Russia’s communications watchdog, Roskomnadzor, has fined 85 internet service providers for failing to report their subscribers’ IP address changes as required. Penalties reach up to 500,000 rubles (~$6,000) for a first offense and can double for repeat violations.
- As of May 21, 2025, 85 companies have been fined; in March, 1,359 operators received similar data reporting demands from Roskomnadzor.
- Operators must notify authorities of any subscriber IP change within 24 hours, or within one hour in certain high-risk scenarios.
- Reported data includes municipal area ties, traffic exchange point identifiers, and session details such as IPv4 and IPv6 addresses, timestamps, and operation types.
Roskomnadzor’s IP address reporting requirements
These rules aim to combat DDoS attacks, fraud, and threats to Russia’s internet segment. Providers must maintain a constantly updated database tracking subscriber IP changes in near real time, reporting detailed session-level data to authorities.
Experts interviewed by Izvestia highlight privacy concerns. Many paid VPNs use dual-stack configurations combining IPv4 and IPv6 to circumvent blocks. Collecting comprehensive logs of IP and location changes could allow authorities to detect malicious traffic and reveal whether users employ VPNs or other circumvention tools.
Impact on ISPs and subscribers
Compliance entails real costs for providers: new hardware, automation upgrades, increased server capacity, and expanded staff. Some operators are already considering hiring more employees. Experts warn smaller regional ISPs may pass these expenses on to customers through higher fees, affecting budgets of providers unprepared for such demands.
Another concern is data leakage. IP addresses are dynamically reassigned and not fixed geographically-for example, an IP used in one city today might be reassigned elsewhere tomorrow. The accumulated database of address changes and locations itself becomes a sensitive trove. If leaked, it could expose ordinary users-not just providers-to privacy violations.
Russia’s internet regulation is tightening amid ongoing state efforts to enforce online sovereignty and clamp down on circumvention tools. While Western regulators generally focus on user data privacy and net neutrality, Russian authorities prioritize granular traffic monitoring and control.
Compared to approaches by Apple, Google, or European ISPs, this level of enforced real-time IP tracking plus detailed session data is unusually strict. This represents a significant shift toward pervasive state surveillance of internet activity under the guise of security.
Going forward, it’s important to monitor how providers balance regulatory compliance with privacy protections-especially as surveillance tools become more sophisticated and intrusive. The key question remains: how many subscribers will absorb higher costs and deeper data collection before pushback grows?