New Linter for Website Compliance: Automated Legal Audit Against Russian Laws
PROSTO24: Technology and Legislation
In response to the tightening of legislation and a surge in fines related to personal data processing, alongside widespread website inspections, a new automated service has been developed for the legal auditing of web resources. This tool enables website owners to quickly check their platforms for compliance with Russian legal standards, helping them avoid substantial penalties.
Automating Website Legal Compliance Checks
The service functions as a specialized linter, scanning websites to identify potential violations and calculating estimated fines according to the Code of Administrative Offenses (KoAP). It employs a two-tier verification system based on 22 rules. The first tier utilizes quick heuristic methods, such as regular expressions with the cheerio library, for simpler checks. The second, more complex tier, engages the Claude AI model via a Russian proxy to understand the semantic meaning of text.
Following the scan, each website receives a score from 0 to 100. Users are provided with a detailed list of identified violations, including relevant KoAP articles and the range of potential fines. The service’s operation is founded on key Russian laws:
- Federal Law No. 152-FZ “On Personal Data”
- Federal Law No. 242-FZ “On Personal Data Localization”
- The Law “On Advertising”
- The Law “On Consumer Rights Protection”
Background and Technical Aspects
The initiative to create such a tool stemmed from the personal need of its developer, who owns a service center. Confronted with numerous and disparate requirements for his own website, it became clear that small businesses often neglect legal audits due to their high cost – lawyers can charge tens of thousands of rubles for a one-time check. This led to the idea of creating an accessible and automated solution.
In May 2025, amendments to the KoAP significantly increased fines for personal data violations. Specifically, fines escalated from 60,000 to 18 million rubles for repeated personal data breaches involving over 10 million records (Part 8, Article 13.11 of the KoAP). Concurrently, Roskomnadzor intensified mass website inspections, conducting 1,870 checks in 2024 and imposing fines totaling 1.2 billion rubles. Most identified violations are technical in nature, such as the absence of HTTPS, cookie banners, consent checkboxes in forms, or incorrectly placed privacy policies (e.g., in Google Docs).
The developer notes that one of the technical challenges was correctly distinguishing elements like Google Analytics from CSS variables, as well as issues with JavaScript regular expressions when processing Cyrillic text. The scanner is written in PHP 8, comprises approximately 1,800 lines of code, and can complete a website check in 30 seconds, a task that typically takes a lawyer about an hour.