How many IT companies are there in Russia


Alena Epifanova

To person

Alena Epifanova is a program employee at the German Society for Foreign Policy (DGAP) and deals with Russia's domestic and foreign policy in cyberspace, German-Russian relations and Russian domestic policy. She is the author of the DGAP analysis "Deciphering Russia's" Sovereign Internet Law ", published in January 2020. Tightening Control and Accelerating the Splinternet" (available at: -internet-law)

For security reasons, Russia is striving for more independence from foreign products and know-how in the IT sector. Various laws and programs have been set up for this purpose. However, the implementation of the requirements is difficult for various reasons.

Russia flag, computer keyboard and binary code (symbol image): Russia promotes its own IT industry in order to reduce its dependence on foreign IT companies.


Although Russia has been proclaiming strategies for information security and the expansion of the IT industry for two decades, successes have so far been barely discernible. Due to the geopolitical situation, Russia is increasingly relying on import substitutions in the IT sector and is building its own "sovereign Internet". Russia is thus increasingly isolating itself and risking the chance for technological progress.


The national security of Russia depends to a large extent on information security. This already described the information security doctrine of the Russian Federation in 2000. The doctrine diagnoses at the same time that domestic information technology (IT) is lagging behind international manufacturers, as well as Russia's dependence on foreign IT companies. Both could lead to Russia's security being wounded or endangered. Since then, the Russian state has been striving for sovereignty in the area of ​​information. This aims in particular to be able to control and manage data transmission, data exchange and data storage within the borders of Russia without any outside interference. To this end, a legal area is gradually being created which should enable the state to take on the role of the "gatekeeper" and the central coordination point for the flow of information at the Russian borders or on the national territory.

However, implementing such laws and gaining sovereignty are difficult due to Russia's close ties to the global Internet. In addition, Russia has a high level of technological dependence on other countries. Although no future-oriented strategy for local IT companies has been created in the last twenty years and the necessary structural and institutional reforms for innovations have not been implemented, IT import substitution is being pushed ahead at high speed today due to geopolitical changes. It remains to be seen whether this policy will actually contribute to information security, or rather whether it will increasingly cement Russia's technological backlog - and thereby weaken the country's position on the world stage in the long term.

Early diagnosis, no action

As early as 2000 it was stated in the above-mentioned doctrine that the backlog of domestic information technologies was threatening to Russia's security. The state saw in the authorities' technology imports an increased risk of unauthorized access to processed information and an increasing dependency on foreign manufacturers. Therefore, among the national interests of the Russian Federation in the information field, the state defined the development of modern domestic information technologies, technological independence, meeting the needs of its own market and entering the world market. "Given the current requirements, it will only be possible on this basis to develop high technologies, technically modernize industry and further develop local science and technology," according to the doctrine.

An updated information security doctrine was published in 2016. At that time, Russia was already in a different domestic and foreign policy reality, which is reflected in the text of the new doctrine. On the one hand, the protest movement after the parliamentary elections and the associated strong mobilization of the opposition via social media in the years 2011-2013 led to the state increasingly controlling the Internet and reassessing information security. On the other hand, Edward Snowden's revelations about the system of mass surveillance of the USA and its partners in 2013 played an important role in the decision to rely on more state sovereignty in cyberspace. In addition, after the sanctions resulting from the annexation of Crimea in 2014, Moscow decided to increasingly implement digital independence and, above all, import substitutions in the IT sector.

The new version of the Information Security Doctrine of 2016 reiterates that the Russian economy lacks competitive information technologies and that domestic industrial research is inadequate and inefficient. The dependence of Russian industry on foreign technologies remains high, which in turn creates "the dependence of socio-economic developments in the Russian Federation on foreign geopolitical interests," according to the doctrine.

This suggests that in the sixteen years since the first doctrine on information security in 2000 there has hardly been any significant development in the IT sector. The geopolitical conditions, on the other hand, have changed enormously. The state has reacted to this with rapid legislation on IT and the Internet, which is intended to curb foreign influence and enable state sovereignty in the implementation of its own information policy. The 2016 doctrine defines the central strategic goal of reducing the dependence of Russian industry on the foreign market and replacing it with the creation, development and widespread use of domestic IT. In addition, a national management system for the Russian segment of the Internet is to be developed. Russia therefore aims to protect its sovereignty in the information space and to implement an independent information policy in line with its national interests.

Ambitious legislation

In order to reduce the dependency on IT imports, a law on the creation of a register for domestic software was passed in June 2015. The register records software that is officially registered as originating in the Russian Federation. Only the programs listed here may be used by Russian authorities, as a government decree in November 2015 stipulated. The register itself has only existed since the beginning of 2016 and today it contains more than 6,600 registered programs. Since the end of 2018, state-owned companies - such as the airline Aeroflot, the energy company Gazprom, Sheremetyevo Airport and the first television channel "Pervyj kanal" - have had the requirement that more than half of the software they use should come from Russia by 2022.

A presidential decree is currently in the project phase, stating that objects of critical information infrastructure should mainly use Russian software from January 1, 2021 and Russian hardware from January 1, 2022. This means that the proportion of organizations that are only allowed to use Russian IT will be increased significantly. Such objects of critical information infrastructure include all government organizations, legal persons and sole proprietorships that have information systems of strategic importance. These industries are: transportation, telecommunications, banking, nuclear, fuel, healthcare, science, metallurgy, defense, aerospace, and chemicals.

In parallel with the introduction of the register, other laws were passed that are intended to enable a centralized management system of the Internet on Russian territory and state sovereignty in the information space. Such as the law on data storage on servers within Russia, which has been in force since September 2015. It obliges all domestic and foreign Internet companies to store personal data of Russian citizens on servers within Russia. In 2016 the so-called "Yarovaya Laws" were passed, named after the Duma deputy and co-author Irina Yarovaya. The laws provide for a number of anti-terrorist measures, including Telecommunications and Internet service providers are obliged to retain extensive data retention on Russian territory as well as to provide information to the security services. The changes in the law on the so-called "sovereign Internet", which came into force in November 2019, further expand the powers of the state and enable the flow of information at the infrastructure level in Russia to be monitored, controlled and, if necessary, prevented.

Lengthy implementation

Legislation alone is not enough to achieve state sovereignty over the information sector. The laws also need to be implemented. However, this is extremely difficult for a number of reasons. On the one hand, there is a lack of technical prerequisites and financial resources to save all data as prescribed. On the other hand, international internet services such as Facebook and Twitter refuse to save personal data of users on servers in Russia. In addition, a completely sovereign Internet and centralized state control of all networks in Russia are hardly feasible due to their infrastructural interdependence with the global Internet.

The implementation of IT import substitutions, independence from foreign information technologies and information security will also remain an extremely ambitious, downright unrealistic goal in the foreseeable future. At the end of 2019, state-owned companies were using only 10% of Russian IT products based on the total volume of software used. Many critical infrastructure sectors, such as oil or steel production, will need considerably more time to switch to domestic IT systems than the specified deadline of early 2021. Due to their respective production cycles, realistically speaking, it takes more than five to ten years for the Applications are industry-specific and fully implemented. In the case of government agencies, the rapid transition looks more realistic. According to the Ministry of Communications, the procurement of domestic software from government agencies is increasing sharply. It was already 65% ​​in 2019, while this proportion was 20% in 2015.

Overall, it can be expected that IT import substitution will take up a lot of time and money. Mainly because there are no domestic solutions for many industries that could completely replace the currently used western IT on a qualitative level. In addition, replacing the existing and used IT architecture, which has been built up over years, requires a systematic approach that has so far been missing. After all, there is no separate state budget for import substitution projects and the government subsidy programs that have existed to date are often dysfunctional.

As for long-term government investment in IT, the outlook is extremely unclear. The national project "Digital Economy", which was launched in 2017 and which announced ambitious plans for the development of the Russian IT industry, does not seem to have a future. It is reminiscent of its predecessors - the "Electronic Russia" and "Information Society" projects - neither of which produced any results. The dates for the announced activities of the "digital economy" have repeatedly been postponed and the targeted indicators have not been achieved. The budget of the national project was also changed several times: first, it should be allocated 520 billion rubles (about 6.6 billion euros), then as much as 3.54 trillion rubles (about 45.4 billion euros). In February 2019, the cost framework of the "digital economy" was reduced to 1.6 trillion rubles (about 20.5 billion euros). And in April 2020 it became known that the volume of financing will again be reduced by 14 billion rubles (about 180 million euros). Further cuts are likely to follow.


Information security in the modern networked world is of ever increasing importance, and not just for Russia. It is therefore not surprising that the concept of sovereignty in the information field is not only discussed in Russia. The debate about the expansion of the new 5G mobile communications standard in the European Union is just one example of how the question of self-determination in the digital space is treated as a political and strategic question: How can a secure infrastructure be built that is also networked with the global information space remains and is also competitive?

Russia is currently embarking on an isolationist path. With the existing measures, it will probably not be possible for years to come to meet the needs of the state and the requirements of state-owned companies for IT. Without international competition, however, it is unlikely that their quality will be of a high level. The Russian IT import substitution was hastily decided due to geopolitical and security policy logic, but it lacks both capable domestic IT providers and a real sustainable strategy for the long-term development of the domestic IT industry. Such a development would require more investment and targeted promotion of innovations. But these are closely linked to structural and institutional reforms and the fight against corruption. Such far-reaching measures could endanger Vladimir Putin's regime and are therefore not to be expected in the foreseeable future. The current information policy is more likely to be seen as a safeguard for the regime, which will fix Russia's backlog in IT for the time being and weaken the country's chances of making progress in the long term.

Reading tips:

  • Alena Epifanova, Philipp Dietrich (2020): Creeping Nationalization, International Politics 2, March / April 2020,
  • Alena Epifanova (2020): Putin's Societal Distancing: Prioritizing Power in the Corona Pandemic, DGAP Commentary No. 12,
  • Andrei Soldatov (2019): Security First, Technology Second, DGAPkompakt 3, March 7, 2019,
  • Andrei Soldatov, Irina Borogan (2015): The Red Web: The Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries.
  • Could Russia’s ‘Sovereign Internet’ go international ?, Global Voices, March 2, 2020,

The Russia analyzes are jointly published by the Research Center for Eastern Europe at the University of Bremen, the German Society for Eastern European Studies, the German Poland Institute, the Leibniz Institute for Agricultural Development in Transition Economies, the Leibniz Institute for East and Southeast European Research and the Center for Eastern European and International Studies (ZOiS) gGmbH. The bpb publishes them as a licensed edition.