Russia: Amended Presidential Decree on Cybersecurity Measures

On 13 June 2024, an amendment to the Presidential Decree No. 250 dated 1 May 2022 was officially published, introducing additional measures to enhance the information security of the Russian Federation. This amendment, under Decree No. 500, specifies new requirements for government agencies, state corporations, and entities of critical information infrastructure (CII) in terms of cyber incident response. It notably includes a prohibition on the use of cybersecurity protection systems and services from countries deemed unfriendly to Russia, effective from 1 January 2025. The amendment mandates the establishment of accredited centres for incident response in various departments and CII subjects, and extends the ban to include cybersecurity services, in addition to previously banned protection equipment.