Companies need to acquire a license in order to be engaged in distributing encryption facilities, maintaining encryption facilities, providing encryption services, and developing and manufacturing encryption facilities protected by means of encryption under Article 12 of Federal Law No. 128-FZ “On Licensing Specific Types of Activity”.

Foreign manufacturers of telecommunications equipment have reported serious difficulties in obtaining product approvals in Russia. The Law on Communications establishes a separate procedure for licensing and certification in the sphere of telecommunications. Communication devices are subject to a procedure of mandatory conformity acknowledgement by way of either compulsory certification or compulsory declaration of conformity from Federal Communications Agency (FCA) if it is to be supplied in connection with a common carrier network in Russia.
A declaration of conformity is a document in which the applicant confirms that the product it has manufactured corresponds to the conformity requirements. To be valid, a declaration of conformity for the relevant telecommunications device is subject to registration with the FCA. A declaration of conformity should be filed for registration by an applicant accompanied with the relevant evidence of the device’s conformity obtained with the help of accredited test laboratories. On the other hand, the competent authority for certification is the Certification Agency. A manufacturer or supplier of a device files an application with the Certification Agency, which carries out the certification test.
The complete list of communication products subject to mandatory certification is approved by the Decree of the Government of the Russian Federation No. 532 dated 25.06.2009.

In 2016, the Center of Import Substitution in the Sphere of Information and Communication Technology was established and was tasked to submit proposals for the introduction of changes in legislation to ensure priority for procurement of Russian-made software and hardware. Since then, a number of import substitution and local content requirements in the ICT sector were imposed, including through (i) Resolution No. 878 establishing a State Register of Russian Radio-Electronics and mandating that SOEs apply a 30% price preference for Russian-made products; (ii) Law No. 429 mandating the pre-installation of certain Russian software applications on certain "technically complex goods", among others.

The Single List of Goods contains the goods on which export prohibitions or restrictions apply in the Customs Union member States, including Russia. The following digital goods are among the goods that are subject to export restrictions: (i) Special hardware meant for secret information acquisition; (ii) Encryption devices; (iii) Civil radio-electronic and/or high-frequency means (REM and HFM) including built-in or forming part of other goods; (iv) Audiovisual materials and other information media containing information against the public morals, public order and security are banned from exportation.
In addition, equipment and devices containing encryption have to be registered with the Federal Security Service (FSS), and the manufacturer or the seller has to obtain FSS notification upon exportation of such equipment from the territory of the Eurasian Economic Union, including Russia in accordance with Annex No. 9 to the Decision No. 30 of the Board of the Eurasian Economic Commission dated 21 April 2015. FSS notification is necessary for the exportation of equipment and devices, both general civil, industrial, scientific, and other purposes, including a large list of products containing cryptographic components which include many high-tech devices such as mobile phones, tablet computers, laptops, wireless keyboards, wireless mice, servers, RFID tags, among others.

Russia prioritizes the development of locally produced technologies, digital goods, and services and has taken extensive measures to achieve its purposes in this regard. In 2015, Resolution of the Government of the Russian Federation No. 1442 ("On procurement of innovative products, high-tech products certain types of legal entities and amending certain Acts of the Russian Federation") set forth procedures for establishing the annual volume of purchases by State Owned Enterprises of innovative and high-tech products, including a minimum volume of purchases that must be made from SMEs. Resolution No. 717 from 2016 identified the 135 SOEs that were subject to the minimum SME purchasing requirements.

According to Decision No. 134 of the Eurasian Economic Commission (2012), licensing procedures are applied to the importation of certain digital goods to the Eurasian Economic Union, including Russia. These digital goods are the following: (i) Civil radio-electronic equipment and/or high-frequency devices including those that are built-in or form a part of other goods; (ii) Special hardware meant for secret information acquisition; (iii) Encryption devices.
It is reported that Russia has a complex and non-transparent licensing regime in place that impedes the importation of telecommunication equipment that incorporates encryption technology in accordance with Annex 9 of the Decision No. 30 of the Eurasian Economic Commission. This is despite Russia committed to reform its import licensing regime for products with cryptographic functionalities (“encryption products”) in its WTO accession protocol. It is also reported that a streamlined notification process is meant to be relevant to products categorized as "mass market" goods, according to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Nevertheless, the regulatory interpretation of "mass market" products within the Eurasian Economic Union diverges from this description.
Additionally, it is reported that the process for importing consumer electronic products considered to be a “mass market” has been aggravated. Therefore, imports of encryption products and particularly common consumer electronic products continue to be inhibited and cannot be imported via a simple notification.

According to Art. 12 of Federal Law No. 128-FZ, companies need to acquire a license in order to be engaged in distributing encryption facilities, maintaining encryption facilities, providing encryption services, and developing and manufacturing encryption facilities protected by means of encryption.

It is reported that in December 2019, the State established a pre-installation of Russian software requirement on certain consumer electronic products (e.g., smartphones, computers, tablets, and smart TVs) sold in Russia. In late December 2020, the Russian Government finalized the list of 16 categories of software requiring pre-installation, leaving technology companies a short time to undertake the necessary compatibility tests before the April 2021, implementation date. Also in December 2020, the Russian Parliament added a further requirement that pre-installed browsers must provide the ability to use “by default” a Russian (or other EAEU member state) search engine, further eliminating consumer choice.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Russia. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to the amendments introduced by Law No. 241-FZ, ISPs are required, within 24 hours from the moment of receipt of the relevant request from the authorized federal executive body (Roskomnadzor), to restrict the ability of the user of the instant messaging service specified in this requirement to transfer electronic messages containing information, the dissemination of which is prohibited in the Russian Federation, as well as information disseminated in violation the requirements of the legislation of the Russian Federation. The ISPs that fail to meet this requirement can be blocked by the authorities.

According to the Article 13.34 of the Administrative Offenses Code (introduced in 2017), ISPs that do not block banned sites according to the information received from state regulator Roskomnadzor will be required to pay between 100,000-500,000 Rubles (1600 USD - 8500 USD) penalty. The officials of those legal entities (ISPs) will face fines of 5,000-30,000 Rubles (85 USD - 500 USD) for failing to implement Roskomnadzor’s instructions. If the actions are repeated during the year the amount of penalties will be 30,000-50,000 Rubles (500 USD - 850 USD) for officials and 500,000-800,000 Rubles (8500 USD - 13500 USD) for ISPs.

Federal Law No. 482-FZ allows Roskomnadzor to block a digital platform either partly or in full if this platform restricts the distribution of content from Russian state media outlets. It is reported that the Law was adopted in response to complaints from Russian state-owned media that foreign internet portals Twitter, Facebook, and YouTube were censoring their accounts.

According to Law No. 139-FZ, the state is allowed to block drug-related material, extremist material, and other content recognized as illegal in Russia. It is reported that, in order to implement the measures contained in Law No. 139-FZ, the Russian government has implemented online filtering protocols such as the Deep Packet Inspection surveillance system. Critics have complained that the Law and the filtering practice is used for political purposes to restrict free speech. In addition to the provisions of Law No. 139-FZ, telecommunication operators and Internet Service Providers are allowed to block different types of traffic over their networks provided that they comply with the relevant legislation and agreements with users/beneficiaries.
It is reported that since 2012, Roskomnadzor maintains the Single Register domain names, indexes of pages of sites on the Internet, and network addresses that allow identifying sites on the Internet, containing information, the dissemination of which in the Russian Federation is prohibited. Reported examples of content or website blocking on similar grounds include the Russian government's brief blockage of access to Reddit, GitHub, and Wikipedia for featuring content related to suicide and drugs in August 2015.

It is reported that access to sensitive political and social content on the internet as well as many social media and communication platforms is restricted by Russian authorities. It is reported that for 2019, over 4.74 million internet resources were blocked in Russia while officially, only about 315,000 internet resources were blacklisted. In addition, Telegram, Alibaba Cloud, Amazon Web Services, Google Cloud, and Microsoft Azure were among the blocked websites. Furthermore, over 18 million IP addresses were blocked in 2019, affecting online stores, banks, airline ticketing systems, news sites, and other social media and communication platforms such as Viber and Odnoklassniki.
Furthermore, it is reported that between June 2019 - May 2020, the Ministry of Internal Affairs blocked almost 21,000 internet resources containing information about illegal drugs while the Prosecutor General’s Office blocked 81,000 websites that allegedly hosted extremist content that year. In addition, in March 2019, the two largest Russian ISPs restricted traffic to the anonymous web browser Tor and the simple mail transfer protocol (SMTP) servers of ProtonMail, an encrypted email service at the request of the Federal Security Service (FSB).

According to Art. 1253, intermediaries are not liable for third-party content unless they knew or ought to have known that infringing material was being used illegally on their service. It is reported that the article contains a “constructive knowledge” clause, that may incentivize intermediaries to monitor their services in order to locate “illegal” material.