Indonesia: Regulation on online child safety issued! New obligations to protect the younger generation

01 May 2025 5 minute read

- Share by email
- Share on
- Twitter
- LinkedIn
- Facebook
- Google plus
- Get link
- Get QR Code
- Download
- Print

In brief

The Indonesian Government has just issued a much-anticipated regulations that is closely connected with two important elements in society: children and technology. This new regulation introduces new obligations and prohibitions for electronic system operators in relation to the access and use of electronic systems by children.

Key takeaways

Government Regulation No. 17 of 2025 on the Governance of Electronic System Implementation in Child Protection (Peraturan Pemerintah No. 17 Tahun 2025 tentang Tata Kelola Penyelenggaraan Sistem Elektronik Dalam Pelindungan Anak ("GR 17")) is effective as of 27 March 2025. There is a two-year transitional period for Electronic System Operators (ESO) to conform with GR 17, and there are indications that one or more ministerial regulations will be issued to add more details. As with the 2022 Personal Data Protection Law, which has a similar transitional period, the expectation is that full implementation and enforcement will be conducted after the transitional period.

General requirement

GR 17 regulates that ESOs are obligated to provide protection for children (i.e., those who are under 18 years of age) who use or access electronic systems, by providing:

Information on the minimum age limit for children who can use their products and services (i.e., grouping of (i) 3-5 years, (ii) 6-9 years, (iii) 10-12 years, (iv) 13-15 years, and (v) 16-before 18 years)
A verification mechanism for child users
A reporting mechanism for misuse of products, services, and features that violate or have the potential to violate children's rights

Who are the ESOs

The term ESO in GR 17 covers both public ESOs and private ESOs. For private ESOs, it covers those that develop and/or operate online products, services and features that are either (i) specifically designed to be used or accessed by children, or (ii) may be used or accessed by children.

Risk level and notification requirement

Online products, services and features will be accessed based on their risk level for children, i.e., either low risk or high risk.

The risk level assessment is done based on the following aspects:

Contracting with unknown people
Exposure to pornographic content, violent content, content that can endanger life, and other content that is not appropriate for children
Exploitation of children as consumers
Threat to children's psychological wellness
Possible physiological disorders in children

If an online product, service or feature has a high risk level in one of the aspects above, it will be considered as high risk.

If an online product, service or feature has a low risk level in all of the aspects above, it will be considered as low risk.

The risk level assessment is a self-assessment done by the relevant ESO. That said, the relevant ESO must report the result of the self-assessment to the Ministry of Communication and Digital ("Komdigi"). The Ministry will verify the submitted result, and then stipulate the risk profile of the online product, service or feature.

GR 17 mandates the preparation and issuance of a ministerial regulation to provide further provisions on the self-assessment mentioned above. As such, this self-assessment and notification requirement may not be implemented and enforced immediately.

Obligations of ESOs

ESOs are also required to meet the following obligations:

Obtain consent from child users' parents or guardians
Conduct a personal data protection impact assessment
Configure product, service and feature settings that are specifically designed to be used or accessed by children or that may be used or accessed by children in a high level of privacy by default
Provide information that is complete, correct, accurate and not misleading that allows users to understand the products, services and features
Provide education and empowerment on the digital ecosystem
Provide notifications in the form of signs or signals in monitoring children's activities or tracking children's locations from product, service and features
Provide a choice of functions that are suitable for the child's capacity and age
Firmly determine the party responsible for processing children's personal data for toys or devices that can be connected to the internet
Ensure that parties appointed by or collaborating with the ESO meet the requirements of child protection
Appoint an official or officer who carries out the function of personal data protection

Prohibitions

ESOs are also prohibited from carrying out activities such as:

Using or implementing means, techniques or practices that are hidden or non-transparent in the development or use of the products, services and features
Collecting accurate geolocation information of children
Carrying out profiling of children.

Actions to Consider

While there is a two-year transitional period before GR 17 will be fully implemented and enforced, ESOs may need to start familiarizing themselves with the provisions in the regulation and identifying a plan to comply with the regulation.

Do bear in mind the need for ESOs to conduct a risk level self-assessment of their platforms (which then needs to be reported to Komdigi), as well as the age categories that are appropriate to use and access the products, services and features.

Komdigi will be the government agency in charge of the implementation of GR17 (with the possibility of cooperation with other government agencies and law enforcement agencies), which includes the authority to perform the following actions:

Monitoring and/or tracing of child protection obligations in electronic systems operated by ESOs
Receiving reports or complaints on alleged violations by ESOs regarding child protection obligations
Carrying out examinations to follow up on the monitoring and/or tracing
Taking actions to establish control (such as imposing administrative sanctions, giving orders to ESOs, or making violations by ESOs public) based on the results of the examinations

From the public perspective, GR 17 provides the opportunity for the public/community in general to take active roles in child protection in electronic systems, by providing education to children, parents or guardians regarding the benefits and negative impacts of the use of products, services and features. GR 17 also provides opportunities for the public/community to report or make complaints if they suspect ESOs are not meeting their obligations to protect children in electronic systems.

* * * * *

© 2025 HHP Law Firm. All rights reserved. In accordance with a common terminology used in professional service organizations. reference to a "partner" means a person who is a partner, or equivalent in such a law firm. Similarly reference to an "office" means the office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Contact Information

Daniel RPC Pardede
Partner
Jakarta
Read my Bio
daniel.pardede@hhplawfirm.com

Daru Lukiantono
Partner
Jakarta
Read my Bio
daru.lukiantono@hhplawfirm.com

Harry Kuswara
Of Counsel
Jakarta
harry.kuswara@hhplawfirm.com

Adhika Wiyoso
Of Counsel
Jakarta
adhika.wiyoso@hhplawfirm.com

Bratara Damanik
Associate
Jakarta
bratara.damanik@hhplawfirm.com

Copyright © 2025 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.