Acsour.com_ENG

Mandatory anonymized personal data sharing: new requirement for data operators effective September 2025

Legal Digest News Articles
Author: Kirill Kuznetsov, Legal Counsel at Acsour

Effective September 1, 2025, a significant regulatory change will require all personal data operators to provide anonymized datasets to a designated government information system upon request from the Russian Ministry of Digital Development, Communications, and Mass Media ("Ministry of Digital Development").

Purpose of the Reform

The amendments aim to:

  • Establish infrastructure for secure anonymized data exchange between businesses and the state
  • Facilitate AI model training using aggregated datasets
  • Enhance personal data protection by reducing the processing of identifiable information

Access Requirements

Operators must undergo a compliance audit confirming adherence to Federal Law No. 152-FZ "On Personal Data". The verification procedure (approved under Government Decree No. 702 dated May 22, 2025) includes:

Submission Methods:

• In-person
• Postal delivery
• Via the Gosuslugi portal (where technically available)

Key Audit Criteria:

  • Compliance with data protection laws
  • Absence of extremist/terrorist affiliations

Processing Timeline:

  • 15 business days for review
  • Notification of approval or substantiated denial

How Acsour's Legal Team Can Assist

The new framework demands precision in documentation and procedures. We provide end-to-end support:

  1. Compliance Gap Analysis – Identify potential red flags pre-audit
  2. Document Preparation – Align submissions with regulatory requirements
  3. Application Management – Oversee verification timelines and agency communications
  4. Query Resolution – Draft legally sound responses to regulator inquiries
  5. Data Disclosure Compliance – Prepare tailored responses to anonymized data requests

Proactive adaptation is critical – contact our team to ensure seamless compliance ahead of the September deadline.