The Executive Order is designed to enhance the stability and security of Russian information resources.
The President instructed heads of federal and regional executive bodies, state foundations, state corporations (companies) and other organisations established in accordance with federal laws, as well as strategic and backbone enterprises and organisations and legal entities, which form the core of Russia’s critical cyber structure, to entrust the deputy head of the body (organisation) with the authority to ensure cybersecurity, including detecting, preventing and relieving the consequences of cyberattacks, as well as responding to cyber incidents and creating structural units to ensure cybersecurity.
The Executive Order determines which organisations may be involved in ensuring cybersecurity, as well as detecting, preventing and relieving the consequences of cyberattacks. In addition, it envisages appropriate rights for Federal Security Service bodies’ officials, as well as immediate implementation of organisational or technical measures. Decisions on which measures are needed are to be made by the Federal Security Service and the Federal Service for Technical and Export Control.
A list of instructions has also been issued to the Russian Government and the Federal Security Service.
The Executive Order also states that starting from January 1, 2025, government bodies (organisations) are prohibited to use cybersecurity products that originated in foreign states that commit unfriendly actions against the Russian Federation, Russian legal entities and individuals, or were produced by organisations under the jurisdiction of such foreign states, are controlled by them directly or indirectly, or are affiliated with them.