Russia Drafts Cybersecurity Standards for Critical Infrastructure

The government is moving to replace foreign technology in vital systems with domestic solutions, aiming for full independence by 2030.

The Russian government is introducing new regulations to secure the uninterrupted operation of the country’s critical information infrastructure—the collection of networks, systems, and resources deemed essential for national security, the economy, and society.

Since January of last year, foreign hardware and software have been banned from use in such infrastructure. By January 1, 2030, Russia plans to fully transition to domestic technologies, with state-owned nuclear corporation Rosatom leading the effort.

This year, Rosatom’s technical committee on standardization is carrying out a large-scale overhaul of regulations for hardware-software systems in critical infrastructure. By next year, the committee expects to draft more than 30 new standards defining technical requirements for trusted systems and their components. Over 60 organizations are contributing to this process.

Last year, nine draft national standards were prepared, covering certification of computer models, biometric technologies, printed circuit board manufacturing, and cyber-physical systems. The result will be a unified regulatory framework that sets requirements for hardware-software systems across Russia’s key industries.