Russia Strengthens Cyber Resilience: Rosatom Launches IT Certification System for Critical Infrastructure

A Defensive Line in the Digital Sphere

Rosatom has developed and registered a new voluntary certification system—known as “KII-SERT”—in Russia’s national standards registry. The system is designed to assess the reliability and trustworthiness of hardware and software complexes used in critical information infrastructure (CII). The initiative implements a Presidential decree on achieving technological independence for critical systems, issued in March 2022. 

The certification evaluates systems against four criteria: functionality, reliability, technological independence, and overall solution quality. In practical terms, the certification confirms that a Russian-made IT complex operates dependably, does not rely on foreign components, and can be safely deployed in critical facilities.

Pilot Phase in the Nuclear Sector

The first certification authority was established at Atomenergoproekt, an engineering subsidiary of Rosatom. A successful pilot was completed in 2024 within the nuclear industry, and the first certifications were issued in mid-2025.

These confirmed the compliance of domestic computing systems with the trustworthiness criteria. Coordination is managed by a central body within Rosatom’s scientific and production association, authorized by the Russian government to oversee CII operations.

“The KII-SERT certification system will serve as a reliable instrument to build constructive dialogue between producers and consumers based on transparency and trust. With clear evaluation criteria and unified verification procedures, customers can be confident in the quality and safety of certified products.”

Vitaly Misuragin

Head of Rosatom’s Research and Production Association

Nationwide Standardization Effort

In October 2024, Rosatom and the Federal Agency for Technical Regulation and Metrology (Rosstandart) approved a strategic standardization roadmap comprising 139 national standards to be developed through 2028. The standards cover software-hardware complexes, automation systems, electronic component bases, and applied solutions for critical infrastructure. 

In 2025, more than 30 new standards are set to be drafted by 15 technical committees, defining detailed technical requirements for Russian manufacturers developing equipment and systems for secure operations.

Mandatory Certification by 2027

Currently, participation in KII-SERT is voluntary, but by 2027 certification will become mandatory. Within two years, any IT complex deployed in critical facilities must undergo certification under KII-SERT. The new framework will require manufacturers to integrate compliance criteria into product design from the earliest stages. 

According to a government decree issued in November 2023, all operators of critical information infrastructure must transition to trusted domestic solutions by January 1, 2030. As of September 2024, procurement and deployment of uncertified systems have been officially prohibited.

Expanding Beyond the Nuclear Sector

While initially deployed within the nuclear industry, the certification system will extend to telecommunications, energy, oil and gas, and space sectors. This expansion ensures that the same standards of trustworthiness will apply across Russia’s entire critical infrastructure. 

KII-SERT is more than a certification tool—it is a strategic mechanism to re-equip Russia’s critical infrastructure with domestic technologies. By 2027, certification will be mandatory, and by 2030, the transition will be complete. 

The system benefits all stakeholders: manufacturers gain predictable demand, the state strengthens technological sovereignty, and citizens enjoy improved reliability and safety of essential systems. The program marks a decisive step toward national cyber resilience and long-term digital independence.