On Jan. 28, the Kremlin announced that Russian President Vladimir Putin had ordered the government to write draft rules restricting foreign technology companies operating in Russia. These forthcoming mandates could include requiring that foreign firms open offices within Russian territory.
Setting up local shops in Russia might not prompt thoughts of internet control, but this move, if it happens, would fit exactly into the Kremlin’s internet control model. It’s a tactic that some authoritarian countries have already tried and others may follow, particularly in places where internet control strategies are much less technically focused than in China and instead focused more on melding offline and online control.
To understand these recent orders, we have to look back to some recent history. The year 2019 was a busy one for Russia’s internet: The Duma, the lower house of Russia’s federal assembly, introduced a bill in late 2018 to pursue a “domestic internet” in the country, which could be isolated from the rest of the world at will, and by early 2019 it was gaining momentum. Lawmakers contended that a disconnection test of the internet (vaguely defined) was on the calendar for April 1, though no such experiment happened that day. Putin signed the domestic internet bill into law on May 1, 2019, and it went into effect that November amid much discussion of subsequently planned Kremlin disconnection tests. (It’s not clear if those actually happened, either.) Reports began to surface in late 2019 that internet companies were hitting roadblocks in implementing steps required by the law.
But Moscow has been relatively quiet since 2020 about the domestic internet. The COVID-19 pandemic has captured the attention (though not the serious care) of the Kremlin and its relevant agencies, and contributed to authorities pushing back the in-effect date of already planned rules to limit the influence of foreign-made software in Russia. But the recent announcement—that Putin has ordered the government to develop draft rules for increasing control of foreign internet companies operating in Russia—makes clear the government remains focused on raising barriers for foreign tech companies.
So far, the Kremlin has not released much information about the contents of this order, besides the fact of its delivery. According to the Kremlin press release, the draft rules should impose requirements on foreign technology companies operating in the Russian segment of the Internet’s information and telecommunications network. That list should include forcing those firms to open representative offices in Russian territory. Putin gave the relevant government personnel until Aug. 1 to submit these proposals. At the same Dec. 10 meeting where officials discussed these mandates, they also raised, in a typically staged-and-later-publicized fashion, the “topic” of American technology companies and their “censorship” of Russian state-controlled media.
It’s possible more rules may be announced in the coming months. But the discussed requirement for foreign technology companies operating in Russia to stand up domestic offices is particularly significant.
Moscow isn’t the first authoritarian government to look into this kind of rule. A key provision of Vietnam’s 2019 cybersecurity law, for instance, is requiring offshore service providers to set up offices within the country. Written in a way that broadly implicates many different businesses and data-holders, the law—widely criticized as promulgating digital repression under the veil of cybersecurity and safety—has now clearly been used to suppress political speech the government deems undesirable and to elevate pressure on foreign internet companies operating within Vietnam.
Requiring foreign technology companies to set up offices within Russia’s borders would allow the Kremlin to expand the offline, traditional coercive mechanisms it uses to maintain online control to foreign internet companies operating in Russia. State internet control in Russia has never been about purely technical measures to monitor data flows and filter access to content. Instead, it has encompassed a range of online and offline measures that collectively shape norms of behavior and coercively target internet users who defy Putin’s regime—surveillance of internet posts is combined with detentions of the individuals running politically focused messaging channels, for example.
Similarly, if a foreign company has local offices in Russia, and local representatives of that company stationed within Russia’s geographic borders, the internet regulator’s orders to censor information or the security services’ demands to hand over data suddenly become far more real. Harassment by the federal security service (FSB), visits from local police units, and court-ordered punishments can have a much greater impact on data and content decisions the Kremlin wants to control if there are company people on the ground who will be affected. This is not to pretend as if foreign tech companies do not already bend to the Kremlin’s censorship will within Russia. Roskomnadzor, the internet and media regulator, has ordered foreign internet platforms to remove COVID-19 “fake news” throughout the pandemic, with notable degrees of compliance; similarly, YouTube and TikTok were complicit in removing Russian government-flagged content about the Alexei Navalny protests. Raising the costs of noncompliance, however, is always an attractive goal for the Kremlin. Forcing companies to have an office and personnel based in Russia is one way to do just that.
Neither Facebook nor Twitter currently have an office in Russia. Google closed its Russia office in 2014 after the Kremlin introduced new internet restrictions on data. Apple doesn’t even have a physical retail location in Russia, yet these and many other companies still have a business presence in the country: collecting data on citizens through online product sales or delivering their digital services to Russian citizens.
Whatever ends up happening with the draft rules, we know one thing: It will be a further example of Putin’s 2000 vision of a “dictatorship of law” extended to the internet domain, where online restrictions meet physical, offline coercion, and where the introduction of unilaterally passed rules and rubber-stamped laws only solidifies the state’s authoritarian efforts to control the web.