Digital sanctions represent a new front in international conflicts, with business-critical technology able to be switched off remotely. What will be the impact in Russia and beyond?
Lenin once said there are decades where nothing happens and weeks where decades happen. This current period appears to be of the latter type. Just as the effects of the pandemic seemed to be on the wane, reignited geopolitical tensions in Europe exposed once again the vulnerability of global markets.
While the Ukraine crisis has thrown supply chains into chaos, causing soaring wheat prices and sending petrol costs to an all-time high, the impact has been far-reaching in the digital space too.
Global technology providers have pulled their services from the Russian market in droves. Mastercard and Visa have restricted the use of Russian-issued cards outside the country, while Google Pay and Apple Pay have been limited for customers of sanctioned banks, leading to queues in the Moscow subway as commuters were forced to pay with cash.
The plug has also been pulled on other digital assets: some of them self-imposed such as Russia’s banning of Facebook and Twitter, while Netflix, Paypal, Adobe, Oracle, Amazon Web Services, Microsoft and SAP have all introduced their own restrictions on services in the country, making ‘business as usual’ almost impossible.
While these actions may be aimed at penalising the regime of Russia’s president Vladimir Putin, they also affect consumers, startups and small businesses – the vast majority of which have nothing to do with the invasion and are themselves suffering the consequences. So notes Nigel Green, founder and CEO of financial services business deVere Group, which continues to operate in Russia.
“A few hundred, named Russian individuals are on the international sanctions list and, of course, we strictly adhere to it,” Green says. “But we’re not going to roll out a blanket ban on ordinary, innocent Russian users. The situation is inevitably going to get worse, with potentially devastating consequences, as they’re frozen out of the financial system.”
Sanctions against digital services
This build-up of digital sanctions has been slow but steady. In 2019, a raft of new sanctions against Venezuela meant that Adobe services were no longer accessible in the country. Microsoft’s software sales in Russia were affected by previous US-led sanctions over the Crimea dispute, while developer platform GitHub was forced to block users in Syria, Crimea and Iran.
There’s little that businesses affected by these digital sanctions can do, other than await the outcome of a request for exemptions via the US Office of Foreign Assets Control, the authority in charge of overseeing sanctions compliance.
For everyone else, there’s piracy. Before Adobe was granted an exemption to operate in Venezuela in late 2019, designers in the country reluctantly turned to software theft because they had no other choice. Russia is considering legislating this approach by re-evaluating its copyright laws, as the Ministry of Economic Development proposes relaxing piracy rules to offset damage from digital sanctions.
Meanwhile Russians are turning to virtual private networks (VPN) to access digital services, says Corneliu Bjola, author of Digital Diplomacy: Theory and Practice. But this workaround may be short-lived. “The most popular VPN apps are based in France, the UK and US, so in principle they could become part of the package of digital sanctions as well,” he points out.
There are also rumours that Russia will cut itself off from the global internet, making a ‘splinternet’ – where countries choose to silo web access by national borders – seem closer than ever.
And this software flight may ripple into undesirable longer-term consequences for the West, such as a strengthening technological relationship between Russia and China, born from sheer necessity, and a recalibration of power in the digital sphere.
“Chinese authorities are taking notes about how these sanctions are implemented and how it might be able to protect itself against something similar if the relationship with the US deteriorates in a similar fashion,” Bjola says.
He highlights that China’s digital yuan could theoretically bypass SWIFT payments. “At the moment, the amount of international transitions seems to be low, but the matter could change rapidly if Russian companies discover ways to use it to evade sanctions.”
That makes China a country to watch, since it is not clear whether its companies will comply with the US/EU/UK sanctions, says Bjola. “The Biden administration has already signalled its determination to sanction Chinese companies if they aid Russia, so it will be interesting to see how China reacts to this. Purchasing Russian tech companies at a discount may prove tempting for some Chinese companies.”
Planning for the worst
As moves are made on the geopolitical chessboard it is usually ordinary citizens who suffer. Of course, the immediate impact of displacement, death and regional instability has rightfully taken precedence in headlines during Russia’s invasion of Ukraine. But organisations need to focus on resilience and business continuity plans.
Although it’s “hard to plan for such a devastating event”, businesses should always have a disaster recovery plan in place, says Siobhan Aalders, vice-president of global communications for freelance marketplace Fiverr. As tensions ratcheted up in mid-January, Fiverr raced to secure the safety of its staff by evacuating its Kyiv employees – comprising 15% of the company’s worldwide development team – to safer regions in Ukraine or outside the country.
Developers in Fiverr’s Tel Aviv headquarters also backed up areas of the business the Kyiv team were focusing on. “As we developed a plan for our employees, we knew the R&D centre in Tel Aviv would be able to pick up any slack and execute on our roadmap,” Aalders explains.
Meanwhile, as rumours persisted that Putin could take down communications and digital services in Ukraine, Fiverr’s operations centre was standing up alternative means of communication for employees in the country in case connectivity was compromised.
Shane Henry, CEO of disaster risk consultancy Reconnaissance Group, says it’s vital that businesses plan for the worst kinds of risk, from natural disasters to man-made crises. That means conducting a “reality check” on the culture of an organisation, taking stock of its current standard of preparedness and being open to blunt feedback from internal and external stakeholders.
“How is it set up to calmly prepare for a crisis, whatever that crisis may be?” asks Henry. “And what is the impact on our people?
“A core component of that is to look at your leaders – not your executive team, but people that will probably emerge as leaders at all levels. We see that, between earthquakes, the aftermath of hurricanes and political fallout, companies have had people emerge as leaders at all levels.
“That raises the question: what can you do beforehand to help you identify potentially emergent leaders? Because they’re the people you’re going to rely on in the aftermath.”