The Ministry of Digital Development updated the requirements for communication network owners to work with SORM – the system for technical support of operational-investigative activities. The new order clarifies what data must be available for search and transfer to authorized bodies, as well as through which technical interfaces the exchange should take place.
The list includes information allowing the identification of subscribers, organizations, and related digital objects: passport and address data, TIN, bank details, IP addresses, domains, logins, geocoordinates, and other organizational information. Technical exchange mechanisms – GraphQL, WebSocket, and HTTP – are separately specified.
SORM was originally created to control connections in communication networks, but after the "Yarovaya Law," the requirements expanded to include storage of traffic, metadata, and related information. Since July 2018, all communication operators are obliged to install such equipment. The Ministry of Digital Development explains the update by security tasks and the conduct of operational-investigative activities.
For the market, the new rules may mean infrastructure modernization. Rostelecom stated that the company's equipment generally meets modern requirements, but after clarifying the new task, further development may be needed. Experts believe that the state is closing technological gaps that have arisen due to the increasing complexity of the internet, the growth of encryption, and the expansion of the circle of organizations obliged to connect to SORM.
The main problem is cost. The minimum software and hardware complex for SORM, according to market participants, costs from 5 million rubles, which may be unaffordable for small operators. Therefore, the demand for "outsourcing" may increase – a model where companies transfer data through already deployed solutions of other infrastructure owners. However, such an architecture does not imply access of the equipment owner to the transmitted data itself.