Russia’s internet regulator is escalating its long-running effort to bring privacy tools under tighter state control, setting up a new flashpoint for VPN services widely used by crypto traders, privacy advocates, and users seeking unrestricted access to the web. According to the report, Roskomnadzor has demanded that major VPN providers connect to the Federal State Information System, or FSIS, a government-run register of blocked websites, so authorities can ensure these services do not help users bypass official restrictions.
The move is part of a broader campaign to expand oversight of the Russian internet. While officials frame the policy as a legal compliance measure, critics argue it deepens online censorship and increases the operational risk for global internet companies serving Russian users. The clash is especially relevant to the crypto community, where VPNs are often used to protect privacy, access exchanges, and navigate restrictions on information and services.
Most VPN Providers Rejected the Requirement
Roskomnadzor initially sent notices to 10 VPN providers: Tor Guard, Vypr VPN, Open VPN, Nord VPN, VPN Unlimited, IP Vanish, Hide My Ass!, Hola VPN, Express VPN, and Kaspersky Secure Connection. The regulator wanted them to connect to the FSIS, which stores information on websites that Russian authorities have blacklisted and restricted. In practical terms, compliance would mean helping enforce state censorship rules by preventing subscribers from reaching banned resources.
According to the report, seven companies refused to cooperate, while two others did not respond. In addition, six more VPN platforms that had not formally received notices also indicated that they would not connect to the system. Publicly, only Kaspersky agreed to comply.
Roskomnadzor chief Alexander Zharov said that nine VPN platforms could be blocked within a month for failing to comply with Russian law prohibiting services that facilitate the circumvention of government restrictions. Sarkis Darbinyan, lead legal expert at Roskomsvoboda, a Russian NGO focused on internet freedom, said the regulator appeared to have compiled a second list of VPN services and asked them to filter traffic as well.
Some Companies Moved Infrastructure Abroad or Left the Market
The report says four companies had already moved their servers out of Russia, highlighting how regulatory pressure is reshaping the market. Another provider, Avast Secureline VPN, reportedly announced that it was withdrawing from the country. The company’s reasoning was straightforward: compliance with Roskomnadzor’s requirements would conflict with its own principles and with the broader idea of internet freedom. Since it would no longer be able to provide meaningful benefit to Russian users under those conditions, Avast informed customers that future subscription renewals would not be available.
This is a notable development because it shows that the dispute is no longer only about legal paperwork or technical filters. It is also affecting where companies host infrastructure, how they assess market risk, and whether they remain active in Russia at all. For users, especially those who depend on privacy tools for secure communications or access to global financial services, the result could be fewer reliable options.
The Broader Fight Over the Runet
The VPN standoff sits within a wider battle over the future of the Russian internet, often referred to as the Runet. Roskomsvoboda maintains a database showing that more than 173,000 websites, forums, messengers, media outlets, and other online resources have been banned at some point. Some remain inaccessible, while others have been removed from the blacklist. The report cites the crypto exchange aggregator Bestchange.ru as one example of a platform later taken off the list.
There have also been legal victories against blocking orders. One example involved Hidemy.name, a VPN provider that was taken offline under a 2017 ruling by a regional court in Russia’s Mari El Republic. With legal support from Roskomsvoboda, the site owner challenged that decision, and the organization’s lawyers eventually succeeded in overturning the ruling. Roskomnadzor later unblocked the service.
Darbinyan argued that Russian judicial authorities had not adequately examined how VPN technologies actually work, and that multiple procedural violations helped undermine the original case. Even so, he stressed that the broader conflict was far from over, describing it as an ongoing struggle to defend Russian users’ rights to access VPNs and to protect companies providing secure services.
Legal Basis and Previous Enforcement
The pressure on VPNs follows amendments made in late 2017 to Russia’s federal law on information, information technologies, and information protection. Under those changes, VPN providers and anonymizers are expected to register with Roskomnadzor and connect to the FSIS within 30 working days. One of their key obligations is to restrict access to online resources banned in the Russian Federation.
The same compliance logic has already been applied to search engines. Russian internet companies including Yandex, Sputnik, Mail.ru, and Rambler reportedly complied with the rules. Earlier, Google was sanctioned for non-compliance. Roskomnadzor said the company paid a 500,000-ruble fine, roughly $8,000 at the time referenced in the report, and then began filtering search results according to FSIS requirements.
This pattern suggests the Russian government is trying to normalize compliance across multiple layers of the online ecosystem, from search and hosting to VPNs and anonymizing tools. For privacy-focused services, however, that creates a direct conflict between local legal obligations and their own product philosophy.
Blocking VPNs Is Easier Said Than Done
Despite its threats, Roskomnadzor may still face serious technical limitations. Darbinyan said Russian regulators and internet service providers did not appear fully prepared to block VPNs effectively. Blocking websites that distribute apps is relatively straightforward, but forcing Apple and Google to remove mobile applications is much harder. Even more difficult is disrupting the actual functionality of an installed app by severing its connection to remote servers.
That technical challenge matters. A regulator may be able to impair discovery and onboarding, but keeping determined users from reaching a VPN service altogether requires a far more advanced filtering system. The report notes that many of the VPN providers now facing pressure in Russia already have experience operating under China’s restrictive internet environment and navigating the Great Firewall. That background could make them more resilient and adaptive in Russia as well.
In that sense, the conflict resembles a familiar cat-and-mouse game: authorities improve filtering and blocking methods, while service providers respond with new routing techniques, updated protocols, and alternative distribution channels.
Automation, DPI, and Future Enforcement
Russian authorities are not standing still. According to the report, the Main Radio Frequency Center, which is subordinate to Roskomnadzor, requested the development of an automated blocking system in March. The system was expected to be available by December 2019 and designed to monitor whether search engines, VPN services, proxy servers, and anonymizers comply with federal law.
Darbinyan also pointed to the possible deployment of DPI, or Deep Packet Inspection, tools across internet service providers. Such systems can be used to identify traffic patterns associated with VPN use and potentially improve enforcement. If deployed widely, DPI could strengthen the regulator’s ability to detect and interfere with circumvention tools, although implementation at scale remains a complex technical and operational challenge.
The combination of automated monitoring and network-level inspection reflects the direction of Russian internet policy: less reliance on isolated takedowns and more emphasis on centralized, systemic control.
Why This Matters for Crypto and Online Freedom
For crypto users, the significance of the dispute goes beyond general privacy concerns. VPNs are frequently used to secure internet traffic, reduce surveillance risk, reach international platforms, and access information that may otherwise be restricted. A tightening crackdown on VPN services could therefore affect how users interact with exchanges, wallet services, and global crypto media, even when the immediate target is broader internet regulation rather than digital assets specifically.
The report places the VPN conflict within the framework of Russia’s so-called sovereign internet push, part of the country’s “Digital Economy National Program.” Supporters say the policy is intended to protect the Russian segment of the internet from external threats and preserve continuity in the event of disruption. Critics argue it will narrow online freedom and hurt businesses that depend on the open web, including crypto-related platforms.
As described in the report, the broader system could route Russian internet traffic through government-controlled exchange points and grant Roskomnadzor expanded authority over non-compliant providers. The estimated cost of that system was put at more than 30 billion rubles, or nearly $500 million, a figure that fueled additional debate over both effectiveness and intent.
Ultimately, the dispute over VPNs illustrates a deeper question about the future of the internet in Russia: whether it will remain meaningfully open, or whether access will increasingly depend on state-approved channels. For now, with regulators threatening blocks, companies refusing to cooperate, and some providers shifting operations abroad, the standoff remains unresolved. What is clear is that the contest between internet control and user privacy is becoming more intense, and its implications extend well beyond VPNs alone.

