On January 2, 2024, Indonesian President Joko Widodo signed the second revision of Law No. 11 of 2008 regarding Electronic Information and Transactions ("EIT Law").

This new revision modifies existing clauses, introduces additional articles, and makes subtle changes to phrasing. These amendments generally broaden the scope of government oversight of Electronic System Providers ("ESPs"), facilitate mutual recognition of electronic certificates, expand the services Electronic Certification Providers ("ECPs") can offer, and introduce safeguards for child protection. The updated EIT Law also delineates stricter regulations for electronic signatures in high-risk electronic transactions and formalizes protocols for international electronic contracts.

Notably, the law now includes criminal penalties for defamatory statements aimed at damaging a person's reputation, as well as for the deliberate and illegal use of violence or defamation to coerce individuals into relinquishing property or settling debts.

This legal update summarizes the principal changes to the EIT Law that are particularly pertinent for businesses.

1. Expansion and International Harmonization of ECPs' Roles and Services

Before this second amendment, the EIT Law established distinct categories for ECPs: domestic and foreign. It required that domestic ECPs be registered as Indonesian legal entities domiciled in Indonesia and mandated foreign ECPs operating within Indonesia to register in the country.

The recent revision, particularly of Article 13 of the EIT Law, removes the specific provisions concerning foreign ECPs. Instead, the focus has shifted to the mutual recognition of electronic certificates across countries. This amendment stipulates that such recognition is contingent upon the existence of cooperation agreements. These agreements can be bilateral or multilateral, involving intergovernmental arrangements. The elucidation of the law specifies that these agreements form the basis upon which ECPs will engage in the mutual recognition of electronic certificates, fostering international collaboration and standardization in electronic certification.

Furthermore, the EIT Law now specifies the services that ECPs are permitted to offer.

The EIT Law originally restricted ECPs to the provision and auditing of electronic certificates. This second revision, which introduces Article 13A, significantly expands the scope of services ECPs can offer to include:

  1. electronic signature creation and verification;
  2. issuance of electronic seals;
  3. electronic time stamping;
  4. registered electronic delivery services;
  5. authentication of websites;
  6. preservation of electronic signatures and/or electronic seals;
  7. digital identity verification;
  8. other services related to utilizing electronic certificates.

Importantly, this second amendment to the EIT Law also states that detailed rules regarding the execution of these services will be established through future government regulations. Consequently, ECPs engaged in providing these services must prepare for and adapt to additional regulatory guidelines.

2. Enhanced Child Protection Measures in Electronic Systems

Article 16A, introduced by the new amendment to the EIT Law, emphasizes the increased responsibility of ESPs in safeguarding children who use or access electronic systems. ESPs are now mandated to integrate child protection measures from the development phase through to the implementation of their electronic systems. To effectively establish this child protection framework, ESPs must provide:

  1. clear information about the minimum age requirement for children to utilize their products or services;
  2. a reliable mechanism to verify the age and identity of child users; and
  3. a robust system for reporting any misuse of goods, services, or features that may infringe upon or pose a potential threat to children's rights.

These new mandates demonstrate a commitment to creating a safer and more secure online space for children, showing an increased awareness of the unique risks and vulnerabilities children face in the digital world. Non-compliance with these requirements may lead to administrative sanctions, including written warnings, financial penalties, temporary service suspensions, and/or termination of access.

3. Mandatory Use of Electronic Signatures in High-Risk Transactions

The latest amendment to the EIT Law introduces a new clause, sub-article (2a) under Article 17, mandating the use of electronic signatures secured by electronic certificates for high-risk electronic transactions. The elucidation defines these high-risk transactions as financial dealings not conducted in a face-to-face, physical environment.

This broad definition, currently lacking in detail, could imply that everyday financial activities such as electronic money usage or transactions on e-commerce platforms fall under the category of high-risk electronic transactions. This interpretation highlights the need for more comprehensive guidance in the forthcoming government regulations. Such elaboration will be crucial to clarify the scope and application of this requirement, ensuring that stakeholders can adequately comply without undue burden, while maintaining the intended security and integrity of high-risk electronic transactions.

4. Jurisdiction and Clarity in International Electronic Contracts

The existing Article 18 of the EIT Law already established that electronic transactions within electronic contracts are binding. It also allowed parties in international electronic transactions to select the applicable law. This second amendment of the EIT Law, particularly with the addition of Article 18A, further regulates the use of standard clauses in international electronic contracts involving ESPs. According to this new provision, such contracts are subject to Indonesian law under specific conditions:

  1. if an ESP's user, as a party to the electronic transaction, is from Indonesia and consents to Indonesian jurisdiction. This applies when the service, product, or electronic system operated by the ESP is used or accessed from within Indonesia;
  2. if the contract execution occurs within Indonesian territory. This includes cases where the ESP has a representative office in Indonesia or is an Indonesian business entity; and/or
  3. if the ESP operates a business or conducts business activities in Indonesia, which includes offering services or products in the Indonesian language and targeting Indonesian consumers.

Article 18A emphasizes that international electronic contracts must be written in a straightforward, clear, and comprehensible manner, adhering to the principles of good faith and transparency. This requirement aims to enhance understanding and fairness in contractual agreements, particularly in cross-border electronic transactions.

5. Government Authority over ESPs

With the new amendment, Article 40A of the EIT Law mandates the government to cultivate a digital ecosystem that is equitable, responsible, secure, and conducive to innovation. Under this mandate, the government has the authority to direct ESPs to modify their Electronic Systems or undertake specific actions.

The term "making adjustments to Electronic Systems" includes actions like limiting or adding features to the software or hardware of electronic systems or prohibiting the use of certain features within the legal jurisdiction of Indonesia. "Specific actions" refer to affirmative obligations by ESPs to communities affected by the use of their software, hardware, or features, and adjustments in their business activities to ensure a level playing field.

These provisions are reinforced by an amendment to Article 43 of the EIT Law. This revision extends the powers of civil servant investigators, granting them the authority to compel ESPs to temporarily suspend access to social media accounts, bank accounts, electronic money, and/or digital assets.

ESPs are required to adhere to these governmental directives. Failure to comply may result in administrative sanctions, which can range from written warnings and administrative fines to temporary suspension of operations or access termination. The detailed stipulations regarding the government's responsibilities and authority, the obligations of ESPs, and administrative penalties are to be further outlined in a government regulation.

6. Prohibitions on Electronic Misconduct

The second amendment of the EIT Law introduces additional criminal sanctions and prohibitions, supplementing the existing criminal provisions:

  • Article 27A: Outlaws the public dissemination of electronic information/documents that malign another person's honor or reputation.
  • Article 27B(1): Forbids the distribution/transmission of electronic information/documents aimed at unlawful self-benefit or benefiting others, especially when using violence to coerce property surrender or debt settlement.
  • Article 27B(2): Prohibits the distribution/transmission of electronic information/documents for unlawful self-benefit, utilizing defamation threats or secret disclosures as a means of coercion.
  • Article 28(1): Bans the distribution/transmission of electronic information/documents containing hoaxes or misinformation that lead to material losses in electronic transactions.
  • Article 28(2): Prohibits the distribution/transmission of electronic information/documents intended to incite hatred or hostility against individuals or groups, based on identifying factors like race, ethnicity, religion, gender, or disability.
  • Article 28(3): Disallows the intentional distribution of electronic information/documents known to be false and which could cause social unrest.

The newly introduced prohibitions are accompanied by stringent criminal sanctions, as detailed in Articles 45, 45A, and 45B. These sanctions range from imprisonment for 2 to 6 years and/or fines from IDR 400 million to IDR 1 billion.

Conclusion

The second amendment of the EIT Law represents a significant step forward in Indonesia's digital regulatory framework. This amendment addresses key areas of electronic system operations, data protection, child safety, and legal compliance, reflecting the evolving landscape of digital technology and its societal impacts. Key aspects of the amendment include enhanced responsibilities for ESPs in protecting children online, requirements for electronic transactions and certification, expanded government authority over digital platforms, and the introduction of more robust sanctions for violations. These changes demonstrate a clear intent to create a more secure, equitable, and innovative digital ecosystem in Indonesia.

As Indonesia continues to embrace digital transformation, this amendment provides necessary legal scaffolding to support this transition. It is crucial for all stakeholders, encompassing businesses, legal practitioners, and policymakers, to engage in active communication regarding the implementing regulations for this law.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.