‘Russia tightens control over the internet — but can it ever be fully isolated?’

A unified control centre will be able to filter traffic within the country

The Russian government seeks to establish full and centralised control over the national internet. In a new decree adopted in October, the Cabinet explains this as a measure to ensure its stability and security. Roskomnadzor remains the implementing body, while the Ministry of Digital Development and the FSB act as coordinators.

The strategic plan is designed for six years — from 1 March 2026 to 1 March 2032. The document defines two categories of threats that justify the introduction of centralised management:

• A threat to stability is associated with external destabilising influences — natural or man-made.
• A threat to security includes deliberate actions — internal or external — as well as the dissemination of information subject to restriction under the law.

If a threat does arise, Roskomnadzor will gain full control over traffic regulation. It will be able to alter routes, ensure channel redundancy, apply information protection tools, install filters, and issue binding directives to telecom operators and internet exchange point owners.

“The decree does not strengthen user security”

In July 2023, Russia already conducted exercises to ensure the autonomous operation of the internet. According to RBC sources, during the night of 4–5 July, a test was carried out to assess the stability of the Runet under conditions of complete disconnection from international digital networks. At the time, Roskomnadzor confirmed the success of the tests, but Rostelecom, MTS, MegaFon, and Beeline offered no confirmation.

Despite Roskomnadzor’s new powers, telecom operators retain certain rights. They may file complaints with the agency regarding equipment malfunctions or the unlawful blocking of legitimate content. Moreover, in extreme cases, operators are allowed to temporarily disconnect traffic from the agency’s systems, provided they notify the regulator.

“Formally, the decree describes TSPUs — technical means of countering threats — as tools for filtering traffic in crisis situations. But we all understand that a tool capable of managing routing and blocking at the operator level is, by definition, a tool of censorship. The document allows Roskomnadzor not only to detect but also to independently interpret ‘security threats,’ which effectively opens the door to expanded monitoring, DPI analysis, and constant traffic filtering under the guise of ‘network stability.’ Yes, the text mentions ‘complaints’ and ‘commissions,’ but in Russian reality this is more of a bureaucratic veil than a genuine mechanism to protect operators or users. And to be frank, the decree does not strengthen user security — it strengthens the infrastructure of control,” Simonenko explained.

However, according to Insaf Nabiullin, a first-category engineer at the information security department of an IT company, such a strategy could have a positive effect on the domestic IT sector.

The new decree is only an addition to the existing law

On the eve of the announcement, the head of the State Duma Committee on Information Policy, Sergei Boyarsky, denied in a TASS interview any plans to disconnect the Runet from foreign services.

Boyarsky explained that the new decree is not something entirely new. It is a continuation of the law adopted back in 2019 to ensure the reliable operation of the internet. At that time, its adoption sparked public concern and fears that Russia was building an analogue of China’s ‘Golden Shield.’

“These rules are simply updated from time to time,” the deputy said. He recalled that the 2019 law was created to protect the Russian internet, for example, from attempts to disconnect it from abroad.

However, Realnoe Vremya’s expert Simonenko believes that the system will now become less resilient to errors and abuses: “In normal cybersecurity logic, redundancy and fault tolerance are achieved through the distribution of responsibility, not its concentration.”