The Electronic Information and Transaction Law, initially amended in 2016 (“EIT Law”), underwent a significant transformation on 2 January 2024 with the enactment of the government-initiated and second amendment of the EIT Law (“Second Amendment”).
In this edition of our client update, we will explore the below key provisions introduced by the Second Amendment:
Online child safety;
Mandatory use of electronic certification for high-risk electronic transactions;
Indonesian law as the choice of law for international electronic contracts; and
Strengthening government supervision and clarification of prohibited content.
Online Child Safety: Creating a Safer Internet for Children
Children have become significant users of the internet, spending increasing amounts of time online—browsing social media, playing games, and using mobile apps, often without adult supervision. In doing so, they may encounter harmful contents containing cyberbullying, sexual harassment, pornography, gambling, violence, or self-harm. Thus, the government has declared that children should be afforded extra protections from these types of abusive content.
Under Article 16A of the Second Amendment, an electronic system operator (“ESO”) must implement additional measures to protect children’s personal data and ensure their privacy, as well as their physical, mental, and emotional well-being. Specifically, the electronic system must provide:
Information about the minimum age to use their products and services;
A way to verify the age of users, such as an age verification system using suitable technology; and
A reporting channel that both children and their parents or guardians can access to report any misuse or misconduct related to products, services, or features that could violate children's rights.
Detailed guidance on how to implement these measures will be further regulated in a government regulation. It should be noted that the above requirements seem to be modelled on the California Age-Appropriate Design Code Act and the United Kingdom’s Age-Appropriate Design Code, both of which impose broader obligations for protecting the interest of teens and children when accessing online products and services specifically directed at them.
Under the Second Amendment, non-compliance with the above requirements may subject an ESO to administrative sanctions: written warning, administrative fine, temporary suspension of electronic systems, and/or termination of access to electronic system.
Additionally, as stated on its official website, the Ministry of Communication and Information Technology (“Ministry”) emphasises that ESOs should refrain from exploiting or leveraging children in their pursuit of financial or business goals, including by not targeting them with direct marketing.
It is important to note that the Second Amendment does not specify the age of majority. In Indonesia, different regulations establish varying ages for this purpose. For example, the Child Protection Law defines a child as an individual under 18, whereas the Indonesian Civil Code sets the age of consent at 21 or those under 21 but have been married. Generally, on contractual matters, the age of majority stipulated by the Indonesian Civil Code should apply.
Electronic Signatures for High-Risk Electronic Transactions is a Must
Before the Second Amendment was enacted, the use of electronic signatures in transactions involving an ESO and/or other users facilitated by the ESO (e.g., e-commerce platforms, online retailers, or fintech companies) was in general voluntary. In light of the principle of security and reliability of electronic system operations, along with the development of a nationwide Digital ID program, the Second Amendment mandates parties to use an electronic signature secured by an electronic certificate when entering into high-risk electronic transactions.
Regarding the above, the Second Amendment only explains what high-risk electronic transactions are but does not elaborate on what is construed as "electronic signatures secured by an electronic certificate." However, we believe the latter should be referred to as a certified electronic signature rather than an electronic signature without certification.
In relation to the definition of high-risk transactions, based on the elucidation of the Second Amendment, it refers, among other things, to financial transactions that occur without physical, face-to-face interaction.
Unfortunately, the Second Amendment does not specify the scope of the financial transactions that must use a certified electronic signature. Subject to the implementing regulations of the Second Amendment, the mandatory use of electronic certificates mentioned above is likely to apply to ESOs engaged in e-commerce, Internet banking, and/or fintech services.
Indonesian Law in International Electronic Contracts
Another important update of the Second Amendment concerns the choice of law in a cross-border online contract. Specifically, Article 18A of the Second Amendment introduces a new article stating that an international electronic contract governing an electronic system provided by an ESO, which includes standardised clauses (klausula baku), must be governed by Indonesian law if one or all of the following conditions is satisfied:
the user of the electronic system comes from Indonesia and gives his/her consent within the Indonesian jurisdiction;
the electronic system is accessed from Indonesia; and/or
the ESO has a place of business or carries out business activities in the Indonesian territory (i.e., ESOs that actively targets the Indonesian market).
Based on the elucidation of the Second Amendment, the use of Indonesian law also includes dispute arising between ESOs and their users. However, it does not expressly specify where the forum or jurisdiction for resolving disputes is.
Unfortunately, the Second Amendment does not define what are construed as “standardised clauses”. Pending further official clarifications, it generally refers to electronic contracts (e.g., online terms and conditions) that are predetermined and preapproved. This interpretation aligns with the definition of the standardised clause under Law No. 8 of 1999 on Consumer Protection, which states that a standard clause is any rule or provision, along with terms and conditions, that has been unilaterally prepared and established by a business actor, and documented in an agreement or document, which is binding and imposes obligations on the consumers.
We also note that there is no explicit sanction applicable for non-compliance with the choice of law requirement. However, if a contract violates this requirement, it can be argued that it fails to meet the requirements for a legally valid, binding, and enforceable contract as set out in Article 1320 of the Indonesian Civil Code, especially with regard to the admissible cause requirement, resulting in the contract being null and void.
Strengthened Government Supervision and Clarification of Prohibited Content
Two years ago, many national news headlines reported the fraudulent investment and money-laundering cases through binary options trading platforms (e.g., Binomo and Quotex) involving numerous celebrities, such as TV stars and influencers. Binary options trading operates similarly to gambling but with the added advantage of current digital technologies. What raises concerns is that these platforms have been identified for engaging in systemic fraud.
Before the enactment of the Second Amendment, while the Ministry had the power to takedown prohibited Internet content, it faced legal challenges in freezing bank accounts, social media accounts, and/or digital assets associated with criminal offences. Now, under Article 43(5)(l) of the Second Amendment, designated civil service investigator (penyidik pejabat pegawai negeri sipil) can order ESOs to block offenders’ bank accounts and digital assets associated with a criminal offence.
It should be noted that the Second Amendment does not amend the types of prohibited Internet content that an ESO must not provide. However, it clarifies certain provisions, among other things:
The EIT Law stipulates that a person is prohibited from distributing, transmitting, and/or making accessible content that includes a violation of decency. The Second Amendment clarifies that, to be considered as content that violates decency, the content must be intended to be known, broadcasted, or displayed to the public.
The EIT Law stipulates that a person is prohibited from disseminating fake and misleading information that results in losses for consumers in an electronic transaction. The Second Amendment changes the type of illegal content from “fake news and misleading content” to “electronic information and/or document which contain false and misleading information”.
The Second Amendment also adds that consumers must suffer “material” losses, instead of general losses, in an electronic transaction for a person to be convicted of prohibited content.
Without a doubt, the Second Amendment has a significant effect on how parties engaged in digital business implement new obligations, irrespective of their type of digital business, such as online child safety, the choice of Indonesian law for international online contracts, and the mandatory use of electronic signatures for high-risk electronic transactions.
While we note that the implementation of some new provisions under the Second Amendment will be subject to its implementing regulations, it does not mean that businesses should adopt a “wait and see” approach until the government issues the implementing regulations. Instead, businesses should take a proactive approach to compliance, particularly given that certain provisions of the Second Amendment are already in effect.
An electronic signature is one of the forms of electronic certificates. In turn, an electronic certificate must be digitally certified or signed by organisations called certificate authorities. In brief, electronic certifications can also be used for digital identity, website authentication, electronic seals, electronic timestamps, and other services utilising electronic certificates.
In the financial services sector, however, we observed that some banks and financial service providers have already adopted electronic signatures provided by local electronic certification operators listed on the Ministry’s website (see https://tte.kominfo.go.id/listpsrenew for a list of these operators) for applications of their products and services, such as credit and mortgages applications.
For analysis on this topic, please refer to our client update on 14 April 2020 ‘Highlighting Indonesia’s E-Signature Framework in Times of Covid-19’, https://www.ahp.id/client-update-14-april-2020-2/