Russian encryption certificate/encrypted products Russia

Russia-Importing Encrypted Products, FSB notification for Encryption or Notification for encrypted products

Due high amounts of the questions concerning import to the Russia or EAEU (EAC – old name Custom Union) radio product or encrypted products we decided to make this road map, to help better understand importing rules and regulatory documentation for radio or encrypted devices!
While importers no longer need to obtain a license from the FSB, they do need to submit a notification to the FSB’s Center for Licensing, Certification and State Information Protection. This change came into force with the creation of the Eurasian Economic Union (EEU) ( old name ) Customs Union between the Russian Federation, Belarus ,Kirgizia ,Armenia and Kazakhstan. These rules cover the most popular groups of products: FSB notification for Laptops, FSB notification for Software, FSB notification for Access points, FSB notification for cellphones, FSB notification for Routers , FSB notification for smart devices, FSB notification for for Mobile phones and match more

Let’s start with FSB abbreviation or FSB notification

FSB stands for Russian Security Burea (transcription name ) in English it will be Federal Security services which in short way will sounds like
FSS Notification
So FSS notification is English version of FSB transcription name
FSS notification =FSB notification -equal name of the same document
Same Belongs to Russian FCA certification ( Federal Communication Agency ) or Russian FAC certification ( Federal agency of Communication)
LLC Mintest can provide services of FAC certification or FAC declaration depending on the requirements

Ok let’s go back to FSB /FSS notification requirements and rules

For What product you need to get FSB notification? list of a product for FSB notification

Below is the list of products which belong to encryption (cryptographic) means or include encryption (cryptographic) means, technical and cryptographic characteristics of which are subject to notification: 1. Products, which include encryption (cryptographic) means, which have any of the following components:
Symmetric cryptographic algorithm, which uses the cryptographic key, the length of which does not exceed 56 bits; or asymmetric cryptographic algorithm, based on any of the following methods:
a) Factorization into prime numbers, the size of which does not exceed 512 bits;
b) Calculation of discrete logarithms, in the multiplicative group of the finite field, the size of which does not exceed 512 bits; or
c) Discrete logarithm in the group, the size of which is different from that named in the above item “b”, and does not exceed 112 bits. Note: Parity bits are not included in the key length. 2. Products, which include encryption (cryptographic) means, and have limited functions: а) Authentication, which includes all aspects of access control, where there is no file or text encryption, except for encryption, which is directly related to protection of passwords, personal identification numbers or similar data for protection from unauthorized access; b) Digital signature. Note: Functions of authentication and digital signature include the function of keys distribution which is related to them.
3. Components of software operation systems, cryptographic possibilities of which cannot be changed by users, which are developed for
installation by users without further substantial support by supplier and which have technical documents available (description of cryptographic transformation algorithms, interaction protocols, description of interfaces, etc.) 4. Personal smart-cards (intelligent cards):
а) Cryptographic capabilities of them are limited to usage on equipment or in systems, which are specified in items 5 – 8 of this list; or
b) For wide public usage, cryptographic capabilities of which are not available to users and due to a special design they have limited capabilities
of protection of personal information, which is stored on the card. Note: If an intelligent card can perform several functions, then the reference status of each function shall be specified individually. 5. Receiving equipment for radio broadcasting, commercial TV or similar commercial equipment for broadcasting on a limited territory without
encryption of a digital channel, except for cases when encryption is used solely for control of video or audio channels and sending of reports or return of the information, which is related to the program, to broadcast providers. 6. Equipment, cryptographic capabilities of which are not available to users, which is custom developed and limited for use by any of the following:
а) The software is made in the copy protected form;
b) By access to any of the following: - copy protected content, stored only on a readable information carrier; - information, which is stored in encrypted form on carriers, when such information carriers are offered for sale to people in identical sets;
c) Copy check of video and audio information, which is copyright protected.
7. Encryption (cryptographic) equipment, which is specifically developed and limited for use to banking and financial transactions. Note:
Financial transactions include fees and payments for transportation services and credit financing. 8. Portative or mobile radio electronic devices of civil purpose (for example, for use in commercial civil systems of cellular radio communication), which are not capable of end-to-end encryption (i.e. subscriber-to-subscriber) So called Poin-to Point
9. Wireless radio electronic equipment, which encrypts information only in the radio channel with the maximum wireless range without amplification and bridging less than 400 m in accordance with technical specifications of manufacturer.
10. Encryption (cryptographic) means used for protection of technological channels in information and telecommunication systems and communication networks.
11. Products, the cryptographic function of which is blocked by manufacturer
12.Other product which has encryption functions and which is not mentioned in first 11 paragraph’s he Eurasian Economic Commission (EEC), as the regulating body of the Customs Union, defines the list of products that are subject to non-tariff barriers. The EEC decree №134, dated August 16, 2012, creates the grounds for obtaining the notification. Chapter 2.19 of the decree reflects the full list of products that are subject to notification
To import electrical devices which is subject t the restrictions (radio devices restriction Russia) Customer must obtain MIT license , it is necessary to obtain a MinPromtorg License (Ministry of Industry and Trade of the Russian Federation - MIT). MIT’s website contains the list of documents that should be submitted to obtain the license. The Ministry launched an online service for license applications: http://www.non-tariff.gov.ru/ (which works only under Internet Explorer) Radio devices restriction Russia Chapter from 2.16 to 2.19 of The EEC decree №134, dated August 16, 2012 reflects the full list of products that are subject to notification and MIT if Notification could not be granted due restrictions

Submitting FSB Notification
LLC Mintest will prepare all the necessary forms and will guide you through the process as well we can offer our Russian representative service for FSB notification registration or will act as a representative on Power of attorney for FSB submission

Bellow I the steps for FSB submission Step 1: Fill in the Notification Form, following instructions provided on the FSB website: http://clsz.fsb.ru/docs/fn.htm
Step 2: If your company does not have a representative office in Russia, you will need to act through your distributor or agent , providing him with the Power of Attorney (POA) for Notification Registration . The POA should be notarized and have an apostil. For POA example for Notification of FSB you can contact Mintest via our email or QQF form ( FAQ form )
Step 3: After filling the notification, it should be passed to the FSB’s Center for Licensing, Certification and State Secrets Protection. Applying for Ministry of Industry and Trade License Russian MIT (most of the cases it will be done by the importing side ,since government fee ad application must be paid by the importer which is mentioned on the sales contract :
Step 1: Check HS code of the product. If it is in chapter 2.19 (http://clsz.fsb.ru/files/download/reshenie_N_134.doc), proceed to Step 2.
Step 2: Review information at http://www.non-tariff.gov.ru/ Step 3: Fill in the application via the above website. If the online form does not work, you can mail the application to the address: 109074, Москва, Китайгородский проезд, 7 (Kitaygorodskiy Passage, 7). Telephone: +7 (495) 710-55-00 - for FAQs; +7 (495) 710-5266 - for correspondence status verification.
Step 4: Attach to the application: copy of a valid purchase/sales contract and related documents, verified by the signature and official company stamp of the applicant. Label all attachments: “This copy is verified” Step 5: Attach copy of the firm’s certificate of registration with a tax authority, verified by the signature and stamp of the applicant.
Step 6: Print out payment form and pay 7500 rubles (approximately $120) government fee.
Step 7: If you sell high frequency equipment, make sure to determine if you need to obtain a statement from the State Radio Frequency Center:
http://www.grfc.ru/grfc/English/index.htm and Roskomnadzor permit Roskomnadzor Temporarily Import High frequency equipment and law frequency equipment will require in county test which will be performed at State Radio Frequency Center: http://www.grfc.ru/grfc/English/index.htm To legally import the products for in country test company will require Roskomnadzor Temporarily Import

Product which will pass the RFC in country test ( which will comply with Russian HF or LF approved to use frequency list ) will be placed into Roskomnadzor data base and will be fee ready for import by any company

For more information contact LLC Mintest via email or by phone
Phone:

+7 499 347-18-97
+7 499 409-63-69

E-mail: info@mintest.ru
Skype: mintest.company