Russian communications watchdog Roskomnadzor has revealed plans to build a "state-run VPN," which is supposed to help the country's IT sector, currently cut off from foreign services and repositories.

The project was presented in early June at a closed-door meeting attended by major Russian IT companies. Over the last few months, domestic software developers have complained that Roskomnadzor's efforts aimed at combatting VPN use are hitting them hard, as they are no longer able to access foreign services and repositories. Following Russia's invasion of Ukraine in February 2022, many foreign repositories blocked access from Russian IP addresses, which Russian IT firms have overcome by using VPNs. But in recent months, Roskomnadzor's efforts to curb VPN use have taken a toll on domestic software firms, which have had issues accessing popular libraries and repositories, such as GitHub or PyPI.

The idea behind the state-run VPN is that it will supposedly enable selected IT companies to retain full access to foreign resources regardless of Roskomnadzor's possible restrictions on other VPN services, the business news outlet The Bell reported.

Roskomnadzor appeasing tech giants

On June 8, Roskomnadzor held a closed-door meeting for representatives of major Russian IT companies, such as Yandex, VK, 1C, InfoWatch and Positive Technologies.

The Bell quoted sources in the Russian IT sector as saying that the initiative to hold the meeting came from domestic tech companies, as they wanted to share their concerns about Roskomnadzor's recent crackdown on VPN use.

"This was an introductory meeting, there will be more," a source was quoted as saying by The Bell. "Roskomnadzor refused to discuss the reasons for the [VPN] blocks or the basis for the decisions [underlying them], citing the fact that they are merely executing orders and that the decisions themselves are confidential," one of the meeting participants told The Bell.

Experts say the communications watchdog is indeed just implementing orders, while decisions related to internet blockings, including crackdowns on VPN use, come from Russia's Federal Security Service (FSB).

Reportedly, Roskomnadzor suggested "maintaining operational coordination" and "filing reports on issues that the agency will resolve on a case-by-case basis." In addition, he advocated for the creation of a domestic free software repository, which is expected to resolve developers’ access issues to free software.

Meanwhile, as the primary solution to the problem, Roskomnadzor rannounced plans to "create a unified state VPN with a complex structure and recommend that developers ‘go through’ it. "For those who really need it, from their point of view," a participant in the meeting told The Bell. "There are no details yet. They plan to discuss the State VPN in detail at the next meeting."

IT sector bearing the brunt

Russian tech companies have long complained that Roskomnadzor's attempts to combat the use of VPNs - which Russians use to access foreign websites that the Kremlin considers harmful - have been having a negative impact on their operations.

Natalya Kasperskaya, president of InfoWatch cybersecurity firm and chair of Domestic Software, an association of Russian software product developers, attacked Roskomnadzor following internet blackouts in early April, which hit many individuals and businesses in Russia.

However, she later walked back her harsh statements against the agency and apologised. Still, discontent in the Russian IT sector has been growing. In recent weeks, the issue has only become more acute.

In early June, Russian users were unable to access PyPI, a repository of Python software packages and libraries, the investigative outlet Vazhnye Istorii reported on its Telegram channel.

Since May, GitHub, the largest platform essential for hosting IT projects and their collaborative development, has been unavailable in Russia through VPNs. Recently, Russian have also faced issues accessing the Figma interface design platform

In April, one of the largest Linux repositories, Debian, was blocked for several hours, and prior to that, access to the Rust repository had been lost. Users also complained about a malfunction in the Chinese chatbot and DeepSeek, the only major AI model available in Russia. As with the Python repository, the connection to the site was dropping at the TLS stage - an encryption protocol that establishes a secure channel between the user and the server.

This significantly slowed down software developers' work, according to the industry publication Digital Report.

Meanwhile, IT companies noticed systematic disruptions in the operation of international repositories in February and March, when the authorities launched a new wave of VPN service blocks, Russian business daily Kommersant reported. It then became clear that corporate VPNs (which are simply necessary for normal, secure work within a company) were subject to the same blocks as VPNs used to bypass Roskomnadzor’s restrictions.

This has primarily affected many Russian businesses that rely on open-source software. The disruptions have impacted repositories, which make up a significant portion of the IT infrastructure of companies in Russia and without which they cannot carry out development work. According to Kommersant, open-source software accounts for between 50% and 90% of development projects in the country.

Security agencies are also apparently driving the isolation of Russian IT companies. In March 2025, Russian authorities began blocking Cloudflare, the largest service for protecting internet resources and managing domain names, after the American company ignored demands to register with the registry of information dissemination organisers.

On June 2, the FSB stated that the agency had uncovered a "large-scale operation by foreign intelligence services" to install eavesdropping devices on the mobile devices of high-ranking officials. According to a video released by the FSB, Cloudflare is allegedly involved in this as well.

In a video from the FSB, Igor Kuznetsov of Kaspersky Lab's Global Threat Research and Analysis Centre also stated that attackers hacked Apple phones via an "invisible message" in iMessage. This likely refers to the Pegasus spyware developed by Israel’s NSO Group, which has long exploited a vulnerability in the iMessage service on iPhones.

Pegasus was used to monitor Russian and Belarusian independent journalists in Europe, but it is unknown who was behind the attack. There have been no proven cases of this software being used by Russia, Belarus or Ukraine.

Industry sceptical

Experts and industry insiders said they were sceptical that Roskomnadzor's state-run VPN is unlikely to solve software developers' issues caused by Russian authorities' drive to restrict VPN use in the country.

According to an industry source quoted by The Bell, IT companies' representatives participating in the Roskomnadzor meeting reacted to the idea with little enthusiasm. "The idea of a state-run VPN didn't inspire developers," the source said. "It will only help with ‘sanctions’-related blocks."

According to the source, if multiple Russian software companies access foreign libraries and repositories over the same VPN, it will be much easier to block access. "Cutting Russians off from international development tools will be even easier if everyone starts using the same VPN," he said.

A source in the Russian tech industry also warned against creating a privileged class of Internet users.

"While the whole country is suffering from a lack of decent internet, it turns out there will be a privileged class with full access," the source said. "And who will decide who is worthy of access and who isn’t?"

Other experts also questioned the communications watchdog's ability to develop a proper VPN, stressing that the agency has failed to completely block the Telegram messaging service.

Still, Roskomnadzor deputy head Oleg Terlyakov insisted that his agency has sufficient expertise to build a VPN that will enable uninterrupted access to foreign resources for Russian software developers.