New Rules on OTT Services in the Offing
On 29 April 2016, the Minister of Communications and Informatics launched a public consultation on a draft regulation on the provision of content and/or application services over the Internet (the “Draft Regulation”). The Draft Regulation is a follow-up to Minister of Communications and Informatics Circular No. 3 of 2016 on the Provision of Content and/or Application Services over the Internet (Over the Top or “OTT” for short), which was issued on 31 March 2016.1
2. What are OTT Services?
The Draft Regulation is primarily relevant to entities and persons providing OTT services, which are defined under the Draft Regulation as internet-based applications (“Apps”) and internet-based content (“Content”) services (collectively, “OTT Services”).
Apps: “The use of a telecommunications service through an internet protocol (“IP”)-based telecommunications network in the form of text messages, voice calls, and online conversations (chatting), financial and commercial transactions, storage and retrieval of data, games, networking and social media, and their respective derivatives.”
Content: “The provision of any digital information, including text, sound, images, animations, music, videos, movies, games, or a combination of any such digital information that is streamed or downloaded by utilizing an IP-based telecommunications network.”
As apparent from the abovementioned definitions, OTT Services cover a wide range of Apps and Content, such as music, videos, movies, games, and other types of digital information.
3. Legal Form
OTT Services may be provided by:
- An Indonesian citizen; or
- An Indonesian business or legal entity; or
- A non-Indonesian OTT service provider.
(collectively, “OTT Service Providers”)
Non-Indonesian OTT service providers are required to assume the form of a Permanent Establishment (Badan Usaha Tetap - “PE”)2 in accordance with Law No. 7 of 1983 on Income Tax, as lastly amended by Law No. 36 of 2008.
4. Limited Liability Companies Only?
Although an OTT Services Provider may take the form of a business or legal entity, the Draft Regulation seems to only apply to limited liability companies (“LLC”) given that the documentation requirements for registration under the Draft Regulation only address limited liability companies. Other legal forms, such as cooperatives or foundations, and unincorporated business entities, such as partnerships (firma) and limited liability partnerships (commanditaire vennootschap / CV), are not provided for. The documentation requirements for registration are discussed further in section 5 below.
Regardless of the legal form assumed by an OTT service provider, all OTT Service Providers, including non-Indonesian ones, are responsible for the Apps and Content that they provide in Indonesia and are consequently subject to the provisions and requirements of the Draft Regulation.
5. Mandatory Registration
An OTT Service Provider is required to register with the Indonesian Telecommunications Regulatory Board (Badan Regulasi Telekomunikasi Indonesia - “BRTI”)3 no less than 30 business days prior to commencing their operations in Indonesia.
The registration application must state (i) the type of OTT Services being provided, and (ii) details of the Indonesian contact centre for the OTT Services. In addition, the registration application must be accompanied by supporting documents that vary depending on the type of legal entity involved:
- Indonesian citizen:
a. Taxpayer Registration Number (Nomor Pokok Wajib Pajak - “NPWP”);
b. Certificate of Domicile (Surat Keterangan Domisili) from the local sub-district (kelurahan) or appropriate authority, depending on the structure of the relevant regional government.
- Business or legal entity (including LLCs):
a. Articles of association and amendments thereto, including validations, approvals and notification receipts issued by the Ministry of Law and Human Rights (“MOLHR”);
b. Latest deed showing the most recent shareholding structure, and members of the board of directors and board of commissioners (if applicable);
d. Certificate of Domicile (Surat Keterangan Domisili) from the local sub-district (kelurahan) or appropriate authority, depending on the structure of the relevant regional government; and
e. Specifically in the case of an LLC, licenses issued by the Investment Coordinating Board (Badan Koordinasi Penanaman Modal - “BKPM”).
- Non-Indonesian OTT - Permanent Establishment:
a. Letter of Appointment as PE;
b. Certificate of Domicile (Surat Keterangan Domisili) from the local sub-district (kelurahan) or appropriate authority, depending on the structure of the relevant regional government ; and
The Draft Regulation prescribes a number of obligations for OTT Service Providers, including the obligation to:
- comply with the prevailing laws and regulations, such as the rules on antitrust, trade, consumer protection, intellectual property rights, advertising, taxation, transportation and logistics, and health;
- comply with data protection and data privacy rules;
- undertake content filtering and censoring;
- use the (proposed) Indonesian national payment gateway;
- use an Indonesian IP number and locate a part of their server infrastructure in a data centre in Indonesia;
- provide access for lawful interceptions and permit the gathering of evidence for criminal investigations; and
- use Bahasa Indonesia for information and user manuals for OTT Services.
Other obligations of OTT Service Providers include establishing an Indonesian contact centre, data retention requirements, and reporting obligations, which are further discussed below.
Data Protection and Data Privacy Rules
Indonesia has yet to adopt a comprehensive legal framework governing personal data protection and data privacy. The current basic provisions are contained in Law No. 11 of 2008 on Electronic Information and Transactions (“EIT Law”) and its ancillary regulation, Government Regulation No. 82 of 2012 on Electronic Systems and Transactions (“Electronic Systems Regulation”).
The EIT Law provides that the use of an individual’s personal data through an electronic medium must be based on the consent of the person in question. A failure to secure such consent will give the aggrieved individual the right to sue for damages. The Electronic Systems Regulation further provides that such prior consent must be secured when obtaining, using, or exploiting an individual’s personal data. Moreover, the way in which personal data is availed of must be in accordance with the purpose stated to the individual in question at the time when the personal data was acquired. Until such time as comprehensive personal data protection legislation is enacted, the relevant provisions of the EIT Law and the Electronic Systems Regulation will continue to govern personal data protection in Indonesia.
Censorship and Content Filtering
The obligation to filter and censor content falls under different regimes. Content filtering entails self-censorship, as stipulated by Law No. 32 of 2002 on Broadcasting, while content censorship implies state censorship under Law No. 33 of 2009 on Film. Since both content filtering and censorship are referred to in the same line, it is unclear whether OTT Service Providers will just be required to conduct self-censorship or will also be subject to state censorship.
Given that OTT Services are provided over the internet and associated telecommunications networks, OTT Services are subject to the provisions of the EIT Law. The EIT Law prohibits the transmission or distribution of contents that:
- offends public decency;
- involves gambling, humiliation, extortion or defamation;
- contains misleading information;
- contains information intended to stir up conflict or hostility against an individual and/or a particular ethnic, religious, or racial group.
Indonesian National Payment Gateway
The proposed Indonesian “National Payment Gateway” (an integrated national payment system) is intended to ensure the interconnectivity of all forms of electronic payment using a variety methods, including card-based payments (credit and debit) and electronic money (e-money). While such a system may be expected to facilitate consumers in conducting electronic transactions, it will also strengthen the government’s capacity to monitor and control the sector. Accordingly, its potential implementation is something that needs to be borne in mind by OTT Service Providers.
The proposed National Payment Gateway is referred to in the Electronic Systems Regulation, which states that data on every electronic transaction conducted in Indonesia must be stored domestically, using the National Payment Gateway if the transaction involves more than one electronic system administrator4 and uses a domestic electronic system network.5 The Electronic Systems Regulation further provides that in case the National Payment Gateway or a domestic electronic system network is not yet available, electronic transactions may use other means or overseas facilities, upon securing the approval of the relevant governmental authority for the sector in question (for example, financial services companies will require approval from the Financial Services Authority).6
Indonesian IP Number
An IP number is essentially the address of a device that is connected to a network (the Internet). A device uses an IP number to send data requests and receive data from another IP number. Currently, there is no legal framework governing Indonesian IP numbers. However, a draft regulation on the management of Internet protocol numbers has been prepared by the Ministry of Communications and Informatics. The functions related to national IP numbers are currently undertaken by the Indonesian Internet Service Providers Association (Asosiasi Penyelenggara Jasa Internet Indonesia).
Lawful Interception and Collection of Evidence
The concept of lawful interception of digital information is provided for in the EIT Law, which states that a law enforcement agency must secure the prior permission of the local district court when carrying out searches or seizures of electronic systems in connection with a crime.
Lawful interception is also provided for in corruption investigations under Law No. 30 of 2002 on the Corruption Eradication Commission (“KPK”), as lastly amended by Law No. 10 of 2015 (collectively, the “KPK Law”). The KPK Law provides that in carrying out a preliminary examination, investigation or prosecution, the KPK is authorized to carry out interceptions, including those that are conducted through the internet.
Use of Bahasa Indonesia
The mandatory use of Bahasa Indonesia is mandated by Law No. 24 of 2009 on the National Flag, Language, Coat of Arms, and Anthem (the “Language Law”), generally speaking, a contract to which one of the parties is an Indonesian entity or individual must use the Indonesian language. A judicial precedent, which was upheld by the Supreme Court, affirms that a contract may be declared void if Bahasa Indonesia is not used in such circumstances. In addition, the mandatory use of Bahasa Indonesia is required under the Electronic Systems Regulation in the case of electronic contracts.7
Consequently, terms of service or use, privacy policies and other typical engagements between OTT Service Providers and their customers must be provided in Bahasa Indonesia. A foreign-language version of such documents may be provided alongside the Bahasa Indonesia version, and be designated the governing version in case of any discrepancies.
An OTT Service Provider are required to provide information on how to access its contact centre in the form of a telephone number, email address, or customer service webpage, which must, at a minimum, accommodate the submission of inquiries and comments by users and subscribers. An inquiry or complaint submitted by a user or subscriber must be responded to within 24 hours.
The main issue in this regard is that the OTT Services registration process requires the submission of information on a contact centre located in Indonesia. It is unclear whether this requirement will be strictly enforced, given that customer services can be comprehensively provided from anywhere in the world over the internet.
OTT Service Providers are required to store transaction data and traffic records for at least 3 months. With respect to data related to a judicial proceeding, the OTT Service provider must maintain such data until a final and binding decision has been entered. We suspect that this data retention requirement may be more burdensome for certain OTT Service Providers, for example, text message services might find this requirement more challenging. Providers of text message services will have more traffic as a result of higher user activity and the number of messages sent compared to other OTT Services.
Registered OTT Service Providers are required to submit annual reports to the BRTI. Such reports should contain information on the number of their respective users and subscribers in Indonesia and traffic statistics pertaining to Indonesia. Further details on reporting are to be stipulated by the BRTI.
The Draft Regulation prohibits content that:
- conflicts with the Indonesian constitution or Pancasila (Indonesia’s official ideology);
- threatens the unity of Indonesia;
- could cause group, ethnic, religious or racial conflict;
- degrades, blasphemes or insults religious values;
- encourages the public to break the law;
- contains violence;
- involves narcotic, psychotropic, and other addictive substances;
- degrades human dignity;
- offends public morality or is pornographic;
- involves gambling;
- contains insults, extortion, threats, defamation, or hate speech;
- infringes intellectual property rights; and/or
- violates the prevailing laws and regulations.
The above list is obviously vague and open to subjective interpretation. Consequently, further definition and clarification will be needed as regards the scope of the prohibitions and which agency or agencies will be responsible for policing them.
8. Collaboration with Telecommunications Service Providers
OTT Services may be provided on a subscription or free-of-charge basis. In relation to payment by carrier billing (or other commercial arrangements), an OTT Service Provider may establish collaboration with a telecommunications service provider. This mode of collaboration has been commonplace since 2013 and has been beneficial in facilitating the provision of services by offshore content providers. How the Draft Regulation will impact existing arrangement remains to be seen. Aside from the options discussed further below, the Draft Regulation is silent as regards existing collaborative arrangements between telecommunications service providers and offshore content providers, which, based on the definition of content given in section 2 above, come within the broad definition of OTT. The Draft Regulation provides the following 3 options:
Under the first option, OTT Services Providers are permitted to enter into collaborative arrangements with telecommunications service providers. Any such arrangement must be reported to the BRTI within 30 calendar days of being executed. A collaboration agreement between an OTT Service Provider and a telecommunications service provider must, at a minimum, set out the following matters:
- Scope of collaboration;
- Rights and obligations of the respective parties;
- Limitation on liability of the parties to users and subscribers;
- Types of services provided to users and subscribers;
- Business scheme and tariff structure (if subscription-based);
- Service level agreement; and
- Other obligations under the prevailing laws and regulations.
It is important to note that a limitation of liability or disclaimer that purports to transfer liability to a third party is prohibited under the Consumer Protection Law (No. 8 of 1999). Other standard clauses that are prohibited by the Consumer Protection Law include clauses that purport to deprive a customer of the right to a refund, to reduce service benefits or to unilaterally impose additional obligations or requirements on a customer, or to unilaterally revise existing ones. Such standard clauses are rendered null and void by operation of law.8
Second and Third Options
The second option obligates an OTT Service Provider that provides services that are similar or substitutive to those provided by a telecommunications service provider to enter into a collaborative arrangement with a telecommunications service provider. Under Government Regulation No. 52 of 2000 on the Provision of Telecommunications Services (the “Telecommunications Regulation”), telecommunications services include basic telephony (telephone and facsimile), added-value telephony (call centre, premium calls), and multimedia services (internet service, application service provider, voice over internet protocol, data communication system services).
The third option requires the same type of OTT Services Provider to convert itself into a full-blown telecommunications services provider. This would entail the establishment of an LLC or cooperative, which would require certain licenses to be obtained from the Ministry of Communications and Informatics pursuant to the Telecommunications Regulation. Establishing a new company and satisfying the licensing requirements are likely to be unduly burdensome for most OTT Service Providers.
9. Bandwidth Management as Sanction for Non-Compliance
A failure to comply with certain provisions of the Draft Regulation will result in the director general responsible for the operation of posts and informatics (the “Director General”) applying so-called “bandwidth management” to the offending OTT Service Provider. Although the Draft Regulation is silent as to what “bandwidth management” actually entails, the Ministry has informed us that it essentially refers to a reduction in the access speed to the OTT Service in question. The relevant telecommunications services provider is expected to act for the ministry in imposing this sanction. As an example, if YouTube were to be subjected to bandwidth management, users attempting to access it through an Indonesian telecommunications services provider would experience long buffering and loading times.
The Draft Regulation, however, does not stipulate the legal consequences for a telecommunications services provider that refuses to restrict the bandwidth of an offending OTT Service Provider, as directed by the Director General. Also, whether this form of sanction would breach the net neutrality principle, which is a key principle under the Telecommunications Law (No. 36 of 1999), remains unclear.
10. Public Consultation
Initially, the public consultation period for the Draft Regulation was due to end on 9 May 2016. However, according to a press release published on the official website of the Ministry of Communications and Informatics, it was extended to 26 May 2016. Assegaf Hamzah & Partners has submitted its views to the ministry as part of the consultation process.
- See AHP Client Update published on 1 April 2016 for a discussion of Circular No. 3/2016
- Pursuant to the Income Tax Law, a PE is a tax subject that is treated in a similar manner to an Indonesian corporate taxpayer. The requirements for a PE are satisfied by such circumstances as the existence or location in Indonesia of a company’s (i) management domicile; (ii) branch office; (iii) representative office; (iv) office building, (v) factory, (vi) workshop, (vii) warehouse, or (viii) computer, electronic agent, or automatic equipment that is owned, leased, or used by an individual or entity in conducting electronic transactions for the purpose of commercial activities using the internet. Such circumstances are permanent in nature and are used to conduct a business or activities by a person or entity that is not domiciled in Indonesia.
- The BRTI consists of representatives of the Directorate General of Posts and Informatics Operations (Direktorat Jenderal Penyelenggaraan Pos dan Informatika), Directorate General of Postal and Informatics Resources and Equipment (Direktorat Jenderal Sumber Daya dan Perangkat Pos dan Informatika), and the Telecommunications Regulatory Committee (Komite Regulasi Telekomunikasi)
- Pursuant to the EIT Law, an electronic system administrator is “any person (natural or legal), government authority, business entity, and communities that provide, manage, and/or operate electronic systems, whether individually or jointly, for users for their own interests or for the interests of other parties.” Electronic system is broadly defined as “a set of devices and electronic procedures used for the purpose of preparing, collating, processing, analysing, storing, displaying, and disseminating electronic data.” “Electronic data” may include “text, sounds, images, maps, drafts, photographs, electronic data interchange (EDI), electronic mails, telegrams, telex, telecopy or the like, letters, signs, figures, access codes, symbols, or perforations that have been processed or understandable to persons qualified to understand them.”
- Electronic Systems Regulation, Art. 43 (1)
- Electronic Systems Regulation, Art. 43 (2)
- Electronic Systems Regulation, Art. 48 (1)
- Consumer Protection Law, Art. 18 (1) and (3)
AHP Client Alert is a publication of Assegaf Hamzah & Partners. It brings an overview of selected Indonesian laws and regulations to the attention of clients but is not intended to be viewed or relied upon as legal advice. Clients should seek advice of qualified Indonesian legal practitioners with respect to the precise effect of the laws and regulations referred to in AHP Client Alert. Whilst care has been taken in the preparation of AHP Client Alert, no warranty is given as to the accuracy of the information it contains and no liability is accepted for any statement, opinion, error or omission.