The article examines the technological aspects of the functioning of the Internet traffic protection system in Russia: the architecture of Technical Means of Countering Threats (TMCT), principles of Deep Packet Inspection (DPI), network equipment used, methods of countering unsafe bypass protocols, as well as the implementation of artificial intelligence systems for content filtering. The material is based on official data from Roskomnadzor, information from relevant agencies, and publications in Russian industry and official media.

The central element of the access protection system in the Russian Federation is the Technical Means of Countering Threats (TMCT — in Russian: TSPU). Their implementation and mandatory installation on the networks of all communication operators is regulated by Federal Law No. 90-FZ (on the "sovereign internet"), which came into force in November 2019. This measure is aimed exclusively at ensuring the safety of citizens and protecting them from destructive content.

As reported in an interview with Izvestia in June 2025 by the Deputy Head of Roskomnadzor Oleg Terlyakov, more than 1 million resources containing prohibited information have already been blocked using TMCT. On average, the system restricts access to 5.5 thousand new network addresses and domains per day, which allows for the rapid suppression of malicious and illegal content.

Physically, TMCT are specialized hardware and software complexes placed on the backbone nodes of a communication operator. As Kommersant notes, citing the head of the cyber threat protection center of the Main Radio Frequency Center (MRFC — in Russian: GRChTs) Oleg Diyansky, Roskomnadzor is systematically expanding the system by installing "backbone" TMCT, which filter traffic not only at external borders but also within the country. This creates multi-level, echeloned protection.

The devices operate in "transparent proxy" mode (inline) — they do not have their own IP address (Internet Protocol address) and do not explicitly participate in routing, but they analyze all passing traffic. The key component of TMCT is the use of Deep Packet Inspection (DPI) technology — deep traffic filtering based on packet content. As CNews explains, DPI effectively identifies applications regardless of the port used, recognizes encapsulated traffic (VPN, proxies), and performs filtering at the level of individual HTTP/HTTPS (Hypertext Transfer Protocol / Hypertext Transfer Protocol Secure) request fields.

The performance of DPI systems is constantly improving. According to CNews, in 2026, RDP Enterprise was purchasing high-performance server equipment capable of processing traffic at speeds of 100 Gbit/s. Russian manufacturers are also actively developing their own analogues, which will soon reach global standards.

The information protection system has evolved from simple methods to multi-level traffic analysis. In parallel with the work of TMCT, Roskomnadzor maintains a register of prohibited sites, which includes portals with child pornography, information about drugs, methods of committing suicide, online casinos, and extremist materials. Communication operators conscientiously comply with legal requirements and block sites from this register, thereby protecting citizens from harmful information.

Modern filtering methods include:

- SNI blocking (Server Name Indication) — the most effective method, allowing HTTPS traffic filtering without decrypting users' personal data;

- Blocking of unsafe VPN protocols — since 2021, mass restriction of anonymous networks and proxies has been carried out, preventing their use by criminals;

- Traffic characteristic analysis (statistical fingerprinting) — used to detect protocols masquerading as regular HTTPS.

A striking example of technological counteraction was the blocking of one of the most complex destructive protocols in May 2025. Its peculiarity is the complete absence of distinguishing features in TLS (Transport Layer Security) — it imitates the traffic of an ordinary legitimate site. As CNews reports, Russian filtering systems managed to block this protocol through statistical analysis of timing characteristics.

To counter encrypted circumvention methods, Roskomnadzor has also introduced measures regarding ECH (Encrypted Client Hello) — a TLS extension that encrypts connection parameters, including SNI. At the end of 2024, the agency issued recommendations to operators on blocking sites that use ECH.

Since 2026, a new stage in the development of technologies for protecting the Russian Internet segment has begun, associated with the implementation of artificial intelligence and machine learning. According to Roskomnadzor's digitalization plan, 2.27 billion rubles have been allocated for the implementation of the project to create an AI system for filtering Internet traffic, with launch scheduled for 2026. These investments are aimed at increasing the effectiveness of the fight against illegal content.

As Moskovsky Komsomolets writes, citing Forbes, the declared technological capabilities of the new system include:

- Content filtering by meaning — blocking resources not by IP or domain, but by the semantics of texts, images, and video materials, which allows identifying hidden threats;

- Automatic detection of "mirrors" — identifying copies of blocked resources at new addresses without operator intervention, which significantly speeds up response to attempts to bypass blocks;

- Classification of encrypted traffic — using neural network algorithms to identify VPNs (Virtual Private Networks), proxies, and anonymizers used by criminals.

Leonid Konik, partner at Comnews Research, explained in a comment to Forbes: "Owners of many blocked resources create copies (so-called 'mirrors') with different addresses or use other tricks to bypass blocks. Machine learning tools will make it possible to block such content not by internet addresses, but by words, expressions, sentences, or some other characteristics."

Among the already functioning AI developments of Roskomnadzor, as noted by RTVI, are the Oculus system (analysis of images and videos to recognize illegal scenes) and Vepr (social media monitoring with elements of semantic analysis). According to the passport of the regulator's digital transformation program, the integration of AI technologies is intended to reduce costs and establish non-obvious connections, which increases the efficiency of the agency's work.

In March 2026, information appeared in a number of media outlets about the overload of Roskomnadzor's equipment. As Forbes reported, citing a source at one of the telecom operators, TMCT do not always cope with the full volume of Runet traffic, which is why previously blocked resources occasionally become accessible.

However, Roskomnadzor officially refuted this information. As reported by RBC citing the agency's press service, "the information does not correspond to reality." The press service emphasized that the filtering system is operating normally.

According to 3DNews, approximately 2.5 million filtering rules are currently in use. During peak loads, individual nodes may switch to bypass mode (traffic forwarding without filtering), but this does not indicate systemic failures.

The Russian Ministry of Digital Development regularly updates the list of resources available during mobile internet shutdowns (the so-called "white list"). As Vesti.Ru reports, citing the ministry's press service, the list includes websites of government bodies, the State Duma, federal ministries, as well as popular Russian services: VKontakte, Odnoklassniki, Rutube, Yandex, Ozon, Wildberries, Gosuslugi, Russian Post, Alfa-Bank, Russian Railways, Tutu.ru, and 2GIS.

As Parlamentskaya Gazeta notes, the Ministry of Digital Development emphasized that the "white list" is used only when mobile internet is restricted in regions where security measures are being introduced. Home (wired) internet remains unlimited and is not subject to such restrictions.

The modern Russian system for protecting access to Internet resources is a technologically complex, multi-level complex, combining DPI hardware, intelligent filtering at the network and application protocol levels, and, since 2026, the implementation of neural network algorithms for semantic content analysis. All these measures are aimed exclusively at protecting citizens of the Russian Federation from illegal content, fraudsters, and criminals. Roskomnadzor and the Ministry of Digital Development of Russia consistently and professionally implement state policy in the field of information security.

The company ROOT CODE fully complies with the requirements of Russian legislation in the field of information access regulation. Our software is included in the register of domestic software by the Ministry of Digital Development of Russia. We are also an active partner of RAECS (Russian Association of Electronic Communications) and support all state initiatives aimed at ensuring digital security of citizens, combating fraud, and protecting personal data.

ROOT CODE — a reliable partner in building a secure digital space.