Russian Directive Expands Internet Control
Luke Rodeheffer
Executive Summary:
A Kremlin directive takes effect on March 1, allowing the Russian Communications Authority to reroute national internet traffic in the event of a cyberattack or crisis.
This announcement comes amid widespread complaints about a growing lack of reliability in internet connections and legislation that shields telecommunications providers from responsibility for service disconnections caused by Federal Security Service (FSB) actions.
The scope of Russia’s emerging state system for the prevention and liquidation of computer attacks (GosSOPKA) continues to expand to include all state information technology (IT) systems, including municipal agencies.
On March 1, a new directive will come into effect that grants the Russian Communications Authority (RosKomNadZor) legal means to direct and manage national internet traffic. It will coordinate with providers to maintain functionality in the event of a crisis, interruption, or cyberattack. The decision to take such measures will be made by an interagency committee formed by Russia’s Ministry of Digital Technologies, Communications Authority, and Federal Security Service (FSB) (Official Publication of Legal Acts of Russia, October 27, 2025; GoGovRu, November 18, 2025). A flurry of discussion has spread across the Russian press and social media over the past several months surrounding the new directive. Some in the Russian press took the vaguely worded directive to indicate that the state was seeking to expand RosKomNadZor’s powers to allow a potential disconnection from the global internet space for national security reasons.
Russian Duma Deputy Chair for Information Policy Anton Tkachev rejected the idea that the Kremlin had any plans to disconnect the Russian internet (RuNET) from the broader global internet. The committee’s director, Sergei Boyarskii, stated, “We are not going on the path of China” (TASS, November 10, 2025). A third parliamentarian, Aleksei Chepa, stated that a full disconnection from the global internet would occur only if there were “interference” in the September 2026 parliamentary elections, and that such a measure would be temporary (TASS, November 10, 2025).
Ordinary citizens across many regions in Russia have been experiencing increasing disruption to their mobile internet service and online gaming, leading to hundreds of thousands of complaints since the spring of 2025 (Cybersport, June 20, 2025). The official reason given by Andrei Svintsov, the Duma’s Deputy of Information Policy, is protecting Russians from drone attacks, which are supposedly being directed via mobile communications (TASS, December 29, 2025). Parallel to these incidents is new legislation introduced in the Duma, freeing mobile providers from responsibility for interruptions to their clients’ mobile devices resulting from FSB activity under the guise of national security (Fontanka, November 14, 2025). These legislative actions follow a series of tests by the communications authority since 2021 to assess how well Russia’s Domain Name System (DNS) servers would function if the RuNET were disconnected from the global internet. RosKomNadZor tested limiting access to YouTube in February by deleting it from the national DNS server system (SecurityLab, February 11, 2026).
The Kremlin’s moves to increase control over the national internet are paralleled by expanding surveillance over the country’s information security space via the State System for Identifying, Preventing, and Eliminating Cyber Attacks (GosSOPKA) (see EDM, June 2, 2025). Legislation has been in force since September 2025, requiring organizations that are not considered Critical Infrastructure Organizations (CIOs) to inform GosSOPKA of any cyber incidents, as CIOs are already required to do so (D-Russia, April 7, 2025). Informing these security structures is easy, as the GosSOPKA computer network establishes a direct line of communication with Russia’s National Computer Incident Coordination Center (NKTsKI) and central GosSOPKA authorities (Habr, December 11, 2025).
The full scope of the GosSOPKA monitoring system for connected networks is difficult to determine due to the subject’s sensitivity. In December 2021, on the eve of Russia’s full-scale invasion of Ukraine, 2,300 organizations had been connected, and 670 organizations were added for the first eight months of 2022, according to a talk given in September 2022 by NKTsKI employee Aleksei Ilkov at the Russian Cyber Industry Conference Cybercamp (ComNewsRu, September 16, 2022).
The scope of the system has expanded to include all government services, including all municipal agencies or those belonging to any of Russia’s many state-owned enterprises (CNews, July 16, 2025). Russian information security experts have sounded the alarm that such a massive expansion of GosSOPKA’s scope and monitoring responsibilities could create a deficit of specialists needed to process such large volumes of data while coordinating with a rapidly growing number of organizations. Concern has compounded as Russian government agencies have experienced a shortage of qualified information technology (IT) personnel—many of whom have either left Russia or gone to the front since Russia’s full-scale invasion of Ukraine in February 2022—while demand increased 45 percent in 2024 (CNews, July 16, 2025). Previous attempts by Duma parliamentarians to require all organizations holding personal data of Russian citizens to connect to GosSOPKA faced backlash from the Russian private sector. The attempts, however, indicate lawmakers’ desire to expand further the system’s surveillance over domestic networks on national security grounds (CNews, May 11, 2022).The Russian Foreign Affairs Ministry’s Director of Information Security Policy, Artur Lyukmanov, stated in January 2024 that the People’s Republic of China (PRC) is his country’s “closest intellectual partner” in terms of internet policy and that their approaches to such issues are “the closest possible” (RIA Novosti, January 5, 2024). Despite Duma members’ statements that Russia is not taking the PRC’s path toward potential disconnection from the global internet, these long-term trends indicate an increasing adoption of a Chinese model of internet control. The FSB is seeking to gain full situational awareness of information security across as many organizations in the country as possible, as the Russian state gains the power to control national internet traffic. Only time will tell if the Kremlin decides to exercise its newly created powers.
Luke Rodeheffer is a cybersecurity researcher and expert with a decade worth of experience researching cyber issues in Eastern Europe. He speaks Russian, Turkish, and German, holds a CISSP certification, and a graduate degree from Stanford.