Federal Law 152-FZ Cloud

Store personal data of Russian citizens in Russia in Tier III data-centers.
All protection levels УЗ 1-4 are provided.

Personal data localization and protection in Russia

All companies storing personal data of Russian citizens must be compliant with Federal law 242-FZ. Store personal data of Russian citizens in Russian Tier III data centers with the highest level of availability - SLA 99.95%.

In 2015 Cloud4Y launched a new service tailored specifically to international companies that seek to store or/and protect personal data in Russia following the Russian data localization and protection legislation (242-FZ, 152-FZ).

Secure cloud FZ-152
from $51,9 per month

Our secure cloud infrastructure is proven to protect personal data from 19 types of threats mentioned in the Federal Law 152-FZ and is certified with the Federal Service for Technical and Export Control (FSTEK) and Federal Security Service (FSS) for the technical protection of confidential information, development, production and distribution of data protection tools (including cryptographic tools).

What services do we offer

  1. Conducting customer’s infrastructure audit, determine the degree of compliance with the requirements of the current legislation
  2. Developing security policy violator's model (according to FSB methods)
  3. Developing an architecture of personal data protection system
  4. Developing an architecture of personal data protection system
  5. Setting up security features
  6. Development of Program and Methodology for assessing the effectiveness of measures to protect the information in accordance with directive 21 of the FSTEC Russia

Advantages of the Federal Law 152-FZ solution

  • Full compliance with the Federal Laws 152-FZ, 242-FZ
  • Highest level of personal data protection УЗ 1-4
  • Certified hardware and software
  • All-round protection from inside and outside threads
  • We assume responsibilities for hosting personal data on behalf of the operator (your company)
  • No capital cost. Hourly pricing & Pay-as-you-go
  • SLA from 99.95% 
  • 24/7 tech support

Cloud FZ 152.png

Security features and tools

Data Center Level

  • Tier III data centers (Certified by the Uptime Institute)
  • 24-hour security, video surveillance, restricted access
  • Guaranteed power supply systems
  • Automated fire fighting system

Vendor level

  • Organizational arrangements (internal documents regulating the processing of personal data, assigning responsible persons, determining the level of security of personal data and protection requirements)
  • Technical measures (firewall, antivirus, security analysis, registration and accounting tools, local software, encryption, and more)

  • Why choose Cloud4Y?

    14 years in the cloud market
    Since 2009, the company successfully operates on the Russian and international markets.
    World-class data centers
    4 TIER III data centers, high-end equipment and software by world established enterprise vendors.
    Up to 99.99% uptime SLA
    Optical ring between data centers, MetroCluster and redundancy mechanisms ensure fault tolerance of services at the level of up to 99.99% SLA.
    Transparent billing
    Pay-as-you-go and hourly pricing model. No reservation and prepayment.
    Configurable Options
    Scale the system up and down without contacting tech support.
    Geo-distributed backup
    The backup copy is automatically created and stored separately in another data center. We also provide 14 recovery points.
    Partner program
    Earn up to 70% from each contract. White label is available.
    24/7 support
    Every case is viewed and reacted upon by a real person in less than 15 minutes.


    To recieve a pricing quote for the Federal law 152-fz cloud solution, please contact us in any convenient way


    Frequently asked questions (FAQ)

    1. What is the core of the FZ-152 cloud service?
    We built a secure circuit in our data centre that is security-certified in accordance with Federal Law-152 and has received a certificate of compliance for personal data protection up to and including security level 1. And we help our customers resolve compliance issues from a technical point of view.
    Public institutions may also be interested in Class 1 Certificate of Conformity for government information systems (according to Order 17 of the FSTEC) and Class 1Г Certificate for confidential information protection (according to СТР-К).

    2. Who is a personal data operator according to Federal Law No. 152?
    According to FZ-152, the operator of personal data is a legal or natural person, state or municipal authority that processes and collects personal data for purposes other than labour law purposes, and determines the purpose and content of such personal data processing.

    3. What is the purpose of the Federal Law No. 152 on Personal Data?
    The purpose of the Federal Law-152 "On personal data" is defined in Article 2 of the Federal Law of 27.07.2006 N 152-FZ (as amended on 31.12.2017) "The purpose of this Federal Law is to protect the rights and freedoms of individuals and citizens in the processing of their personal data, including the protection of rights to privacy, personal and family secrets.

    4. Who is subject to the requirements of FZ-152?
    The law FZ-152 applies to every business, state or municipal body, individual that processes personal data for purposes other than compliance with labour law requirements.

    The list of sectors for which the processing of personal data is a priority:
    • Medicine (public and private)
    • Educational institutions
    • Financial institutions
    • Insurance companies
    • Cellular service providers
    • Travel Agencies
    • Recruitment agencies
    • Passenger transportation
    • Real estate companies
    • HR department and accounting department of any company

    5. What is the legal liability for breach of FZ-152?
    Liability for failure to comply with the requirements of Federal Law-152 is determined by the text of the document itself, as well as by the recent Federal Law FZ No. 405 "On Amendments to Certain Legislative Acts of the Russian Federation".

    5. What are the penalties, incl. fines, for violating FZ-152?

    Currently, fines under FZ-152 and other penalties are stipulated by Federal Law FZ No 405 "On Amendments to Certain Legislative Acts of the Russian Federation", which came into force on 02 December 2019.

    The subject of the breach " Failure by the operator, when collecting personal data..., to ensure recording, systematisation, accumulation, storage, clarification (update, change) or retrieval of personal data of Russian citizens using databases located in the Russian Federation" 13.11 of the CAO.

    An administrative fine for a primary law violation is up to 50,000 roubles for citizens, up to 200,000 roubles for officials and up to 6,000,000 roubles for legal entities. Repeated detection of a violation will result in a 2x or even 4x increase in the fine. For citizens - up to 100,000 roubles; for officials - up to 800,000 roubles; for legal entities - up to 18,000,000.

    6. How much does it cost to protect personal data according to Federal Law № 152?
    The cost of organising protection depends on whether you decide to "build" and certify the infrastructure yourself, or apply to a cloud provider. Based on our experience with customers, the cost of cloud resources rental is often 30-50% lower in the long term perspective of 2-5 years.

    The cost is calculated individually for the customer, taking into account the volume, security level and time of deployment.

    7. Can you help prepare the documentation?
    Yes, we can (we provide ready-made templates or take care of the entire preparation process turnkey).

    8. How is the data transfer channel organised?
    A Russian GOST-encrypted channel via a VipNet coordinator is used.

    9. Is it considered redundant to store personal data of different organisations in a single database?
    In practice, maintaining a single database of personal data for several organisations is a popular solution. But will it comply with Article 5 of the Federal Law 152-FZ on personal data in terms of data redundancy? Won't the personal data of employees of one company be considered excessive in relation to the other company? How to properly execute the documents for each organization if the ISPN is common and the information contained therein is redundant?

    In fact, redundancy is specifically concerned with the composition of the subject's personal data. For example, information on medical diagnoses or biometric data is redundant in order to conclude an employment contract. Storing this data does not correspond to the stated purposes.

    There are no restrictions that would prohibit the processing of personal data in the same information system by different entities. This model is used by many services on the Internet. For example CRM Bitrix24.

    However, in this case it's important that administrator of information system has built protection system accordingly, so that data of some users are not available to other users.

    You can find answers to your questions in our Knowledge Base. If you can't find an answer to your question, ask our consultants using the online chat or send a request using the support ticket system

    Scroll up!