Publication date:
Publication from:
An open list of prohibited software and communications (network) equipment has been published in Ukraine. It includes products whose use poses risks to national security and the country’s cyber resilience. The list is public and will be regularly updated going forward.
The IT Ukraine Association explains why over 70% of companies still use 1C and its derivatives, how the transition to secure solutions will take place, which tools are already available to businesses, and what consequences may follow from ignoring the new rules.
Why is the publication of the State Service of Special Communications and Information Protection (SSSCIP) list important, given that decisions banning hostile software already existed?
Previously, such bans primarily applied to public procurement, as well as to the use of software products by state-owned enterprises and institutions for works, services, and supplies funded by public budgets.
The approach has now been strengthened: the ban on the use of software and communications (network) equipment also applies to products used at critical information infrastructure facilities, as well as systems that process state, official, or classified data.
Who does this apply to?
The ban does not apply exclusively to state authorities or institutions. It also covers critical information infrastructure facilities that form part of Ukraine’s critical infrastructure, including:
Is the use of software from unfriendly countries really that dangerous?
In 2025, the National Cyber Incident Response Team CERT-UA under the State Service of Special Communications handled 5,927 cyber incidents. Among them were incidents involving software products of russian origin — a 37.4% increase compared to 2024 (4,315 incidents).
Is it true that the majority of companies still use russian 1C?
Approximately 75% of companies in Ukraine still use 1C or its disguised derivatives, including BAS. The use of 1C is most common among long-established private companies, as well as state and municipal organisations, largely out of habit. Modern businesses, however, increasingly aim to choose high-quality and secure software solutions.
What can replace prohibited software?
Today, the market offers modern software solutions for companies of any size and industry — from small businesses to large enterprises with complex processes.
The Digital Solutions Marketplace, created by Diia.Business and the IT Ukraine Association, brings together verified software products with a wide range of functionalities, including optimisation, logistics, marketing, finance, e-commerce, sales, cybersecurity, accounting, and HR.
How difficult is the transition from hostile software to quality alternatives?
The transition is not critically difficult. The market already offers a significant number of Ukrainian and international software solutions that support essential business processes, are secure, and meet modern requirements. Developers of these products provide training courses, system integrators, and various product “builders” tailored to different budgets and business needs.
How will violations be detected?
Violations in the public and critical sectors will be identified through the public procurement system. An additional control factor will be internal compliance procedures operating within both government bodies and critical infrastructure companies, which are subject to strict security, audit, and risk management requirements.
The sale and distribution of prohibited software will be identified through a public digital footprint, including commercial offers, websites, marketplaces, advertising, contracts, invoices, integration services, and tender documentation.
Private companies will also be motivated to avoid hostile software due to the growing role of cybersecurity and compliance processes, particularly when participating in tenders, partnerships, and financing programmes where compliance with such requirements becomes mandatory.
What penalties apply for using hostile software from the list?
The use of software or communications (network) equipment included in the open List may result in real legal consequences, especially in cases involving violations of requirements for the protection of state information resources or critical information infrastructure facilities.
In particular, administrative liability is предусмотрена under Article 188-31 of the Code of Ukraine on Administrative Offences. This concerns the failure to comply with lawful requirements of the State Service of Special Communications to eliminate violations in the field of information protection.
Officials may face fines ranging from UAH 850 to UAH 1,700, and from UAH 1,700 to UAH 2,550 in the case of a repeated offence within one year.
In the event of more serious consequences, criminal liability may apply. Article 363 of the Criminal Code of Ukraine establishes liability for violations of the rules for operating computers, automated systems, or procedures for protecting information processed therein by persons responsible for their operation, if such actions result in significant damage. Penalties may include fines, probation supervision, or restriction of liberty, along with disqualification from holding certain positions or engaging in specific activities.
Does this list solve the problem of hostile software in Ukraine?
Unfortunately, it does not resolve the issue completely. Ukraine will fully eliminate hostile software and the associated threats from the aggressor state only after the adoption of Draft Law No. 13505, which provides for a complete transition away from unsafe software by 2030.
At the same time, the open list is an important practical step in this direction. For several years, the IT Ukraine Association has been systematically working to address the problem of hostile software: in the information space — by raising awareness of risks and changing business attitudes — and at the legislative level, through participation in the development and support of relevant regulatory solutions. In parallel, the Association works with businesses to help companies transition to secure and high-quality alternatives.
