Indonesia’s New Regulation on Private Electronic System Operators: Important Notes for Corporate Compliance of Domestic and Foreign Information Technology Companies
The newly enacted Minister of Communication and Informatics Regulation No. 5 of 2020 on Private Electronic System Operators (“MoCI Regulation 5/2020”), sets more detailed provisions for obligations demanded from private electronic system operators (“Private ESO”). The obligations encompass matters on, among others, (i) registration of Private ESOs, both domestic and foreign Private ESOs, (ii) management of electronic system’s content, (iii) active control over prohibited content on its electronic system, and (iv) access granted to electronic system for law enforcement.
MoCI Regulation 5/2020 came into effect on 24 November 2020 to revoke the previous MoCI Regulation No. 19 of 2014 on Controlling Internet Websites That Contain Negative Content and MoCI Regulation No. 36 of 2014 on Registration of Electronic System Operators. It also serves as the implementing regulation of Government Regulation No. 71 of 2019 on Implementation of Electronic Transactions and Systems.
Registration of Private ESOs: Approaching deadline at the end of May 2021, mandatory registration for Foreign Private ESOs, and detailed classifications of Private ESOs
Approaching deadline at the end of May 2021
MoCI Regulation 5/2020 sets stringent obligation for Private ESOs to register themselves as registered Private ESO at the MoCI via Online Single Submission (“OSS”) system before its electronic system can be used by users. Previously, it was possible for Private ESOs to process the registration after the electronic system was established and used by users. The registration must be completed within six months after MoCI Regulation 5/2020 takes effect, which will be at the end of May 2021.
Regardless of the fact that some entities are already registered as ESOs and hold a valid ESO Certificate (Tanda Daftar Penyelenggara Sistem Elektronik) under the previous regulation, it is suggested for them to re-register their ESO registration via OSS System and sync their data with the newly developed MoCI ESO registration system before the end of May 2021.
Mandatory registration for Foreign Private ESO
MoCI Regulation 5/2020 requires not only domestic but also foreign Private ESO that (i) provides services in the territory of Indonesia; (ii) carries out its business activity in Indonesia, and/or (iii) offers its electronic system in the territory of Indonesia and/or its electronic system to be used in the territory of Indonesia to also adhere to this mandatory registration and hold Registration as Private ESO.
However, based on our latest consultation with the MoCI, to date, the system for registering foreign Private ESOs is still under development, so any registration of Foreign Private ESOs may be pending until the system is ready.
Detailed classifications of Private ESOs
MoCI Regulation 5/2020 provides more detailed classifications of a Private ESO that cover:
- Private ESOs supervised by specific institutions; and
- Private ESOs that own portals, websites or applications used for specific purposes of, among others:
- providing, managing or offering goods/services;
- providing, managing or operating financial services transactions;
- transmitting paid-for digital materials using a data network, by downloading from a portal or site, sending via e-mail, or via other applications, to a user’s device;
- providing, managing or operating communication services, including short messages, voice calls, video calls, e-mails, etc. on digital platforms, including social media;
- providing a search engine service or acting as an information provider; and/or
- processing personal data for operational activities for the public in relation to electronic transactions.
Management of electronic system’s content
Under MoCI Regulation 5/2020, it is clear that every Private ESO has full responsibility towards the management of the content on its electronic system by ensuring that it does not (i) contain prohibited electronic information or documents and (ii) facilitate the dissemination of prohibited electronic information or documents. Any Private ESO may be blocked from accessing its electronic system (access blocking) if it fails to take responsibility.
Such responsibilities also rest with companies that host user generated content and cloud computing operators classified as Private ESO under MoCI Regulation 5/2020.
Active control over prohibited content on electronic system (taking down, blocking and unblocking access)
Control and responsibility to take down prohibited content on an electronic system lies with Private ESOs. A Private ESO can voluntarily take down its content when it finds any prohibited content on its electronic system. Otherwise, it is obliged to take the content down within less than 24 hours after receiving a warning from the Minister of Communication and Informatics (“Minister”).
If the prohibited content is considered urgent and critical, i.e. terrorism, pornography or any other type of violation of laws and regulations, causes anxiety for society, and disturbs public order, the content must be taken down immediately or at the latest in less than 4 hours after receiving a warning from the Minister.
If any Private ESO fails to heed the warning, the Minister is authorised to block access to the Private ESO by instructing internet service providers to do so. Nevertheless, the blocking can be lifted once the Private ESO has fulfilled its obligations under MoCI Regulation 5/2020.
Granting access to electronic system for supervision and law enforcement purposes; appointment of contract person
A Private ESO must provide access to its electronic data and/or system when requested by the MoCI or any government agency (for supervision purposes) or law enforcement officers (for criminal law enforcement purposes). However, MoCI Regulation 5/2020 does not regulate on how long the granted access should last.
To facilitate the process of granting access between Private ESOs, the MoCI or law enforcement, each of those parties must appoint at least one contact person, through whom any communication relating to the granting must be made. The contact person must be an individual domiciled in Indonesia. However, the MoCI does not set out clearly the requirements for the appointment, tenure, or other specific provisions for such contact person, especially for foreign Private ESOs with no establishment in Indonesia. We are still awaiting further clarification from the MoCI of this matter.
If you have any questions or require any additional information, please contact Afriyan Rachmad, Louise Patricia Esmeralda, Raya Radiyanti Putri or Hana Permata Putri of Roosdiono & Partners (a member of ZICO Law).
This alert is for general information only and is not a substitute for legal advice.