en.Wedoany.com Reported - The Russian Ministry of Digital Development has submitted for public discussion a draft resolution on the rules for using cloud services in government information systems, requiring that all equipment and data be located within Russia and that cloud service providers be limited to Russian legal entities controlled by the Russian Federation or its citizens. The resolution is planned to take effect on September 1, 2026.

The Ministry of Digital Development, Communications and Mass Media of the Russian Federation (Минцифры) published this draft government resolution on the regulation.gov.ru portal, titled "On Approving the Rules for Ensuring Electronic Services Used in the Creation and Operation of State Information Systems and Other Information Systems of State Bodies." The document was developed to implement a federal law that takes effect on September 1, 2026, and the resolution itself will come into force on the same day.

The draft stipulates that providers of cloud services to the state can only be Russian legal entities controlled by the Russian Federation, its citizens, or residents. These providers must not be in liquidation, must not be listed as extremists or terrorists, and must not have foreign agent status.

The draft sets several key requirements for cloud services used by government clients. Regarding localization, all technical equipment, programs, and databases must be located within Russia. For security and monitoring, providers are required to immediately notify clients of any failures, incidents, computer attacks, or attempts at unauthorized access to information. In terms of reliability and backup, contracts with providers must specify reliability requirements for engineering systems and equipment, as well as data backup requirements. The draft is currently undergoing public discussion and an independent anti-corruption review.

Alexey Postrigailo, Senior Partner at IT integrator Ensign (Энсайн), stated that clients currently cannot identify truly dangerous situations. He noted the need to establish a clear process defining the speed at which providers report serious incidents, the responsible parties, and the information clients can obtain in initial reports.

Regarding timing and costs, Alexey Postrigailo pointed out that by September 1, 2026, companies that already have Russian infrastructure, backups, and mature operational capabilities will be able to prepare. He believes the most costly aspect is not formal localization itself, but the ability to ensure stable service operation and recovery after failures, which cannot be achieved through a single contract amendment.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com