According to the new bill submitted by the government to the State Duma on July 7, all state information systems (GIS) will be required to connect to GosSOPKA (State System for Detection, Prevention, and Elimination of Consequences of Computer Attacks) and promptly notify the FSB of any cyber incidents. This applies to federal, regional, municipal, and departmental IT systems.
The bill obliges government agencies not only to record incidents but also to submit the results of internal investigations to the FSB. However, experts note that agencies will need time to adapt: it is necessary to develop uniform reporting formats and establish automated data exchange.
Earlier, in March 2025, the FSB approved new requirements for data encryption in state information systems (Order No. 117). Now, SKZI (cryptographic information protection tools) must be used not only in GIS but also in the IT systems of state enterprises and institutions. The only exceptions are the systems of the highest authorities and systems containing state secrets.
On July 16, the State Duma IT Committee is to prepare a review of the bill. The Ministry of Digital Development clarified that the details of interaction with GosSOPKA will be determined by the FSB.