From a digital sovereignty standpoint, the move makes sense on paper. But honestly, I feel sorry for businesses and regular users.
When the news broke and I posted about it in a few chats, a friend slid into my DMs with the classic take: "Why are you so worked up? It's a perfectly normal law. Why should Western intel agencies control everything while we can't have the same? Foreign services are surveillance tools!"
There's a kernel of truth there. Gmail hands everything over to the FBI or CIA at the drop of a hat under US laws FISA and the Cloud Act. And Russia closing that loophole is an understandable call. But let's look this thing in the eye and talk about what it actually means for people like us.
Here's why this law isn't "striking back at the West" — it's just a headache for the market.
1. The domino risk when data leaks
We're being sold the idea of "Switch to VK ID, Yandex ID, or Sber ID — it's so convenient!" Yes, it is convenient. But now the government is forcing us to put all our eggs in one basket.
Before, if hackers broke into some local online shop's database, they got your throwaway email. That's it. Now that shop is required to tie logins to something like VK ID, and the value of your account to scammers goes through the roof.
Remember the epic leaks from Yandex Food, CDEK, the traffic police database, or Gemotest labs. If tomorrow VK or Yandex has a vulnerability, hackers will crack open every single one of your personal accounts where you logged in with that unified ID — from government services and banks to pizza delivery. In the West, companies pay billion-dollar fines and go bankrupt for leaks like this. Here, big business gets away with pocket-change fines and almost no accountability to actual people.
2. A gut punch for Russian businesses
The law couldn't care less about American corporations (Google won't even blink at the fines). But it hits domestic entrepreneurs hard.
Every online school, small marketplace, or local community forum now has to urgently hire developers, rewrite code, rip out Google/Apple ID buttons, and bolt in Russian alternatives. Non-compliance: fines of up to 700,000 rubles for companies.
Picture a startup — a fitness app or a design service. Instead of spending their budget building cool new features for users and growing the product, they're forced to hand money to the IT department to swap out registration forms and redo the database. In the West, governments don't need to ban foreign auth systems because their own tech industry evolved organically and won the market fairly — not by jamming sticks into competitors' spokes via regulatory decree.
3. The illusion of choice and forced monopoly
The "why can they do it and we can't" argument falls apart the moment you look at what choice actually means for a regular person.
In the US or Europe, intelligence agencies do have access to Big Tech. But citizens retain the right to choose. If a European doesn't want Google reading their messages, they set up an independent encrypted inbox in Switzerland (Proton) or Germany (Tuta). And no European site will be fined because a user logged in with that address.
In Russia, the alternative is being killed off entirely. All our email services (Mail.ru, Yandex, Rambler) are legally required to pipe data to law enforcement through the SORM surveillance system. Creating an anonymous email in Russia is also off the table — registration requires a Russian phone number, which is tied to your passport. So either you register through state-approved giants, or you can't properly use the Russian internet at all.
Bottom line: this isn't about geopolitics or "why can they do it and we can't." In the US and EU, these systems evolved as business tools and left people with real alternatives. In Russia, this law artificially creates a monopoly for three or four corporations, strips ordinary people of any basic right to privacy, and once again hits domestic business in the wallet.
Has your country ever proposed anything similar — fining sites for using foreign login providers? I'd genuinely like to know.