News
The Ministry of Finance is preparing fines of up to 700 thousand rubles for the failure of the CII transition to Russian PAK
The sanctions are planned to be extended to government agencies, companies with state participation and other structures working with CII facilities. The logic of the initiative is tied to the course of abandoning foreign technologies in favor of domestic solutions. The deadline for significant CII facilities is set for January 1, 2030, and the new measures are designed to boost compliance with these requirements.
Responsibility for the amendments under discussion may arise not only for overdue deadlines, but also for errors in determining the CII facilities themselves. For violations of the classification procedure or ignoring the instructions of the regulator, officials are ready to be fined 10,000 - 50,000 rubles, and legal entities 50,000-100,000 rubles.
Failure to meet the deadlines for switching to Russian software and trusted packages will cost significantly more. Fines in the range of 100,000-200,000 rubles are provided for officials, and the amounts for the companies themselves will jump to 300,000-700,000 rubles.
The discussion of tougher liability has been dragging on for several months. Back in November 2025, the head of the Ministry of Finance, Maksut Shadaev, warned of possible tougher measures for organizations stalling for the return of foreign suppliers. At that time, the option of negotiable fines tied to the revenue of companies was on the table, and in the latest version we are talking about administrative responsibility.
Market participants drew attention to the pitfalls of practical implementation. Without a transparent methodology for IT infrastructure inventory, the use of fines promises to generate controversy, since it is not always clear which systems belong to significant facilities and which elements require priority replacement. There is a risk of situations in which companies will be sanctioned in the absence of clear evaluation criteria.
Supporters of tightening look at the issue from a different angle. According to them, the transition to new solutions for some organizations is taking a snail's pace, and financial pressure is working as a tool to accelerate stalling processes. According to the Ministry of Finance, by March 2025, more than two thirds of significant CII facilities in government agencies and companies have already been converted to domestic software.
METHODOLOGICAL DOCUMENT THE COMPOSITION AND CONTENT OF MEASURES AND MEASURES TO PROTECT INFORMATION CONTAINED IN INFORMATION SYSTEMS
I. GENERAL PROVISIONS
1.1. This methodological document "Composition and content of measures and measures to protect information contained in information systems" (hereinafter referred to as the methodological document) has been developed in accordance
with subparagraph 4 of paragraph 8 of the Regulations on the Federal Service for Technical
and Export Control, approved by Decree of the President of the Russian Federation dated August 16, 2004 No. 1085.
1.2. The methodological document defines the general approaches, composition
and content of activities (processes) and measures to protect the information contained in the:
information systems, automated control systems, information and telecommunication networks (hereinafter referred to as information systems) of state bodies, state unitary enterprises, state institutions, organizations, including subjects of critical information infrastructure (hereinafter referred to as bodies (organizations));
the technical means used for the creation and operation of state information systems and other information systems of state bodies, programs for electronic computers and databases, access to which is provided using information and telecommunication networks, in accordance with the procedure established by the Government of the Russian Federation;
information and telecommunication infrastructures that perform common technological functions and provide the basis for the functioning of these information systems, as well as to ensure the security of significant critical information infrastructure facilities belonging to bodies (organizations).
The III Forum "SECURITY TERRITORY 2026: Everything about Information Security" is an annual innovative event consisting of FOUR conferences and an EXHIBITION of domestic information security technologies.
The III Forum "SECURITY TERRITORY 2026: Everything about Information Security" was held, an annual innovative event consisting of FOUR conferences and an EXHIBITION of domestic information security technologies, in which IBTrans LLC employees took an active part.
Application of new requirements for information protection in state information systems
The Requirements determine the need to implement measures (processes) in state bodies and organizations, as well as information protection measures in relation to information systems and the information and communication infrastructure on which these systems are based. In order to implement measures (processes) in state bodies and organizations in accordance with paragraph 14 of the Requirements, it is necessary to develop and approve information protection policies, internal information protection standards, and internal information protection regulations in state bodies and organizations as a priority. When creating state information systems and other information systems after March 1, 2026, it is necessary to follow the provisions of the Requirements. When implementing information protection measures in state information systems and other information systems before the approval of the methodological document "Composition and content of measures and actions to protect information
Latest Feed
The Ministry of Finance is preparing fines of up to 700 thousand rubl…
The Ministry of Finance is preparing amendments to the Administrative Code on fines for companies and government agencies that fail to meet the deadlines for switching to trusted software and hardware systems at critical information infrastructure facilities. Fines for officials can reach 200,000 rubles, and for legal entities they can reach 700,000 rubles. The agency is developing the document on behalf of Deputy Prime Minister Dmitry Grigorenko, Vedomosti reports.
METHODOLOGICAL DOCUMENT THE COMPOSITION AND CONTENT OF MEASURES AND M…
METHODOLOGICAL DOCUMENT THE COMPOSITION AND CONTENT OF MEASURES AND MEASURES TO PROTECT INFORMATION CONTAINED IN INFORMATION SYSTEMS Methodological document dated April 12, 2026
The III Forum "SECURITY TERRITORY 2026: Everything about Information …
The III Forum "SECURITY TERRITORY 2026: Everything about Information Security" was held, an annual innovative event consisting of FOUR conferences and an EXHIBITION of domestic information security technologies, in which IBTrans LLC employees took an active part.
Application of new requirements for information protection in state i…
FEDERAL SERVICE FOR TECHNICAL AND EXPORT CONTROL INFORMATIONAL MESSAGE ON CLARIFYING THE PROVISIONS OF THE REQUIREMENTS FOR THE PROTECTION OF INFORMATION CONTAINED IN STATE INFORMATION SYSTEMS, OTHER INFORMATION SYSTEMS OF STATE BODIES, STATE UNITARY ENTERPRISES, AND STATE INSTITUTIONS, APPROVED BY FSTEC ORDER NO. 117 OF APRIL 11, 2025, No. 240/22/1492 of March 12, 2026 On March 1, 2026, the Requirements for the Protection of Information Contained in State Information Systems and Other Information Systems of State Bodies, State Unitary Enterprises, and State Institutions, approved by Order No. 117 of the Federal Service for Technical and Export Control dated April 11, 2025 (hereinafter referred to as the Requirements), came into force.