The Minister of Communications and Information Technology recently clarified the deadline for the mandatory registration requirement that applies to electronic systems operators (“ESO”). This deadline was first introduced in Minister of Communications and Information Technology (“Ministry”) Regulation No. 5 of 2020, as amended by Minister of Communications and Information Technology Regulation No. 10 of 2021 (“Regulation”) (click here to read our previous alert on the Regulation). At that time, however, the Ministry did not set a deadline. Now, with the issuance of the Circular Letter of the Minister of Communications and Information Technology No. 3 of 2022 on the Effective Date of Private ESO Registration (“Circular”), the Ministry has set a clear deadline of 20 July 2022.
While the Circular was issued on 14 June 2022, it was only made known to the public on 22 June 2022, when a Ministry spokesperson made an official announcement regarding the Circular, particularly highlighting that private ESOs must register themselves to the Ministry before 20 July 2022.
Previously, there was no hard deadline set for such registration in the Regulation, given that the Online Single Submission (“OSS”) system, the system used as the registration portal, was not yet operational, and therefore, unable to accept any registration. The Regulation cryptically states that private ESOs must complete registration within six months from when the OSS system becomes fully operational.
Today, the OSS system is fully operational and is ready to accept private ESOs registration, both onshore and offshore private ESOs. This means that the ESOs that are required to comply with the registration requirement must complete registration before the prescribed deadline of 20 July 2022. This deadline also applies to private ESOs that had registered to the Ministry before the Regulation was issued in 2020, meaning that these ESOs must re-register themselves to the Ministry before 20 July 2022.
Besides highlighting the deadline, the Circular emphasises the administrative sanctions that may apply for failure to register, which are set out in the Regulation. To reiterate, the administrative sanctions in the Regulation include written reprimand, administrative fines, removal from the TDPSE list (which is the list of registered ESOs), and undoubtedly the most severe sanction, namely access blocking (pemutusan akses) to the ESO’s electronic services and products.
If there is any doubt before, this latest move by the Ministry evidences the government’s scrutiny of the rapid growth of the digital economy in Indonesia, as growth in this sector tends to come with risks, including risks pertaining to digital businesses, such as cyber and data incidents and excessive or illegal processing of personal data by organisations. Clarification of the registration requirement means that the Ministry can maintain an up-to-date database of digital businesses in Indonesia. This in turn, would improve the Ministry’s monitoring ability as this database contains key information for monitoring purposes, including the contact person of these digital businesses that would receive communication from the Ministry (e.g. request for illegal content takedown). At this point, private ESOs providing services in Indonesia or making their services available to users in Indonesia who have not registered or re-registered with the Ministry should immediately hold an internal review to determine whether they are subject to the mandatory registration requirement under the Regulation. If this is indeed the case, the management of the ESO must ensure that registration or re-registration is carried out before the 20 July 2022 deadline to prevent the imposition of sanctions.
Daniar Supriyadi also contributed to this alert.