Online platforms in Russia will be required to store data on users’ conversations and correspondence for three years. This applies to information about the transmission, reception, delivery and processing of voice information, text messages, images, sounds and electronic data.

This requirement is enshrined in a package of anti-fraud amendments to the legislation proposed by the government and approved by the State Duma of the Russian Federation in the first reading, The Moscow Times reports . 

Amendments are being made to the Law “On Information” and provide for an increase in the period of storage of metadata from one year to three. It is expected that such measures will help in the fight against cybercrime, however, business representatives warn of possible negative consequences: an increase in the costs of IT companies and, as a result, an increase in the price of various digital services .

However, the explanatory note to the draft law does not provide a detailed justification for the need to increase the data retention period.

Other market sources note that storing large amounts of data will require expanding server capacity or renting cloud solutions. For large companies (such as social networks and messengers), this can cost millions of rubles annually, and for small platforms it can become an unbearable financial burden.

In addition, increasing the data retention period will require more serious investments in encryption systems, monitoring, and software updates, which may lead to monopolization of the sector by large players and higher prices for end users.

Also, the longer data is stored, the higher the likelihood of its leakage due to vulnerabilities in security systems: even if the content of the messages is not stored, the metadata itself (such as time of sending, geolocation, and contacts) is valuable and can be used by attackers.

The Russian Ministry of Digital Affairs, in turn, is confident that extending the data retention period from one to three years is necessary to increase user security and the effectiveness of criminal investigations, including fraud and other cybercrimes. The department also stated that it does not expect any increase in business costs due to the new requirements and does not predict any changes for end users .

It was previously reported that a digital platform will be created in Russia that will analyze citizens’ behavior on the Internet and create electronic dossiers on them under the pretext of combating fraud.

It was also reported that the Russian authorities are planning to create a service to process data on the location and movement of Russians, which they will receive from mobile operators.

It was previously reported that Russian state bodies and state-owned companies purchased video surveillance systems and photo recording equipment worth 130.1 billion rubles in 2024 , which is almost twice as much as in 2023.

At the end of last year, it was reported that Russian hosting providers would raise prices due to the installation of FSB surveillance systems.

It was previously reported that telecommunications operators in the Russian Federation will be required to transfer data about users who visit sites blocked in Russia.

Previously, it became known that the Russian authorities will be able to demand that businesses transfer depersonalized personal data of customers and employees for virtually any reason.

Author:  Halyna Yalivets Джерело: https://biz.censor.net/n3542577

(C)CENSOR.NET 2025