By the language of the proposed bills, everything is frown upon unless sanctioned (and accessible) by Russian Communication Supervision agency or RosKomNadzor. If they passes as they are, it won't be illegal to use it as a client (and a personal server?), but it would be seen as an intentional circumvention of surveiliance to do bad things.
From my short experience in local infosec, public sector has certain established rules of handling critical information e.g. personal data, digital signatures etc. Software handling these should follow national GOST standards, being certified by alphabet agencies and (ideally) logged by internal or external infosec person per user per session.
I'm pretty sure they'd want to force every legal cryptography\tunneling user to follow this framework. At least for cash that is showering towards select registered providers.
As for casual users, it would be hard to catch everyone, especially since VPN tools become more clever. But they'd grab a few people to do some demonstrative punishment and keep their ears to the ground: to ban popular public VPNs like they frequently do, to notice transactions towards unlicensed VPN providers and starting a case there.
The list of exceptions won't be codified but almost every rich or\and official or\and connected person would be excluded if not provided with assistance, the same goes for influence campaigns and botfarms. Some top officials kept posting on Twitter, Instagram long after they were officially banned and called extremist resources, same people kept traveling abroad and buying foreign luxury stuff. Double standards grew cynically vulgar in the last decade of re-curtaining the state with iron from the inside.
