СОРМ VENDOR SANCTIONS DESIGNATION PACKAGE
Human Rights Rationale — Russian Domestic Surveillance Infrastructure
Classification: INTELLIGENCE PRODUCT — SANCTIONS ANALYSIS
Date: 2026-04-03
Pipeline Version: v3.7 (senzing + EGRUL + LinkedIn crossover analysis)
Analyst Note: This package provides evidentiary basis for OFAC/OFSI/EU sanctions designations of Russian СОРМ (lawful intercept/surveillance) vendors under human rights authorities (EO 13818, Global Magnitsky Act, EU Regulation 2020/1998, UK SAMLA 2018).
1. EXECUTIVE SUMMARY
The СОРМ Ecosystem: Industrial-Scale Domestic Repression Infrastructure
СОРМ (Система оперативно-розыскных мероприятий — System for Operative Investigative Activities) is Russia's mandatory telecommunications interception architecture. Russian law requires all internet service providers, mobile operators, and communication companies to install FSB-controlled surveillance hardware and grant the FSB direct, unmediated access to all communications data — without judicial oversight, without warrant requirement at the point of access, and without notification to the subject.
СОРМ-3, enacted 2014, mandates:
- Full interception capability on all IP, voice, and messaging traffic
- 3-year retention of all metadata and content
- Deep packet inspection (DPI) equipment installed at ISP premises, controlled remotely by FSB
- Zero-knowledge architecture: ISPs are legally prohibited from knowing what the FSB accesses
This infrastructure has been documented as the operational backbone of:
- Surveillance of opposition politicians, journalists, and human rights defenders
- Identification and detention of protest participants (2011–2012, 2021–2022, 2024)
- Cross-border targeting of Russian diaspora activists
- Pre-arrest intelligence on Navalny Foundation members and Meduza journalists
The companies identified in this package manufacture, install, and maintain this surveillance infrastructure. Unlike defense manufacturers (already subject to broad sanctions), СОРМ vendors have no existing OFAC SDN designations despite their direct role in the human rights violations the sanctions regime is designed to deter.
This package documents 13 active СОРМ vendors (corrected 2026-04-03: Норси-Транс added as vendor 13; see correction note in Section 2), 50 personnel with government-to-vendor career transitions, and 30 documented government-agency transitions across ФСБ (14), ФСТЭК (13), ФСО/ФАПСИ (3) — counting unique transition records; exact unique-individual count across those agencies requires deduplication but is ≥23.
Key Findings at a Glance
| Finding | Detail |
|---|---|
| Vendors identified | 13 СОРМ/DPI/surveillance vendors (corrected from 12; Норси-Транс added) |
| Personnel in dataset | 103 profiles (50 gov crossover, 53 skills-only) |
| ФСБ → СОРМ transitions | 14 confirmed personnel |
| ФСТЭК → СОРМ transitions | 13 confirmed personnel |
| ФСО/ФАПСИ transitions | 3 confirmed personnel |
| Current OFAC SDN status | 1 of 13 СОРМ vendors designated by OFAC (Норси-Транс, EO 14024); МФИ Sofт N.Novgorod (INN 5260146265, aka Цитадель) OFAC-designated Feb 24, 2023 (SDN #41116, EO 14024); Moscow subsidiary (INN 7710657509) — ❌ 50% Rule NEVER TRIGGERED: Цитадель divested Moscow stake June 16, 2022; Никитин 100% by Jan 25, 2023; OFAC designation Feb 24, 2023 (30 days post-transfer). Direct EO 13818 basis for N.Novgorod entity remains valid. |
| EU designation status | 3 of 13 EU-designated (Информзащита, ИнфоТеКС, МФИ Софт — UKR programme 2023–2024) |
| Reference entity | Positive Technologies — OFAC Apr 2021 + EU Sep 2024 (offensive cyber, not СОРМ-specific) |
| EGRUL lookups completed | Top 5 vendors verified (INN/OGRN confirmed) |
| Norsi-Trans | INN 7705051215; OFAC EO14024 designated; GenDir Овчинников С.А. individually co-designated; pipeline false-negative due to INN gap |
| Designation gap | OFAC: 12 of 13 СОРМ vendors undesignated; EU: 10 of 13 undesignated |
🔒 Premium brief — request full access
This brief's evidentiary detail, specific targets, and designation recommendations are available to subscribing compliance teams, law firms, and government analysts. The teaser above shows the headline methodology; the full document includes case-number citations, target INNs, SDN-adjacency numbers, and recommended secondary-designation scope.
Email derek.linz@linzalytics.com or click below to request access. Include your organization, role, and intended use.
Request access → See pricing tiers