Russia Approves Fines for Sites Using Foreign Login Services
Russia’s State Duma has passed a law imposing administrative fines on website and mobile application owners that violate the country’s user-authorization rules, including by failing to provide approved domestic login methods for users in Russia. The measure enforces requirements already in force since 2023 and targets operators of online services rather than end users; people are not being fined for signing in with accounts such as Google, Apple ID, or Gmail. Under the rules, services aimed at users in Russia must offer authentication through a Russian mobile number, Gosuslugi (ESIA), the Unified Biometric System (EBS), or another Russian-owned information system, with penalties reported at up to 700,000 rubles for noncompliance.
The legislation also broadens liability in adjacent digital-regulation areas. It introduces penalties for violations involving recommendation technologies, including unlawful collection of user preference data and failure to disclose the use of recommendation algorithms, and it raises sanctions for telecom operators that breach obligations to cooperate with law enforcement during operational-search and security activities. Reports indicate the updated framework includes multimillion-ruble fines and turnover-based penalties for repeat offenses, expanding enforcement pressure across Russia’s online platform and telecom sectors.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Russia introduces mandatory domestic login options for users in Russia
The underlying authorization requirements took effect in 2023, requiring websites and applications serving users in Russia to offer login via a Russian mobile number, Gosuslugi (ESIA), the Unified Biometric System, or another Russian-owned information system.
State Duma passes bill fining sites and apps for login-rule violations
The Russian State Duma passed in the second and third readings a bill introducing administrative fines for website and application owners that violate existing user-authorization requirements on Russian internet resources. The measure also adds penalties tied to recommendation technologies and raises liability for telecom operators that violate cooperation rules with law enforcement.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Russian Regulatory Crackdown on Foreign Digital Platforms
Russia's telecommunications regulator, Roskomnadzor, has blocked access to the Roblox online gaming platform, citing the platform's alleged failure to prevent the distribution of LGBT-related content, extremist materials, and facilitation of violent or illegal activities. The regulator claims that Roblox's moderation team was unable to adequately restrict such content, leading to the decision to restrict access. This move follows a pattern of increasing regulatory actions against foreign digital services in Russia, including previous bans on messaging apps like Viber and Signal for similar reasons. In parallel, Roskomnadzor has issued warnings and imposed tighter restrictions on WhatsApp, threatening a potential total ban due to the platform's alleged non-compliance with new information-sharing requirements related to terrorism and fraud investigations. Russian authorities accuse WhatsApp of being used to organize and facilitate terrorist activities and other crimes, and are encouraging users to transition to government-backed alternatives such as the MAX messaging app. These actions reflect Russia's broader efforts to control digital communications and limit the influence of foreign technology platforms within its borders.
Apr 14, 2026
UK Regulators Fine Online Platforms for Failing to Implement Effective Age Assurance
UK regulators issued major penalties against online services for inadequate **age assurance** controls intended to protect children. The Information Commissioner’s Office (**ICO**) fined **Reddit £14.47 million** for unlawfully processing children’s data, alleging that despite a stated under-13 prohibition, Reddit did not introduce an age assurance mechanism until **July 2025** and had not completed a required **data protection impact assessment (DPIA)** before **January 2025**. The ICO said these failures potentially exposed minors to inappropriate content and left under-13 users’ personal data collected and used without a lawful basis; Reddit said it intends to appeal. Separately, communications regulator **Ofcom** fined porn operator **8579 LLC £1.35 million** under the UK **Online Safety Act** for failing to deploy “highly effective” age checks (e.g., photo ID matching or credit card checks) to prevent minors from accessing adult content. Ofcom also imposed an additional **£50,000** penalty for allegedly ignoring information requests and warned of an ongoing **£1,000/day** penalty until compliant age verification is implemented, amid broader concerns from civil liberties groups about the privacy and cybersecurity risks of stringent age-verification regimes.
Mar 21, 2026
Russia Blocks FaceTime and Snapchat Over Security Concerns
Russian authorities have implemented a network-level blockade on Apple's FaceTime and Snap's Snapchat platforms, citing their alleged use in coordinating terrorist attacks and facilitating criminal activities. The Russian telecommunications regulator, Roskomnadzor, stated that these services were being used to recruit perpetrators, commit fraud, and organize attacks, leading to their restriction within the country. The ban on Snapchat reportedly took effect on October 10, while the FaceTime block was announced more recently. This move is part of a broader crackdown by Russian regulators on foreign communication platforms, with previous bans on services like Viber and Signal for similar reasons. The actions reflect ongoing concerns from Russian authorities about the use of encrypted and foreign messaging platforms in activities deemed a threat to national security, and further restrictions on other platforms such as WhatsApp are reportedly under consideration.
Mar 21, 2026