Michaela Lodlová, a consultant at Wiggin LLP, a UK-based law firm specializing in media, technology and intellectual property, explains that the new telecommunications security and cybersecurity obligations caused by the ongoing dispute could lead to increased compliance costs for operators.
“Since 2019, we have witnessed, through our detailed monitoring of the international regulatory landscape, increasing nationalization and stringent national security restrictions in the communications and broader technology regulatory space in Russia. Lodlová said.
In May 2019, the country passed a Russian Internet Law (Runet) which laid the foundation for isolating Internet traffic in Russia from the rest of the world, as evidenced by the recent blocking of certain social networks.
“This enabled comprehensive Internet content filtering, with Russian regulator Roskomnadzor requiring all ISPs to technically interconnect with its facilities and route all traffic destined for the World Wide Web through it,” Lodlová adds.
At the same time, strict requirements have been put in place for Russian software pre-installed on all imported and sold devices, including PCs, laptops and handsets. By 11and March, all servers and domains were to be transferred to the Russian area in preparation for global internet shutdown.
“We expect that foreign Western operators will now be faced with overhauling their licenses, nationalizing or expropriating their assets, and effectively ceasing operations,” says Lodlová.
“In addition, telecommunications operators offering global or international services to Russia (or countries that may still fall under similar international sanctions) will face difficult situations. This is all the more true as they are trying to comply with ever-increasing sanctions, including bans on technologies and services, including Russian-owned or capitalized entities (when that fact may be far from obvious).”
She adds that there is also the perennial problem of services to be removed, as a circuit to a sanctioned customer can be quite simple, but removing a common network element can be very difficult. As such, “it will take a lot of work to coordinate the network and the sanctions teams to ensure that pragmatic decisions are taken”.
This will require significant work from “key people” as well as import teams who will need to adapt and keep abreast of increasing restrictions on the types of equipment/technology that can be imported into countries.
Sanctions and networking aside, Lodlová says home countries of major international organizations that provide telecommunications services are also likely to increase national security and cybersecurity requirements to protect against cybercrime.
“This includes targeted attacks on critical infrastructure in these countries, the spread of fake news and the prevalence of propaganda. The tightening of cybersecurity rules is well underway in the Western world and will intensify,” she says. .
This will incur additional costs not only to harden critical infrastructure, but also to “administer the content mediation, filtering and blocking services that service providers already face. new rules in this regard are appearing in several jurisdictions”. .
Interestingly, Lodlová points to submarine cables as an area of particular concern, describing them as “essential communication routes from East to West and especially between Europe and North America”.
In light of these repercussions, it’s no surprise to learn that new compliance rules and legislation are likely to emerge as a result of these threats.
First, Lodlová says that some countries that have traditionally been very open to the global economy, such as the UK, the Netherlands or Denmark, have recently introduced government review of foreign direct investment in strategic infrastructure sectors such as such as communication networks and services, data centers or digital infrastructures. and cloud services.
“It will, in our view, grow and more European countries will follow,” she says. “We also expect there to be further review and new rules regarding ‘anonymous’ use of the Services and many jurisdictions that currently do not have strict rules on customer or card records. SIM will introduce them in one form or another.”
Similar discussions are also possible in the realm of social media, especially with regard to fake accounts, sponsored by state terrorism or aimed at inciting hatred or harmful content.
Data sovereignty is also likely to be affected, as Lodlová has seen a growing trend of data localization in Russia and other countries in the region over the past two years.
“This is likely to continue, with more countries imposing strict data localization rules not just for the communications sector, but for broader personal data processing requirements,” she adds.
“We expect to see more national versions of the global Internet as seen in other regions, such as the Middle East or China, where a significant amount of information and content is either blocked or filtered.”
For her part, she says that Russia has already introduced full data sovereignty for all data in the communications sector and all processing of personal data.
If data sovereignty is likely to become more widespread, then countries and jurisdictions governed by the GDPR, the UK GDPR regime or similar regimes, “will impose absolute restrictions on data transfers to jurisdictions such as Russia. This will increase geopolitical isolation and economic sanctions imposed on the nation,” Lodlová says.
The downside, as she points out, is that data protection rules in different countries risk becoming more “incompatible” and “creating a new silo in the digital space”.
What is further concerning is that it could lead to technical and other issues of incompatibility regarding standards “that would divide the current globalized world into national or regional silos limiting the scope of big data, the data economy or open data initiatives”.
With a plethora of customers and partners in the TMT space, Lodlová says the company has already begun to consider a number of the aforementioned topics as areas of concern, indicating that many are preparing for what is likely to come.
Among those not mentioned above, these include greater restrictions on network service offerings requiring more screening and blocking as well as more foreign direct investment rules.
Regulation fails to keep pace with new technologies, leading to ever more rules on enterprise customers, which are more customer-centric, and the extension of some of these rules to OTT providers, but little consistency on some.
And increasingly disparate regulation requiring extremely detailed analysis to enable any cross-border request – and the risk of more fines for any cross-jurisdictional service offering.