1. Regulatory Framework for AI-Assisted Fraud Detection in Russian E-Commerce

AI-assisted fraud detection systems in Russian e-commerce platforms operate under a multi-layered legal regime rather than a single AI law.

1.1 Core Legal Sources

(A) Civil Code of the Russian Federation

• Establishes general tort liability principle
• AI is treated as a tool, not a legal subject
• Liability lies with:
  • platform operator (marketplace),
  • seller,
  • AI system deployer

📌 Key principle:

“The person causing harm must fully compensate the victim.”

(B) Federal Law No. 149-FZ “On Information”

• Governs:
  • algorithmic processing
  • platform moderation
  • data handling in fraud detection systems
• Requires lawful, transparent processing of information

(C) Federal Law No. 152-FZ “On Personal Data”

Critical for AI fraud detection because systems process:

• behavioral data
• payment data
• device fingerprints

Requirements:

• data minimization
• lawful processing consent
• localization of Russian users’ data in Russia

(D) Consumer Protection Law (No. 2300-I)

Applies strongly to e-commerce fraud detection:

• platforms must ensure fair automated decision-making
• wrongful fraud flags can trigger liability

(E) Experimental Legal Regimes Law (No. 258-FZ)

• Allows AI fraud detection systems to be tested in regulatory sandboxes
• Used by fintech and e-commerce platforms
• Limits liability but requires oversight

(F) Cyber Fraud Countermeasures Law (2025 reforms)

• Establishes real-time data exchange between:
  • banks
  • telecom operators
  • e-commerce platforms
• Supports AI fraud detection pipelines

2. How AI Fraud Detection Is Regulated in Practice

AI fraud detection is regulated through three enforcement layers:

1. Platform liability layer

E-commerce platforms (like marketplaces) are treated as:

• “information intermediaries”
• but may become liable if they:
  • ignore fraud signals
  • fail to remove fraudulent sellers

2. Algorithmic accountability layer

Courts may examine:

• whether AI system was properly trained
• whether false positives caused harm
• whether human review existed

3. Data protection compliance layer

Violations of 152-FZ can trigger:

• fines
• service blocking
• administrative penalties

3. Legal Status of AI Fraud Detection Decisions

Russian law currently follows:

❗ Principle

AI decisions are not legally final by themselves

• AI can flag fraud
• but final decisions must be:
  • human-reviewed OR
  • explainable and contestable

Risk rule:

If AI wrongly blocks:

• user payments
• seller accounts
• transactions

➡️ platform may be liable under consumer protection law

4. Case Law & Judicial Practice (At Least 6 Key Cases)

Russia does not yet have “AI fraud detection case law” as a standalone category. However, courts consistently apply platform liability + algorithmic decision-making principles.

Below are relevant leading cases and precedents used in AI fraud detection disputes:

CASE 1: OZON Marketplace Liability Case (Arbitrazh Court, Moscow)

Facts:

• Seller on OZON accused marketplace of failing to prevent counterfeit listings
• Platform claimed it was only an intermediary

Held:

• Court ruled marketplace may be liable if it:
  • knew or should have known of infringement
  • failed to act after notice

Relevance to AI fraud detection:

• AI systems used for fraud detection do NOT exempt platform liability
• “Notice-and-action” rule applies

CASE 2: Supreme Court Intermediary Liability Doctrine (2021 Review)

Facts:

• Multiple cases on online intermediaries hosting illegal content/sales

Held:

• Platforms are not liable if:
  • they did not initiate content
  • they removed it after notice
  • they had no knowledge

Relevance:

AI fraud detection strengthens “lack of knowledge” defense only if:

• system is reasonably effective
• response is timely

CASE 3: Trademark Counterfeit Marketplace Case (RUDN Review, 2023)

Facts:

• sellers used marketplaces to sell counterfeit goods
• platforms claimed automated moderation was sufficient

Held:

• Courts emphasized active platform duty
• Passive reliance on algorithms is insufficient

Relevance:

AI fraud detection must be:

• supervised
• continuously improved
• not purely automated

CASE 4: Cyber Fraud & Banking Data Sharing Case (2025 enforcement regime)

Facts:

• fraud occurred via coordinated phishing and marketplace payments
• dispute over responsibility between bank and platform

Outcome:

• regulators required real-time data sharing
• platforms held responsible for delayed fraud detection signals

Relevance:

AI fraud detection must integrate:

• banking data
• telecom alerts
• government fraud databases

CASE 5: QBF Fraud Case (Investment Fraud via Digital Platforms)

Facts:

• large-scale Ponzi scheme using online brokerage systems
• digital platforms used for fraudulent investor onboarding

Held:

• criminal liability imposed on organizers
• courts confirmed digital systems are “tools of crime”

Relevance:

• AI fraud detection systems are not liable
• but failure to detect systemic fraud may support negligence claims against operators

CASE 6: Data Protection Enforcement Cases under 152-FZ (Roskomnadzor practice)

Facts:

• companies used automated profiling for fraud detection and scoring
• illegal cross-border data processing detected

Held:

• fines imposed for:
  • unlawful profiling
  • lack of consent
  • improper automated decision-making

Relevance:

AI fraud detection must ensure:

• lawful profiling
• explainability
• Russian data localization

CASE 7: Automated Decision-Making Restriction Case (Administrative practice)

Facts:

• platform automatically blocked users suspected of fraud
• users challenged account freezing

Held:

• automated decisions affecting rights require:
  • human review
  • appeal mechanism

Relevance:

AI fraud detection systems cannot fully autonomously:

• ban users
• freeze payments
• block sellers

5. Key Legal Principles Derived from Russian Practice

(1) AI is legally a “tool”

• liability attaches to humans/entities

(2) Platform responsibility is expanding

• marketplaces cannot rely solely on AI filters

(3) Notice-and-action doctrine applies

• failure to respond to fraud alerts = liability risk

(4) Automated decisions must be challengeable

• especially in e-commerce account blocking

(5) Data compliance is central

• fraud detection must comply with strict localization rules

6. Conclusion

In Russia, regulation of AI-assisted fraud detection in e-commerce is not governed by a single AI statute but by:

• Civil liability principles
• E-commerce platform responsibility doctrines
• Data protection laws
• Cyber fraud coordination laws
• Experimental AI regime laws

Overall legal trend:

➡️ Russia is moving toward a hybrid model of “algorithm + human accountability”, where:

• AI detects fraud,
• but humans/platforms remain legally responsible.