On 2 February 2024, the Online Safety Act, No. 9 of 2024 (hereinafter referred to as the “OSA”) was officially published in Sri Lanka. The OSA is a significant and controversial element of information security regulation in Sri Lanka. It establishes provisions prohibiting the communication of prohibited statements online and aims to prevent the use of online accounts and inauthentic online accounts for prohibited purposes.

We suggest to review the changes in the legislation on the safety of Critical Information Infrastructure (CII), which entered into force in 2025, as well as new initiatives that are planned to be considered and/or come into force in 2026.

The Digital Personal Data Protection Rules, 2025 (“DPDP Rules”), have now been notified and the same has been passed qua the Digital Personal Data Protection Act (DPDP Act), 2023.

On 14 July 2025, the Council of the State Duma began reviewing Draft Law No. 951518-8 “On Amendments to Article 12 of the Federal Law ‘On Personal Data’” (hereinafter referred to as the “Draft Law”).

Overview of changes in the sphere of information security and personal data (hereinafter referred to as the “PD”) that will affect the activities of organizations involved in the wholesale and retail trade of medicinal products. We remind you that starting from September 1, 2025, consents for PD processing must be stand-alone documents, separate from website Privacy Policies

From 01.07.2025 the Federal Law No. 23-FZ dated 28 February 2025 “Concerning Personal Data and Certain Legislative Acts of the Russian Federation" will enter into force, containing a new version of part 5 of Article 18 of Federal Law No. 152-FZ

On November 20, 2024, the Ministry of Industry and Trade prepared a draft of amendments to the rules for providing access to information contained in state information monitoring system, approved by Government Decree No. 1955 dated 31.12.2019.

More in our update.

On November 27, 2024 the Federation Council approved laws amending the Criminal Code of the Russian Federation (hereinafter referred as the “Criminal Code”) and the Code of Administrative Offences of Russian Federation (hereinafter referred as the “Administrative Offences Code”) to and toughening liability for violations of law in the area of personal data (in accordance with the previously introduced Draft Laws: No. 502104-8 “On Amending the Code of Administrative Offences of the Russian Federation” and No. 502113-8 “On Amending the Criminal Code of the Russian Federation”).

More in our update.

On October 29, in the first reading, the State Duma of the Russian Federation adopted Bill No. 679980-8 "On Amendments to Article 9 of the Federal Law "On Personal Data" ("Law on Personal Data") and Article 10 of the Law of the Russian Federation "On Consumer Protection" ("Law on Consumer Protection") (hereinafter - the "Bill").

The draft Law № 540256-8 “On Amendments to the Federal Law "On Digital Financial Assets, Digital Currency and on Amendments to Certain Legislative Acts of the Russian Federation"” (hereinafter “Draft Law”) has been submitted to the State Duma.

The Draft Law introduces spot changes to the Digital Financial Assets Law¹ in terms of the definition of the term “secured stablecoins” and the procedure for the use of secured stablecoins in foreign trade contracts.