Russian IT companies could lose their government accreditation and the right to have their apps pre-installed on devices if their services remain accessible via VPNs, according to a Ministry of Digital Development proposal. The Federal Security Service (FSB) will have the authority to identify violations and recommend companies’ removal from the accredited registry.
New rules restrict VPN access for accredited IT firms
The Ministry of Digital Development currently maintains a registry of around 20,000 IT companies. Accreditation on this list grants firms substantial perks: a reduced profit tax rate of 5% instead of the standard 25%, exemption from VAT, lower insurance contributions, access to IT-focused mortgages, and even military draft deferrals for employees.
A draft government resolution shared with Kommersant outlines that companies will lose the right to have their applications pre-installed on smartphones, computers, and smart TVs sold in Russia if their services remain accessible when users have active VPN connections. This restriction takes effect as soon as the regulation is officially published.
Additionally, the FSB will gain the authority to submit proposals to the Ministry of Digital Development calling for the revocation of accreditation if digital platform operators violate information security requirements-primarily interpreted here as allowing access through VPNs. Requests for comment have been sent to both the FSB and the Ministry.
Impact on app pre-installation and developer protections
In August 2025, the Russian government finalized the list of mandatory pre-installed applications on devices sold within the country. This includes RuStore (a domestic app store), the government services platform Gosuslugi, Yandex’s services-including its browser-VK apps, the Max messenger, and various telecom operator applications.
Major players like MTS, VimpelCom, and Yandex did not respond to inquiries, while MegaFon, T2, and VK declined to comment on the new regulatory initiatives.
Technical challenges in detecting and blocking VPN traffic
Spotting VPN traffic isn’t straightforward but is technically feasible. Cybersecurity experts explain that identifying installed VPN apps on devices, recognizing non-standard protocols, and detecting traffic modifications are common methods. Alexey Lukatsky, an information security consultant at Positive Technologies, adds that large content distributors can infer VPN usage through indirect clues such as time zones, interface language, browser settings, and traffic timing.
However, implementing such detection will be costly. An industry source notes that platforms will need to invest in expensive infrastructure and dedicate resources to continuous configuration and maintenance. Lukatsky points out that companies’ willingness to comply hinges on the full scope of sanctions. For instance, removing an app from pre-install lists might hardly affect Apple users, who typically don’t get these Russian apps by default.
Russian authorities intensify crackdown on VPN usage
This crackdown on VPN aligns with broader government efforts to limit encrypted and anonymous browsing tools. Roskomnadzor, Russia’s communications watchdog, restricted over 400 VPN services by mid-January 2026, a 70% increase compared to fall 2025. In October 2025, about 258 VPN providers were blocked, already 31% more than earlier periods.
In late March 2026, plans surfaced to boost traffic-filtering capacity of Russia’s monitoring infrastructure to 954 Tbps by 2030, backed by an additional federal budget allocation of 14.9 billion rubles. This massive boost aims to analyze all Russian internet traffic with headroom for natural growth.
Officials emphasize that these measures seek to reduce VPN use without imposing direct legal penalties on citizens. On March 30, Ministry of Digital Development head Maksut Shadaev stated the ministry opposes administrative fines for using VPNs but intends to lower their prevalence within Russia.
Russia’s approach contrasts with many Western countries where VPNs are generally unregulated or seen as privacy tools. Western tech giants like Apple and Google do not pre-install government-mandated apps nor restrict VPN use to retain app installation rights, highlighting Russia’s stricter, securitized digital environment.
With these tightening regulations, the Russian IT sector faces a choice: comply with heavy surveillance demands and risk losing international competitiveness, or adapt to an increasingly closed internet landscape. How companies balance user privacy, security compliance, and market access will be an essential storyline to watch in the coming years.