It is reported that in December 2019, the State established a pre-installation of Russian software requirement on certain consumer electronic products (e.g., smartphones, computers, tablets, and smart TVs) sold in Russia. In late December 2020, the Russian Government finalized the list of 16 categories of software requiring pre-installation, leaving technology companies a short time to undertake the necessary compatibility tests before the April 2021, implementation date. Also in December 2020, the Russian Parliament added a further requirement that pre-installed browsers must provide the ability to use “by default” a Russian (or other EAEU member state) search engine, further eliminating consumer choice.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Russia. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to the amendments introduced by Law No. 241-FZ, ISPs are required, within 24 hours from the moment of receipt of the relevant request from the authorized federal executive body (Roskomnadzor), to restrict the ability of the user of the instant messaging service specified in this requirement to transfer electronic messages containing information, the dissemination of which is prohibited in the Russian Federation, as well as information disseminated in violation the requirements of the legislation of the Russian Federation. The ISPs that fail to meet this requirement can be blocked by the authorities.

According to the Article 13.34 of the Administrative Offenses Code (introduced in 2017), ISPs that do not block banned sites according to the information received from state regulator Roskomnadzor will be required to pay between 100,000-500,000 Rubles (1600 USD - 8500 USD) penalty. The officials of those legal entities (ISPs) will face fines of 5,000-30,000 Rubles (85 USD - 500 USD) for failing to implement Roskomnadzor’s instructions. If the actions are repeated during the year the amount of penalties will be 30,000-50,000 Rubles (500 USD - 850 USD) for officials and 500,000-800,000 Rubles (8500 USD - 13500 USD) for ISPs.

Federal Law No. 482-FZ allows Roskomnadzor to block a digital platform either partly or in full if this platform restricts the distribution of content from Russian state media outlets. It is reported that the Law was adopted in response to complaints from Russian state-owned media that foreign internet portals Twitter, Facebook, and YouTube were censoring their accounts.

According to Law No. 139-FZ, the state is allowed to block drug-related material, extremist material, and other content recognized as illegal in Russia. It is reported that, in order to implement the measures contained in Law No. 139-FZ, the Russian government has implemented online filtering protocols such as the Deep Packet Inspection surveillance system. Critics have complained that the Law and the filtering practice is used for political purposes to restrict free speech. In addition to the provisions of Law No. 139-FZ, telecommunication operators and Internet Service Providers are allowed to block different types of traffic over their networks provided that they comply with the relevant legislation and agreements with users/beneficiaries.
It is reported that since 2012, Roskomnadzor maintains the Single Register domain names, indexes of pages of sites on the Internet, and network addresses that allow identifying sites on the Internet, containing information, the dissemination of which in the Russian Federation is prohibited. Reported examples of content or website blocking on similar grounds include the Russian government's brief blockage of access to Reddit, GitHub, and Wikipedia for featuring content related to suicide and drugs in August 2015.

It is reported that access to sensitive political and social content on the internet as well as many social media and communication platforms is restricted by Russian authorities. It is reported that for 2019, over 4.74 million internet resources were blocked in Russia while officially, only about 315,000 internet resources were blacklisted. In addition, Telegram, Alibaba Cloud, Amazon Web Services, Google Cloud, and Microsoft Azure were among the blocked websites. Furthermore, over 18 million IP addresses were blocked in 2019, affecting online stores, banks, airline ticketing systems, news sites, and other social media and communication platforms such as Viber and Odnoklassniki.
Furthermore, it is reported that between June 2019 - May 2020, the Ministry of Internal Affairs blocked almost 21,000 internet resources containing information about illegal drugs while the Prosecutor General’s Office blocked 81,000 websites that allegedly hosted extremist content that year. In addition, in March 2019, the two largest Russian ISPs restricted traffic to the anonymous web browser Tor and the simple mail transfer protocol (SMTP) servers of ProtonMail, an encrypted email service at the request of the Federal Security Service (FSB).

According to Art. 1253, intermediaries are not liable for third-party content unless they knew or ought to have known that infringing material was being used illegally on their service. It is reported that the article contains a “constructive knowledge” clause, that may incentivize intermediaries to monitor their services in order to locate “illegal” material.

The amendments introduced by Federal Law No. 276 prohibit internet intermediaries from providing access to websites and information resources that are designated as “resources with restricted access” by Roskomnadzor. The Law requires Roskomnadzor to create a national information database of online resources and services to which access is prohibited in Russia. Internet service providers (ISPs) will be required to identify those owners of resources who do not block access to prohibited online resources and report them to the Roskomnadzor within three days. Operators of online search engines are required to block links to websites included in the database of prohibited online resources. If the owner of the network or information resource continues to ignore the requirement to block access to restricted websites, its Internet connection can be terminated by the ISP within 24 hours.

Amendments introduced by Federal Law No. 241 prohibit the anonymous use of instant message (“IM”) services. Providers are obliged to identify users of the instant messaging service by the subscriber number of the mobile radiotelephone operator in the manner established by the Government of the Russian Federation, on the basis of an identification agreement concluded by the organizer of the instant messaging service with the mobile radiotelephone operator.

While there is a safe harbor for copyright infringement under Federal Law No. 187-FZ "On Amendments to Certain Legislative Acts of the Russian Federation on the Protection of Intellectual Property Rights in Information and Telecommunication Networks", the country lacks a safe harbor for activities other than copyright infringement. In fact, according to the Article 13.34 of Federal Law No. 18-FZ "On Amendments to the Code of the Russian Federation on Administrative Offenses" (introduced in 2017), ISPs that do not block banned sites according to the information received from state regulator Roskomnadzor would be liable and required to pay between 100,000-500,000 Rubles (1600 USD - 8500 USD) penalty. The officials of those legal entities (ISPs) will face fines of 5,000-30,000 Rubles (85 USD - 500 USD) for failing to implement Roskomnadzor’s instructions. If the actions are repeated during the year the amount of penalties will be 30,000-50,000 Rubles (500 USD - 850 USD) for officials and 500,000-800,000 Rubles (8500 USD - 13500 USD) for ISPs.

Law No. 97-FZ and the corresponding government decrees, Decree No. 758 and Decree No. 801, have established several requirements regarding the identification of Wi-Fi users in public places, such as parks, hotels, cafeterias, restaurants, clubs, cinemas and shopping malls, among others. The Act and the decrees require that
- ISPs must identify Internet users by means of identity documents (such as passports);
- ISPs must identify terminal equipment by determining the unique hardware identifier of the data network;
- All legal entities in Russia must provide ISPs on a monthly basis with the list of persons connecting to the Internet using their network.

The so-called “Anti-Piracy Law” establishes a safe harbor for Internet Service Providers (ISPs) in certain cases. According to Art. 1253.1 introduced by this Law to Part IV of the Civil Code, an information intermediary transferring material in an information and telecommunication network is not responsible for the violation of IP rights resulting from this transfer, provided that the following conditions simultaneously exist: (i) he is not the initiator of this transfer and does not determine the recipient of the specified material; (ii) he does not change the specified material when providing communication services, with the exception of changes made to ensure the technological process of transferring the material; (iii) he did not know and should not have known that the use of the corresponding result of intellectual activity or means of individualization by the person who initiated the transfer of material containing the corresponding result of intellectual activity or means of individualization is illegal.
In addition, according to the Article, an information intermediary providing the possibility of posting material in an information and telecommunications network is not responsible for the violation of IP rights that occurred as a result of posting of materials in the network by a third party or at his direction, while the intermediary observes the following conditions: (i) he did not know and should not have known that the use of the corresponding result of intellectual activity or means of individualization contained in such material is illegal; (ii) in case of receiving in writing a statement of the copyright holder about the infringement of intellectual rights with an indication of the website page and (or) the network address on the Internet on which such material is posted, he took the necessary and sufficient measures in a timely manner to stop the infringement of intellectual rights. (the so-called "Notice and takedown" rule).
The information intermediary who is not held responsible for the violation of IP rights accordingly, may be subject to claims for the protection of IP rights including the removal of information that violates exclusive rights, or restricting access to it.

According to Art. 19 of the Law No. 152-FZ, the data operator should take all reasonable organizational and technical measures when processing personal data in order to prevent unauthorized access to personal data, its destruction, alteration, blocking, copying, distribution or conduct of other illegitimate acts.
Art. 22.1 of the Law, which has been in force since 2011, requires appointment of a person responsible for organizing the processing of personal data. This person is responsible for organizing the processing of personal data and should:
- exercise internal control over compliance by the operator and its employees with the legislation of the Russian Federation concerning personal data, including requirements relating to the protection of personal data;
- make employees of the operator aware of the provisions of the legislation of the Russian Federation concerning personal data, of by-laws on the processing of personal data and of requirements relating to the protection of personal data;
- organize the acceptance and processing of applications and requests from data subjects or their representatives and (or) to exercise control over the acceptance and processing of such applications and requests.

Federal Law No. 374-FZ provides that Internet and telecommunications companies are required to disclose communications and metadata, as well as “all other information necessary,” to authorities on request and without a court order. The law penalises companies that fail to disclose requested information, with fines of up to one million rubles (approx. USD 16,500) (Arts. 11, 13, 15).