Russia Updates Regulatory Framework for Protecting Critical Information Infrastructure

In 2025, Russia’s technical committee on software and hardware complexes for critical information infrastructure (CII), under Rosstandart, is preparing a large-scale regulatory update. This step marks an important milestone in strengthening the country’s technological independence and digital sovereignty.

Why This Matters

Critical information infrastructure is the 'nervous system' of a modern state. It encompasses energy, transport, communications, industry, banking, and government administration. Any disruption in CII could trigger a socio-economic crisis.

These systems rely on complex software and hardware complexes, and their reliability depends directly on standards—the unified rules by which technologies are built and operated. For many years, Russia followed international practices (such as ISO/IEC 27001), but the current geopolitical climate and rising security demands call for domestic solutions.

A Big Step Toward Technical Sovereignty

In 2025, Rosatom’s technical committee plans to update requirements for software and hardware systems in energy, industry, and transport, introducing new reliability and fault-tolerance standards tailored to Russian conditions.

In achieving technological independence for critical information infrastructure, issues of trust require mandatory scientific support, including in the field of artificial intelligence. Today, AI is being applied in various areas, including voice models and video analysis. We see its main potential in mathematical modeling, as well as in the explosive growth of productivity among engineers, designers, and developers

Evgeny Abakumov

Director for Information and Digital Technologies at Rosatom

As a result, Russia will continue to refine its unified certification system for domestic CII solutions. This approach will align Russian practices more closely with international standards while maintaining technological independence. The goal is not to create a 'closed system' but rather a flexible and modern framework that enables Russian developers to remain competitive globally.

Rosatom as a Driver of Change

Russia’s first attempts to regulate CII date back to the early 2010s, when a concept for protecting key facilities from cyber threats was introduced. In 2017, Federal Law No. 187-FZ 'On the Security of Critical Information Infrastructure' established the foundation of today’s system.

Experts have repeatedly noted that Russian standards lag behind the pace of technological development. For example, in radioelectronics and industrial software, there has been a shortage of modern regulations. Many companies continued to rely on foreign standards, jeopardizing the resilience and independence of the entire sector.

Rosatom, as a high-tech leader, has become a key driver of the renewal process. The company already has extensive experience creating standards in nuclear energy, and now this expertise is being extended to CII.

Future Prospects

Over the next 5–7 years, global investment in CII protection is expected to nearly double. By modernizing its regulatory base, Russia has the opportunity to secure strong positions in the market and promote its solutions in Eurasia and BRICS countries.

By 2030, entire ecosystems of domestic products are expected to emerge: from specialized processors and operating systems to integrated software platforms for managing critical facilities.

The large-scale regulatory overhaul initiated by Rosatom is a systemic step in strengthening Russia’s digital sovereignty. It will reduce technological dependence on foreign players, enhance protection of key sectors of the economy, and stimulate the growth of domestic electronics and software industries.

For the industry, 2025 will be a 'bifurcation point.' The success of the new regulatory framework will determine not only the security of CII but also Russia’s competitiveness in the global technology arena.