All questions

Intellectual property and data protection

i Intellectual property

Russian law is familiar with all standard concepts of intellectual property (IP) used to protect business. Most commonly used are:

  1. patents (protecting inventions, utility models and industrial designs);
  2. trade secrets;
  3. copyright; and
  4. trademarks, including service marks.

Information of any nature relating to the results of intellectual activity may be treated as a trade secret and be protected as IP provided basic confidentiality conditions are met.

Software and databases are usually protected under copyright laws. Copyright is acquired automatically as of the date a copyright object is manifested in objective form. Registration is optional.

Rights over trademarks are granted by virtue of registration with Rospatent, a local patent and trademark office. Alternatively, rights may also be acquired by virtue of international agreements to which Russia is a party, such as the Madrid Convention. Russia is a 'first-to-file' jurisdiction.

Any foreign company may seek protection of its intellectual property in Russia provided national law requirements are met. Russia is also a signatory to most international treaties covering intellectual property protection.

Disputes often arise in the context of employment relationship as to who owns newly created IP. For an employer to acquire rights over such IP, it is important that an employment contract or a job assignment explicitly states that creation of IP falls within the duties of an employee.

ii Data protection

Overall, Russian data protection law is in line with international standards. In fact, the Strasbourg Convention 1981 (ratified by Russia in 2005) laid the foundation for the Russian personal data protection legislation, which was adopted in 2006.

The main pieces of legislation governing the collection, storage and use of personal data in Russia are the Federal Law on Personal Data and the Federal Law on Information, Information Technologies, and Data Protection.

Unlike in some other jurisdictions, there is currently no general obligation to report cybercrimes, although such legislation was proposed in 2017 and may be adopted soon.