Introduction

The Government of Indonesia recently enacted Law Number 1 of 2024 (Law 1/2024), which represents the second amendment to Law Number 11 of 2008 on Electronic Information and Transactions (EIT Law). This important amendment aims to enhance several provisions in the EIT Law that have undergone judicial review in the Constitutional Court and have sparked controversy among the Indonesian public due to misunderstandings of the interpretation of various articles. This client update will focus on the amendments which mainly affect electronic certification, the electronic system, electronic transaction security, government authorisation, and provision of criminal sanctions under Law 1/2024.

Electronic certification services in Indonesia

1. Electronic certification providers must be incorporated and domiciled in Indonesia

Law 1/2024 requires all electronic certification providers (ECPs) operating in Indonesia to be incorporated and domiciled in Indonesia, unless the implementation of services using electronic certificates is not yet available in Indonesia. Previously, the EIT Law provided that an ECP comprises an Indonesian ECP as well as a foreign ECP. However, this provision eliminates the possibility for foreign ECPs to operate their services in Indonesia, unless the exception mentioned above applies.

2. ECPs may offer digital identity services

In addition to the electronic certification services outlined in the EIT Law, Law 1/2024 introduces a new form of electronic certification service, namely the digital identity service. In this context, ‘digital identity’ pertains to electronic information containing the unique identity of a legal subject, with its utilisation under the subject’s control. Given Indonesia’s ongoing development of a Digital Population Identity (Identitas Kependudukan Digital, IKD), we believe that this amendment could establish a legal foundation for the advancement of IKD.

Protection of children using electronic systems

Law 1/2024 introduces new Articles 16A and 16B, wherein electronic system providers (ESPs) are now obligated to provide information on the minimum age of children who can use their products/services, conduct child-user verification mechanisms, and provide a reporting mechanism for abuse of products/services that violate or potentially violate children's rights. Failure to comply with this obligation may result in the imposition of administrative sanctions in the form of written warnings, fines, temporary suspension, and/or termination of access to the ESPs.

Electronic transactions in Indonesia

1. Electronic signatures secured by electronic certificates in high-risk electronic transactions

Law 1/2024 introduces paragraph 2(a) in Article 17 of the EIT Law, stipulating that high- risk electronic transactions (i.e., financial transactions conducted without physical face-to- face interactions) are to utilise electronic signatures secured by electronic certificates. The wording of this new provision is unclear, as it does not specify whether it constitutes an obligation or merely presents an option for high-risk electronic transactions.

2. International electronic contracts under Indonesian Law

Law 1/2024 stipulates that international electronic contracts using standard clauses (klausula baku) made by ESPs must be governed under Indonesian law if:

• the service user of the ESP, as one of the parties to the electronic transaction, is from Indonesia and provides his/her consent from or within the Indonesian jurisdiction;
• the execution of the contract takes place in Indonesia; and/or
• the ESP has a business location in Indonesia or is operating its business in Indonesia.

This new provision is non-cumulative. Therefore, if any of the above conditions are met, the relevant electronic contract must be governed under Indonesian law.

New government authorisation

1. Under Law 1/2024, the government is authorised to order ESP to adjust its electronic system and/or take certain actions in relation to its electronic system. This policy stems from the government's responsibility to create a fair, accountable, safe, and innovative digital ecosystem that will provide an equal playing field for all businesses. Failure to comply with this obligation may expose ESPs to administrative sanctions in the form of written warnings, fines, temporary suspension, and/or termination of access.
2. Additionally, Law 1/2024 adds new authority for police or civil servant investigators in the information technology and electronic transactions sector, in which they may order ESPs to temporarily terminate access to social media accounts, bank accounts, electronic money, and/or digital assets in the context of investigating criminal offences related to information technology and electronic transactions.

Amendments to prohibited acts and criminal provisions

1. Prohibited acts under EIT Law

Previously, the EIT Law prohibited several activities, including distributing, transmitting, and/or making accessible electronic information/documents with content that violates general norms of decency related to public knowledge. In addition to the previous list of activities, broadcasting and showing electronic information or electronic documents with indecent content are also prohibited under Law 1/2024. ¹

2. Amendment to criminal provisions regarding violations of prohibited acts related to gambling content

Law 1/2024 amends the provision regarding maximum imprisonment for prohibited acts related to gambling content as stipulated under Article 27 paragraph (2) of EIT Law, in which it has been increased from six years to ten years, and the fine has been raised from a maximum of one billion rupiah to a maximum of ten billion rupiah.³

3. New provision under Article 27A

Article 27A of Law 1/2024 replaces Article 27 paragraph (3) of the EIT Law, which prohibits anyone from attacking the honour or good name of another person by making accusations that become public in the form of electronic information/documents through an electronic system.

4. New provision under Article 27B

Article 27B of Law 1/2024 replaces Article 27 paragraph (4) of EIT Law, which clarifies the prohibition of coercing individuals through threats (i.e., violence, defamation, revealing secrets) with the aim of compelling the victim to provide goods, incur debts, acknowledge debts, or eliminate receivables.

5. Expanded scope of prohibited acts under Article 28

The amendment to Article 28 under Law 1/2024 expand the scope of prohibited acts and provides a more comprehensive explanation of prohibited acts, including the acts of:

• intentionally distributing, and/or transmitting electronic information/documents that contains false news that causes material loss or incites riots in the community; and
• inciting hatred towards race, nationality, ethnicity, skin colour, religion, belief, gender, mental disability, and physical disability.

6. Clarification of electronic threats under Article 29

The amendment to Article 29 under Law 1/2024 provides clarity that electronic information and/or electronic documents containing threats of violence and/or that instill fear are sent directly to the victim.

Conclusion

Law 1/2024 provides clarity and guidance in the rapidly growing sector of information technology. It addresses various aspects, including the anticipation of electronic system use by children, the requirement for ECPs to be incorporated and located in Indonesia, legal clarity regarding international electronic contracts, and the development of electronic certificates. Additionally, Law 1/2024 responds to public unease over the application of criminal provisions by introducing exceptions to the imposition of criminal sanctions. This amendment also signifies the government's commitment to overseeing information technology to establish order and security in its utilisation.