Personal Data Localization and Protection in Russia (242-FZ, 152- FZ)

Highly secure hassle-free solution for hosting and protection odf personal data of Russian citizens in Russia under the Federal Laws FZ-242, FZ-152.
Federal Law 152 cloud

Eliminate all risks related to the compliance to the Russian Federal Data Protection Laws 242-FZ, 152-FZ with our cloud service solution.
We invested much time and effort into certification and can host the most sensible information of Russian citizens, like health data.

Localization of personal data in Russia (242 - FZ)

All companies that operate personal data of Russian citizens must be compliant with Federal law 242-FZ. Store personal data of Russian citizens in Russia in Tier III Certified data centers with the guaranteed highest level of data availability SLA 99.982-99.99%.

If the data is sensitive, they must also be compliant with Federal Law 152-FZ.



Personal data protection (152 - FZ)

In 2015 Cloud4Y launched a new service tailored specifically to international companies that seek to store or/and protect personal data in Russia in accordance with the Russian personal data localization and protection legislation (242-FZ, 152-FZ).

Our protected infrastructure is proven to secure personal data from 19 types of threats mentioned in the Federal Law 152 FZ and is certified with the Federal Service for Technical and Export Control (FSTEK) and Federal Security Service (FSS) for the technical protection of confidential information, development, production and distribution of data protection tools (including cryptographic tools).

Cloud4Y:
  • Takes responsibilities to host personal data on behalf of the operator (your company)
  • Frees the operator from the costs of setting and ,aintaining secure IT-infrastructure; 
  • Frees the operator from legal responsibility for compliance with the Federal Law 152 
  • Allows the operator to receive 24x7 technical support 

See certificates.

Cloud FZ 152.png

How does it work

Cloud4Y's solution aims at equipping the market with a ready-to-use and hassle-free solution for dealing with customers from Russia. We offer a fairy straightforward and quick migration.
  1. We assess the data type to define the level of protection needeed
  2. Migration takes just 1 day
  3. We will handle all the legal paper work for you in order to demonstrate that your company is fully compliant with the Russian Law.


Features of Cloud4Y infrustructure


Guaranteed legal protection

Guaranteed legal protection

Cloud4Y’s solution relieves a company from a part of legal responsibilities of fulfilling the requirements of the Russian Federal Laws 242-FZ, 152-FZ.

Certified hardware and software

Certified hardware and software

All the elements of our protected infrastructure (hypervisor, crypto gateways, intrusion detect system and etc.) are certified by regulated authorities.
No CAPEX

No CAPEX

Personal Data Information System accommodation provided on a service, pay-as-you-go model. Clients are free from building and maintaining own physical infrastructure.
All-round protection

All-round protection

Set of technical measures protects personal data against threats from inside and outside.
24/7 video surveillance

24/7 video surveillance

24-hour security monitoring by highly qualified specialists.
Crypto gateways on demand

Crypto gateways on demand

Crypto gateways are provided on demand.


Licenses and certificates


License of FSS (Federal Security Service) for the development, production, distribution of cryptographic tools

Certification of FSTEC (Federal Service for Technical and Export Control) ) for the development, production, distribution of data protection tools.

Certification of FSTEC (Federal Service for Technical and Export Control) for the technical protection of confidential information.

Сertificate of safety compliance at the highest level of protection to the requirements for hosting personal data under the Federal Law 152-FZ



Frequently asked questions (FAQ)


1. What is the essence of your "Federal law 152 cloud" service?
We have built a secure circuit in our Data Center, which has passed the certification on security requirements in accordance with Russian Federal Law 152 and received a certificate of compliance for the protection of personal data up to the 1st level of security inclusive. And we help our clients to close the issue of compliance from the technical point of view.
State institutions may also be interested in the Certificate of Conformity 1st class for state information systems (according to the FSTEC Order 17) and the Certificate of Confidential Information Protection class 1G (according to STR-K).

2. To whom does the Federal Law 152 apply?
The law applies to all data operators (state bodies, companies or physical person) that organize or carry out the processing of personal data of Russian citizens.

3. Where is the personal data of Russian citizens must be stored?
All personal data of Russian citizens must be localized in Russia according to The Federal Law-242. Cloud4Y has two data centers that are located in Russia, Moscow. 


4. Why do we have to do this?
Since you are a personal data processor, the Russian Federal Law 152 automatically applies to you. And the state institutions owning the state information systems are also subject to the FSTEC Order 17.

5. How much does it cost?
The cost is calculated individually for the customer, taking into account the volume, level of security, and duration of allocation.

4. Can you help with the documentation?
Yes, we can (we provide ready-made templates or take over the whole process of preparation on a turnkey basis).

5. How is the data transmission channel organized?
The channel encrypted in accordance with Russian GOST is used via VipNet-coordinator.

6. What Cloud4Y is responsible for?
Cloud4Y assume a part of responsibilities related to storing and protecting personal data of Russian citizens in according to the Federal data protection law FZ 152. All of the organizational and technical information protection measures are accredited with the Russian government and other regulatory bodies (FSTEK, FSB).   

7. What happened if I do not inform Russian regulatory bodies that I collect personal bodies?
The Russian Code of Administrative Offences (‘CAO’) includes various provisions on liability for non-compliance with the Personal Data Law. Individuals who violate the requirements of Personal Data Law may face not only administrative and criminal liability, but also civil and disciplinary liability.

8. How much is the fine if my company do not comply with the Law?
Fines imposed on personal data operators for failure to fulfill obligations (changes introduced on December 02, 2019):

- Individuals – RUB 30,000 – 50,000
- Officials (company's General Director, or CEO) - RUB 100,000 - 200,000 (USD 1600 – 3 200)
- Legal entities – RUB 1,000,000–RUB 6,000,000 (USD 16 000 – 94 000

In case of repeated offense:

- Individuals – RUB 50,000–RUB 100,000 (USD 800 – 1600)
- Legal entities – RUB 6,000,000–RUB 18,000,000 (USD 94 000 – 282 000)

9. Do you offer Data Backup?
Yes, we offer data backup (14 recovery points).

10. How is migration carried out?
The process of moving data, applications and other business elements from on-premises computers to the cloud involves several steps. Each cloud migration activity does not cause interruption in business performance. 

11.How can I be sure the personal data of my clients is safe?
We ensure data protection and safety on several levels.Our data centers are all Tier III certified by the Uptime Institute that guarantees restricted access inside the data centers, enhanced surveillance, etc.
Securing Data: VGate Hypervisor Protection, Anti-virus protection, Security analysis to identify vulnerabilities in IT infrastructure, Anti-DDoS, Web application firewall (WAF)

12. How is technical support provided?
We guarantee 24/7 technical support. You will be able to contact us through a ticket system, emails or calls. Response time is no more than 10 minutes.

13. What types of issues are supported by our technical support team?
If you have any technical or billing-related issues, you can contact us at support@cloud4y.com or send us feedback from your Cloud4y account. Additional support will depend on the service level you choose.

14. How am I billed for services?
We offer a Pay-As-You-Go Hourly pricing model, that means you pay only for resources used.   

15. In what currency are the payments made?
We accept any currency.

16. Do you offer managed services?
Yes. If your business requires additional technical support that goes beyond our responsibilities e.g. support with administrating your OS or applications, you can get it for an additional fee.

17. What type of Virtualization do you use in the  FZ-152 compliant cloud?
We use VMWare vCloud Director 9.5

18.Is there a trial period for the services?
We offer free demo of 2 weeks with the possibility of extension for a longer period.

19. Does your infrastructure support API?
Yes, our vCloud Director supports API. Cloud4Y API makes it easy to integrate the cloud system with your own systems for management, monitoring, scaling, billing, CRM and other systems.
CLoud4Y API works with Terraform, Command Line, SDK, which allows you to create and manage infrastructure through the Infrastructure-as-Code (IaC) methodology.

20. Can you provide storage compliant with the EU's General Data Protection Regulation (GDPR)?
We have a Data Center in the Netherlands and we can provide storage in accordance with GDPR. 


More answers to your questions can be found in the knowledge base. If you do not find an answer to your question - post it to our consultant online using online-chat or send an inquiry using the support ticket system.

Try for free