Roskomnadzor (Russia’s federal communications regulator, hereafter RKN) has fined 85 ISPs for failing to supply information about their subscribers’ IP addresses, the newspaper Izvestia reported on May 26 (the outlet is indirectly controlled by the Russian authorities). The agency requested data from 1,359 telecom operators in order to “counter threats to the security of the Russian segment of the internet.” RKN itself told Vedomosti that it does not collect IP addresses of specific individuals.

RKN’s demand has a legal basis. The law “On Communications” requires telecom operators to report changes to specific users’ IP addresses within 1 hour upon the agency’s request, or within 24 hours if no specifics are provided. RKN also requires reporting IP addresses along with geolocation data.

What’s happening?

A source in the telecom industry, cited by Izvestia, believes that IP address data makes it easier for Roskomnadzor to detect whether a user has a functioning VPN. Timely reporting, according to the source, requires hiring additional staff and increased financial investment.

According to industry research, between 25% and nearly 60% of IP addresses regularly change key parameters, making them unstable identifiers at any given moment. For a large ISP, such changes can run into the hundreds of thousands per day. The fine for failing to provide information can be up to 500,000 RUB (about 6,000 EUR or 7,000 USD) for the first offense and up to 1,000,000 RUB (about 12,000 EUR or 14,000 USD) for repeated violations.

RKN told Vedomosti (also indirectly controlled by the Russian authorities) that the information published by Izvestia was not entirely accurate. Representatives of the agency stated that:

• RKN does not receive information linking specific IPs to particular users.
• However, telecom operators do transmit data on IP addresses assigned to equipment used on their networks.

Timeline of events

On May 26, 2026, Izvestia published an article by Valery Kodachigov titled “Russia Tightens Control Over User IP Addresses.” According to the piece, as of May 21, RKN had fined 85 telecom companies for failing to comply with the requirement to transmit information about IP addresses of subscribers’ equipment.

By that same evening, the story had been picked up by virtually every major outlet — from Kommersant, Vedomosti, and Fontanka to Meduza, The Moscow Times, and Novaya Gazeta. At the same time, RKN issued a denial, insisting that “the agency does not collect IP addresses of telecom subscribers,” on the grounds that the data in question concerns technical IP addresses of equipment, not personal data. The caveat is that the distinction between an “equipment address” and a “subscriber address” is, in most cases, purely formal: the dynamic IP assigned to a subscriber is, in fact, the IP of the equipment used by that subscriber.

The wave of fines didn’t start recently. As early as April 17, 2026, the industry publication Kabelshchik (a trade outlet covering Russia’s cable and telecom sector) reported that RKN was issuing violation notices en masse for non-compliance with Order No. 51. According to the law firm STI Resheniye, notices were going out to ISPs in virtually every region of the country. In St. Petersburg and the Leningrad Oblast alone, around 70 operators were informally reported to be in violation.

“Many providers had not been submitting this data because they assumed only the owners of autonomous systems (AS) and IP address blocks were required to do so. RKN’s clarification — that reporting is required for any operator actually using IP addresses — only came recently.”

— Law firm STI Resheniye, cited by Kabelshchik

In other words, the mass issuance of violation notices has been underway since spring 2026. The May Izvestia article marks the first time RKN itself publicly disclosed the total number of fines, and the first time the agency attempted to publicly articulate its position.

The mechanics: regulatory framework

To understand what is actually happening, it helps to trace the chain from law to individual fine. The chain is fairly transparent, though for most non-lawyers it remains a black box.

The base law

Federal Law No. 126-FZ of July 7, 2003 “On Communications,” Article 46 (Obligations of Telecom Operators). In August 2024, clause 5.2-1 was added by Federal Law No. 216-FZ of August 8, 2024. This clause requires operators to “provide [RKN] with information enabling the identification of communications equipment and user terminal equipment on the internet.”

The law itself sets no formats or deadlines. It delegates those to a subordinate RKN order.

The key order — No. 51

RKN Order No. 51 of February 28, 2025 (Ministry of Justice registration No. 81700; full title: “On Approving the Procedure, Timelines, Composition, and Format for Telecom Operators to Submit Information Enabling the Identification of Communications Equipment and User Terminal Equipment on the Internet”). It entered into force on April 12, 2025.

This is the specific document behind the Izvestia story and RKN’s 85 fines. It requires ISPs to:

• transmit to RKN the IPv4 and IPv6 addresses they assign to their own equipment and to user equipment;
• specify the geographic location where those addresses are in use, down to the municipal level;
• transmit identifiers of TSPU (Technical Means for Countering Threats — the deep packet inspection hardware through which all Russian internet traffic passes);
• for dual-stack connections (IPv4 + IPv6): submit a structured record containing both addresses, the operation type, a timestamp, session duration, and the TSPU unit number.

The deadlines are strict: all changes must be reported within one business day. Moreover, if RKN sends a query about any particular address, the response window drops to one hour. Existing ISPs were given a six-month grace period from the order’s entry into force (i.e., until October 2025); new companies have 15 business days from the start of service.

A companion order — RKN Order No. 50 of February 28, 2025 (Ministry of Justice No. 81706) — covers the technical oversight mechanisms for ISPs’ compliance with telecommunications and information laws. It operates alongside Order No. 51, but the enforcement logic rests squarely on No. 51.

The punitive provision: article 19.7.10 of the Administrative Offenses Code

All 85 fines were issued under Part 6 of Article 19.7.10 of the Russian Code of Administrative Offenses (CAO): “Failure by a telecom operator to submit information enabling the identification of communications equipment and user terminal equipment on the internet.”

Fines under this provision:

Category	First offense (Part 6)	Repeat offense (Part 7)
Official (natural person in a managerial role)	15,000–30,000 RUB (about $200–$400)	30,000–50,000 RUB (about $400–$665)
Individual entrepreneur	30,000–50,000 RUB (about $400–$665)	60,000–100,000 RUB (about $800–$1,330)
Legal entity	300,000–500,000 RUB (about $3,990–$6,650)	600,000–1,000,000 RUB (about $7,980–$13,300)

Additionally, according to Yaroslav Shitsle of the law firm Rustam Kurmaev and Partners, failure to provide IP addresses may also be classified as a license condition violation under Part 3 of Article 14.1 of the CAO, carrying a fine of up to 40,000 rubles (about $530) for legal entities. This allows authorities to stack offenses and increase the total penalty.

Finally, there is a broader regulatory backdrop: Government Decree No. 1667 of October 27, 2025, “On Approving the Rules for Centralized Management of the Public Communications Network,” which entered into force on March 1, 2026. It defines who manages the Runet “centrally” and under what circumstances — and effectively explains why the regulator needs real-time IP address data in the first place.

How it works in practice

The sequence of events unfolds as follows:

1. RKN sends an operator a notification under Order No. 51. In March 2026, 1,359 companies received such a notification.
2. The operator must either connect to RKN’s administrative portal and begin transmitting data through secure channels (using GOST-standard cryptography), or submit a formal written objection.
3. If no response arrives within the applicable deadline (one hour to one business day, depending on the request type), the regional RKN office draws up a violation notice under Part 6 of Article 19.7.10 of the CAO.
4. The case is referred to a magistrate’s court (for fines up to 500,000 rubles / about $6,650) or to a commercial court (when a legal entity challenges the ruling).
5. The court issues the fine; for a repeat offense, the fine can reach 1,000,000 rubles (about $13,300).

Additional context

This is one more step in building Russia’s “sovereign internet.” Through this mechanism, the state is extending its control over five layers of infrastructure:

• Backbone networks — have been under TSPU coverage for years.
• Major players (the “Big Five”): MTS, MegaFon, VimpelCom (Beeline), T2, and Rostelecom — integrated with RKN since 2019.
• Hosting providers — fall under the “Anti-Fraud 2.0” bill, which, as Teplitsa (a Russian NGO supporting civil society technology) has reported, transforms them from “technical intermediaries” into “controllers.”
• Small and mid-size ISPs — the current target of Order No. 51.
• VPN services — the end goal, which the regulator is working toward via a “92% blocking effectiveness” KPI found by journalists in GRFC (Main Radio Frequency Center, the state entity managing Russia’s internet control infrastructure) subsidy documents.

In other words, the fines are a compliance instrument. RKN’s primary objective is to get all 1,359 operators connected to the system and transmitting data. The money is secondary.

The financial burden on ISPs is severe. One telecom company told Izvestia that complying with Order No. 51 would require roughly 20 additional staff — not counting the cost of an automated data transmission system. For a large company, this is a budget line item. For a regional ISP with 5,000–10,000 subscribers, it could be a death sentence.

“A large federal operator may see hundreds of thousands of such events [IP address changes] per day. The technical requirements are achievable, but the operational and financial burden — especially for small and mid-size providers — is substantial.”

— Oleg Yablokov, wireless communications expert at NTI (National Technology Initiative), cited by Izvestia

RKN officially denies any “surveillance.” In its May 26 denial, the agency stated: “Data linking specific users to that equipment or to those IP addresses is not transmitted to the agency.” This contradicts common sense: a dynamic IP address, at the moment of a session, unambiguously identifies a specific subscriber. With RKN holding data on which TSPU unit a user’s traffic passed through, plus the municipal-level location of the address, de-anonymization becomes a matter of a few SQL queries. An Izvestia source explicitly states that this data makes it possible to detect whether a subscriber is using a VPN — and to block that VPN service in near real time.

The major ISPs’ side. According to SVTV.org, companies complained that the requirements force them to purchase expensive equipment, hire “at least 20 people,” and operate under a constant threat of fines. Some also raised the concern that the requirements may violate the constitutional right to privacy of communications under Article 23 of the Russian Constitution. MTS proposed splitting the requirements for mobile and fixed-line operators: a mobile subscriber’s IP changes every time they switch base stations, and the formal “report within one hour” requirement translates to millions of messages per day.

Who exactly was fined? The list of all 85 ISPs is not available. RKN disclosed only aggregate figures; Izvestia did the same. There have been individual cases in magistrate’s courts across the country, and rulings have been published in a scattered, decentralized way. What is publicly known about major companies:

• Rostelecom told SecurityLab it was “aware of the regulator’s notification and has already made the necessary network adjustments.” It has not received any fines.
• MTS, MegaFon, VimpelCom, T2 publicly objected to the requirements but do not appear on the list of fined operators.
• LLC Tinko (St. Petersburg) was fined 250,000 rubles (about $3,325) by a magistrate’s court but under a different provision (violation of traffic routing rules through TSPU, March 2026). This is a related case, not the IP address offense specifically.

Between October 2025 and March 2026, regional RKN offices also drew up violation notices against 28 more operators for TSPU traffic routing violations (not IP addresses) — a total of 4,000,000 rubles (about $53,200) across 15 fines, with 5 warnings and 8 cases still pending. It’s a different offense, but the same regulator and the same logic.

Status of legal challenges. As of May 27, 2026, no published commercial court ruling on Part 6 of Article 19.7.10 of the CAO for failure to transmit IP addresses has appeared in public sources. The reason is straightforward: the provision is new (introduced by Federal Law No. 216-FZ of August 8, 2024), Order No. 51 has only been in force since April 12, 2025, mass enforcement only began in 2026, and case law simply hasn’t had time to develop. There are no publicly available “winning” rulings yet.

Mitigation of the consequences

This section is directed at ISPs and those tracking Runet regulation. For ordinary users, there is no direct tool for resistance here. On the other side, understanding what is happening matters: your online privacy now depends partially whether your ISP complies with RKN’s requirements before getting fined, and whether it then raises its rates as a result.

For ISPs

Do not ignore RKN notifications. If one arrives, you should respond. A formal written objection is safer than silence (the lack of response will automatically cause a violation notice).

Check your formal classification. Early in 2026, some ISPs believed Order No. 51 did not apply to them — specifically, those without their own autonomous systems (AS) who lease address space from upstream providers. RKN’s clarifications have closed that loophole, but in individual cases there may still be grounds to argue that the obligation does not apply to a specific ISP. This requires a lawyer specializing in telecommunications law.

Document technical impossibility. If the “report within one hour” requirement cannot be met without equipment the ISP doesn’t have, that is an argument for penalty mitigation under Article 4.2 of the CAO (mitigating circumstances). Legal advisors recommend documenting correspondence with equipment vendors, integration cost estimates, and staffing capacity.

Prepare for repeat inspections. Part 7 of Article 19.7.10 provides for fines of up to 1,000,000 rubles (about $13,300) for legal entities on a second violation within one year. The first fine is a signal to avoid any procedural missteps for the next twelve months.

Consider collective action. Industry associations can be used to lobby for corrections to Order No. 51 — roughly the approach taken in previous cycles with SORM (Russia’s lawful interception system) and the Yarovaya Law data retention requirements.

For individual users and NGOs

Don’t count on your ISP being under the radar. In 2024–2025, small providers operated in some sort of a gray zone. Their traffic didn’t always pass through TSPU as required, and IP addresses weren’t being transmitted to RKN. That window is closing fast. If your ISP is still in business, it will eventually transmit the data. The alternative is fines and, ultimately, license revocation.

Dynamic IP is no longer protective. It was once possible to assume that IP address churn blurred the link between a session and a subscriber. Under the new requirements, RKN receives enough data to identify a subscriber precisely.

Use obfuscated VPN protocols. If the regulator can see that subscriber with IP X connected to a VPN server at time Y, it can quickly move to block that server. The only real defense is making your traffic look like ordinary HTTPS: VLESS + REALITY, AmneziaWG, Trojan, obfs4. For more detail, see our analysis of the 92% KPI.

Self-hosted VPN on a foreign VPS is currently the most resilient option, though not 100% reliable. Avoid Russian hosting providers: they fall under Order No. 51 as telecom operators in their own right, and once Anti-Fraud 2.0 passes, they will be required to actively identify and disconnect VPN users.

Support independent media. Without journalism, none of this would have surfaced — RKN disclosed the figure of 85 operators only in response to journalist inquiries.

Practical advices for VPN developers

This section is for those building censorship circumvention tools — from large commercial VPN services to individuals running a server for family and friends.

Drop vulnerable protocols as defaults. Plain OpenVPN, L2TP/IPsec, and especially PPTP get cut by TSPU within seconds of connection — and GRFC’s 2026 KPI is to block 92% of VPN traffic. The baseline stack today: WireGuard in the AmneziaWG variant, V2Ray/Xray with VLESS + REALITY, Shadowsocks with HTTPS masquerading. Trojan and Hysteria 2 are viable speed-focused alternatives.

Blend into normal web traffic, not “something encrypted.” All critical endpoints should run on port 443, with valid TLS, a plausible SNI, and a real-looking website as a front behind the same IP. Bare IPs, non-standard ports, and one-to-one tunnels expose the service instantly even with perfect encryption.

Design for statistical analysis, not just signature-based DPI. TSPU doesn’t only do signature matching — it runs behavioral analytics: connection frequency, session duration, packet size distribution. A perfectly stable tunnel can be identified by its shape, not its content. Build in randomization of sizes, timings, and padding.

Distribute your infrastructure. Once RKN builds a map of IP addresses through Order No. 51, blocking an entire autonomous system becomes a realistic scenario. Spread servers across multiple independent providers (Hetzner, DigitalOcean, Vultr, smaller European VPS providers) in different countries, with automatic IP rotation. Avoid Russian hosts and their subsidiaries: once Anti-Fraud 2.0 passes, they will be required to identify and disconnect VPN users.

Build two modes — one for your grandmother, one for your admin. Most Russian users are not technical — they need a single “Connect” button with automatic fallback (VLESS+REALITY → AmneziaWG → Shadowsocks). Terms like “REALITY” or “uTLS” should not appear in the default UI. The advanced mode with manual protocol selection should not be the primary experience.

Test on real Russian networks, not just a lab. MTS, MegaFon, Beeline, T2, and Rostelecom each behave differently; regional ISPs vary even more. You need a distributed network of volunteer testers and active feedback collection to track which protocols are currently working.

Build your update delivery channel into the architecture from day one. If updates only go out through your website or an app store (Google Play and the App Store have both removed VPN apps at RKN’s request), blocking your service becomes trivial. Build in multiple independent channels: DoH, GitHub Pages mirrors, Tor onion addresses, IPFS, static fallback servers.

Think about your users’ privacy, not just their access. A server holding IP address logs and email addresses becomes a list of VPN users the moment it’s compromised. Minimum standard: no logs, payment options that don’t require identity, registration without email addresses. Full-disk encryption on the VPS and a canary warrant are table stakes in 2026.

Perspectives

The story is just beginning. Of the 1,359 notified ISPs, only 85 (about 6%) have been fined so far. The remaining 1,274 are either already compliant or haven’t been reached yet. At the pace set in Q1 2026, the number of fined ISPs could multiply several times over by year’s end — before even counting repeat violations with million-ruble fines.

Several related processes are running in parallel:

• Telecom licensing reform. The Ministry of Digital Development is discussing reducing 17 license types to three, setting minimum capital requirements of 5–100 million rubles, and banning individual entrepreneurs from holding licenses. Sources cited by iStories (Vazhnye Istorii, an independent Russian investigative outlet) estimate that the shake-out could cost tens of thousands of small ISP employees their jobs.
• Anti-Fraud 2.0. These amendments will require hosting providers to check for and block VPN-using clients.
• ASBI (Automated Security System of the Runet) coverage to 100%. The Ministry of Digital Development order mandating full traffic coverage by the end of 2026. The original target was 2030; the deadline has since been moved up.
• Surcharge for VPN use on mobile networks. According to Novaya Gazeta on May 26, authorities have postponed this measure until fall, after elections. The technical implementation has proven elusive — but this is a delay, not a cancellation.

The story of 85 operators is not about DDoS attacks. It is about the government completing the infrastructure for mass surveillance of citizens’ internet sessions — while shifting the operational and financial costs onto the operators themselves, and through them, onto subscribers.