According to Law No. 139-FZ, the Russian state is authorised to block drug-related content, extremist material, and other information deemed illegal within the country. Reports indicate that to implement the provisions of Law No. 139-FZ, the Russian government employs online filtering protocols, including the Deep Packet Inspection (DPI) surveillance system.
In addition to the provisions of Law No. 139-FZ, telecommunication operators and Internet Service Providers (ISPs) are permitted to block various types of network traffic, provided they adhere to relevant legislation and agreements with users or beneficiaries. Since 2012, the Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor) has maintained a Single Register of domain names, web page indices, and network addresses that identify websites containing prohibited information.

According to the amendments introduced by Law No. 241-FZ, ISPs are required, within 24 hours from the moment of receipt of the relevant request from the Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor), to restrict the ability of the user of the instant messaging service specified in this requirement to transfer electronic messages containing information, the dissemination of which is prohibited in the Russian Federation, as well as information disseminated in violation the requirements of the legislation of the Russian Federation. The ISPs that fail to meet this requirement can be blocked by the authorities.
According to the Art. 13.34 of the Administrative Offences Code (introduced in 2017), ISPs that do not block banned sites according to the information received from state regulator Roskomnadzor will be required to pay between 100,000-500,000 Rubles (approx. 1600 USD - 8500 USD) penalty. The officials of those legal entities (ISPs) will face fines of 5,000-30,000 Rubles (approx. 85 USD - 500 USD) for failing to implement Roskomnadzor’s instructions. If the actions are repeated during the year, the amount of penalties will be 30,000-50,000 Rubles (approx. 500 USD - 850 USD) for officials and 500,000-800,000 Rubles (approx. 8500 USD - 13500 USD) for ISPs.

Russia has not joined any agreement with binding commitments to open transfers of data across borders.

Federal Law No. 152-FZ provides a comprehensive regime of data protection in the Russian Federation and follows an approach similar to that of EU Directive 95/46/EC. However, data protection in Russia is regulated by several laws in addition to the Law about Personal Data; other notable laws include the Federal Law No. 149-FZ of 27 July 2006 on Information, Information Technologies and Protection of Information.

Russian news aggregators are required to store the news disseminated, information about the news source, as well as information about the terms of its dissemination for six months and to provide access to such information to the Russian Federal Service for Supervision of Telecom, Information Technologies and Mass Media.

According to Art. 19 of the Law No. 152-FZ, the data operator should take all reasonable organisational and technical measures when processing personal data in order to prevent unauthorised access to personal data, its destruction, alteration, blocking, copying, distribution or conduct of other illegitimate acts.
Art. 22.1 of the Law, which has been in force since 2011, requires the appointment of a person responsible for organising the processing of personal data. This person is responsible for organising the processing of personal data and should:
- exercise internal control over compliance by the operator and its employees with the legislation of the Russian Federation concerning personal data, including requirements relating to the protection of personal data;
- make employees of the operator aware of the provisions of the legislation of the Russian Federation concerning personal data, of by-laws on the processing of personal data and of requirements relating to the protection of personal data;
- organise the acceptance and processing of applications and requests from data subjects or their representatives and (or) exercise control over the acceptance and processing of such applications and requests.

Federal Law No. 374-FZ provides that Internet and telecommunications companies are required to disclose communications and metadata, as well as “all other information necessary,” to authorities on request and without a court order. The law penalises companies that fail to disclose requested information with fines of up to one million rubles (approx. USD 16,500) (Arts. 11, 13, 15).

The Federal Law on Trade Secrets establishes a formal framework for the protection of confidential business information. Nevertheless, stakeholders report that, in practice, the Russian trade secret regime imposes disproportionate burdens on rights holders, particularly through the requirement to satisfy specific preconditions for protection that do not adequately reflect the commercial realities faced by most enterprises. With respect to enforcement, stakeholders further observe that, although deterrent‑level sanctions and preliminary measures are formally available, courts rarely impose such remedies in cases of trade secret misappropriation.

The so-called “Anti-Piracy Law” establishes a safe harbour for Internet Service Providers (ISPs) in certain cases. According to Art. 1253.1 introduced by this Law to Part IV of the Civil Code, an information intermediary transferring material in an information and telecommunication network is not responsible for the violation of IP rights resulting from this transfer, provided that the following conditions simultaneously exist: (i) he is not the initiator of this transfer and does not determine the recipient of the specified material; (ii) he does not change the specified material when providing communication services, with the exception of changes made to ensure the technological process of transferring the material; (iii) he did not know and should not have known that the use of the corresponding result of intellectual activity or means of individualisation by the person who initiated the transfer of material containing the corresponding result of intellectual activity or means of individualisation is illegal.
In addition, according to the Article, an information intermediary providing the possibility of posting material in an information and telecommunications network is not responsible for the violation of IP rights that occurred as a result of the posting of materials in the network by a third party or at his direction, while the intermediary observes the following conditions: (i) he did not know and should not have known that the use of the corresponding result of intellectual activity or means of individualisation contained in such material is illegal; (ii) in case of receiving in writing a statement of the copyright holder about the infringement of intellectual rights with an indication of the website page and (or) the network address on the Internet on which such material is posted, he took the necessary and sufficient measures in a timely manner to stop the infringement of intellectual rights. (the so-called "Notice and takedown" rule).
The information intermediary, who is not held responsible for the violation of IP rights accordingly, may be subject to claims for the protection of IP rights, including the removal of information that violates exclusive rights or restricting access to it.

It is reported that there is no obligation for passive infrastructure sharing in Russia to deliver telecom services to end users. However, it is practised in both the mobile and fixed sectors based on commercial agreements.

It is reported that the Russian Government holds a 38% stake in Rostelecom, a major telecommunications company and one of the largest operators in Russia and Eastern Europe. Rostelecom provides extensive services such as fixed-line telecommunications, broadband internet, digital television, and mobile services, alongside IT solutions, cloud services, and data centre operations. As a state-owned enterprise, Rostelecom plays a crucial role in shaping Russia's telecommunications infrastructure and digital economy.

Russia lacks rules for functional separations for operators with significant market power, although there are rules in place for accounting separation. Under Ministry for Digital Development, Connection, and Mass Communications Order 54, dated May 2006, operators that hold substantial positions in publicly available networks and operators of universal services and natural telecoms monopolies must keep separate accounts for different types of activity; provided services; and different sections of the telecoms network used for the provision of such services. In addition, Russian competition laws also provide for forced separation as a last resort measure that may be implemented by a court at the request of antitrust authorities with respect to a dominant market player that systematically abuses its dominant position.

In 2017, the Russian State Commission for Radio Frequencies issued a decision requiring telecommunications operators seeking to rent capacity from a foreign satellite operator to demonstrate that Russian satellite providers do not have such capacity.

Russia has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Russia has a national telecommunications regulator, the Federal Service for Supervision of Communications, Information Technology, and the Mass Media (Roskomnadzor). Nonetheless, available reporting suggests that its decision-making autonomy is constrained. Roskomnadzor is institutionally subordinate to the Ministry of Digital Development, Communications, and Mass Media, a relationship that significantly limits its independence from executive authority.