Lidings held a series of webinars dedicated to the practical aspects of complying with the legislation on Critical Information Infrastructure (CII) security. The events were organized jointly with experts in the field of information security – companies RTM Group and KSB-SOFT.
Relevance of the Topic
The CII legislation continues to evolve actively, and regulatory oversight is tightening. Liability for violations amounts to millions of rubles, making it critical for companies to build not a formal, but a genuinely effective protection system. Special attention to CII issues is necessary for companies in sectors critical to the economy and national security. In particular, for the pharmaceutical and healthcare sphere, where activities related to substance production and wholesale trade are classified as regulated areas, CII protection becomes especially relevant, as it makes the majority of market players potential CII subjects.
Topics Discussed
- Current Regulations 2025: Overview of key regulatory legal acts and their impact on business
- Determining Status: Methodology for internal assessment of a company's qualification as a CII subject, analysis of industry-specific lists of typical facilities, specifics for pharmaceuticals and healthcare
- Categorization in Practice: Analysis of nuances, common mistakes, and a checklist of priority actions for organizations
- Interaction with Regulators: Procedures for state control and departmental monitoring, analysis of law enforcement practice and current cases of liability imposition
- Building a Protection System: Action plan for CII subjects, including transitioning to trusted software and fulfilling other key requirements
Comprehensive Approach
A key feature of the webinar series was the combination of in-depth legal expertise from Lidings with the applied technical knowledge of colleagues from RTM Group and KSB-SOFT. This synergistic approach allowed the audience to gain not only an understanding of regulatory requirements but also insight into ways of their practical technical implementation.
Lidings speakers – counsel team Natalya Thotahewage and associate Alina Smakova – provided a detailed legal analysis, shared industry cases and the regulator's rationale, answering the most pressing questions from participants. Colleagues from RTM Group and KSB-SOFT shared current technical requirements for protecting CII facilities, approaches to building security architecture, and practical case studies of project implementation.
Our Recommendations
In the context of dynamically changing regulations, the first step for any company in a potentially significant industry should be an internal assessment of its activities to determine if it meets the criteria of a CII subject. We recommend starting with an analysis of internal information security documents and developing a clear plan for fulfilling legislative requirements, taking into account industry specifics.