The sanctions are planned to be extended to government agencies, companies with state participation and other structures working with CII facilities. The logic of the initiative is tied to the course of abandoning foreign technologies in favor of domestic solutions. The deadline for significant CII facilities is set for January 1, 2030, and the new measures are designed to boost compliance with these requirements.

Responsibility for the amendments under discussion may arise not only for overdue deadlines, but also for errors in determining the CII facilities themselves. For violations of the classification procedure or ignoring the instructions of the regulator, officials are ready to be fined 10,000 - 50,000 rubles, and legal entities 50,000-100,000 rubles.

Failure to meet the deadlines for switching to Russian software and trusted packages will cost significantly more. Fines in the range of 100,000-200,000 rubles are provided for officials, and the amounts for the companies themselves will jump to 300,000-700,000 rubles.

The discussion of tougher liability has been dragging on for several months. Back in November 2025, the head of the Ministry of Finance, Maksut Shadaev, warned of possible tougher measures for organizations stalling for the return of foreign suppliers. At that time, the option of negotiable fines tied to the revenue of companies was on the table, and in the latest version we are talking about administrative responsibility.

Market participants drew attention to the pitfalls of practical implementation. Without a transparent methodology for IT infrastructure inventory, the use of fines promises to generate controversy, since it is not always clear which systems belong to significant facilities and which elements require priority replacement. There is a risk of situations in which companies will be sanctioned in the absence of clear evaluation criteria.

Supporters of tightening look at the issue from a different angle. According to them, the transition to new solutions for some organizations is taking a snail's pace, and financial pressure is working as a tool to accelerate stalling processes. According to the Ministry of Finance, by March 2025, more than two thirds of significant CII facilities in government agencies and companies have already been converted to domestic software.

I. GENERAL PROVISIONS

1.1. This methodological document "Composition and content of measures and measures to protect information contained in information systems" (hereinafter referred to as the methodological document) has been developed in accordance
with subparagraph 4 of paragraph 8 of the Regulations on the Federal Service for Technical
and Export Control, approved by Decree of the President of the Russian Federation dated August 16, 2004 No. 1085.
1.2. The methodological document defines the general approaches, composition
and content of activities (processes) and measures to protect the information contained in the:
information systems, automated control systems, information and telecommunication networks (hereinafter referred to as information systems) of state bodies, state unitary enterprises, state institutions, organizations, including subjects of critical information infrastructure (hereinafter referred to as bodies (organizations));
the technical means used for the creation and operation of state information systems and other information systems of state bodies, programs for electronic computers and databases, access to which is provided using information and telecommunication networks, in accordance with the procedure established by the Government of the Russian Federation;
information and telecommunication infrastructures that perform common technological functions and provide the basis for the functioning of these information systems, as well as to ensure the security of significant critical information infrastructure facilities belonging to bodies (organizations).

The III Forum "SECURITY TERRITORY 2026: Everything about Information Security" was held, an annual innovative event consisting of FOUR conferences and an EXHIBITION of domestic information security technologies, in which IBTrans LLC employees took an active part.