Starting July 7, Russia banned domestic websites and apps from allowing new user registrations or logins through foreign authentication services like Google and Apple ID. The new rule targets site owners, not users. Companies caught integrating new accounts via these overseas logins risk fines up to 700,000 rubles (~$9,000), with repeat offenses doubling the penalty to 1.4 million rubles.

The regulation requires Russian platforms to use approved authentication methods for new accounts. Acceptable options include Russian phone numbers, the state portal Gosuslugi, the Unified Biometric System, or other information systems owned by Russian citizens or legal entities. This means familiar ”Sign in with Google” or ”Continue with Apple” buttons must disappear for new users, turning once-convenient features into legal liabilities.

Existing users won’t be affected. Accounts previously created through Gmail, Apple ID, or other foreign login methods can continue to be used normally. The State Duma clarified that companies are not required to migrate old accounts to new Russian IDs or ask users to re-register.

Fines vary by offender:

  • Individuals: 10,000 to 20,000 rubles
  • Officials: 30,000 to 50,000 rubles
  • Companies: 500,000 to 700,000 rubles for first violations, up to 1.4 million rubles for repeat breaches

This move disrupts industries where using Google, Apple, and other global accounts for login has become standard across e-commerce, delivery services, media, and apps. These services simplified sign-in processes by reducing password fatigue and registration drop-offs. Now companies must overhaul onboarding flows to rely on Russian ID systems or strengthen phone number and proprietary password authentication.

The crackdown fits a broader push by Russian regulators to bring digital infrastructure under national control. Past measures mandated local storage of personal data and encouraged domestic identification platforms. Now the focus extends to the very first interaction users have with services: the login process.

In the coming months, it will become clear how quickly major platforms remove foreign login buttons from apps and websites. For large services, this likely means interface tweaks and backend changes. Smaller sites may face bigger challenges, forced to replace tried-and-true authorization modules built around Google and Apple sign-ins developed over years.

Leave a comment

Your email address will not be published. Required fields are marked *