The Ministry of Digital Development is preparing a bill on the definition of CII

The Ministry of Digital Development of the Russian Federation is developing a bill that will allow the government to determine the objects of critical information infrastructure (CII) and set the timing for their transition to domestic solutions. The bill has already been approved and will soon be submitted to the State Duma. About this “Vedomosti” reported sources in the government and IT companies.

Today, CII subjects include state bodies and organizations from the fields of healthcare, science, transport, communications, energy, banking, as well as the fuel and energy complex, which own critical infrastructure facilities.

As explained to the publication, at present, subjects can independently determine the significance of objects and not classify them as CII.

Further, the list of objects must be coordinated with the state body or the Russian legal entity that performs the functions of developing state policy and (or) legal regulation in the established area in terms of CII subjects under their jurisdiction.

The publication’s experts explained that there are strict technical and organizational requirements for information security for significant CII objects, so some information system operators deliberately underestimate the significance category of their objects. As noted, the lower the category of significance, the easier the requirements of regulators.

In March 2022, Russian President Vladimir Putin banned the use foreign software at KII facilities from January 1, 2025.