WEBINAR: Critical Information Infrastructure (CII) Security: Legal Aspects

15 October 2024
Alina Smakova
Associate
Natalya Thotahewage
Counsel
On 15 October, Lidings hosted a webinar for its clients to break down the legal aspects of critical information infrastructure (CII) security, focusing on the regulation applicable to the pharmaceutical and chemical (Pharma and FMCG) and healthcare industries.

Background

Recently, we have been witnessing an active development of CII regulations (recent changes include: amendments to the Presidential Decree No. 250 dated 13.06.2024; entry into force from 01.09.2024 of the rules of the Government Decree No. 1912 dated 14.11.2023, compliance with which is mandatory for CII subjects, etc.), which entails an increase in the obligations imposed on CII subjects and requirements to ensure the safety of CII objects, which have a very limited timeframe for implementation.

Healthcare, Pharma and FMCG industries are included in the list of key areas that determine the development of the Russian economy, and therefore fall into the “focus” of the regulator's attention as having valuable objects to protect.

Topics discussed at the webinar

Lidings counsel Natalya Thotahewage and associate Alina Smakova shared their views on the legal aspects of the issue and spoke about:

  • the fundamentals of CII security regulation and current developments
  • the range of persons subject to CII security regulation
  • applicable Self-assessment procedures: main problems and nuances of their implementation
  • Industry specifics of the issue

We also shared actual examples of Lidings' industrial cases, the practice of considering relevant disputes, and the logic of the “regulator” on CII safety issues.

Our recommendations

The issue of the need to comply with the new requirements on KII security and other obligations of CII subjects should be resolved after an internal assessment of a potential CII subject's activities, taking into account the provisions of the legislation, industry specifics and a comprehensive assessment of a particular case.

We will be happy to assist at all stages of the journey, and first of all we recommend analyzing the company's information security LNAs in terms of CII security provisions and operational procedures for responding to and complying with the requirements of CII security legislation.