Internet Freedom

Russia Tightens ISP Rules to Expand Internet Control

April 3, 20264 min read

Russia Moves to Consolidate Control Over Its Internet Infrastructure

The Russian government is advancing plans to significantly tighten operating requirements for internet service providers, a move that would reshape who can legally operate a network inside the country. Under the proposed changes, ISPs would face higher licensing fees, increased minimum capital requirements, and a hard mandate to deploy SORM equipment, the FSB's traffic interception and surveillance infrastructure.

Taken together, these requirements are expected to push smaller, independent ISPs out of the market entirely. That outcome appears to be at least partly the point. Smaller providers have historically been less consistent in complying with government censorship directives, making them friction points in the Kremlin's broader effort to control what Russian users can access online.

What SORM Is and Why It Matters

SORM, which stands for System of Operative Investigative Measures, is Russia's legal framework for communications surveillance. It requires ISPs and telecommunications companies to install FSB-controlled hardware that gives the security service direct access to user traffic, without requiring a court order visible to the provider.

Mandating SORM deployment as a condition of licensing is not entirely new, but making it a financial and regulatory barrier to entry raises the stakes. Providers that cannot afford compliance are effectively barred from operating. Those that remain are, by definition, fully integrated into the state's surveillance apparatus.

This matters beyond Russia's borders because it signals a continued and accelerating shift toward what analysts have compared to China's model of internet governance: a nationally managed network where access, content, and communications are subject to centralized state oversight.

The Push Toward a Sovereign, Isolated RuNet

Russia has been working toward a more isolated domestic internet, often called the RuNet, for several years. The country passed its sovereign internet law in 2019, which laid groundwork for technically disconnecting Russian internet infrastructure from the global internet if authorities chose to do so.

The new ISP licensing changes fit within that longer strategy. By eliminating smaller operators who may lack resources or political will to comply fully, the government narrows the number of access points it needs to manage. Fewer, larger, fully compliant ISPs means tighter and more uniform enforcement of content restrictions and surveillance requirements.

The comparison to China's Great Firewall is instructive, though not perfectly parallel. China built its system from the ground up with state control as a design principle. Russia is retrofitting a more open infrastructure, which is a harder technical and political task, but the direction of travel is similar.

What This Means For You

If you live outside Russia, it can be tempting to view this as a regional story with limited relevance. But the pattern matters for a few reasons.

First, Russia's approach is being watched and, in some cases, replicated by other governments exploring how to exert more control over domestic internet access. The toolkit being assembled, mandatory surveillance hardware, financial barriers to ISP entry, content-based license revocation, is not unique to Russia.

Second, for the estimated tens of millions of people inside Russia who rely on the internet for news, communication, and commerce, these changes represent a meaningful reduction in the practical ability to access information freely or communicate privately.

Third, this is a reminder that internet freedom is not a static condition. It can be legislated away incrementally, through licensing rules, infrastructure mandates, and financial requirements that receive far less public attention than outright censorship orders.

Actionable Takeaways

Understand what surveillance infrastructure exists in your country. Most democracies have some form of lawful intercept requirement for ISPs. Knowing what your provider is legally obligated to share with authorities is a starting point for making informed choices.
Keep an eye on ISP consolidation. When smaller providers disappear and markets consolidate around a few large players, governments find it easier to enforce compliance at scale. This is true in authoritarian states and, to a lesser extent, in open ones.
Recognize the value of decentralized access tools. The broader the range of independent access points and providers, the harder it is for any single authority to impose uniform restrictions. Policies that reduce that diversity, whether through licensing rules or market pressure, reduce resilience.
Stay informed about internet governance developments globally. Organizations that track internet freedom publish regular reports on how countries are changing their legal frameworks. These are worth following even if you live somewhere with currently strong protections.

Russia's latest ISP crackdown is a concrete example of how internet control is exercised through regulatory and economic levers, not just firewalls and blocked websites. The mechanisms are technical, but the consequences are fundamentally about who gets to communicate, and who gets to watch.

// FAQ

What is SORM and what does it do?

SORM stands for System of Operative Investigative Measures and is Russia's legal framework for communications surveillance. It requires ISPs to install FSB-controlled hardware that gives the security service direct access to user traffic without requiring a court order visible to the provider.

Why would the new rules push smaller ISPs out of the market?

The proposed changes include higher licensing fees, increased minimum capital requirements, and a mandatory SORM deployment requirement that smaller providers may not be able to afford. Providers that cannot afford compliance are effectively barred from operating.

Why does the Russian government want fewer, smaller ISPs operating?

Smaller, independent ISPs have historically been less consistent in complying with government censorship directives, making them friction points in the Kremlin's efforts to control online access. Fewer, larger, fully compliant ISPs means tighter and more uniform enforcement of content restrictions and surveillance requirements.

What is the RuNet and when did Russia begin working toward it?

RuNet refers to a more isolated Russian domestic internet that would be subject to centralized state oversight. Russia passed its sovereign internet law in 2019, which laid the groundwork for technically disconnecting Russian internet infrastructure from the global internet.

How does Russia's approach to internet control compare to China's?

Analysts have compared Russia's direction to China's Great Firewall model of nationally managed internet governance, though the situations are not perfectly parallel. China built its system from the ground up with state control as a design principle, while Russia is retrofitting a more open infrastructure.