Russia's IT law (the "Law") has been amended to restrict the usage of anonymizers and other tools and technologies (including VPN) that enable access to officially restricted online resources (e.g. extremist material, copyright infringing content, Internet gambling etc.). While the Law may affect companies offering public VPN services, it will probably have limited impact upon companies using corporate VPNs and similar security tools for their internal needs in Russia, as the law provides for certain ambiguous exceptions for corporate users. Examples of the IT tools and technologies that can be potentially deemed restricted are as follows: (i) virtual private networks (VPNs); (ii) proxy servers; (iii) Tor; (iv) various browser extensions; (v) routing software; etc. Companies and individuals will be required to prevent use of their networks and Internet resources for access to prohibited online resources in Russia. However, technically this would only become possible after the respective "owner" of a network or an Internet resource receives a request from Roskomnadzor. In this case the "owner" is required to: connect to online registry of prohibited online resources maintained by Roskomnadzor within 30 business days upon receipt of respective email request; once connected, to actually disable user access to prohibited online resources within 3 business days. Similar duties are established for search engines that display advertising aimed at Russian users. The Law states that a failure to restrict access to prohibited content in accordance with the Law may entail blocking of access to the relevant non-compliant networks and resources in Russia (search engines presumably are not subject to the above blocking measures). The blocking is initiated and implemented by Roskomnadzor, which does not need a court sanction to initiate such blocking. Otherwise, the Law does not specifically introduce any other new sanctions. Most likely the Law will not seriously affect the use of internal corporate VPNs and security tools, or at least the companies will be informed that they need to bring their services into compliance. Certain preventive measures may be taken to increase the probability that a particular VPN or security tool will be deemed subject to the 'corporate' exception. In case companies use public VPN or similar services, they should be prepared to use switch to alternative options in case the relevant service becomes unavailable.