Amendments to substantially increase penalties for the absence of SORM (System for Operative-Investigative Measures) equipment have been approved by the State Duma in its second reading. Experts anticipate that these heightened fines will primarily impact smaller online platforms and technological networks, as medium and large-scale entities are already largely compliant with existing regulations.
Authorities are set to increase fines by five to ten times for internet information disseminators who fail to install SORM equipment. The State Duma has adopted these amendments in their second reading. These changes will raise penalties for internet companies up to tenfold for refusing to install hardware for security services, as mandated by the “Yarovaya Law.” Specifically, fines for individuals could surge from 3,000-5,000 rubles to 15,000-30,000 rubles, while the maximum fine for legal entities could jump from 500,000 rubles to 1 million rubles.
Experts suggest that these new fines will primarily target smaller internet resources and tech networks, given that larger and medium-sized entities are already regulated in this area. Leonid Konik, CEO of Comnews Group, finds the rationale for such harsh measures unclear:
Leonid Konik, CEO of Comnews Group
“It seems to me these are unnecessary moves. Recently, any actions related to licenses in Russia, whether issuing new operator licenses or renewing existing ones, have been tightened without coordinating all SORM actions. So, if anyone could bypass SORM, it would be a very small, insignificant regional internet provider. But perhaps the authorities are concerned about even the smallest mouse not slipping through, and to ensure that not a single operator, including internet providers, avoids installing SORM equipment, the state has decided to further increase fines for its absence.”
Fyodor Kravchenko, managing partner of the Media Lawyers Collegium, concurs:
Fyodor Kravchenko, Managing Partner of the Media Lawyers Collegium
“Primarily, this concerns telecom operators, but in some cases, these requirements may also affect other network owners — for example, corporate networks that do not hold licenses. As for fines, increasing their amount is completely impractical for any licensed telecom operators, because the main threat for them is losing their license, after which their company is forced to cease providing communication services, lose all their clients, and effectively go bankrupt within a very short time. Therefore, the size of fines is not critical for them at all. And even if the fine was 1 ruble, or no fine at all, they would still comply with all government requirements, Roskomnadzor, under the threat of losing their license.”
“For those telecom operators and other network owners who do not have licenses, the fine amount may matter, but even the fines established by the current Code of Administrative Offenses are quite sensitive and substantial. To raise the question of the need to increase fines, a convincing statistic would have to be presented, proving that there are many violations and the applied fine amounts do not deter offenders. But I am sure this is not the case — almost any network owner will still comply with SORM installation requirements — the other thing is that these requirements themselves are quite vague. Here, apparently, deputies are trying to shift the responsibility to network owners to determine the composition of this equipment, how fully these requirements need to be met, since very often such issues are resolved through semi-formal negotiations, and in this case, deputies want to force operators to play it safe and install the maximum list of equipment, so that they show initiative, ask Roskomnadzor to assure them that nothing more needs to be installed or provided.”
The register of information disseminators includes resources where users leave comments and communicate, such as social networks, media outlets, and forums.
According to the “On Information” law (also known as the “Yarovaya Package”), Organizers of Information Dissemination (OID) must retain information about the facts of message transmissions by their users for one year. The content of these messages, including texts, photos, and audio recordings, must be stored for six months.
Companies are obligated to provide this data to security services upon request. According to Roskomnadzor, over 400 OIDs are currently registered in the registry.
Rupert Blackwood 
Clement Ashworth