Russia's Ministry of Digital Development has introduced amendments to the "Anti-Fraud 2.0" legislative package that would require all hosting providers to restrict access to their services for users detected as using VPN. The amendments were introduced during the second reading of the bill — a move observers say signals the decisions are final, with Duma passage expected soon.
Under the proposed rules, hosting companies must cross-reference a violator list maintained by Roskomnadzor and verify that their clients comply with its directives. Providers that fail to restrict VPN-using clients could face regulatory consequences, including loss of operating licenses.
However, the law's own text acknowledges serious ambiguities. It is unclear how hosting providers should identify which users are using VPN, and what specific actions to take. Filtering all traffic from VPS, VDS, and co-location services appears technically impractical — virtually every business user or developer relies on these services for legitimate purposes.
The nature of the "violator lists" is similarly vague — they likely consist of VPN IP addresses detected by Roskomnadzor. The mechanism for verifying client compliance is also undefined: it may involve detecting Russian traffic being tunneled abroad and demanding written explanations from clients in such cases.
The Ministry declined to comment, citing the preliminary nature of the text. But industry experts warn that if passed, these amendments would eliminate the ability to route traffic from Russian infrastructure to foreign VPN servers and prevent VPN use to circumvent any provider-level restrictions. All services relying on VPN with substantial traffic volumes would face disruption.
Why this matters for VPN users: This law targets the infrastructure layer — hosting providers — not end users directly. It represents an escalation in Russia's effort to control internet access at every technical level. As the legal environment tightens, ASMO VPN's ability to continuously adapt its protocols and server infrastructure to bypass new restrictions becomes increasingly critical for users who need reliable access.