The moratorium on unscheduled inspections of IT companies may be lifted if they leak or violate antitrust laws

The Federal Antimonopoly Service is discussing with the Ministry of Digital Development the introduction of unscheduled inspections of IT companies, contrary to the benefits provided to them, if the organization leaks data or violates antitrust laws – first of all, we are talking about overpricing. Experts and market participants admit the validity of the checks, but they fear that other preferences will also expire during the time they are carried out, including a deferment from mobilization for employees. The industry is counting on a recently signed price cap charter to prevent a return of inspections.

A Kommersant source close to the government said that the Federal Antimonopoly Service (FAS) and the Ministry of Digital Development are discussing lifting a moratorium on unscheduled inspections for IT companies if they have leaked personal data or violated antitrust laws. This information was confirmed by a participant in the telecommunications market. According to him, the issue was discussed in May at an interdepartmental working group and the FAS is already preparing amendments to the government decree on accreditation of IT companies, according to which unscheduled inspections were canceled for them in 2023-2024.

In accordance with the amendments being developed, the interlocutor of Kommersant clarified, “it will be possible to carry out checks on companies if a database appears on the network that directly or indirectly belongs to the organization, as well as if signs of violation of antimonopoly laws are detected.” According to a Kommersant source in the IT industry, we are talking about “overpricing products in the absence of an alternative.”

The Ministry of Digital Development confirmed that they had received a corresponding draft document from the FAS, but did not agree on it: “The issue of lifting the moratorium on certain inspections of IT companies requires additional justification and discussion.” The FAS did not respond to Kommersant’s request.

The rise in prices for IT products of Russian companies after the departure of foreign vendors from the country has been discussed for more than a month: for example, in March, large consumers of software and operating systems stated that the cost of domestic developments increased by 30–50% over the year. The response step was the preparation of the “Price charter of socially responsible IT business” by the Ministry of Digital Development. Sixteen companies signed it on June 1, they undertake not to increase the cost of their products by more than 15% per year plus inflation (see Kommersant of June 1).

One of the goals of the charter was precisely the removal of the reason for resuming inspections, since customers complained to the FAS, says Kommersant’s interlocutor in the IT market: “But if inspections begin, not only large companies will suffer, but everyone in the industry. For example, one of the threats is that preferences for accredited IT companies, including mobilization reservations for employees, are suspended for the duration of the audit.”

“I hope that the massive accession of IT companies to the charter will remove the need for inspections,” said Nikolai Komlev, director of the Association of Computer and Information Technologies Enterprises.

The issue of data leaks has also become a sensitive topic for the regulator over the past year. The volume of personal information of citizens that illegally got into the network in the first quarter alone exceeded 118 million unique records, which is 2.3 times higher than a year earlier (see Kommersant on April 18). The initiative to return unscheduled inspections in the event of a leak of sensitive information from the company was taken by the Ministry of Digital Development itself. The ministry proposed to give the right to Roskomnadzor with the prosecutor’s office to conduct a control check if the fact of a database leak was noted (see Kommersant dated December 16, 2022).

There are more and more data leaks globally, Alexander Kovalev, Deputy CEO of Zecurion, confirms: “The desire of the state to regulate the digital environment in the current conditions is understandable. But even an IT company cannot always be directly blamed for a data leak, especially since other industries (finance, retail) are more often involved in such incidents.” Therefore, the expert adds, it is certainly necessary to encourage companies to invest in data protection, “but it is important to find an effective balance.”

Tatiana Isakova, Yulia Tishina