Russia’s surveillance expansion isn’t really about telecoms anymore — it’s about building a parallel ‘SORM’ inside every major company in the country A recent Digital Development Ministry order, initially reported as expanding data collection for Russian telecom operators via the SORM system, actually clarifies technical procedures for data transmission to the FSB. While telecom operators already provide the flagged data, the order extends SORM-like requirements to a wider range of entities owning autonomous system numbers, including major IT companies, hosting providers, and corporations. The primary function of this new order is to establish the technical means for these organizations to comply with existing data collection mandates, rather than introducing new types of data to be collected.

• A new order from Russia’s Digital Development Ministry was reported as expanding the data telecom operators must transmit via SORM to law enforcement.
• However, telecom operators were already transmitting the specified data (passport details, INN, bank accounts, IP addresses, etc.) under a 2018 ministry order.
• The new order primarily targets a broader category of ‘operators of a proprietary communications network’ with their own autonomous system numbers (ASNs), including IT companies, hosting providers, and major corporations.
• This expansion aligns with Russia’s ‘sovereign internet’ law and subsequent amendments requiring companies to implement SORM-like systems for FSB access.
• The order’s main purpose is to provide technical specifications for the server software needed for these organizations to transmit required data to the FSB, rather than changing the list of data collected.
• Beyond telecoms, other entities like information dissemination organizers, hosting providers, and freight forwarding companies are now required or will soon be required to install similar data collection systems.
• The FSB has the power, as of April 2026, to demand copies of any databases from organizations, with an exception for databases already accessed through SORM.