The State Duma has passed a new law that imposes stricter administrative penalties for violations in information protection. This legislation, identified as number 835235-8 and introduced by the government in February 2025, amends Article 13.12 of the Code of Administrative Offenses and is applicable to both individuals and organizations operating with information systems.
Key changes under this new law pertain to the utilization of non-state IT tools and databases that require mandatory certification. Previously, fines ranged from 1.5-2.5 thousand rubles for individuals, but have now been raised to 5-10 thousand rubles. For officials, fines have increased from 2.5-3 thousand to 10-50 thousand rubles, and for entities, the fine has risen from 20-25 thousand to 50-100 thousand rubles, with the potential confiscation of equipment.
More stringent sanctions apply if the violation involves the protection of information classified as a state secret. In such cases, penalties include fines of 10 to 20 thousand rubles for individuals (previously 1-2 thousand rubles), 20 to 50 thousand for officials (instead of the previous 3-4 thousand), and up to 100 thousand rubles for organizations (compared to 15-20 thousand previously).
Furthermore, fines for other breaches of information protection requirements not related to state secrets have also been raised. For individuals, fines can go up to 5-10 thousand rubles (previously 500-1 thousand), for officials up to 10-50 thousand rubles (instead of 1-2 thousand), and for entities up to 100 thousand rubles (previously a maximum of 30 thousand).
Proponents of the law argue that there has been a significant increase in violations under Article 13.12 of the Code of Administrative Offenses in the past five years. They believe that this demonstrates the necessity to enhance responsibility and tighten control in the realm of information security.