Internet Fragmentation > Russia’s ‘Sovereign Internet’ Law

Centralizing the Internet Always Undermines the Global Network

Region: Europe
Threat type: Digital Sovereignty
Last updated: 1 December 2023

Russia undermines the agility and resilience of its networks by passing the ‘Sovereign Internet’ law.

In 2019, the Russian parliament passed the ‘Sovereign Internet’ law. It aims to address perceived threats to the national network from abroad, and gives regulators the ability to cut off international connectivity or services (such as cloud providers) that the Internet depends on.

In Russia, the Internet has always been vibrant, with regional and international interconnections. The country has over 5000 neworks, several of which get address space directly from the regional European Internet registry–the RIPE NCC. This means they can switch transit providers more easily and they have autonomy over their choices, more than the networks in China, for example.

Under the ‘Sovereign Internet’ law, however, every operator needs to provide the regulator, Roskomnadzor (the government body responsible for monitoring, controlling, and censoring mass media) with network diagrams. They need to provide the regulator with technical characteristics of the communications facilities where “technical means of countering threats” (TMCT) will be installed. This influences information on communication channels, such as the number, physical properties, loads, and locations of planned installations.

Operators will be required to install Roskomnadzor’s TMCT on their systems and routinely provide detailed routing information to the regulator. They will also have to give Roskomnadzor remote access to the TMCT.

So, if the regulator decides there is an immediate security threat to the public communications network, it can use the TMCT to impose changes on traffic routing. It can quickly and easily close and reserve communication lines and channels. It can use this access to contact users directly, and it can change the configuration of communications.

In effect, when Roskomnadzor (acting with the Ministry of Communications and the Federal Security Service–the FSB) declares a communications emergency, the regulator can directly control the routing and other decisions of operators. This gives them enormous control over the Internet. It also undermines the ability for Russian networks to connect internationally, fragmenting the global network of networks.

Status

The law was passed by the Parliament in its third reading, in April 2019 and was signed by the President in May 2019. It is currently in effect. The law was aimed at mitigating threats, but no such threats have materialized.

Our Position

This legislation seriously undermines decentralized network management, and threatens the distributed nature of Internet traffic routing, not just during potential emergencies, but during routine times too. The result will be a considerable decrease in the resilience and agility of the network. It’s also an attack on the autonomy and expertise of operators, and is a significant threat to the collaboration, optimized connectivity and global reach that Russia’s Internet operators and users rely on.

Green background with patterns

Talking Points

  • The routing requirements and the emergency capabilities in the ‘Sovereign Internet’ law alter the interconnection and routing mechanisms in Russia. This undermines critical properties of the Internet, threatening what the Internet needs to exist.
  • The law aims to increase the resilience and agility of the network, but has the opposite effect. By centralizing the management of the network, it undermines security.
  • The law requires the installation of network-critical TMCTs that also offer unrestricted third-party access to the government regulator.