Home / Russia / TMT – Technology, Media & Telecommunications

TMT – Technology, Media & Telecommunications

Fuelled by increased consumer demand for cutting edge products and low-cost services, your business is faced with the constant battle to offer ‘more for less’. Innovation is key, but you need to overcome significant regulatory and commercial hurdles. For the past two decades, our team of over 100 specialist partners in 35 countries has been exposed to every risk and challenge you face in the TMT sector such as IP infringements or anti-trust issues. This means we understand the industries in which you transact including telecommunications, technology, sourcing, sports and media as well as data protection and are able to develop innovative solutions for you.

Technological convergence coupled with the rapid spread of new technologies has opened up a wealth of opportunities in your industry and you must move swiftly to capitalise on them. To stay ahead of the competition, you need to spot and pre-empt legal difficulties before they arise. From M&A to investment and financing, from tax to licensing and product liability, from intellectual property to employment and environmental issues, from network sharing to outsourcing, our multi-disciplinary teams can help guide you towards the most commercially successful outcome.

CMS Ex­pert Guide to 5G
A glob­al over­view


On­line ad­vert­ising in Rus­sia: all you need to know about new rules of la­belling
New rules for on­line ad­vert­ising came in­to force in Septem­ber 2022. Here you can find our de­tailed re­view of the most im­port­ant changes.Join us on 2 Decem­ber 2022 to dis­cuss to­geth­er with our ex­perts...
Ex­perts have dis­cussed changes in ad­vert­ising in­dustry reg­u­la­tion
On 20 Oc­to­ber 2022, SEAM­LESS Leg­al held its second an­nu­al Ad­vert­ising Law con­fer­ence in Mo­scow with par­ti­cip­a­tion of the rep­res­ent­at­ives of the Fed­er­al An­ti­mono­poly Ser­vice, as­so­ci­ations, ma­jor ad­vert­isers...
Per­son­al data: sweep­ing changes in reg­u­la­tion
Please join our we­bin­ar on re­cent im­port­ant changes in the reg­u­la­tion of data pro­tec­tion in Rus­sia. Join our ex­perts Ir­ina Shur­mina and Vladis­lav Eltovskiy to learn about:Ex­tra­ter­rit­ori­al ap­plic­a­tion...
The Tech­no­logy, Me­dia and Tele­com­mu­nic­a­tions Re­view
In 2021, the on­go­ing cov­id-19 pan­dem­ic has con­tin­ued to loom large over leg­al and policy de­vel­op­ments in the TMT sec­tor. As the threat of in­fec­tion has con­tin­ued to af­fect how we live, work and in­ter­act, the im­port­ance of con­nectiv­ity has nev­er been great­er or more ob­vi­ous. For many busi­nesses, re­mote work­ing has been the rule rather than the ex­cep­tion since March 2020, and may well per­sist in some form well after the pan­dem­ic is over. Many schools switched to dis­tance learn­ing formats dur­ing the pan­dem­ic. Tele-health is on the rise as doc­tors check in on pa­tients via video­con­fer­ence. Even tasks as mundane as gro­cery shop­ping have shif­ted on­line. And broad­band con­nectiv­ity, where avail­able, has made it all pos­sible.Read the Rus­sia chapter in the Dom­in­ance and Mono­pol­ies Re­view, pre­pared by Max­im Boul­ba and Elena An­dri­an­ova. The chapter provides an over­view of the Rus­si­an reg­u­la­tions in the TMT in­dustry.This art­icle was pre­pared for and first pub­lished by The Law Re­views in Decem­ber 2021. 
On­line ad­vert­ising: new rules from 1 Septem­ber 2022
On 1 Septem­ber 2022, amend­ments* to Fed­er­al Law No 38 “On Ad­vert­ising” dated 13 March 2006 (the “Law”) will come in­to force. The Law will be sup­ple­men­ted by art­icle 18.1 on on­line ad­vert­ising...
Rus­sia ex­pands tax sup­port meas­ures in the IT sec­tor
Yet an­oth­er pack­age of meas­ures aimed at ex­pand­ing and cla­ri­fy­ing the cri­ter­ia for tax in­cent­ives for IT com­pan­ies was in­tro­duced mid-Ju­ly un­der Fed­er­al Law No. 321-FZ (the “Law”). Over­view of...
Li­ab­il­ity for non-com­pli­ance with the Land­ing Law
4 Au­gust 2022
Tax­a­tion of e-ser­vices: back to ba­sics
1 Au­gust 2022
Per­son­al data: sweep­ing changes in reg­u­la­tion
On 1 Septem­ber 2022, amend­ments* to Fed­er­al Law No. 152 on Per­son­al Data (the “Per­son­al Data Law”) and amend­ments* to Fed­er­al Law No. 2300-1 on the Pro­tec­tion of Con­sumer Rights (the “Con­sumer Pro­tec­tion Law”) will come in­to force.The ad­op­ted amend­ments sig­ni­fic­antly change the Per­son­al Data Law: new ob­lig­a­tions of data con­trol­lers have been in­tro­duced and ex­ist­ing ones amended, the scope of the Per­son­al Data Law has been ex­pan­ded, new pro­ced­ures for ap­prov­al and no­ti­fic­a­tion of state bod­ies on the pro­cessing of per­son­al data have ap­peared.In its new ver­sion, the Con­sumer Pro­tec­tion Law pro­hib­its re­fus­al to con­clude con­tracts with con­sumers if they re­fuse to provide per­son­al data that is not re­lated to the per­form­ance of such a con­tract.Be­low we provide an ana­lys­is of the main changes to the Per­son­al Data Law and the Con­sumer Pro­tec­tion Law.Scope of the Per­son­al Data Law­Be­fore the amend­ments come in­to force, the ex­tra-ter­rit­ori­al prin­ciple of ap­ply­ing the Per­son­al Data Law (i.e. the ob­lig­a­tion for for­eign com­pan­ies to com­ply with it) form­ally relates only to per­son­al data loc­al­isa­tion re­quire­ments.Un­der the new pro­vi­sions of the Per­son­al Data Law, for­eign leg­al en­tit­ies and in­di­vidu­als are also re­quired to com­ply fully with this law when pro­cessing per­son­al data of Rus­si­an cit­izens on the basis of a con­tract or with the con­sent of such a cit­izen.We re­com­mend that for­eign com­pan­ies whose activ­it­ies are aimed at Rus­si­an cit­izens as­sess the ap­plic­ab­il­ity of the Per­son­al Data Law to their activ­it­ies and bring them in­to com­pli­ance with the Per­son­al Data Law.Pro­cessing of per­son­al data for the per­form­ance of a con­tractThe amend­ments im­pose cer­tain re­stric­tions on the pro­cessing of per­son­al data based on the per­form­ance of a con­tract. Thus, the con­tract to be con­cluded may not con­tain pro­vi­sions which:lim­it the rights and freedoms of the sub­ject;es­tab­lish cases in which the per­son­al data of a minor is pro­cessed (un­less oth­er­wise provided for by law); or­al­low mak­ing the con­clu­sion of the con­tract con­di­tion­al on the in­ac­tion of the sub­ject.The amend­ments are worded quite broadly, so we ex­pect that the cri­ter­ia for clas­si­fy­ing a con­trac­tu­al pro­vi­sion as in­ad­miss­ible will be shaped by law en­force­ment prac­tice or the reg­u­lat­or’s cla­ri­fic­a­tions.Nev­er­the­less, at this stage, we re­com­mend re­view­ing cur­rent con­tracts with in­di­vidu­als to en­sure that they com­ply with the new pro­vi­sions of the Per­son­al Data Law.New du­ties and li­ab­il­ity of “pro­cessors”Changes to the Per­son­al Data Law have tightened the re­quire­ments for so-called “pro­cessors” (i.e. per­sons or en­tit­ies who pro­cess per­son­al data on be­half of a con­trol­ler).Thus, in ad­di­tion to the in­form­a­tion pre­vi­ously re­quired, the op­er­at­or’s in­struc­tions must state the fol­low­ing du­ties of the pro­cessor:loc­al­ising Rus­si­an cit­izens’ per­son­al data in Rus­sia when they are col­lec­ted;tak­ing the meas­ures stip­u­lated by Art­icle 18.1 of the Per­son­al Data Law (e.g. ap­point­ing a data pro­tec­tion of­ficer, pub­lish­ing a policy, tak­ing meas­ures to en­sure the se­cur­ity of per­son­al data);provid­ing the con­trol­ler with proof of com­pli­ance with these meas­ures; andno­ti­fy­ing the con­trol­ler of per­son­al data leaks.We re­com­mend check­ing cur­rent agree­ments with pro­cessors and ad­just­ing them to re­flect the amend­ments.In ad­di­tion, the new ver­sion of the Per­son­al Data Law es­tab­lishes that for­eign pro­cessors are li­able to per­son­al data sub­jects dir­ectly and not only through the con­trol­ler.New rules on cross-bor­der trans­fer of per­son­al dataNew cross-bor­der trans­fer rules will come in­to force on 1 March 2023.The new ver­sion of the Per­son­al Data Law tight­ens up the rules for cross-bor­der trans­fers and in­tro­duces a man­dat­ory pri­or no­ti­fic­a­tion to the reg­u­lat­or of the in­ten­tion to trans­fer per­son­al data out­side Rus­sia.The con­trol­ler must as­sess the re­cip­i­ent of per­son­al data by ob­tain­ing, be­fore sub­mit­ting the no­ti­fic­a­tion, the fol­low­ing in­form­a­tion about:the per­sons or en­tit­ies to whom per­son­al data will be trans­ferred;the meas­ures to pro­tect the per­son­al data trans­ferred and the con­di­tions un­der which its pro­cessing may be ter­min­ated; an­dthe leg­al reg­u­la­tion of per­son­al data in the re­cip­i­ent coun­try (if the coun­try is not one that provides ad­equate pro­tec­tion of the rights of per­son­al data sub­jects).​The data con­trol­ler must then no­ti­fy Roskomnad­zor of its in­ten­tion to trans­fer per­son­al data across bor­ders and provide de­tailed in­form­a­tion on the planned trans­fer, in­clud­ing the type and con­tent of the data to be trans­ferred, the cat­egor­ies of data sub­jects, coun­tries where such data will be trans­ferred, etc.Upon re­ceipt of a no­ti­fic­a­tion, Roskomnad­zor has the right to pro­hib­it or re­strict the trans­fer of per­son­al data, inter alia, to pro­tect the mor­als, health, rights and le­git­im­ate in­terests of in­di­vidu­als; pro­tect the found­a­tions of the con­sti­tu­tion­al or­der, se­cur­ity and de­fence of the state; or pro­tect Rus­sia’s eco­nom­ic in­terests.Roskomnad­zor has ten work­ing days from the date of re­ceipt of the no­ti­fic­a­tion to make its de­cision. Pending a de­cision, the con­trol­ler may carry out cross-bor­der trans­fer of per­son­al data to coun­tries that are parties to the Coun­cil of Europe Con­ven­tion No. 108 or in­cluded in Roskomnad­zor’s spe­cial list.Per­son­al data may only be trans­ferred to oth­er coun­tries after the dead­line for a de­cision by Roskomnad­zor has ex­pired and in the ab­sence of a de­cision to ban such trans­fer. If cross-bor­der trans­fer is banned or re­stric­ted, the con­trol­ler must en­sure that the data it has pre­vi­ously trans­ferred is des­troyed in the for­eign coun­try.Con­trol­lers that car­ried out cross-bor­der trans­fers be­fore 1 March 2023 and will con­tin­ue to do so after that date are re­quired to sub­mit a no­ti­fic­a­tion to Roskomnad­zor no later than 1 March 2023.In­ter­ac­tion with Gos­SOP­KAThe new ver­sion of the Per­son­al Data Law also re­quires the con­trol­ler to en­sure in­ter­ac­tion with the State Sys­tem of De­tec­tion, Pre­ven­tion and Elim­in­a­tion of Con­sequences of Com­puter At­tacks on In­form­a­tion Re­sources (Gos­SOP­KA). The aim is to in­form Gos­SOP­KA about com­puter in­cid­ents that have led to the un­law­ful trans­fer of per­son­al data.The pro­ced­ure for in­ter­ac­tion has not been de­term­ined yet and will be es­tab­lished by the Fed­er­al Se­cur­ity Ser­vice of Rus­sia in a sep­ar­ate reg­u­la­tion.Ob­lig­a­tion to no­ti­fy per­son­al data leak­ageIn the event of a leak­age (an un­law­ful or ac­ci­dent­al trans­fer of per­son­al data res­ult­ing in the vi­ol­a­tion of the sub­ject’s rights), the con­trol­ler must no­ti­fy Roskomnad­zor:with­in 24 hours of re­veal­ing such an in­cid­ent about the in­cid­ent and its de­tails; andwith­in 72 hours of the in­cid­ent be­ing dis­covered about the res­ults of the in­tern­al in­vest­ig­a­tion in­to said in­cid­ent and provide in­form­a­tion on the per­sons (if any) whose ac­tions led to the in­cid­ent.At present, the new ver­sion of the Per­son­al Data Law does not con­tain ex­cep­tions to the ob­lig­a­tion to no­ti­fy a leak, but per­haps in the fu­ture cri­ter­ia for minor leak­ages will be de­veloped that will ex­empt any minor un­law­ful or ac­ci­dent­al trans­fer of per­son­al data from the need to be no­ti­fied.At this stage, we re­com­mend in­tro­du­cing rules for in­tern­al leak in­vest­ig­a­tions, es­pe­cially giv­en the short time­frame for ful­filling no­ti­fic­a­tion ob­lig­a­tions to Roskomnad­zor.Pro­cessing of per­son­al data un­der the Con­sumer Pro­tec­tion LawAfter 1 Septem­ber 2022, com­pan­ies will not be al­lowed to re­fuse to con­clude, per­form or ter­min­ate a con­tract if a con­sumer re­fuses to provide their per­son­al data.As an ex­cep­tion, there are cases where the ob­lig­a­tion to provide such data is pre­scribed by law or dir­ectly re­lated to the per­form­ance of the con­tract with the con­sumer.In ad­di­tion, con­sumers are giv­en the right to re­quest in­form­a­tion on the spe­cif­ic reas­ons and leg­al grounds mak­ing it im­possible to con­clude, per­form or ter­min­ate a con­tract without provid­ing per­son­al data.Con­sumers may also re­quest the re­mov­al of pro­vi­sions stip­u­lat­ing the con­di­tions of pro­cessing per­son­al data, and the com­pany must, with­in ten days, make a reasoned de­cision and no­ti­fy the con­sumer about it.The new rules will also ap­ply to con­tracts that were con­cluded be­fore 1 Septem­ber 2022. There­fore, the changes will af­fect in­ter­ac­tion with both new and cur­rent cus­tom­ers.If the in­clu­sion of con­di­tions det­ri­ment­al to the con­sumer’s rights in the con­tract has caused losses, they must be com­pensated in full. In ad­di­tion, in­clu­sion of such con­di­tions in a con­tract may res­ult in an ad­min­is­trat­ive fine of up to RUB 20,000 (EUR 350).We re­com­mend that con­tracts with con­sumers should be re­viewed with re­gard to the pro­vi­sions on the pro­cessing of per­son­al data, the scope of data to be col­lec­ted and how to in­ter­act with con­sumers dur­ing the con­tract­ing and en­quiry hand­ling phases.Oth­er changes­In ad­di­tion to the above changes, the new ver­sion of the Per­son­al Data Law also in­tro­duces a sig­ni­fic­ant num­ber of oth­er changes. We sum­mar­ise some of them be­low:From 1 March 2023, the data con­trol­ler will be re­quired to spe­cify in the per­son­al data pro­cessing policy for each pro­cessing pur­pose:the cat­egor­ies and con­tent of pro­cessed data;the cat­egor­ies of sub­jects whose per­son­al data is pro­cessed;the man­ner and terms of data pro­cessing and stor­age;a pro­ced­ure for des­troy­ing per­son­al data when the pur­pose of its pro­cessing has been achieved or when oth­er le­git­im­ate grounds for do­ing so have aris­en.The list of cases when a con­trol­ler may pro­cess per­son­al data without no­ti­fy­ing Roskomnad­zor of its in­ten­tion to pro­cess per­son­al data has been sub­stan­tially re­duced. In par­tic­u­lar, the pro­cessing of per­son­al data in ac­cord­ance with la­bour law and for the per­form­ance of a con­tract is no longer an ex­cep­tion and will now re­quire the sub­mis­sion of a no­ti­fic­a­tion. Thus, vir­tu­ally any per­son­al data con­trol­ler en­gaged in com­mer­cial activ­it­ies is re­quired to sub­mit a no­ti­fic­a­tion to Roskomnad­zor. In ad­di­tion, the list of in­form­a­tion that must be con­tained in the no­ti­fic­a­tion has changed and a re­quire­ment to provide more de­tailed in­form­a­tion on per­son­al data pro­cessing was in­tro­duced.The amend­ments es­tab­lish ad­di­tion­al cri­ter­ia for con­sent to be not only spe­cif­ic, in­formed and con­scious, but also sub­stant­ive and un­am­bigu­ous.  Ex­plan­a­tions of what is meant by sub­stant­ive and un­am­bigu­ous con­sent are not yet avail­able.The pro­vi­sion of bio­met­ric per­son­al data may not be com­puls­ory, ex­cept in the cases laid down in the Per­son­al Data Law. If the pro­cessing does not fall with­in the ex­cep­tions, the con­trol­ler does not have the right to re­fuse to provide a ser­vice to a per­son who re­fuses to provide bio­met­ric data.The dead­line for re­spond­ing to a sub­ject’s re­quests for ac­cess to in­form­a­tion on per­son­al data pro­cessing and its ter­min­a­tion has been re­duced to ten work­ing days from the sub­ject’s re­quest (the dead­line can be ex­ten­ded by an­oth­er five work­ing days).Thus, al­most all as­pects of per­son­al data pro­cessing are af­fected to a great­er or less­er ex­tent by the changes.Re­com­mend­a­tionsGiv­en the scale of the ad­op­ted changes, al­most every Rus­si­an per­son­al data con­trol­ler needs to as­sess its cur­rent per­son­al data pro­cessing pro­ced­ures and, most likely, ad­just them. In ad­di­tion, for­eign con­trol­lers may be in all like­li­hood sub­ject to Rus­si­an per­son­al data le­gis­la­tion and will be re­quired to com­ply fully with it.In light of the changes ad­op­ted, we re­com­mend that:for­eign con­trol­lers check the cur­rent pro­ced­ures for pro­cessing the data of Rus­si­an cit­izens and as­sess wheth­er Rus­si­an le­gis­la­tion is ap­plic­able;Rus­si­an con­trol­lers audit cur­rent per­son­al data pro­cessing pro­ced­ures and make ap­pro­pri­ate ad­just­ments, in­clud­ing to per­son­al data pro­cessing policies, cross-bor­der trans­fer pro­ced­ures, con­sents, con­tracts provid­ing for data pro­cessing man­dates, and oth­er doc­u­ments and pro­cesses.* In Rus­si­anCo-au­thored by Sher­met Kur­b­an­ov, Paralegal in In­tel­lec­tu­al Prop­erty.
Бизнес-завтрак Seam­less & MICE
Визуалы, слоганы, сценарии, не выигравшие в тендере, вдруг реализуются конкурентом… Присвоение контента – давняя...
The former Mo­scow of­fice of CMS to con­tin­ue work­ing as an in­de­pend­ent law...
On 15 June 2022, the former Mo­scow of­fice of the in­ter­na­tion­al law firm CMS an­nounces the start of work as an in­de­pend­ent law firm un­der the new brand name SEAM­LESS Leg­al.Over 80 col­leagues of the Mo­scow of­fice con­tin­ue work­ing as one team, led by Man­aging Part­ner Jean-Fran­cois Mar­quaire and Seni­or Part­ner Le­onid Zubar­ev.We keep ad­vising our cli­ents across all 23 prac­tices and sec­tors: We lean on 30 years of ex­pert­ise and an im­pec­cable repu­ta­tion as part of an in­ter­na­tion­al law firm. We have al­ways abided by strict pro­fes­sion­al stand­ards and will con­tin­ue provid­ing ser­vices of the highest qual­ity. Jean-Fran­cois Mar­quaire, Man­aging Part­ner: “We are proud of hav­ing been able to cre­ate and pre­serve a united team with a friendly cor­por­ate cul­ture and re­spons­ible at­ti­tude to our busi­ness.”Le­onid Zubar­ev, Seni­or Part­ner: “Our new brand SEAM­LESS Leg­al most ac­cur­ately re­flects the ap­proach to work that has de­veloped over the years in our firm – in­teg­rity and co­her­ence, im­pec­cab­il­ity, con­tinu­ity and un­in­ter­rup­ted sup­port to our cli­ents at any time."
Rus­si­an Fed­er­al Tax Ser­vice sets morator­i­um on tax audits of IT com­pan­ies
On 24 March 2022, the Rus­si­an Fed­er­al Tax Ser­vice is­sued Let­ter No. CD-4-2/[email protected]*, which (the “Let­ter”) es­tab­lishes a vir­tu­al morator­i­um for on-site tax audits, in­clud­ing re­peat audits, of ac­cred­ited IT com­pan­ies un­til 3 March 2025 in­clus­ively.The only ex­cep­tion is where an audit is sched­uled with the con­sent of the head or deputy head of a high­er tax au­thor­ity or the Rus­si­an Fed­er­al Tax Ser­vice. The lower tax au­thor­ity must sub­mit a reasoned re­quest in or­der to sched­ule an on-site audit.At the same time, any on-site audits launched be­fore the Let­ter was is­sued are sub­ject to com­ple­tion in the pre­scribed man­ner. No ex­ten­sion or sus­pen­sion of these audits ac­cord­ing to Art­icle 89 of the Rus­si­an Tax Code should oc­cur.   Fur­ther­more, the audit sus­pen­sion is tem­por­ary in or­der to re­duce the ad­min­is­trat­ive bur­den on IT com­pan­ies in the peri­od between 2022 and 2024, and does not mean that this peri­od will not be audited in prin­ciple. In prac­tice, by schedul­ing an audit in March 2025 after the morator­i­um ex­pires, the tax au­thor­it­ies will have the right to audit the 2022-2024 peri­od as well.The Let­ter con­tains no ad­di­tion­al cri­ter­ia for the morator­i­um, apart from re­quir­ing an IT com­pany to have a state ac­cred­it­a­tion cer­ti­fic­ate. In oth­er words, the morator­i­um will also form­ally ap­ply to ac­cred­ited IT com­pan­ies that are not eli­gible for cor­por­ate profits tax or in­sur­ance con­tri­bu­tion in­cent­ives un­der Rus­si­an law.The chosen leg­al form of the doc­u­ment in­tro­du­cing the morator­i­um is also note­worthy: the Let­ter is of an in­tern­al nature and ad­dressed to lower tax au­thor­it­ies. To date, we are not aware of any fur­ther le­gis­lat­ive ini­ti­at­ives in this area.The Let­ter im­ple­ments one more tax sup­port meas­ure for the IT in­dustry an­nounced in Rus­si­an Pres­id­ent De­cree No. 83 dated 2 March 2022, on which we pre­vi­ously re­por­ted. Also, in pur­su­ance of that De­cree, Law No. 67-FZ dated 26 March 2022 has set the cor­por­ate profits tax rate at 0% for the peri­od between 2022 and 2024. The Min­istry of Fin­ance and the Min­istry of Di­git­al De­vel­op­ment are cur­rently ne­go­ti­at­ing the de­tails of an­oth­er meas­ure an­nounced in the De­cree: ex­tend­ing the list of IT activ­it­ies sub­ject to pref­er­en­tial treat­ment where fur­ther de­vel­op­ments can also be ex­pec­ted.Our ex­perts con­tin­ue to closely mon­it­or this is­sue and will keep you in­formed of any fur­ther changes.* In Rus­si­an