The Indonesian legal realm has experienced a notable change with the introduction of the Second Amendment of the Electronic Information and Transactions (EIT) Law, formally designated as Law Number 1 of 2024 (the "EIT Law 1/2024"). The EIT Law 1/2024 amends and replaces provisions from the original Law Number 11 of 2008 and its subsequent amendment, Law Number 19 of 2016. Ratified by the Indonesian President on January 2, 2024, this amendment signifies a transition in the regulatory structure overseeing electronic information and transactions, in response to the evolving landscape of technology and communication in Indonesia.

In light of the above, this ARMA Update aims to provide key insights into the EIT Law 1/2024. This ARMA update will explore its crucial aspects and illuminate the consequences of these changes as we adapt to the dynamic nature of electronic information and transactions.

Electronic Certification Services Provider

The EIT Law 1/2024 eliminates the provision for foreign electronic certification providers, focusing on bolstering domestic certification services. Article 13 A currently, also encompasses a broader array of electronic certification services, including electronic signatures, electronic seals, electronic timestamping, electronic recorded delivery, website authentication, digital identity, and other services utilizing electronic certificates. A foreign provider of electronic certification may continue its operations if the specific service utilizing electronic certificates is not yet accessible in Indonesia.

Safeguarding Children in Cyberspace

To ensure child protection, the EIT Law 1/2024 introduces Article 16A(4) that specifies the safeguards electronic system providers must implement. These include (i) providing information on the minimum age for children using the product or service, (ii) establishing mechanisms for verifying child users, and (iii) creating procedures to address product, services, and features abuse that may encroach upon or potentially violate children's rights. Non-compliance may result in administrative sanctions, commencing from written warnings to access termination for electronic system providers.

Electronic Transactions and Contracts

As outlined in Article 17 of the EIT Law 1/2024, a high-risk electronic transaction is mandated to utilize an electronic signature, which must be secured with an electronic certificate.

Further, Article 18 A regulates that an international electronic contract incorporating a standard clause, created by an electronic system provider, will be subject to Indonesian law if:

  1. The user of the electronic system provider services, participating in the electronic transaction as one of the parties, is Indonesian and provides consent from or within the jurisdiction of Indonesia;
  2. The place of performance of the contract is within the Indonesian territory; and/or
  3. The electronic system provider has a business location or engages in business activities within the Indonesian territory.
    Electronic contracts must use straightforward, easily comprehensible language, and uphold the principles of good faith and transparency.
  4. Prohibited Actions
    • Public Decency Violations & Gambling: Article 27, criticized for its vagueness and misuse in defamation claims, undergoes refinement. The original four paragraphs are consolidated into two, addressing the prohibition of decency violations in public and gambling.
    • Defamation & Threats: Article 27A governs about prohibition of intentional attacks on honour or reputation through the distribution of electronic information publicly. Further, Article 27B prohibits the distribution of electronic information with the intent to benefit oneself or others unlawfully, including coercive actions and threats of violence, threats of defaming, or with threats of revealing secrets made for individuals to: transfer an item, whether in part or in full, belonging to themselves or another individual, or to offer a loan, make a statement of indebtedness, or eliminate outstanding receivables.
    • Hate and Hoaxes: Article 28 prohibits the dissemination of false announcements or misleading information leading to significant financial harm for a consumer in electronic transactions. Additionally, Article 28(2) specifies that it is forbidden to spread hate through electronic information and/or documents. This includes the prohibition of promoting hatred against individuals based on their races, nationalities, ethnicities, skin colors, religions, beliefs, genders, mental disability, or physical disability. Intentional dissemination of electronic information and/or documents known to contain false news capable of causing societal unrest is also expressly prohibited.
    • Threats of Violence & Intimidation: Article 29 is modified to focus on the intentional and unauthorized transmission of electronic information or documents directly to victims containing threats of violence or intimidation.

Government Intervention

A new provision, Article 40A, empowers the Government to instruct electronic system providers to carry out adjustments and/or take specific actions to foster a fair, accountable, secure, and innovative digital ecosystem. Compliance to the obligations imposed is mandatory, failure of which may result in administrative sanctions, including written warnings, fines, temporary suspension, and/or access termination. The Government is obligated with safeguarding public interests by discontinuing access to electronic information/documents that contravene legal norms, encompassing activities such as pornography and gambling.

Sanctions

Articles 45 and 45 A of the EIT Law 1/2024 stipulate criminal sanctions in the form of imprisonment and/or maximum penalties for violations of provisions on prohibited actions, as well as administrative sanctions, in the form of written warnings, administrative fines, temporary suspension and/or access termination.

Conclusion and Recommendations

With the promulgation of EIT Law 1/2024, it becomes imperative for businesses to meticulously adhere to it, to circumvent the newly introduced substantial penalties. As a minimum requisite, businesses shall:

  1. Ensure that all company officials and employees possess a comprehensive understanding of the proscribed activities, achieved through training initiatives and the issuance of company-wide Standard Operating Procedures;
  2. Satisfy the standards set forth for electronic certification providers;
  3. Modify all electronic contracts to align with the provisions delineated in EIT Law 1/2024; and
  4. Augment measures pertaining to child protection.

The recent amendments to the EIT Law reflect Indonesia's commitment to a secure and accountable digital landscape. By prioritizing domestic certification, child protection, and refined offense provisions, the changes aim to balance innovation with responsible digital conduct. The robust measures against defamation, hoaxes, and personal threats emphasize societal harmony in the digital realm. As we step into this digital era, collaboration among citizens, businesses, and policymakers is essential for upholding the integrity of our digital ecosystem. These amendments lay the foundation for a resilient and promising digital future.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.