GIS Countering Information and Communication Technology Offenses

Cybercrime Countermeasures Platform

Main article: Security of critical information infrastructure of the Russian Federation

GIS countering offenses committed using information and communication technologies is abbreviated as a platform for countering cybercrime. It was built within the framework of the implementation of federal law No. 41-FZ "On the creation of a state information system for combating offenses committed using information and communication technologies^[1]."

The cybercrime countermeasures platform is Ministry of Digital Development being created within the framework of federal law No. 41-FZ. Within the framework of it, government agencies, banks, telecom operators and other commercial organizations will interact to combat cyber fraud. Now a pilot project is underway to implement it. A full-scale launch is planned by March 1, 2026.

Very similar in functionality is the National Anti-Fraud Platform, which is built and operated by the Main Radio Frequency Center under the control of Roskomnadzor. It was created as part of the implementation of Federal Law^[2] "and allows you to identify and block fraudulent calls made from replacement numbers.

History

2025

A draft of the second package of anti-fraud measures has been published. It includes compensation for losses to users from operators and banks

At the end of August, the Ministry of Digital Ministry of Digital Development introduced into the system of public discussion of regulatory acts a bill entitled "On Amendments to Certain Legislative Acts of the Russian Federation (in terms of countering offenses committed using ICT)"^[3] It became known to the public as the second package of measures to combat fraud. The first was the law No. 41-FZ adopted in the spring of 2025 "On the creation of GIS to counter offenses committed using ICT," which legalized the activities of the state information system to counter offenses committed using ICT.

The new bill is supposed to introduce into the legal field the activities of the information system of the national certification center (IS NTC) created in 2022. Also, for example, it provides for the creation of a central database of user equipment identifiers, such as IMEI. These information systems will be used to identify offences committed using ICT.

𝓲

Фото: Freepik

The bill on the legalization of the IS NTC (No. 244043-8^[4] "was initiated in 2022 after the owners of Russian sites had problems in obtaining TLS certificates from foreign registrars in connection with sanctions. It was assumed that the IS NTC should solve the problem by issuing a root certificate for Russian domain zones so as not to lose control over them. However, he was stuck in the State Duma at the first reading stage. At the same time, the NTC information system was created on the basis of the Voskhod Research Institute and has been successfully operating since the summer of 2022, ensuring the operation of the Runet root certificate, including for Russian departments and websites of companies included in the sanctions lists. However, there are still no legislative norms for its use.

In terms of legalizing the activities of the IS NTC, the new bill provides for a change in law No. 63-FZ "On Electronic Signature" until the prefix "and certification centers" is added to its name. It is planned to amend it, which legalize the use of the certificate of the national certification center. Moreover, it is assumed that the certificates issued by the IS NTC will be used not only to confirm the authenticity of the site address, but also for "an information system operator..., a developer of a program for electronic computers, a participant in electronic interaction in a corporate information system." That is, it seems that the IS NTC will issue certificates for interaction with various ISs, generating signatures to various programs and trusted authentication of participants in corporate communication systems.

The bill contains norms for the legalization of the IS NTC through the same law No. 63-FZ, and also introduces two additional articles into it. Thus, Art. 10.1 lists the duties of the operator of the information system, the owner of the site on the Internet, the developer ON and the participant of electronic interaction in the corporate IS, who received the NTC security certificate. And the new Art. 18.3 describes the regulatory requirements for the NTC safety certificate.

The second package of measures to protect against fraud introduces into law No. 126-FZ "On Communications" the requirement to create a central database of user equipment identifiers (IMEI), which is entrusted to the Ministry of Digital Development, and IMEI databases and other identifiers for each operator. If the device does not have an identifier from the database, then it should not receive access to telecommunication networks. And if communication is carried out using a device whose identifier is not in the database, then the operator must warn the user about this with a special marking.

The requirement to create a single IMEI base was put forward by the FSB of Russia in June 2022, but it concerned only mobile communications. The wording of the published bill expands the requirement to control the identifiers of user equipment for all devices, possibly MAC addresses, regardless of the technology of their connection to the Internet and the public communication network.

The bill provides for the creation, within the framework of the system of combating offenses committed using ICT, of a single register of subscriber numbers, in respect of which there are signs of use for illegal actions. Moreover, information from this register is sent to the money transfer operator, who can suspend the use of the client's card for the entire time while the specified number is in the corresponding register. These changes are already being made to Law No. 161-FZ "On the National Payment System."

The money transfer operator can be either payment systems or banks that are licensed accordingly. As a rule, the bank interacts with the client, and if he receives a warning from the system of combating offenses committed using ICT, and continued transfers that can be fraudulent, then he will have to compensate the damage caused to the client. A similar norm is introduced in Law No. 126-FZ: if the money is stolen from the personal account of the subscriber of the telecom operator and there was a warning from the system of countering offenses committed using ICT, then the operator will have to return the stolen funds.

Marking suspicious calls with a special indicator will allow people to immediately recognize and avoid them, and it will be easier for specialized systems to filter and block such calls, "said Alexey Shcherbakov, technical director of the Lukomorye IT ecosystem, to TAdviser. - The mechanism of compensation for damage is also of particular value in these amendments: operators and banks will be obliged to compensate for losses if they have not taken timely measures to prevent the incident.

The bill also makes changes to other legislation. Here's a list of them:

• Law No. 152-FZ "On Personal Data" - determination of the list of personal data, the possibility of obtaining and revoking consent to the processing of personal data through "Public services," the obligation of site owners to transfer information about received personal data to the ESIA with the possibility of revoking them;
• Law No. 149-FZ "On Information, Information Technologies and Information Protection" - authorization by e-mail only in Russian domains, the requirement for interaction of operators of information dissemination, social networks and the service of posting ads with the system of combating offenses committed using ICT;
• Law No. 161-FZ "On the National Payment System" - a restriction on the issuance of no more than 5 payment cards in one hand, and in total a citizen should have no more than 10 cards from all operators;
• Law No. 218-FZ "On State Registration of Real Estate" - the cooling period for the sale of real estate in 20 days;
• Law No. 572-FZ (On Biometric Identification) - restoration of access to the ESIA in case of compromise through the EBS or the national messenger;
• Law No. 41-FZ (On the system of combating offenses committed using ICT) - maintaining a single register of fraudulent subscriber numbers.

The text of the draft law of the Ministry of Finance with the second package of measures to counter telephone and Internet fraudsters, posted for public discussion, generally corresponds to the stated goals, complementing the existing set of legislative and technical anti-fraud procedures, - said for TAdviser Candidate of Economic Sciences Sergei Gataullin, Leading Researcher at TsEMI RAS. - Separately, it should be noted the creation on the "Public services" of a single database of consents to the processing of personal data; an extremely controversial initiative that makes it difficult for specialists to find threats and vulnerabilities in systems and networks by banning the dissemination of information about methods of conducting cyber attacks by analogy with extremist content.

If the bill is passed, it will be implemented from March 1, 2026, although some parts of it have different effective dates - from January 1, 2026 to March 1, 2028.

Digital twins, AI and mobile applications. Prime Minister Mikhail Mishustin approved the concept of countering cybercrime

On August 20, 2025, Prime Minister RFMikhail Mishustin approved an action plan for the implementation of the concept of a state system for combating crimes committed using information and communication technologies. The document provides for a set of measures to improve legislation, technical counteraction to attackers and increase digital literacy of the population.

In total, almost 40 different events are spelled out in the plan. Significant attention is paid to the prevention of offenses and crimes committed using Internet technologies. In particular, a depository of preventive materials will be created. Responsible for this work are identified, Ministry of Digital Development,, and a number of MINISTRY OF INTERNAL AFFAIRS Ministry of Economic Development Roskomnadzor Central Bank other departments, and the launch of the system is scheduled for the first half of 2026. In addition, a module for mandatory informing citizens about possible cybercrimes will be integrated into the main mobile applications used to interact with government agencies, as well as into banking and socially significant applications.

𝓲

Фото: Kremlin website

Another important area of ​ ​ work will be the creation of a single register of electronic links to official sites of popular online stores. This is expected to help increase the effectiveness of combating their electronic counterparts, which fraudsters use to steal personal information. It is also planned to develop an algorithm for identifying artificial intelligence technology when committing cybercrimes.

The Ministry of Finance, the Ministry of Culture, the Ministry of Finance, the Ministry of Education, the Ministry of Education, the Ministry of Internal Ministry of Digital Development and the Bank of Russia are ordered on an ongoing basis to carry out measures to increase the digital and financial literacy of citizens, their awareness of the methods of committing crimes and protection against them. We are talking, among other things, about the placement of appropriate social advertising in the media.

The work on the preparation of anti-fraud measures is supervised by the Deputy Prime Minister - Head of the Government Apparatus Dmitry Grigorenko. According to him, the authorities are systematically strengthening measures to protect citizens from fraudsters. In particular, a set of 30 priority measures has been adopted and is being implemented. In addition, the law on criminal liability for droppers came into force.

The approved plan is another step in creating an effective system to counter telephone and internet scammers. It synchronizes the work of all departments to achieve a common goal - the formation of a comfortable and safe digital environment, says Grigorenko.

It is also planned to work out the issue of establishing the obligation of telecom operators, Internet providers, organizers of the dissemination of information and other structures to notify law enforcement agencies about cases of identifying signs of crimes committed using digital technologies. Such work will be engaged in the Ministry of Internal Affairs, Ministry of Digital Development, FSB and Roskomnadzor in cooperation with the Prosecutor General's Office and the Investigative Committee. Based on the results of this project, the government in the third quarter of 2027 can determine the necessary changes to the current legislation.

In addition, the Ministry of Internal Affairs, the Ministry of Digital Industry, the Ministry of Digital Development of Economic Development, the FSB and Roskomnadzor, with the assistance of the Prosecutor General's Office, will submit proposals to increase responsibility for violation of legislation in the field of personal data. Among other things, it is proposed to increase the statute of limitations for bringing to administrative responsibility for such offenses. In parallel, prevention of the involvement of minors in cybercrime will be carried out.^[5][6]

Launch of GIS for interaction of government agencies, banks and telecom operators in order to combat cyber fraud

In Russia, from June 4, 2025, the implementation of a pilot project on the operational interaction of state bodies, banks and telecom operators to combat cyber fraud will begin. The platform for such interaction will be the created state information system for countering violations in the field of information technology. The corresponding order was signed by the Russian government on May 28, 2025.

According to the Russian government, the purpose of the pilot project is to create an effective mechanism for interaction between various state and non-state structures. The system should establish information exchange between participants to prevent crimes using information and communication technologies.

𝓲

Фото: Freepik

During the implementation of the pilot project, the work of the state information system will be tested. It is planned to define the categories of data necessary to effectively counter cybercrime. It is also necessary to develop unified formats for providing data on offenses and achieve automation of operational interaction.

As part of the pilot project, participants will develop preventive measures to combat fraudsters using digital communication channels. The system will allow you to quickly exchange information about suspicious transactions and block fraudulent schemes early in their implementation.

Nine departments will become participants in the pilot project on the part of the state. These include the Ministry of Finance, the Ministry of Internal Affairs, the FSB, Roskomnadzor, Rosfinmonitoring, FSTEK, the Bank of Russia, the Prosecutor General's Office and the Investigative Committee. Each department will provide information within its competence.

The largest Russian banks and telecom operators will also take part in the project. JSC "National Payment Card System" will join the interaction. Private companies will transmit data on suspicious transactions and telecommunications activity.^[7]

Signing by Russian President Vladimir Putin of the law on the creation of GIS

On April 1, 2025, Russian President Vladimir Putin signed a federal law on the creation of a state information system (GIS) to counter violations committed using information and communication technologies (ICT).

GIS will ensure the interaction of the Prosecutor General's Office of the Russian Federation, the Investigative Committee, the Bank of Russia, credit institutions, telecom operators, as well as federal executive bodies and other organizations for the prompt prevention, detection and suppression of offenses and crimes committed using ICT.

𝓲

Фото: Website of the Kremlin of the Russian Federation

The law prohibits state bodies, the Bank of Russia, credit institutions, telecom operators, owners of aggregators of information about goods (services), owners of social networks and owners of ad placement services to communicate with citizens and customers through foreign messengers. In addition, it is prohibited to make mass and (or) automatic telephone calls in public communication networks without obtaining the prior consent of the subscriber. The law provides for the mandatory labeling of all outgoing telephone calls from organizations. The operator is obliged to stop sending to the subscriber who sent the refusal to receive it.

Individuals are entitled to establish a ban on the conclusion of contracts for the provision of mobile communications services. At the same time, a ban is introduced on the transfer of a telephone number by a subscriber to third parties, with the exception of members of his family and (or) close relatives. The law prohibits the use by a microfinance organization of simplified identification of a client in order to conclude a consumer loan (loan) agreement. Citizens can instruct a trusted person to confirm money transfer operations and cash withdrawals at ATMs.^[8]

2024: Russian Prime Minister Mikhail Mishustin approved the creation of a state system to counter crimes committed using digital technologies

On December 30, 2024, Russian Prime Minister Mikhail Mishustin signed an order approving the concept of a state system for combating crimes committed using digital technologies. This document is aimed at strengthening the protection of citizens, society and the state from fraudsters using modern technologies for illegal actions.

According to the press service of the Russian government, the concept includes the creation of a single digital platform for the interaction of law enforcement agencies, the Central Bank, credit institutions and telecom operators. The purpose of the platform is to ensure the prompt exchange of information to identify participants and circumstances of crimes related to the use of information and communication technologies.

𝓲

Фото: Website of the Government of the Russian Federation

According to the text of the order, as part of the implementation of the concept, it is planned to develop regional and municipal programs for the prevention of crimes in the digital sphere. In addition, it is planned to introduce a mechanism for the operational suspension of transactions with funds that were used in criminal activities.

Particular attention is paid to improving criminal legislation. The concept provides for the clarification and expansion of definitions of crimes related to the use of digital technologies. It is also planned to conduct information campaigns aimed at improving the digital literacy of citizens, with an emphasis on protecting the elderly population from fraudulent actions.

Within six months, the Ministry of Internal Affairs of Russia, together with the General Prosecutor's Office, the Investigative Committee and the Bank of Russia, was instructed to develop an action plan for the implementation of the concept. The document should identify specific steps aimed at achieving the goals set.

Systemic measures to counter digital crime will help protect not only citizens, but also critical infrastructure, government agencies and businesses. The planned changes are aimed at creating a safe digital environment for all participants in the information society.^[9]

Notes