The Central Bank of Russia has published new requirements for the hardware and software used in socially important card payment systems, setting updated information security expectations for the devices embedded in these systems. The requirements cover hardware security modules built into payment system infrastructure, payment devices with a kernel, ATMs and payment cards. They establish parameters for developers, replace the approaches in place since 2020, and reflect the regulator’s newer measures to protect data in money transfers, including with the stated aim of supporting more efficient import substitution.
Central Bank of Russia 2026-01-30
Central Bank of Russia issues new information security requirements for socially important card payment systems
The Central Bank of Russia has issued updated requirements for hardware and software in socially important card payment systems, focusing on information security for infrastructure components like hardware security modules, payment devices, ATMs, and payment cards. These new parameters replace the 2020 approaches and aim to enhance data protection and support import substitution.