Rules for maintaining the register of Russian software: what will change?

Download PDF Pepeliaev Group advises that changes have been adopted in the regulation of the register of Russian software.

On 28 November 2025, the Russian Government adopted a package of amendments to IT legislation, approving new rules for maintaining the register of domestic softwareResolution No. 1937 of the Russian Government dated 28 November 2025 “On amending certain instruments of the Government of the Russian Federation”., as well as new lists, namely the list of trusted softwareResolution No. 1931 of the Russian Government dated 28 November 2025 “On approving the Rules for the list of trusted Russian software for electronic computing machines and databases to be compiled and maintained”. and the list of software for one’s own needsResolution No. 1936 of the Russian Government dated 28 November 2025 “On the list of Russian software for electronic computing machines and databases developed and used for Russian legal entities’ own needs”..

We have previously written about the upcoming changes when they were at the draft stage. Below, we highlight the key differences between the instruments that were adopted and the preliminary versions of them.

The new developments will enter into force on 1 March 2026.

Changes to the rules for maintaining the register of domestic software

Draft resolutions making amendments to the Rules for maintaining the register of domestic software were twice made publicly available. The first was published on 11 December 2024 (for more detail, see here)The Draft Resolution “On amending certain instruments of the Government of the Russian Federation” (Draft ID: 153100)., with the second following on 18 September 2025 (for more detail, see here)The Draft Resolution “On amending certain instruments of the Government of the Russian Federation” (Draft ID: 160471)..

The instrument that was adopted consolidated provisions from both draft versions. However, some of the proposed rules were not implemented. At the same time, the final text also included new amendments that had not been present in the drafts.

The following changes were carried over from the draft into the adopted instrument

1. The Russian Government’s Resolution No. 325 dated 23 March 2017, which established additional requirements for office software and support for software for inclusion in the register, has been repealed.

2. An obligation to ensure that software is compatible with two trusted operating systems (OS).

Compatibility is defined as “the ability of software to perform its functions under the control of a general-purpose operating system when used jointly with hardware without impairing them from functioning properly”.

At the same time, software may be compatible with only one OS if:

• the rightholder of the software and the rightholder of the OS belong to the same group of persons; or
• the software is used exclusively as part of a hardware and software complex (in this case, the hardware and software complex must also be included in the register within six months and, if not, the software will be excluded from the register).

Within six months, the Digital Ministry will approve a plan of inspections in terms of whether software complies with the requirement for compatibility.

2.1. The implementation of compatibility will be phased depending on the class of the software:

• from 1 September 2026 — for office software;
• from 1 January 2027 — for maintenance software, cloud and distributed computing solutions, virtualisation tools, data storage, server and middleware software, DBMS, monitoring and management tools, containerisation systems and containers, software development tools, linguistic software, and data analytics tools;
• from 1 June 2027 — for application software, industry-specific application software, information security tools, data processing and visualisation tools;
• from 1 January 2028 — for industrial software and organisational process management tools.

3. The presence of a mark indicating that the software complies with trusted software in order to obtain advantages in public procurement.

4. A change in the approach to determining the membership share of Russian persons in the rightholding organisation.

Currently, the share of Russian membership is determined through direct (indirect) ownership of the issued capital. The amendments allow the origin of a software rightholder to be determined based on the number of votes at a general meeting.

5. The share of revenue from software sales within a group of entities must not exceed 30% for the previous calendar year (for state corporations, state-owned companies, public-law companies, and other organisations in which the state holds more than a 50% stake, as well as organisations belonging to the same group of entities as the above organisations).

Changes made only in the adopted instrument

1. The opportunity for companies with limited access status in the Unified State Register of Legal Entities to confirm their rights to software or a hardware and software complex with the assistance of an auditing organisation.

2. An obligation to notify changes in the previous calendar year in information about the cost of software and payments for licences to foreign persons, as well as about revenue from the sale of software, no later than 1 June (rather than 1 April, as was previously the case).

3. New requirements for software or a hardware and software complex in the field of AI when included in the registerThe amendment is made by Resolution No. 2001 of the Russian Government dated 9 December 2025..

The list of trusted software and list of software for one’s own needs

In order to implement the provisions of Federal Law No. 325-FZFederal Law No. 325-FZ dated 31 July 2025 “On amending certain legislative instruments of the Russian Federation”., rules have been prepared for compiling and maintaining the lists of trusted software and software for one’s own needs.

We recall that the list of software for one’s own needs is intended for companies that are subjects of critical information infrastructure (CII) and use their own software. The Law on CII security requires that software from the register of domestic software be usedArticle 9(5)(a) of Federal Law No. 187-FZ dated 26 July 2017 “On the security of the critical information infrastructure of the Russian Federation”.. However, to be included in the register, software must comply with a requirement for commercialisation, which makes it impossible for software that is not marketed and is developed “for internal use” to be included. The amendments provide that inclusion in the list for one’s own needs will be equivalent to being included in the register of domestic software in cases where the lawArticle 5(6) of Federal Law No. 325-FZ. requires this.

To be included in the list of software for one’s own needs, the following is required:

• the exclusive right to the software belongs to a Russian person;
• information about the software or information stored in it must not constitute a state secretArticle 5(2) of Federal Law No. 325-FZ..

The list of trusted software is applied in public procurement and serves as a criterion for differentiating domestic software that meets the requirements for trusted software. If two domestic software products are competing within a single procurement procedure, software not included in the list of trusted software will be treated as foreignClause 3(b) of Resolution No. 1937 of the Russian Government dated 28 November 2025 “On amending certain instruments of the Government of the Russian Federation”..

To be included in the list of trusted software, the following is required:

• the exclusive right to the software belongs to a Russian person;
• the software has been included in the register of domestic software or in the list of software for one’s own needs;
• the software complies with the requirements for information security that the Russian Government is to establish;
• information about the software or information stored in it must not constitute a state secretArticle 5(7) of Federal Law No. 325-FZ..

We remind you that we previously prepared a detailed analysis of the draft resolutions when they were still at the initial stage of being developed.

The draft resolutions contained additional requirements for software to be included in the above lists.

In particular, additional requirements for inclusion in the list of software for one’s own needs included: there being no functionally similar software in the register of Russian software; rights to the software being granted exclusively within the right holder’s group of persons; and there being no payments to foreign persons for developing the software.

It was planned that, in order to be included in the list of trusted software, software would have to comply with both general requirements and requirements for specific classes of software (system software, office software, industrial software, information security tools). The general requirements included, for example, an automated system being available for tracking and managing errors and vulnerabilities, there being no payments for to foreign persons for developing software, and technical support being available for users throughout the whole of Russia.

A key difference between the instruments that were adopted and the preliminary versions of them is that additional requirements previously imposed on trusted software and software for one’s own needs have been excluded. The instruments that were adopted do not contain such requirements.

What to think about and what to do

Companies should prepare to comply with the new requirements of the register of domestic software. In particular, to meet the requirements, it will be necessary to ensure that software is compatible with two trusted operating systems within the established timeframes and to analyse the corporate structure for foreign and state membership.

In order to include software in the list of trusted software or the list for one’s own needs, it is necessary to conduct an audit of whether the software complies with the requirements of Federal Law No. 325-FZ. 

Help from your adviser

Pepeliaev Group’s lawyers have extensive experience in the legal regulation of IT companies’ activities. This includes matters relating to how to interact with Russia’s Digital Ministry in connection with having software included in the register of domestic software.

We are ready to provide comprehensive legal support to companies in identifying risks associated with the changes that have been introduced, as well as in preparing a legal position on disputed issues.