routing infrastructure and the other for domain names. The legislation defines the rules for internet routing and its supervision and sets out regulations for creating an infrastructure that would enable Russian web sources to operate even if unable to connect to foreign root servers.
The Federal Service for Supervision over Communications, Information Technology and Mass Media (Roskomnadzor) has been appointed to oversee the execution of the new law.
The new law applies to the following market players:
- telecom providers;
- technological communication networks (i.e., networks designed to support the production activities and management processes of companies);
- internet exchange point owners (i.e., network infrastructure for traffic exchange between networks);
- companies with communication lines that cross the Russian border;
- entities that disseminate information (social media); and
- entities with autonomous system numbers.
The law requires that such players:
- inform Roskomnadzor of the purpose of using a communication line that crosses the Russian border;
- inform Roskomnadzor of their communication networks, including infrastructure and connections to other networks, particularly the connections that cross the Russian border;
- participate in training organised by Roskomnadzor;
- install software and hardware as required by Roskomnadzor; and
- restrict interaction between networks (e.g., by allowing the use of internet exchange points listed in the official register only) and prohibit owners of internet exchange points from connecting to communication networks and IXPs that fail to comply with the new law.
The new law is unlikely to affect internet users as it is designed to ensure that communication services in Russia remain available in the event of a cyberattack. Moreover, it should also primarily be seen as providing an initial legal framework: there is still much to be worked out about how the law will apply in actual practice. Its execution will largely depend on secondary legislation that is still to be written.
In addition, just because the new law has now come into force does not mean that sovereign internet has just been "switched on". Indeed, much of the technology is still being developed. But at this point, it is recommended that companies check whether the new law applies to them. And if it does, they need to see what steps should be taken and adjust their IT infrastructure accordingly.