Fri. May 20th, 2022

Executive Order on measures to ensure technological independence and security of critical information infrastructure

Russia’s President signed the Executive Order On Measures to Ensure the Technological Independence and Security of Critical Information Infrastructure in the Russian Federation.

17:15

The Executive Order was signed to ensure the technological independence and security of critical information infrastructure in the Russian Federation.

According to the Executive Order, as of March 31, 2022, it is illegal for customers making purchases under Federal Law No. 223-FZ of July 18, 2011, On the Procurement of Goods, Works and Services by Certain Types of Legal Entities, to purchase foreign software for the purpose of using it at significant critical information infrastructure sites in the Russian Federation, or to purchase services that are necessary for such use without approval of said purchases by a federal executive body duly authorised by the Government of the Russian Federation.

In addition, as of January 1, 2025, government bodies and customers cannot use foreign software on their significant critical information infrastructure sites.

The Government of the Russian Federation must, within a month, approve the requirements for software that is to be used by government bodies and customers on their significant critical information infrastructure sites, as well as the rules for coordinating the purchase of foreign software for use on these sites and the purchase of services that are necessary for using this software at such sites.

Also, the Government must, within six months, implement a set of measures aimed at ensuring the preferential use of domestic radio-electronic products and telecom equipment by critical information infrastructure entities at their significant critical information infrastructure sites. In particular, the Government will ensure that amendments to related legislation are carried out accordingly; ensure the creation of a research and production association specialising in the development, production, technical support and service for trusted software and hardware systems for critical information infrastructure; organise staff training and retraining; and create a monitoring and control system in this area.