On Dec. 2, Russian President Vladimir Putin signed a law requiring a range of hardware devices (phones, smart TVs, laptops) to have Russian, government-approved software preinstalled before sale. If it sounds like a big deal, it is — and it’s one spearheaded not by Russia’s security services but by Russia’s FAS, the Federal Antimonopoly Service.
This legislation shouldn’t be understood in isolation. It’s part of a broader initiative to simultaneously limit dependence on foreign technology and to boost the competitiveness of Russia’s domestic tech industry, and it’s one the Kremlin is throwing more and more weight behind. Despite the Covid-19 crisis pushing the law’s effective date from July 1, 2020 to January 1 of next year, the Federal Antimonopoly Service recently clarified that its position hasn’t moved a bit on making this happen.
In short, security and economic worries continue to fuel the Kremlin’s digital decoupling focus — and policymakers in Europe and the United States ought to pay attention.
Security concerns are one visible driver for European industry and policymakers to watch. President Vladimir Putin and Kremlin leadership are of the belief that Western technology is a security threat to Russia, and that spans the internet once called a “CIA project” to the hardware used in Russian telecommunications equipment and the software used on Russian mobile phones. The overarching view is that an open internet ecosystem undermines Russian security, but that extends to end devices too.
This worry is reflected in myriad initiatives over the last two decades to assert “sovereignty” over cyberspace within Russian borders, especially since Putin returned to the presidency in 2012. This includes the passing of the so-called domestic internet law in 2019 and the Kremlin’s campaign to have data on Russian citizens stored locally within Russia. It especially includes Vladimir Putin’s high suspicion of internet platforms run by Western firms.
This all means that security decisions are a principal driver of Russian internet policy, and over the past few years, that has increasingly included actions to reduce Russia’s technological dependence on the West. In 2017, for example, Putin was quoted telling Russian tech producers about foreign software, “if you are going to bring in hardware and software in such quantities, then in certain areas the state will inevitably say to you: ‘You know, we cannot buy that, because somewhere a button will be pressed and here everything will go down.’” Last year, the Kremlin deemed its Microsoft Windows replacement acceptable for sensitive government and military communications. Reporting even indicates that executives at Chinese telecom Huawei have placed lowered reliance on Western tech at “the forefront of its pitch to Russian tech executives.”
From this perspective, it’s sensible and accurate that commentators have pointed to the mandated installation of Russian software on mobile phones as security-driven (e.g., by Kremlin worries about Western espionage and cyber threats) — and, for a country with strong state internet control and widespread surveillance, a security concern. A source at Apple, in but one example of corporate pushback on the law, stated the requirement “would pose a security threat and the company cannot tolerate that kind of risk.” It’s very possible surveillance protocols for the Russian government are baked into these apps as well.
But it’s also important to understand this push through an economic lens; it’s not just security behind the Kremlin’s strategy here.
Even with visible security drivers behind the mandated installation of state-approved software on Russian devices, there are concurrently economic factors, and the two are in many ways intertwined. In part of his push for high-tech development in Russia, Putin has advocated for altering domestic laws and financial conditions “so that as many startups [and] innovative teams as possible can become strong, successful innovative companies.” Authorities want to help domestic tech firms operating both within and outside of Russia.
In this law’s case, its supporters have characterized it as helping domestic players compete with foreign giants that currently have a large hold on the market—which for Russia’s phone market is companies like Apple (United States), Samsung (South Korea), and Huawei (China). The idea is that pre-installation of domestic software could give domestic software producers a leg up. Entangled economic and security considerations mean that uprooting and ousting foreign tech from Russia, and reducing the country’s overall reliance on Western technology, cannot be done without ensuring there are domestically made replacements. Questions of digital decoupling, as seen in many other countries, are thus linked to both economic and security considerations.
So, will this work in promoting domestic innovation? Perhaps, but also perhaps not in the way Russia expects. Apple, for one, may very well pull out of the Russian market altogether once the law takes effect. If so, it’ll be important to watch how the Kremlin responds — and how that decision impacts Russia’s levying of additional restrictions on European and US tech companies in the near future.
It’s also important to consider the security factors at play here, as Putin is more than unlikely to abandon efforts to exert additional “sovereignty” over the internet and the digital domain more broadly within Russian borders. The Kremlin may have said the preinstalled software law isn’t isolationist and only revolves around antitrust enforcement — what a Kremlin spokesman called “practiced widely throughout the world.” But it’s clear that for Europe and other parts of the West from which Russian leadership sees cybersecurity and digital competitiveness risks, these kinds of policies are only going to keep coming — and this law is just one way to track this saga’s evolution.
Justin Sherman (@jshermcyber) is a fellow at the Atlantic Council’s Cyber Statecraft Initiative.