Russia's internet regulator Roskomnadzor has escalated its efforts to bring VPN services under state control, ordering ten major providers to connect to the Federal State Information System (FSIS) for blocking banned websites. The move has been met with widespread defiance: seven of the ten notified companies refused to comply, four of which have relocated their servers abroad. Only Kaspersky, a Russian cybersecurity firm, agreed to cooperate.
VPN Providers Push Back
Roskomnadzor head Alexander Zharov warned last week that nine non-compliant VPN platforms could be blocked within a month under the 2017 amendments to the Federal Law 'On Information, Information Technologies and Information Protection.' The law requires VPNs and anonymizers to register with the regulator and connect to FSIS within 30 working days, restricting access to sites on Russia's blacklist. Legal expert Sarkis Darbinyan of Roskomsvoboda, an NGO fighting censorship, said Avast Secureline has announced its withdrawal from Russia, stating that compliance would violate its principles and the right to internet freedom. Avast informed Russian users they would be unable to renew subscriptions going forward. Other defiant providers include Tor Guard, Vypr VPN, Open VPN, Nord VPN, VPN Unlimited, IP Vanish, Hide My Ass!, Hola VPN, and Express VPN.
Cat-and-Mouse Game and Lessons from Telegram
Russia's previous attempt to block Telegram, the encrypted messaging app popular with crypto users, took nearly a year and ultimately proved ineffective. Darbinyan noted that Roskomnadzor is not technically ready to block VPNs. 'They can block websites where users download apps, but they cannot force Apple and Google to remove a mobile app,' he said. 'The hardest part is actually blocking the application and breaking connectivity with servers – they understand it.' The Main Radio Frequency Center, a Roskomnadzor subordinate, has requested development of an automated blocking system by December 2019, using Deep Packet Inspection (DPI) to identify VPN traffic patterns. Darbinyan added that many VPN providers already have experience working around China's Great Firewall, making them well-equipped to adapt in Russia.
The Runet Law and Privacy Concerns
The crackdown is part of Russia's 'sovereign internet' (Runet) law, passed by the State Duma in April 2019. The legislation mandates government-controlled routing points for Russian internet traffic and grants Roskomnadzor sweeping powers to disconnect non-compliant ISPs. Critics argue it will curtail internet freedom and harm businesses, including cryptocurrency platforms. Russia's blacklist currently contains over 173,000 websites, forums, and messaging services. Some, like crypto exchange aggregator Bestchange.ru, have been removed after legal challenges. The case of Hidemy.name, a VPN service blocked in 2017 and later unblocked after Roskomsvoboda's legal intervention, shows that resistance is possible. However, the financial cost is staggering: the system is expected to draw over 30 billion rubles (nearly $500 million) from the state budget.
Privacy advocates stress that VPNs are vital for protecting cryptocurrency users' anonymity and bypassing censorship. As Russia tightens its grip, many VPN providers are choosing to exit rather than compromise their principles, leaving Russian internet users with fewer options. The battle for the Runet is far from over.

