Maria Ostashenko

Maria Ostashenko

Partner
Maria Ostashenko

Chambers Europe

She is pleasant and kind to work with, responds fast, and has a good understanding of the situation and what needs to be done.

Biography
Recent work
Publications and Insights
Rankings and awards

Maria Ostashenko is a Partner at ALRUD Law Firm, heading Commercial, Intellectual Property and Data Protection and Cybersecurity practice areas.

Leading team of Commercial practice Maria advises ALRUD clients on managing credit risks of parties, on forms of legal presence and models of conducting business in Russia, supports launching start-ups and implementation of complex projects related to international contracts.

In the Intellectual property area Maria renders legal support for formalizing IP rights, use, management and protection of brands and intangible assets, conducting marketing campaigns and advertising. She possesses extensive experience of resolving disputes regarding intellectual property, including alternative dispute resolution.

Maria represents international clients in the matters involving data protection regulation in Russia, advises on obligations of operators related to data processing, including cross-border data transfers, structuring data flow between the members of international groups.

Maria supports Russian and foreign clients providing her expertise in areas including pharmaceuticals and healthcare, FMCG, banks and financial institutions, retail trade, telecommunications, media and technology.

Maria is a frequent speaker at major Russian and foreign conferences and workshops, and an author of many analytical articles published in legal periodicals. Maria is a member of International Bar Association (IBA), International Trademark Association (INTA), International Technology Law Association (iTechLaw), International Distribution Institute (IDI), International Association of Privacy Professionals (IAPP). Maria also took part in working on the draft amendments to the Civil Code of the RF and presently conducts workshops on the Civil Code developments.

Maria is a certified specialist in the area of European data protection laws (CIPP/E).

Maria Ostashenko graduated from the Moscow State University in 2004 and was awarded a LL.M. degree in private law by the Russian Private Law School by the President of the RF in 2006. Maria joined ALRUD team the same year.

Includes advising and representing:

An innovative biopharmaceuticals manufacturer, global manufacturing leader in orphan disease treatment,

on relations with distributors in Russia and CIS countries, marketing strategy and activities.

A world-famous US manufacturer of smart phones and tablets

on issues related to the Client’s advertising campaigns in Russia.

A UK luxury fashion brand

on the issues related to business activities in Russia, including on entering into distribution agreements and importing products into Russia.

A retail group managing a worldwide coffeehouse chain

on entering into franchise agreement with a Russian partner and importing goods into Russia.

An international payment system

regarding Russian data protection legislation requirements applicable to the Client’s products and to cross-border data transfers within the company group.

Numerous clients from the retail industry

on protecting brands against infringements in the internet.

Governmental clearance for the purchase of intellectual property assets from “unfriendly” rights holders
Dear Ladies and Gentlemen! Please be informed that, as of 20 May 2024, Decree No. 430 of the Russian President introduced a temporary restrictive procedure for the purchase by Russian residents of exclusive rights to the results of intellectual activity and means of individualization from “unfriendly” foreign rights holders (“Decree No. 430”).
23 May 2024
Fines increased for illegal marketing mailing and non-transparent advertising of consumer loans
Dear Ladies and Gentlemen! On 17 April 2024, amendments to the Code of Administrative Offences of the Russian Federation (“CAO RF”) will enter into force. From this time, there will be greater liability for the distribution of advertisements via SMS, email and push messages without the recipient’s consent. In addition, increased liability will be imposed for advertising of consumer loans with an incomplete cost. The changes are as follows: Violation of advertising distribution via telecommunication networks; Failure to provide the full costs of consumer loans in advertising.
11 April 2024
Legislative initiatives in CII regulation and lifting of the antitrust moratorium
Dear Ladies and Gentlemen! We would like to inform you about an important legislative initiative in the regulation of critical information infrastructure (CII), as well as the lifting of the moratorium on antitrust inspections of accredited IT companies from 28 March 2024.
08 April 2024
TMT Legal Digest: "Key regulatory news in the TMT industry from June 2023 to February 2024"
Dear Ladies and Gentlemen, We would like to share with you an updated digest of the most significant laws and bills and regulatory innovations in the Technology, Media & Telecommunications sector for the period from June 2023 to February 2024, as well as trends in the future regulation of this industry. The TMT industry is currently experiencing significant regulatory pressure with changes constantly being made for both its service providers and the customers who use their products. As such, the regulation of hosting providers’ operations in Russia indirectly extends to a large number of companies that use the services of foreign providers. Given the growing role of information technology in the economy and the resulting threats to data security, there is an obvious trend towards regulating the TMT industry, searching for solutions to ensure the greater security and transparency of processes in the online environment, as well as increased liability for violations of requirements for individual players, such as social networks, hosting providers, people who work with biometric data, as well as the rules for working with information. The changes affect both major players on the Russian and international markets, as well as small companies that are forced to provide virtually the same level of response. This digest presents current legislative and regulatory changes in the TMT sector, namely in information technology, media content, advertising, personal data, telecommunications, e-commerce, retail, and antitrust regulation. It provides details about the main changes and initiatives over the past year, as well as the key findings of law enforcement practice in this regard.
18 March 2024
Accreditation of IT companies: possible rule changes and restricting the moratorium on inspections
We would like to inform you about important potential changes regarding the state accreditation rules for IT companies1 and the current moratorium on inspections of IT companies2. 1. Changes in the state accreditation rules for IT companies The Ministry of Digital Development, Communications, and Mass Media of the Russian Federation ("Ministry of Digital Development") has introduced a draft decree of the Russian government ("Draft Decree")3, which simplifies the procedure for Russian companies to obtain state accreditation for information technologies. The Draft Decree also suggests including a requirement for predominant Russian ownership of such IT companies as a condition for obtaining IT accreditation. Consequently, IT companies with significant foreign ownership will be unable to obtain the corresponding accreditation. The most important proposed changes to the state accreditation rules are noted below. Foreign participation in IT companies The Draft Decree introduces a new criterion for obtaining state accreditation for IT companies, which states that the share of foreign individuals in economic entities must not exceed 50% of the IT company’s authorized capital. Otherwise, companies will be denied state accreditation. In order to confirm whether an IT company has foreign participation, extraordinary checks and planned procedures for such confirmation may be conducted. Simplifying the state accreditation process for IT startups In order to develop startups, the Draft Decree would make it possible for small technology companies created less than three years ago to obtain state accreditation without taking into account the criterion for income from their IT activities. Annual planned accreditation confirmation procedure The Draft Decree establishes a single method to apply for the annual procedure to confirm state accreditation. The application may only be submitted electronically through the personal account on the Gosuslugi portal. As part of the confirmation procedure, the Draft Decree proposes reducing the number of periods for which compliance with the criterion for the average monthly size of payments and other remuneration accrued to individual employees is checked. Data will be subject to verification for two quarters: the fourth quarter of the previous year and the first quarter of the current year. Organizations that received accreditation in the year of their establishment, as well as those that submitted an application for state accreditation after 25 April, i.e., after the deadline for such organizations to submit calculations of insurance contributions for the quarter preceding the date of the inspection to the tax authority, will be exempted from the planned check. Please note that if the Draft Decree is adopted, most of the changes will come into force on ****1 May 2024****. However, for the criterion related to foreign participation, a different effective date is provided – ****1 August 2025****. 2. Possible lifting of the moratorium on antitrust regulation inspections for accredited IT companies On 5 March 2024, Director of the Federal Antimonopoly Service of Russia (“FAS of Russia”) Maxim Shaskolsky said during a Federation Council committee meeting that the service’s authority in terms of inspections of IT companies was slightly limited due to Decree No. 448 of the Government of the Russian Federation dated 24 March 2022 “On Specific Aspects of State Control (Supervision) and Municipal Control of Accredited Organizations Engaged in Activities in the Field of Information Technologies, and on Amendments to Certain Acts of the Government of the Russian Federation” (“Decree 448”), which states that that scheduled inspections by state and municipal control bodies of IT companies from the state register shall not be carried out until 31 December 2024. The FAS of Russia plans to lift these restrictions soon. Public information shows that no draft amendments had been made to Decree 448 as of the time this newsletter was sent out. Therefore, we are providing you with an overview of the possible key changes that might follow the removal of the restrictions imposed by Decree 448: {{1.}} State control (supervision) and municipal control in accordance with the Federal Law “On State Control (Supervision) and Municipal Control in the Russian Federation” will be resumed. {{2.}} The federal exercising of state control (supervision) and municipal control in accordance with the Federal Law “On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Exercising of State Control (Supervision) and Municipal Control” will be resumed. {{3.}} The scheduled control (oversight) activities and scheduled inspections for control specified in paragraphs 1 and 2 above will be included in the plans for scheduled control (oversight) activities and plans for scheduled inspections no earlier than the end of 2024. We will continue to monitor these legislative initiatives and keep you informed of any updates. Decree No. 1729 of the Government of the Russian Federation dated 30 September 2022 on the Approval of the Regulation on the State Accreditation of Russian Organizations Conducting Activities Related to Information Technologies https://fas.gov.ru/publications/24278 The text of the draft decree of the Russian government “On Amending Decree No. 1729 of the Government of the Russian Federation dated 30 September 2022” can be found on the federal portal of draft regulatory legal acts (ID: 02/07/03-24/00146156).
15 March 2024
Stricter liability for personal data processing
Dear Ladies and Gentlemen! We would like to inform you about significant legislative initiatives that impose increased administrative liability for violations of personal data processing, as well as criminal liability for unlawful personal data trafficking and data breaches.
28 December 2023
ALRUD experts held the webinar “Key legal trends for the companies in the pharmaceutical and healthcare industry in Russia”
On October 26, our firm held a webinar dedicated to the current legal trends and regulatory changes in the pharmaceutical and healthcare industry, which companies may face in Russia. During the webinar ALRUD experts have covered topics such as: Expansion of mandatory labeling requirements Harmonization of Russian and EAEU legislation Acceleration of registration of new medicines Extension of counter-sanctions measures Latest trends of regulatory clearance of transactions Focus on the pre-audit analysis of business as the main direction of the new tax policy Current findings and trends in enforcement practice in patent disputes and registration of generics Settlements under foreign trade contracts: requirements and restrictions of currency legislation The speakers of the webinar were: Maria Ostashenko, Partner, Dina Kravchenko, Senior Associate, Ksenia Erokhina, Senior Associate, Ilya Khodakov, Senior Associate, Sergey Artemiev, Senior Associate and Alexander Artemenko, Associate. More information on the services and expertise of ALRUD's Healthcare and Pharmaceutical Industry team can be found here.
30 October 2023
New legislative changes in IT regulation in Russia in July 2023
Please be informed that major changes in regulation of information technologies and the Internet in Russia have been enacted recently by legislators in the third reading at the Russian Parliament. The bills are aimed at establishing new requirements for hosting providers, restrictions on the use of recommendation technologies on the Internet and authorisation methods on Russian websites, new fines for social media platform owners. Law on hosting providers in Russia As of December 01, 2023, hosting providers will be subject to the new requirements in Russia. This regulation applies to companies providing services for the provision of computing power for posting information in information systems permanently connected to the Internet. The hosting providers will have the following obligations: To send a notification on commencement of hosting services to Russian Data Protection Authority (Roskomnadzor); To ensure the implementation of information security requirements; To ensure the implementation of requirements for conducting operational and investigative activities and to prevent disclosure of organisational and tactical methods of conducting such activities (the procedure for interaction of hosting providers with authorised state authorities shall be established by the Government of the Russian Federation); To comply with the requirements the 'Sovereign Runet' Law and other specified provisions of the Russian Communications Law1 ; To verify the identification or authentication of its customers. Based on the hosting provider’s notification, a hosting provider shall be included into a special register which will be maintained by Roskomnadzor. As of February 01, 2024, the absence of information in the register will be an obstacle for the operation of hosting providers. Hosting providers that were operating before these changes came into force shall notify Roskomnadzor regarding commencement of hosting services by December 15, 2023. Roskomnadzor will monitor the activities of hosting providers in Russia. If the hosting provider fails to eliminate violations identified by Roskomnadzor, within 10 business days from the date of the request (unless earlier deadlines are set out in the notification itself), the hosting provider will be removed from the register and prohibited to carry out its activities. Regulation of recommendation technologies used in relation to Russian users As of October 1, 2023, new requirements will be introduced for owners of websites, mobile applications or other information systems ('owners') when using information technologies to provide information based on the collection, systematisation and analysis of information relating to the preferences of users (so-called “profiling”) located in Russia ('recommendation technologies'). For instance, the respective amendments will be relevant for owners of social media platforms, video hosting platforms, streaming platforms, search engines, e-commerce platforms (marketplaces) that use various recommendation algorithms and the rest owners who performs profiling on their websites and mobile applications. Owners using recommendation technologies or algorithms will be obliged to: prevent the use of recommendation technologies that violate the rights and legitimate interests of citizens and organizations and the provision of information in violation of the legislation of the Russian Federation; inform users about the use of recommendation technologies; provide an e-mail address for users to send their requests; publish the policy for the use of recommendation technologies in Russian language specifying the types of information on user preferences, sources of obtaining such information, a description of processes and methods of collecting, systematizing, analyzing information on user preferences, and methods of implementing such processes and methods. Roskomnadzor will monitor compliance with the restrictions: in case of non-compliance with the requirements, it is authorized to send a notice to the owner to take measures to eliminate violations. If the owner again fails to take any measures, Roskomnadzor may restrict access to such information resource. Such blocking of the resource may be removed based on the court’s decision, provided the owner eliminates the violations with further notification of Roskomnadzor. Roskomnadzor is also expected to adopt rules for informing users about the use of recommendation technologies. New rules on authorisation for users on Russian websites As of December 1, 2023, owners of websites, mobile applications or other information systems ('owners') that are Russian legal entities or citizens of the Russian Federation are limited in the possible options for authorization of users located in Russia. These restrictions, however, do not apply to foreign owners of websites, mobile applications or other information systems available in Russia. As of December 1, 2023, only the following authorisation methods may be used: Via phone number in accordance with the procedure established by the Government of the Russian Federation based on an identification agreement concluded by the owner with a telecom operator; Via 'Gosuslugi' (a Russian state services platform); Via Unified Biometric System; Via another information system that meets information protection requirements. The owner of such a system may only be a citizen of the Russian Federation who does not have citizenship of another state, or a Russian legal entity. Thus, the use of various foreign authorization systems on Russian websites or applications, such as Apple ID, Google is restricted. Therefore, Russian owners of websites, mobile applications or other information systems should review their user authorization solutions before the effective date of the new requirements. New fines for social media platforms owners As of September 1, 2023, administrative liability is established for violation of statutory duties by the owner of a social media platform. New rules apply to companies whose information resources are used to disseminate information in Russian (other languages of the regions or peoples of the Russian Federation), on which advertising that attracts the attention of consumers located in the territory of the Russian Federation may be disseminated, and to which more than 500,000 Internet users located in the territory of Russia have access during the period of a day. --table-- --table-border-- Obligation of a social media platform owner Administrative fine for violation of the specified obligation Annual posting of a report on the results of consideration of appeals about information disseminated in violation of the law and the results of monitoring the social media platform, and an electronic form for sending relevant requests;Posting a document in the social media platform that establishes the terms of use of the social media platform and informing users of any changes made to these terms. For officials - from RUB 200 000 to 400 000 (approx. from 2,200 USD to 4,400 USD);For legal entities - from RUB 600 000 to 1 000 000 (approx. from 6,615 USD to 11,000,00 USD). Monitoring of the social media platform, taking measures to restrict access to information the distribution of which is restricted under the Law 149-FZ2;Fulfilment of Roskomnadzor's requirement to cancel measures taken by the owner to restrict access to users' information. For officials - from RUB 200 000 to 400 000 (approx. from 2,200 USD to 4,400 USD);For legal entities - from RUB 800 000 to 4 000 000 (approx. from 8,820 USD to 44,100 USD).In case of repeated offence:For officials - from RUB 500 000 to 800 000 (approx. from 5,510 USD to 8,820 USD); For legal entities - from RUB 4 000 000 to 8 000 000 (approx. from 44,100 USD to 88,200 USD). Submission to Roskomnadzor the information on the owner of a social media platform or other information necessary for the maintenance of the relevant register. For legal entities - from RUB 50 000 to 300 000 (approx. from 550 USD to 3,300 USD). Fulfilment of Roskomnadzor’s order to monitor a social media platform to identify information that is confusingly similar to the information in respect of which the owner was obliged to take measures to remove on the basis of an earlier request from Roskomnadzor. For legal entities – from RUB 4 000 000 to 6 000 000 (approx. from 44,100 USD to 66,150 USD). Only articles 561 (3), 562 (8 (1-3)) and 651 (4) of the Federal Law of the Russian Federation No. 126-FZ of 7 July 2003 on Communications shall apply to hosting providers. the Federal Law as of July 27, 2006, No. 149-FZ on Information, Informational Technologies, and Protection of Information
27 July 2023
Imposing restrictions on the use of IT-products in the government and financial sectors
Please be informed of the adoption of a number of legislative and regulatory acts that impose restrictions on the use of foreign programs and products in the government and financial sectors. Ban on the use of foreign messengers As of March 1, 2023 restrictions on the use of a number of foreign messengers1 for specific operations related to the transfer of payment documents and personal data are imposed on certain organizations in Russian government and financial sectors: --table-- --table-border-- To whom the ban applies? State-owned and municipally owned companiesCompany with predominant state participationCredit institutions and non-credit financial institutions engaged in activities of non-credit financial institutionsSubjects of the National Payment System Prohibited Operations Transfer of personal data of Russian citizensTransfer of payment documentsSubmission of data on non-cash funds transfersSubmission of information for making paymentsTransmission of data on bank accounts and deposits of Russian citizensConnection to any informational systems enabling transfer of funds of the Russian citizens Banned foreign messengers (as of March 1, 2023)2 DiscordMicrosoft TeamsSkype for BusinessSnapchatTelegramThreemaViberWhatsAppWeChat What is allowed? Companies may still use the messengers listed above as long as their use does not fall within the Prohibited Operations. As an extension of this ban, liability in the form of fines for the use of foreign messengers was imposed as of June 24, 20233: For officials – from RUB 30 000 to 50 000, For legal entities – from RUB 100 000 to 700 000. Control of the Bank of Russia over the Russian financial sector organizations’ transition to domestic software As of March 1, 2025, a ban on the use of foreign software at significant critical information infrastructure facilities (“SCIIF”) owned by state authorities and customers under the Law No. 223-FZ (except for entities with municipal participation) is imposed4. This ban will affect large Russian banks and non-credit financial institutions that are subject to legislation regulating security of critical information infrastructure. Furthermore, as of September 2023 the Bank of Russia will be authorized to coordinate and control the transition of credit institutions and non-credit financial institutions5 to domestic software, domestic radio electronic products, and telecommunication equipment. The Regulator will control purchases of foreign software and services falling within its competence. The Bank of Russia will also manage and monitor credit institutions and non-credit financial institutions in order to implement measures ensuring security of critical information infrastructure. Federal Law No. 584-FZ dated December 29, 2022 “On Amending the Federal Law “On Information, Information Technologies, and Information Protection” The list of banned foreign messengers is adopted by Roskomnadzor: https://rkn.gov.ru/news/rsoc/news74672.htm Federal Law No. 277-FZ dated June 24, 2022 “On Amending the Code of Administrative Offenses of the Russian Federation” Decree of the President of the Russian Federation dated March 30, 2022 No. 166 “On measures to ensure technological independence and security of the critical information infrastructure of the Russian Federation” Federal Law No. 243-FZ dated June 13, 2023 “On Amending the Federal Law “On the Central Bank of the Russian Federation (Bank of Russia)”
17 July 2023
Legal updates in the Russian Life Sciences industry for the first half of 2023
We are glad to present you with an overview of the Russian regulations in the sphere of pharmaceuticals and life sciences for the 1st half of 2023. There are several digital initiatives in the healthcare sector, such as pilot launch of online sale of Rx medicines and the extension of experiment with track-and-trace system for medical devices. We see that the regulators are willing to take step forward and extend the period of registration of medical devices under national rules, but in other sectors they are taking closer look on current requirements and may apply stricter approach (e.g., implement additional requirements for food additives). All in all, the pharma industry and its regulatory framework is relatively stable now.
17 July 2023
Best Lawyers 2022 recommends Maria Ostashenko for Intellectual Property, Technology, Media and Telecommunications.
Chambers Europe, 2021 recommends Maria Ostashenko for Technology, Media and Telecommunications.
The Legal 500 Europe, Middle East & Africa 2021 recommends Maria Ostashenko for Technology, Media and Telecommunications.
Who’s Who Legal,Global Leader -Data - Data Privacy & Protection 2021 and Data - Information Technology 2021 and Labour & Employment 2021- recommends Vassily Rudomino as a leading practitioner.
Best Lawyers 2021 recommends Maria Ostashenko for Intellectual Property, Technology, Media and Telecommunications.
Chambers Global, 2020 recommends Maria Ostashenko for Intellectual Property, Technology, Media and Telecommunications.
Chambers Europe, 2020 recommends Maria Ostashenko for Intellectual Property.
The Legal 500 Europe, Middle East & Africa 2020 recommends Maria Ostashenko for Intellectual Property, Technology, Media and Telecommunications, Commercial, Corporate and M&A.
Who’s Who Legal 2019 recommends Maria Ostashenko for Data Privacy and Protection, Labour & Employment and Information Technology.
We use cookies to offer better performance of the website and fulfill some other purposes specified in the Privacy Policy. By way of ticking the box you provide your consent to use of cookies. Otherwise, we will only use technical cookies, which are necessary for proper functioning of the website.
Accept