On December 5, 2023, the House of Representatives (Dewan Perwakilan Rakyat or the "DPR") approved the bill (the "Approved Bill") on Second Amendments to Law No. 11 of 2008 on Electronic Information and Transactions as amended by Law No. 19 of 2016 (the "EIT Law"). After the approval by the DPR, the President has 30 (thirty) days to enact the Approved Bill into a Law. Thereafter, the Law will be followed by the enactment of the draft and the announcement in the State Gazette and the Supplement to State Gazette.

According to the consideration of the Draft Approved Bill, the intention for the enactment of the Approved Bill is to protect the Indonesian digital space which provides legal certainty, justice, and protects public interest from all kinds of interference as a result of misuse of electronic information, electronic documents, information technology, and/or electronic transactions that disturb public order. Further, the intention for the enactment of the Approved Bill is also to prevent any multiple interpretations and controversy in the implementation of the EIT Law.

The topics covered under this Newsflash relate to several of the amendments of the EIT Law under the Approved Bill. We set out the salient provisions of the Approved Bill below based on the form of the Approved Bill that is available publicly. Please note that during the process of enactment, there may be corrections in the Approved Bill. However, these corrections should not of substantive nature.

♦ Implementation of Electronic Certifications and Electronic Systems

The EIT Law states in Article 13(3) that an electronic certification provider comprises of an Indonesian electronic certification provider and foreign electronic certification provider. The EIT Law only stipulates that a foreign electronic certification provider that operates in Indonesia shall be registered in Indonesia.

Different from the EIT Law, under the Approved Bill Article 13(3) of the EIT Law stipulates that only an Indonesian legal entity domiciled in Indonesia that may operate as an electronic certification provider in Indonesia. However, the Approved Bill does not entirely remove the possibility of a foreign electronic certification provider to operate and provide its services in Indonesia. A foreign electronic certification provider may still operate, if the provision of such a service that uses electronic certificate is not yet available in Indonesia.

Further, the mutual recognition of an electronic certificate between countries will be based on a cooperation agreement.

On a separate but related matter, the Approved Bill adds a new article, i.e., Article 13A, which stipulates the service that may be provided by electronic certification providers. Such services are (i) electronic signatures, (ii) electronic seals, (iii) electronic time stamps, (iv) registered electronic delivery service, (v) website authentication, (vi) electronic signatures and seal preservation, (vii) digital identities, (viii) other services that use electronic certificates.

♦ Children Protection in Electronic Systems

The Approved Bill adds new provisions regarding the obligation of an electronic system provider to provide protection for children who use or access the electronic system in Article 16A of the EIT Law. The Approved Bill further stipulates in Article 16A(2) of the EIT Law that the protection includes the protection of children's rights in the utilization of the products, services, and features that are developed and implemented by the electronic system provider.

In providing the protection, the Approved Bill introduces Article 16A(4) of the EIT Law that stipulates that the types of protection that shall be provided by an electronic system provider is (i) information regarding the minimum age of children that may use the product or service, (ii) mechanism of children user verification, and (iii) mechanism of product, services and features abuse that may infringe or potentially violates children's rights.

If the electronic system provider violates the provision of Article 16A of the EIT Law, the electronic system provider may be subject to administrative sanctions in the form of (i) written warnings, (ii) administrative fine, (iii) temporary suspension, and/or (iv) termination of access.

♦ Electronic Transactions

Under the Approved Bill, it is stipulated that a high-risk electronic transaction shall use an electronic signature that is secured with an electronic certificate.

It is also stipulated in the addition of Article 18A of the EIT Law under the Approved Bill that an international electronic contract that uses a standard clause (or in Indonesian, klausula baku) that is made by an electronic system provider shall be governed under Indonesian law in the event:

  1. the user of the electronic system provider services as a party of the electronic transaction is Indonesian and provides his/her approval from or within the Indonesian jurisdiction;
  2. the performance of the contract takes place in Indonesia; and/or
  3. the electronic system provider has a business location or conducts a business activity in the territory of Indonesia.

♦ Addition of Prohibited Action in Electronic Information and Transactions

The Approved Bill adds two new articles in the EIT Law, i.e., Articles 27A and 27B.

Article 27A of the EIT Law stipulates that a person is prohibited from intentionally attacking the honor or reputation of another person by accusing the latter of something with the intention of making the matter publicly known in the form of electronic information and/or electronic documents that are carried out through an electronic system.

Further, Article 27B of the EIT Law stipulates that a person, whether intentionally or unintentionally, is prohibited from unlawfully distributing and/or transmitting electronic information and/or documents, with the intention of benefiting him/herself or another person, forcing people with threats of violence, defaming, or with threats of revealing secrets in order to:

  1. give an item, a part of it or all, belonging to the person or to another person; or
  2. provide debt, make an acknowledgement of indebtedness, or write off receivables.

Other than the addition of the above provisions, the Approved Bill also amends several of the existing articles of the EIT Law in relation to the prohibited action in Articles 28, 29, and 36 of the EIT Law.

Under Article 28 of the EIT Law as amended by the Approved Bill, it is now stipulated that the prohibited action under this Article is to spread fake announcements or misleading information that causes material loss for a consumer in an electronic transaction. The Approved Bill also adds and specify in Article 28(2) of the EIT Law the group under the prohibition to spread hate through electronic information and/or documents, by stipulating that it is prohibited to spread hate against certain people based on races, nationalities, ethnicities, skin colors, religions, beliefs, genders, mental disability, or physical disability. It is also prohibited to intentionally spread electronic information and/or document that is known to have fake news that may cause unrest in society.

Further, Article 29 of the EIT Law under the Approved Bill is slightly amended so that the prohibition under such Article relates to an act of intentionally and unrightfully delivering electronic information and/or documents directly to the victim that contains violent threats and/or scares the victim. Lastly, Article 36 of the EIT Law under the Approved Bill is amended to include material loss as the type of impact that may happen due to a prohibited action.

The Approved Bill also stipulates a criminal sanction for any of the above violations. Such criminal sanction is regulated under Articles 45 and 45A of the EIT Law under the Approved Bill.

♦ Addition of New Government Responsibility

The Approved Bill adds a new Article 40A to the EIT Law which stipulates the responsibility and authority of the Government. To implement its responsibilities, the Government is authorized to order the electronic system provider to carry out adjustments and/or conduct certain actions.

In the event an electronic system provider does not conduct the obligations as ordered by the Government, such an electronic system provider may be subject to an administrative sanction in the form of (i) a written warning, (ii) administrative fines, (iii) temporary suspension, and/or (iv) access termination.

♦ Introduction of New Authority of Civil Servant Investigators

A civil servant investigator under the Approved Bill is now authorized to instruct an electronic system provider to temporarily terminate access to the social media account, bank accounts, electronic money, and/or digital assets.

Under the elucidation of the EIT Law under the Approved Bill, temporary access termination may be conducted as long as required during the law enforcement process.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.