85 operators are fined for silence about IP addresses.
Roskomnadzor brought to justice 85 telecom operators for failure to transmit information about IP addresses of subscribers. This was reported to Izvestia in the department. As of May 21, the sanctions affected companies that did not provide data after notifying the regulator. In March 2026, 1359 telecom operators received such notifications.
Roskomnadzor explained the collection of data by the need to protect the Russian segment of the Internet from computer attacks, including DDoS attacks. Operators must transmit information about IP addresses after receiving the notification of the department. Information on all changes must be sent within one day, and with a separate request from Roskomnadzor to specific addresses - within one hour.
The procedure for transferring information is enshrined in the order of Roskomnadzor, issued in 2025. Operators must send IP addresses, data on the places of use with binding to the municipality and identifiers of technical means of countering threats (TSPUs) through which traffic passes. For connections with the simultaneous use of IPv4 and IPv6 requires a structured record: IPv6 address, IPv4 address, operation type, timetable, session life and TSPU number.
Control over IP addresses in the industry is associated not only with the formal implementation of Roskomnadzor’s requirements, but also with the response to network attacks. Data helps to quickly find sources of malicious traffic, localize suspicious activity and fight spam. In Rostelecom reported that they know about the mailing of the regulator and have already carried out the necessary improvements in the network.
The transmission of information can be used not only to respond to DDoS attacks. The interlocutor of Izvestia, close to one of the operators, said that the data also allows you to determine whether the subscriber uses a VPN. The telecom industry separately notes the role of IPv6: support for the protocol is more often used by paid VPN services, and the scheme with a double stack allows the blocking bypass program to connect along two protocols at once - IPv4 and IPv6. For the operator, such configuration means more session data and more parameters to be recorded and transmitted on request.
For non-compliance with the requirements, operators may face administrative fines. Violation of the order may fall under different compositions of administrative offenses, depending on the circumstances. The first failure to provide information can cost the company in the amount of up to 500 thousand rubles, repeated violation - up to 1 million rubles. Additionally, the article of the Code of Administrative Offenses on conducting entrepreneurial activity in violation of the terms of the license may be applied. The norm provides for a warning or a fine for legal entities up to 40 thousand rubles.
For operators, the new requirements are becoming a separate operational task. Information on the change of IP-addresses needs to be collected, structured and promptly transmitted to the regulator, and for such work requires technical systems, server equipment and employees. In one of the telecom companies, the additional need was estimated at about 20 people. For large operators, the load is distributed over existing infrastructure, and for small providers, the costs of equipment, integration and personnel can become a noticeable unplanned cost item.
The cost of fulfilling requirements may affect tariffs, market participants believe. Difficulty enhances dynamic addressing. Most home and mobile subscribers have no constant IP address: the address changes when reconnecting to the network, moving between base stations and planned management of address space from the provider. According to industry estimates, 25% to almost 60% of IP addresses regularly change key parameters. A large federal operator has the number of such events can reach hundreds of thousands per day, so manual processing of such changes is almost impossible.
Technically, it is possible to meet the requirements, but operators with millions of dynamic sessions will need automated data exchange systems with the regulator. Such a task can be especially sensitive for small and medium-sized providers: you will have to purchase equipment, adjust the accounting of changes, attract integrators and support data transmission in a short time. If Roskomnadzor requests information at specific addresses, the operator must meet not in one day, but in one hour.
A separate problem is related to the geographical binding of IP addresses. Roskomnadzor demands to indicate not not only the region, but also a specific municipal district or urban district where addresses are used. Unlike phone numbers, IP addresses do not have a permanent binding to the territory. One network address can be used today in Novosibirsk, and later in Petrozavodsk. Because of this mobility, operators will have to maintain a large and rapidly changing data array. The industry believes that such a base will increase costs and create a new potential point of vulnerability: when leaking information about addresses, sessions and places of use may be sensitive to operators and subscribers.
Roskomnadzor brought to justice 85 telecom operators for failure to transmit information about IP addresses of subscribers. This was reported to Izvestia in the department. As of May 21, the sanctions affected companies that did not provide data after notifying the regulator. In March 2026, 1359 telecom operators received such notifications.
Roskomnadzor explained the collection of data by the need to protect the Russian segment of the Internet from computer attacks, including DDoS attacks. Operators must transmit information about IP addresses after receiving the notification of the department. Information on all changes must be sent within one day, and with a separate request from Roskomnadzor to specific addresses - within one hour.
The procedure for transferring information is enshrined in the order of Roskomnadzor, issued in 2025. Operators must send IP addresses, data on the places of use with binding to the municipality and identifiers of technical means of countering threats (TSPUs) through which traffic passes. For connections with the simultaneous use of IPv4 and IPv6 requires a structured record: IPv6 address, IPv4 address, operation type, timetable, session life and TSPU number.
Control over IP addresses in the industry is associated not only with the formal implementation of Roskomnadzor’s requirements, but also with the response to network attacks. Data helps to quickly find sources of malicious traffic, localize suspicious activity and fight spam. In Rostelecom reported that they know about the mailing of the regulator and have already carried out the necessary improvements in the network.
The transmission of information can be used not only to respond to DDoS attacks. The interlocutor of Izvestia, close to one of the operators, said that the data also allows you to determine whether the subscriber uses a VPN. The telecom industry separately notes the role of IPv6: support for the protocol is more often used by paid VPN services, and the scheme with a double stack allows the blocking bypass program to connect along two protocols at once - IPv4 and IPv6. For the operator, such configuration means more session data and more parameters to be recorded and transmitted on request.
For non-compliance with the requirements, operators may face administrative fines. Violation of the order may fall under different compositions of administrative offenses, depending on the circumstances. The first failure to provide information can cost the company in the amount of up to 500 thousand rubles, repeated violation - up to 1 million rubles. Additionally, the article of the Code of Administrative Offenses on conducting entrepreneurial activity in violation of the terms of the license may be applied. The norm provides for a warning or a fine for legal entities up to 40 thousand rubles.
For operators, the new requirements are becoming a separate operational task. Information on the change of IP-addresses needs to be collected, structured and promptly transmitted to the regulator, and for such work requires technical systems, server equipment and employees. In one of the telecom companies, the additional need was estimated at about 20 people. For large operators, the load is distributed over existing infrastructure, and for small providers, the costs of equipment, integration and personnel can become a noticeable unplanned cost item.
The cost of fulfilling requirements may affect tariffs, market participants believe. Difficulty enhances dynamic addressing. Most home and mobile subscribers have no constant IP address: the address changes when reconnecting to the network, moving between base stations and planned management of address space from the provider. According to industry estimates, 25% to almost 60% of IP addresses regularly change key parameters. A large federal operator has the number of such events can reach hundreds of thousands per day, so manual processing of such changes is almost impossible.
Technically, it is possible to meet the requirements, but operators with millions of dynamic sessions will need automated data exchange systems with the regulator. Such a task can be especially sensitive for small and medium-sized providers: you will have to purchase equipment, adjust the accounting of changes, attract integrators and support data transmission in a short time. If Roskomnadzor requests information at specific addresses, the operator must meet not in one day, but in one hour.
A separate problem is related to the geographical binding of IP addresses. Roskomnadzor demands to indicate not not only the region, but also a specific municipal district or urban district where addresses are used. Unlike phone numbers, IP addresses do not have a permanent binding to the territory. One network address can be used today in Novosibirsk, and later in Petrozavodsk. Because of this mobility, operators will have to maintain a large and rapidly changing data array. The industry believes that such a base will increase costs and create a new potential point of vulnerability: when leaking information about addresses, sessions and places of use may be sensitive to operators and subscribers.
