NextFin news, On November 14, 2025, a group of deputies led by Anton Gorelkin, Deputy Chairman of the State Duma Committee on Information Policy, Information Technologies, and Communications, introduced a legislative proposal in Moscow that would impose administrative fines on owners of Russian websites for authorizing users through foreign services. According to the draft law, owners of websites violating the established authorization procedures could face fines up to 700,000 rubles. This tightening of legislation follows previous amendments that banned user authorization via Google, Apple, Microsoft, and other foreign accounts, aiming to further insulate the Russian internet ecosystem (Runet) from external influence.
The bill stipulates that user authorization on websites accessible to Russian users must be conducted through one of three methods: via mobile phone number, the unified identification and authentication system (ESIA) or unified biometric system, or domestic authorization services owned by Russian citizens who do not hold foreign citizenship. The fine structure differentiates penalties based on the violator's status—individuals face 10,000 to 20,000 rubles; officials, 30,000 to 50,000 rubles; and legal entities up to 700,000 rubles. This legislative push also includes penalties for noncompliance with laws governing recommendation technologies used on websites.
Deputy Gorelkin emphasized that the law targets website owners who have ignored existing authorization laws for over two years, not ordinary internet users, framing the initiative as a strategic move to reduce Runet’s dependency on technical decisions originating from 'unfriendly' countries. The backdrop for these measures includes heightened geopolitical tensions and ongoing efforts to enhance Russia’s digital sovereignty.
Analyzing the motivations behind the legislation, it is clear that the Russian government is doubling down on comprehensive digital autonomy amidst an unpredictable geopolitical environment. Limiting foreign authorization services reduces attack vectors linked to foreign data control and surveillance risks. By mandating domestic authentication channels, state authorities also gain increased oversight and potential access to user metadata, reinforcing internal regulatory control.
The economic impact on Russian digital businesses could be significant. Many Russian websites and applications rely on convenient integration with global platforms like Google or Apple for user authentication, which reduce friction in user onboarding and improve user experience. The prohibition and associated fines create compliance costs and may degrade user experience, especially for international users and diaspora communities.
From a technical standpoint, the increased reliance on the ESIA and biometric systems imposes scalability and security demands on state infrastructure. According to government data, the ESIA handles millions of authentications daily, but integration challenges and potential user resistance remain substantial hurdles. Additionally, companies relying on recommendation algorithms must align these with domestic legal requirements, potentially constraining their algorithms’ efficiency or adaptability to user preferences.
These measures dovetail with broader trends observed since 2023, where Russia accelerated digital decoupling by controlling data flows, restricting foreign technologies, and fostering indigenous IT services. For instance, the promulgation of data localization laws, control over VPN use, and requirements for domestic hardware production have collectively reshaped the digital landscape.
Looking forward, the proposed fines indicate a trajectory towards stricter enforcement and potentially broader restrictions on digital access and interoperability with global systems. This may incentivize Russian tech companies to innovate within a closed ecosystem but risks isolating Russian internet users from global platforms, possibly stifling digital entrepreneurship and international collaboration.
Furthermore, the extraterritorial effect on multinational tech companies is notable. As Russian law forbids foreign-based authorization services, companies like Google, Microsoft, and Apple must either comply with restrictive local laws or withdraw integrated services, potentially reducing their market share and relevance within Russia.
For global observers, these developments illustrate the intensifying fragmentation of the internet along national lines—commonly described as the 'splinternet' phenomenon. Russia’s legislative approach contributes to the emerging paradigm where state actors prioritize national security and ideological control over the traditional openness and interoperability of the digital space.
In conclusion, the Russian State Duma’s proposal for significant fines against website owners who permit foreign user authorization reflects a strategic policy to assert digital sovereignty and control over online identities. While enhancing security and state oversight, it presents challenges for user convenience, business operations, and Russia’s integration with global digital infrastructure. Stakeholders in the tech and regulatory sectors should monitor Russia’s continued legislative moves as indicators of escalating digital nationalism with wide-reaching implications.
Explore more exclusive insights at nextfin.ai.
