FSTEC of Russia: the agency is moving from warnings to penalties for information security violations

Representatives of the Federal Service for Technical and Export Control (FSTEC) have warned Russian companies that the agency is moving from warnings to decisive action for violations in the field of information security. Now, officials and legal entities will be held administratively responsible for all identified cyber violations. This was announced at the SOC Forum 2025 during the Russian Cybersecurity Week.

The main violations

At the SOC Forum 2025, a special event was held called "Dialogue with Regulators: Answers to Current Issues from the Federal Service for Technical and Export Control of Russia and the National Cyber Security Center." According to Elena Torbenko, Head of the FSTEC Department, more than 1,100 violations in the field of information security were identified by Russian enterprises during the 10 months of 2025 as a result of state control.

She highlighted seven main types of violations identified during the inspections. These include, firstly, the discrepancy between the actual composition of significant critical information infrastructure facilities and the requirements of the Federal Service for Technical and Export Control of Russia.