New Rules of the Game: Liability for Authorization
The State Duma has completed work on a bill that introduces significant administrative fines for violating user authorization requirements on Russian internet resources. The document was adopted in the second and third readings, bringing its entry into force closer. The key novelty is not a change in the login rules themselves, but strict financial liability for non-compliance.
It is important to understand the context: requirements for login methods on Russian websites have been in effect since 2023. According to the Law "On Information," resource owners are obliged to provide users located within the Russian Federation with the possibility of authorization through approved channels. Now, the legislation is supplemented by an article of the Code of Administrative Offenses (KoAP), which turns these requirements from recommendations into mandatory obligations under the threat of large fines.
Who Pays and How Much: Detailed Breakdown of Sanctions
The law clearly distinguishes liability. The main burden falls on resource owners — legal entities. For violating authorization requirements, companies may be fined an amount from 500,000 to 700,000 rubles. Officials (managers, administrators) risk a sum from 30,000 to 50,000 rubles. Ordinary citizens, if held liable, will pay from 10,000 to 20,000 rubles, although in practice, the main blow is directed at businesses.
Permissible authorization methods that must be implemented on websites include:
- Phone number of a Russian telecommunications operator;
- Unified portal "Gosuslugi" (ESIA);
- Unified Biometric System (UBS);
- Other information systems belonging to citizens of the Russian Federation or Russian legal entities (e.g., banking applications or social networks).
Debunking Myths: Who Will Not Be Fined
Immediately after the discussion of the bill in social networks and the media, a wave of speculation began. Reports appeared that users would be fined for logging into websites through foreign accounts, such as Gmail, Apple ID, or Google ID. State Duma deputies categorically refuted these rumors.
Chairman of the State Duma Committee on Information Policy, Sergey Boyarsky, called information about fines for citizens for using foreign services unreliable and a sign of a mass disinformation campaign. He emphasized that the adopted amendments concern exclusively owners of internet resources. Their obligation is to ensure the presence of a legal login mechanism, not to monitor which specific account the user chooses, provided an alternative is available.
First Deputy Chairman of the Committee Anton Gorelkin also stated that the new norms will not affect "ordinary internet users." Liability is provided only for those who fail to comply with the legal requirements that have been in effect for several years.
Control of Algorithms and Connection with Law Enforcement
The bill addresses not only website login issues. It stipulates liability for violations when using recommendation technologies. Resource owners are obliged to notify users about the use of algorithms, post their operating rules, and contact details. For ignoring these rules or collecting data in violation of user rights, the same fines are provided: up to 700,000 rubles for companies. In case of repeated violations, sanctions increase to 1.4 million rubles.
A separate block of liability has been introduced for telecommunications operators. For violating rules of interaction with law enforcement agencies during operational-search activities, companies may be fined an amount from 3 to 5 million rubles. In the event of a repeated violation, a turnover fine is provided — from 1/100 to 3/100 of annual revenue, but not less than 10 million rubles.