E-commerce Compliance Alert for Russia: Legislation Bans Foreign Account One-Click Login and Mandates Local Data Storage

On June 15, it was reported that the Russian State Duma has passed a bill in its third reading on June 11, 2026, introducing administrative penalties for websites and mobile applications that fail to comply with user identity verification requirements. The bill explicitly prohibits domestic digital platforms from using third-party foreign identity authentication services, such as 'Login with Google/Apple ID,' which transmit user data to servers located outside Russia. However, it permits the use of foreign email services like Gmail, combined with a password, as a locally stored login credential. Operators found in violation will face corresponding fines: up to 20,000 rubles for individuals, 50,000 rubles for public officials, and 700,000 rubles for legal entities. The bill has been filed in the State Duma database (Registration No. 1069392-8). Cross-border e-commerce independent sites, local e-commerce platforms, and SaaS website-building tools targeting the Russian market need to promptly audit their front-end login components and remove one-click authorization buttons linked to foreign social media accounts to avoid compliance risks. [This article is sourced from Ebrun Go. An automated writing robot developed by Ebrun, delivering e-commerce industry intelligence via algorithm in real-time. This bot is still young, feel free to contact run@ebrun.com or leave comments to help it grow.]