The year 2017 has witnessed many initiatives to regulate the Internet and IT in Russia. Some of them were welcome, whilst some raised eyebrows. Without further ado, let’s look at the top 10 changes.

1. Telemedicine Law Paves the Way for Modern Healthcare in Russia

In accordance with the law that came into effect on 1 January 2018, doctors are now officially allowed to consult patients through the Internet by means of video conference calls or by phone. The law provides the following procedure of rendering the service:

  • initial diagnosis and prescription of treatment must take place during the first offline visit to the doctor;
  • subsequent consultations, correction of treatment, follow-up and prescriptions may be provided online.

It is expected that the law will streamline the Russian healthcare system and even, perhaps, open a new segment of previously underserved young patients that were unwilling to use the old-fashioned system. This expectation has already been reflected in increased venture capital deal-making in this sector.

2. Fines for Illegal Processing of Personal Data Have Been Increased

As of 1 July 2017, administrative fines for illegal processing of personal data in Russia have increased by 3 to 4 times on average. In addition to that, the list of actionable offences has been expanded. Prior to that, the Code of Administrative Offences stipulated only one set of offences with a maximum fine of RUB 10,000 (approx. EUR 150). As of 1 July 2017, there are seven punishable offences and the maximum fine is RUB 75,000 (approx. EUR 1,100).

Simultaneously, Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) has published its recommendations in regard to proper drafting and content of personal data policies. These recommendations are now viewed as a departure point for updating one’s data compliance documents.

3. Online Cinemas Came under Regulation. Lawyers Are Still Debating Who Can Own Them

Amendments to the Federal Law “On Information, Information Technologies and Information Security” (the “Information Law”) came into effect on 1 June 2017 and introduced limitations on audiovisual services (also known as “online cinemas”).

A website, web page, information system and/or computer program meeting the following criteria is deemed an audiovisual service:

  • it is used for generating and/or arranging the Internet circulation of a set of audiovisual products,
  • which can only be accessed for a fee and/or on condition of viewing the ads,
  • designed for attracting the attention of consumers within Russia, and
  • the daily access to which exceeds 100 thousand users within Russia.

The law imposes restrictions on foreign ownership of Russian audiovisual services. Such services may be owned only by Russian legal entities or Russian citizens not having the nationality of another state. However, this restriction applies depending on the share of Russian users in the total audience of the respective service.

< 50% – subject to approval of the government commission

Foreign owners of the information resource that is used for distribution of audiovisual products through the Internet, if the number of its users located in Russia is less than 50% of the total number of the users of this resource, can own, manage, or control more than 20% of the shares in the share capital (including indirectly) of the owner of the audiovisual service subject to approval of the government commission.

> 50% – without restrictions

No restrictions are imposed on the audiovisual services with a share of Russian users exceeding 50%.

Audiovisual services must be registered with Roskomnadzor. Their owners must install one of the programs for counting the users. On 25 September 2017, the list of such “webcounters” was published by Roskomnadzor on its website. For more details see this publication.

4. Anonymizers and VPN Must Cooperate with Roskomnadzor

As of 1 November 2017, VPN-services and anonymizers present in the Russian segment of the Internet must restrict access to banned information. The list of such banned information is maintained by Roskomnadzor, which has the right to restrict access to certain websites and web pages. In the event of non-compliance, Roskomnadzor has the power to block such VPN-services and anonymizers.

The law also imposes an additional obligation on search engines. They are prohibited to show links to banned websites in search results.

5. Instant Message Providers Are Obliged to Identify Users by Their Phone Numbers

In accordance with the amendments to Articles 10.1 and 15.4 of the Information Law, instant message (“IM”) providers are obliged to identify users by their phone numbers based on the agreement with the communications provider starting 1 January 2018.

Furthermore, such IM providers must ensure confidentiality of transmitted messages and be prepared to submit such messages to the governmental bodies upon request. Messengers are also compelled to keep user identification records within Russia only.

6. Regulation of Critical Informational Infrastructure

The departing year has shown us that hacker attacks can cause harm not only to PC owners, but also to informational and industrial systems of large cities and even states. The need to respond to these particular challenges was one of the reasons for adopting the law that was meant for protection of facilities of critical informational infrastructure (“CII”).

The law sets the basic framework for CII in Russia. It defines rights, obligations and responsibilities of CII facilities owners, communications providers and operators of systems that ensure interaction between these facilities.

The main responsibilities of CII owners include:

  • development and implementation of measures for providing the security of CII facilities;
  • reporting to authorities on any unauthorized access to information;
  • ensuring restoration of CII facilities’ functioning by data backup creation and storage.

Interestingly, CII facilities make up a long list including (1) information systems, (2) information/telecommunications networks, (3) automated CII control systems. Power grids, transport systems as well as state control objects and government communications are examples of such facilities.

The law was adopted in July 2017, and comes into force on 1 January 2018.

7. Services Provided by Foreign IT Companies to Russian Customers Are Subject to 15.25% VAT

As of 1 January 2017, foreign companies providing services to Russian customers via the Internet are obliged to pay Russian VAT. The list of such services is exhaustive and includes 12 items, some of which are listed below:

  • remote access to software and databases;
  • advertising;
  • connecting potential buyers and sellers;
  • provision of processing power necessary to upload an information;
  • domain name and hosting;
  • administration of information systems and websites;
  • automatic searching, selecting and sorting of data;
  • remote access to e-books and other electronic publications as well as to images, music and audiovisual products.

The law requires foreign IT companies rendering the said digital services to Russian customers to register with tax authorities for VAT purposes. VAT shall be reported and paid on a quarterly basis.

8. Online Businesses Must Have Online Cash Registers

The online cash register law adopted in 2016 came into force in July 2017. In accordance with the law, organizations and sole proprietorships must register and use only advanced cash registers that can transmit fiscal data to tax authorities on an automated basis. The exception is only provided for subjects located in remote regions far away from communications networks.

This law has had a significant impact on the growing e-commerce market of Russia. It has also introduced a new category of data transmitters, i.e. “operators of fiscal data”, that facilitate the transmission of data to tax authorities and are subject to licensing.

9. News Aggregators Must Verify Information from Sources Having No Mass Media License

Since 1 January 2017, news aggregators with daily traffic of no less than 1 million Russian users have to:

  • store the news and information on its sources for at least half a year;
  • check the reliability of information received from periodicals having no mass media license;
  • stop spreading “unreliable information” upon Roskomnadzor’s request.

10. “Bloggers’ Law” Was Repealed Due to Inefficiency

Good news came for bloggers. The law that imposed on them obligations similar to those applicable to mass media was repealed. The law was adopted in 2014 and introduced the notion of a “blog,” which was defined as a public website with daily traffic exceeding 3,000 users. Roskomnadzor was tasked to monitor the web and – upon discovery of a blog – to request that the blogger provide Roskomnadzor with the information necessary to enter him/her into a special register.

Overall, regulations of the Internet in Russia adopted in 2017 demonstrate a divergent trend. On the one hand, the Government is looking to facilitate the use of modern technologies in daily life and eliminate barriers preventing that. On the other hand, one cannot overlook the strong desire on the part of authorities to maintain significant control over the information spread on the web.

Looking forward, it is worth mentioning that 2018 is meant to be a prominent year for modernizing the regulatory framework of the digital economy in Russia. At least, according to a recently announced plan, the Government aims to introduce major updates and/or new rules to such areas as electronic identification (including remote biometrical identification), electronic signatures, smart contracts, big data, Internet of Things, mobile health, the use of distributed ledgers, and many other promising fields.