Indonesia currently lacks a comprehensive central regulation governing the use of AI across business sectors. The existing legal framework primarily consists of Ministry of Communication and Information (MOCI) Circular Letter (CL) 9/2023, regarding the Ethics of Artificial Intelligence. This circular letter serves as a non-binding guideline for the use of AI by business entities. It offers ethical principles for AI implementation, emphasising:
- inclusivity;
- humanity;
- privacy and personal data security;
- accessibility;
- transparency;
- credibility and accountability;
- personal data protection;
- sustainable environmental development; and
- IP protection.
In addition to MOCI CL 9/2023, the Financial Services Authority (OJK) has issued the Ethical Guideline on the Responsibility and Reliability of AI. This guideline specifically targets companies in the financial technology sector, aiming to:
- ensure responsible AI use; and
- mitigate potential risks arising from AI integration in their operations.
Separately, the Press Council – an independent agency that was established to foster the development of a free, professional and responsible press in Indonesia – released Press Council Regulation (PCR) 1/2025 regarding Guidelines for the Utilisation of Artificial Intelligence in Journalism. However, as the Press Council is not a government agency, this regulation applies solely to Indonesian media companies.
Overall, the current legal landscape for AI in Indonesia consists mainly of guidelines rather than enforceable regulations. A comprehensive legal framework, including possible sanctions, has yet to be established. The Ministry of Communication and Digital Affairs (MOCDA) – formerly MOCI – has indicated that draft regulations concerning AI are currently being developed with input from stakeholders and industry players, with completion targeted for the third quarter of 2025.
Under current Indonesian law, and pending the issuance of more specific regulations on AI, AI is governed as an electronic agent under Law 11/2008 on Electronic Information and Transactions (EIT), as last amended by Law 1/2024 on the Second Amendment to Law 11/2008. The EIT Law defines an ‘electronic agent’ as a component of an electronic system operated by a person and designed to automatically perform actions on certain electronic information.
The implementing regulation of the EIT Law, Government Regulation (GR) 71/2019 on the Implementation of Electronic Systems and Transactions, further stipulates the following general principles to be followed by operators in providing AI services:
- prudential principles;
- security and integration of IT systems;
- security control over electronic transaction activities;
- cost-effectiveness and efficiency; and
- consumer protection in accordance with the applicable laws and regulations.
The EIT Law and GR 71/2019 provide that the legal responsibility arising from the use of AI shall be borne by the AI operator, save for any losses arising from the use of AI caused by the negligence of the user, in which case the liability shall be borne by the user.
The EIT Law and GR 71/2019:
- regulate the general principles for the use of electronic agents; and
- set out the obligations of AI operators in using AI as one type of electronic agent.
They do not provide specific regulations on the use of AI or its various subsets.
Under MOCI CL 9/2023, AI operators must adhere to the following principles when providing AI services:
- inclusivity;
- humanity;
- privacy and personal data security;
- accessibility;
- transparency;
- credibility and accountability;
- personal data protection;
- sustainable environmental development; and
- IP protection.
Reasonable care in using AI falls under the ambit of the sixth principle, credibility and accountability. MOCI CL 9/2023 further explains that this principle requires the implementation of AI to prioritise the system’s ability to make decisions based on the information or innovations it produces. Additionally, information generated through AI must be reliable and accountable when disseminated to the public. However, given the nature of MOCI CL 9/2023 as a guideline, the principles it sets out are non-binding. Non-compliance with these principles does not subject AI operators to sanctions, unless other applicable laws and regulations are violated.
Pursuant to Article 21(2) of the EIT Law, the liability for electronic transactions (ie, legal actions carried out using computers, computer networks and/or other electronic media) conducted by AI acting as an electronic agent rests with the AI operator. This means that in providing AI services, the AI operator bears liability for the actions carried out by the AI.
Currently, the legal framework governing AI consists primarily of guidelines:
- MOCI CL 9/2023 for general business actors; and
- the OJK’s Ethical Guideline on the Responsibility and Reliability of AI and PCR 1/2025 for sector-specific business actors in the financial and press sectors, respectively.
Until more specific regulations on AI usage are issued, these guidelines will serve as the applicable regulatory framework for business actors providing AI services.
Currently, Indonesia has not yet entered into any international agreements or policies concerning AI.
Indonesia does not currently have a dedicated regulatory body that specifically oversees AI. The regulator for AI companies depends on the sector in which the company operates. Generally, AI companies providing services in the technology sector fall under the supervision of the MOCDA. Companies operating in other sectors are subject to the relevant sectoral regulators. For instance:
- banks are regulated by the OJK; and
- fintech companies are regulated by Bank Indonesia.
Regulatory authorities in Indonesia typically have the power to impose sanctions on companies under their jurisdiction. Sanctions are generally applied on a case-by-case basis. In most instances, regulators begin by issuing a warning letter in response to non-compliance with applicable laws and regulations. If the company fails to address the issue, the regulator may impose more severe penalties at its discretion.
As a comprehensive regulation on AI has yet to be issued in Indonesia, businesses currently follow the provisions set out in MOCI CL 9/2023. This circular letter sets forth the key principles and responsibilities that companies involved in AI development and deployment should observe when operating in Indonesia.
The vice minister of communication and digital affairs has further explained the government’s approach to drafting future AI regulations, which is built on three main pillars:
- Policy: The government aims to establish a general AI regulatory framework applicable across sectors, while allowing each sector to develop its own specific regulations as needed.
- People: The focus is on cultivating human resources capable of advancing Indonesia’s AI ecosystem.
- Platform: The government emphasises positioning Indonesia as a collaborative space where industry stakeholders can work together to drive the development of the national AI landscape.
In Indonesia, AI is primarily used in chatbots and generative media. Many large corporations – particularly in the banking, e-commerce, telecommunications, and retail sectors – have adopted AI-powered customer service bots to handle customer inquiries and complaints without the need for direct human assistance. Additionally, generative media applications, such as those used to create images and other digital content through AI, are widely used by the general public.
While AI integration in Indonesia has not yet reached significant scale across all sectors, demand for AI-driven solutions is clearly growing. In the legal industry, for example, companies are beginning to offer AI tools for tasks such as:
- conducting legal due diligence; and
- identifying relevant legal precedents.
Similar trends can be seen in other sectors, where AI products and services are being developed to address specific operational needs.
As AI development in Indonesia is still in its early stages, available solutions tend to be highly specialised and tailored to the unique requirements of each sector.
In Indonesia, AI companies are not distinguished from other private limited liability companies in terms of legal structure. Typically, businesses offering AI products or services are established as limited liability companies.
In terms of ownership structure, foreign companies entering the Indonesian market often hold a majority stake, while the Indonesian partner typically retains a minority interest. This arrangement is common in joint ventures or foreign direct investment structures in the country.
Many AI companies operating in Indonesia are established by foreign entities entering the local market and are typically funded through shareholder capital. However, particularly among tech startups, it is also common for companies to seek alternative sources of funding, such as:
- crowdfunding;
- venture capital; or
- investment from private and institutional investors.
The Indonesian government has demonstrated a strong commitment to gradually foster and develop the country’s AI landscape. In 2020, the Agency for the Assessment and Application of Technology (BPPT) issued the National Strategy on Artificial Intelligence 2020–2045. The issuance of the strategy was preceded by a series of consultations led by BPPT and involving key stakeholders, including representatives from relevant government institutions such as:
- the Ministry of Research and Technology (now integrated into the Ministry of Education, Culture, Research and Technology);
- the Ministry of Communication and Digital Affairs;
- the Financial Services Authority;
- academic institutions; and
- industry players.
The strategy:
- functions as a strategic roadmap, providing guidance to ministries and government agencies in formulating AI-related policies and regulations; and
- serves as a reference for other stakeholders engaged in the development and application of AI technologies across Indonesia.
(a) Healthcare
Currently, there are no specific regulations governing the use of AI in Indonesia’s healthcare sector. However, the Ministry of Health (MOH) has adopted a positive stance towards the integration of AI into healthcare services. In February 2025, the MOH signed a memorandum of understanding with Qure.ai, a company specialising in AI-based solutions for medical imaging, particularly for detecting tuberculosis and other diseases through chest X-ray analysis.
This collaboration reflects the MOH’s recognition of AI as a transformative tool with the potential to significantly improve healthcare delivery. Given this proactive stance, it is likely that sector-specific regulations on the use of AI in healthcare will be introduced in the near future.
(b) Security and defence
Currently, there are no specific regulations governing the use of AI in Indonesia’s security and defence sector. However, the National Research and Innovation Agency (BRIN) recently announced that it was developing AI technologies to assist the Ministry of Defence (MOD) and the broader defence sector in areas such as:
- telecommunications;
- mapping; and
- surveillance.
Commenting on BRIN’s initiative, the vice minister of defence expressed the MOD’s full support for these efforts and highlighted the critical role AI can play in enhancing national defence capabilities. However, as in other sectors, the absence of formal AI regulations in the defence sector means that potential regulatory challenges and requirements remain uncertain.
AI companies operating in the defence sector are advised to adhere to the principles and guidelines set forth in Ministry of Communication and Information (MOCI) Circular Letter (CL) 9/2023 to ensure compliance with Indonesia’s current regulatory framework on AI.
(c) Autonomous vehicles
Autonomous vehicle development in Indonesia remains in the very early stages, with electric vehicles only recently becoming more accessible and widely adopted. As yet, there are no specific regulations governing autonomous vehicles. However, since 2023, BRIN has been conducting research in this field and has successfully developed two prototypes to date.
To anticipate potential regulatory developments for autonomous vehicles, it is useful to consider the regulatory trajectory of electric vehicles in Indonesia. As electric vehicle adoption increases, the government has issued a range of regulations – including government regulations, presidential decrees and ministerial regulations – addressing various aspects of electric vehicle use and supporting infrastructure.
Based on this precedent, it is reasonable to expect that the Indonesian government will begin drafting and implementing regulations for autonomous vehicles as their use becomes more widespread in the country.
(d) Manufacturing
At present, there are no specific regulations governing the use of AI in Indonesia’s manufacturing sector. As with other sectors lacking dedicated AI regulations, the potential legal issues that may arise remain uncertain. Consequently, AI companies operating in the manufacturing sector should adhere to the principles and guidelines outlined in MOCI CL 9/2023 to ensure compliance with Indonesia’s current AI regulatory framework.
(e) Agriculture
Currently, there are no specific regulations governing the use of AI in Indonesia’s agriculture sector. However, the Ministry of Agriculture (MOA) has shown increasing interest in integrating AI into agricultural practices. This is reflected in recent overseas visits by the vice minister of agriculture, who engaged with universities and research institutions to explore the applications of AI in agriculture. Additionally, the MOA has announced plans to establish an AI-integrated data and information centre to support farmers in their day-to-day activities.
This growing focus suggests that the MOA is likely to develop sector-specific AI regulations in the near future. In the meantime, AI companies operating in the agriculture sector should ensure compliance with the principles and guidelines outlined in MOCI CL 9/2023, which currently serves as Indonesia’s primary framework for AI governance.
(f) Professional services
The absence of specific AI regulations also extends to the professional services sector. While AI applications are beginning to emerge in sectors such as legal services, where AI tools assist with legal due diligence and legal precedent research, the use of AI in professional services remains largely unregulated. As such, businesses offering AI-driven professional services should ensure compliance with the principles and guidelines set out in MOCI CL 9/2023, which currently serves as Indonesia’s primary regulatory framework for AI.
(g) Public sector
In the public sector, the use of AI is currently limited, primarily to chatbot services on government websites. Aside from collaborations with AI service providers, such as the partnership between the MOH and Qure.ai (see question 3.1(a)), AI has yet to be widely integrated into day-to-day government operations. However, we anticipate that with the introduction of new AI regulations, the government is likely to expand AI implementation across various aspects of its operations to modernise systems and keep pace with the growing integration of AI technologies.
(h) Other
In Indonesia’s financial technology sector, companies offering AI-based products or services may be required to obtain a specific licence from the Financial Services Authority (OJK), in line with applicable regulations.
This licensing requirement is rooted in Law 4/2023 on the Development and Reinforcement of the Financial Sector (‘P2SK Law’). The P2SK Law introduces the concept of ‘technological innovations in the financial sector’ (ITSK), which is further regulated under OJK Regulation 3/2024 on the Implementation of Technological Innovations in the Financial Sector.
‘ITSK’ refers to technology-based innovations that influence financial products, services, business models and operational activities in the digital financial ecosystem. Companies engaged in ITSK activities will be classified by the OJK as ITSK providers and, as a result, will be required to obtain an ITSK provider licence. Under Article 213 of the P2SK Law and Article 2 of OJK Regulation 3/2024, ITSK activities include market support. Article 213 of the P2SK Law further clarifies that market support includes the use of advanced technologies such as AI and machine learning to assist financial services institutions with functions such as:
- credit scoring;
- financial data aggregation; and
- electronic know-your-customer processes.
However, despite this regulatory framework, the lack of specific AI regulations within the financial technology sector, combined with the evolving criteria used by the OJK to classify ITSK, means that there is still uncertainty. AI companies that offer their technologies to financial service institutions may or may not be categorised as ITSK providers by the OJK.
In practice, companies seeking to enter the Indonesian market typically begin by engaging with the OJK to introduce and explain the AI products or services that they intend to offer. Following this initial meeting, the OJK will assess the nature of the technology and issue a determination on whether the company qualifies as an ITSK provider. If so, the OJK will also decide whether participation in a regulatory sandbox is required before the product or service can be launched in Indonesia.
In the absence of sector-specific AI regulations, business actors in other sectors should adhere to the guidelines set forth in MOCI CL 9/2023 as a precautionary measure to ensure compliance with Indonesia’s current AI regulatory framework.
In Indonesia, the primary regulation governing data protection is Law 27/2022 on Personal Data Protection (PDP). This law establishes comprehensive privacy and data protection standards, covering both electronic and physical data, applicable to all stages of data handling, including:
- collection;
- processing; and
- utilisation.
However, the PDP Law and related data protection regulations have yet to explicitly address AI or the specific data protection challenges posed by AI applications.
Nonetheless, under the PDP Law, data controllers are required to conduct a data protection impact assessment (DPIA) when personal data processing involves a high potential risk to data subjects. Such high-risk processing includes, among other scenarios, the adoption of new technologies in handling personal data. Given that AI typically constitutes a new technology, its deployment may trigger the obligation for data controllers – likely the AI service providers – to perform a DPIA prior to implementing AI systems.
The legal framework for cybersecurity in Indonesia is primarily governed by Law 11/2008 on Electronic Information and Transactions (EITs), as last amended by Law 1/2024 on the Second Amendment to Law 11/2008. This law serves as the overarching regulation for electronic transactions and also addresses, to some extent, the protection of personal data and cybersecurity. In addition to the Law on Electronic Information and Transactions, various regulations and circular letters issued by the National Cyber and Crypto Agency (BSSN) and other relevant authorities provide further guidance. While circular letters are not legally binding, they play an important role in clarifying the regulatory position of the authorities.
As with other areas of regulation, Indonesia’s cybersecurity laws have not yet specifically addressed AI or established a dedicated cybersecurity framework for AI technologies. However, under BSSN Regulation 8/2020 regarding Security Systems in the Implementation of Electronic Systems, electronic system providers – including AI companies that deliver services through electronic system – must:
- implement an information security management system; and
- conduct a self-assessment of their electronic systems based on risk principles.
This assessment considers factors such as:
- system investment;
- user volume;
- types of personal data processed; and
- the potential impact of a security breach.
Given that AI development typically requires substantial investment, extensive data access and significant resources, there are concerns that small and medium-sized enterprises may be at a disadvantage compared to larger companies in advancing AI technologies. These challenges have not yet been formally addressed by the government. However, as the forthcoming AI regulations are being drafted in consultation with a range of stakeholders and industry players, it is likely that these concerns will be considered and addressed in the final regulatory framework.
From an employment perspective, one of the key challenges and concerns arising from AI development is the potential displacement of human jobs, particularly in sectors such as:
- customer support;
- administration; and
- media.
As with other emerging issues, existing laws and regulations have not yet specifically addressed these concerns. However, the minister of manpower recently participated in an international conference with labour ministers from other countries, where he acknowledged the government’s awareness of this issue.
The Indonesian government has indicated a people-centric approach, focused on:
- expanding opportunities for citizens;
- protecting human dignity; and
- promoting social justice.
In line with this commitment, it is expected that forthcoming AI regulations will include provisions to address workforce displacement and its broader implications.
A key challenge related to data manipulation and integrity is the risk that the data used to develop and train AI systems may be manipulated, inaccurate or outdated, potentially compromising the reliability and trustworthiness of the AI outputs. Given that this concern is widely recognised among industry players and stakeholders, it is likely that the forthcoming AI regulations will include provisions aimed at addressing and mitigating these risks.
Currently, the best practice for the use of AI in Indonesia is to follow the guidance outlined in Ministry of Communication and Information (MOCI) Circular Letter (CL) 9/2023 and the principles contained therein. As noted earlier in question 1.1, certain sectors have additional sector-specific guidelines regarding the use of AI, such as:
- the Financial Services Authority AI Guidelines; and
- Press Council Regulation 1/2025.
In Indonesia, MOCI CL 9/2023, which serves as a guide to the best practices for the use of AI, outlines several principles that AI operators must adhere to when providing AI services, as follows:
- inclusivity;
- humanity;
- privacy and personal data security;
- accessibility;
- transparency;
- credibility and accountability;
- personal data protection;
- sustainable environmental development; and
- IP protection.
That said, since the government is currently drafting a comprehensive regulation on AI use that will be binding for business actors, we expect it to address the principles outlined above as well as other sector-specific concerns, such as those related to employment.
Alongside advancements in AI technology, we believe that the internal development of AI companies must progress in tandem. This involves equipping AI companies with adequate resources, skilled personnel and a strong ethical foundation to ensure responsible and effective AI development and deployment.
When AI development is supported by sufficient resources, a workforce trained to operate and oversee AI systems and a company culture grounded in ethical values, best practices in AI implementation become more attainable. As AI grows increasingly relevant and widespread, these standards are likely to extend beyond AI-focused companies, benefiting organisations across diverse industries.
From a contractual perspective, risks related to AI typically arise in agreements for AI services. Since AI-generated results are not always definitive and often require verification and oversight, there is a potential risk that the results may be unsatisfactory or flawed. To mitigate this risk, contracts should:
- clearly define the expected performance and outcomes of the AI services; and
- allocate liability for cases where the results are inadequate or cause damage.
A key liability risk related to AI involves situations where AI use results in unsatisfactory or harmful outcomes. Under Indonesian law – specifically Article 21(2) of the Law on Electronic Information and Transactions – and as noted in question 1.4, liability for electronic transactions conducted by an AI acting as an electronic agent rests with the AI operator. This means that the party providing AI services (the AI operator) is responsible and liable for actions performed by the AI, effectively addressing liability risks associated with AI usage.
Potential bias and discrimination may arise from the use of manipulated, inaccurate or outdated data in the development and training of AI systems. Such compromised data can lead AI to produce biased or non-objective results, ultimately negatively impacting the customers who depend on these AI services.
This risk can be mitigated by ensuring that the datasets used for AI training and development are accurate, up to date and free from manipulation. Additionally, having qualified human experts oversee and review the AI training process is essential to maintain objectivity and prevent biases, thereby reducing the likelihood of discriminatory outcomes.
Currently, Indonesia’s existing legal framework does not provide specific protections for AI innovations beyond the general IP rights applicable in the country.
Although concrete incentives for AI innovation by companies in Indonesia have yet to be established, government officials – including the vice minister of industry – have indicated that, alongside the forthcoming AI regulation, the government is actively preparing and discussing potential incentives to support business actors contributing to the development of the AI industry.
Indonesia’s labour and employment legal framework is primarily governed by Law 13/2003 on Manpower, as last amended by Law 6/2023 on the Enactment of Government Regulation 2/2022 on Job Creation into Law. To implement the Employment Law, the government has issued several regulations, including:
- Government Regulation 35/2021 on Fixed-Term Employment Agreements, Outsourcing, Working Hours and Rest Hours and Termination of Employment; and
- Government Regulation 36/2021 on Wages, as last amended by Government Regulation 51/2023 on the Amendment to Government Regulation 36/2021.
These regulations form the core of Indonesia’s employment legal framework and have not yet been amended in relation to the development of AI. Consequently, employment in AI companies and other AI-related businesses continues to be governed by the existing Indonesian employment laws, with no specific AI-related employment regulations currently in place.
Since the Indonesian government currently does not offer specific incentives to attract foreign talent for the development of its AI market, AI companies may consider providing their own incentives to attract skilled professionals. Such incentives could include:
- competitive salaries;
- comprehensive support in obtaining the necessary work permits;
- promotion of awareness of the growth potential of Indonesia’s AI sector;
- flexible work arrangements; and
- other benefits tailored to appeal to foreign experts.
Currently, Indonesia’s AI sector is in its early stages. This is evident from:
- the lack of comprehensive regulations;
- the limited pool of specialised talent;
- the minimal integration of AI into everyday business operations; and
- the overall nascent development of the industry.
Public awareness of AI is largely centred on generative images and media, with less focus on the broader, transformative applications that AI can provide.
That said, the AI landscape in Indonesia is poised for significant growth. With a central regulation on AI use expected by the third quarter of 2025 and increasing adoption across multiple sectors, Indonesia’s AI ecosystem is set to enter a new phase, full of promising opportunities for investors and industry stakeholders alike.
Companies aiming to enter Indonesia’s growing AI market should ensure that their business operations align with the principles outlined in Ministry of Communication and Information (MOCI) Circular Letter (CL) 9/2023. Although the Indonesian government has yet to issue a comprehensive regulation specifically governing AI, the principles set forth in MOCI CL 9/2023 currently serve as the foundational regulatory framework. Structuring the company’s business model around these principles can help to minimise the need for significant adjustments once new regulations are enacted.
Additionally, AI companies seeking to establish themselves in Indonesia should familiarise themselves with key requirements related to company incorporation, including:
- capitalisation;
- licensing; and
- corporate governance.
Regarding capitalisation, companies must meet the minimum capitalisation requirement, which varies depending on the business line. Generally, foreign investment companies in Indonesia are required to have a minimum capitalisation of IDR 10 billion.
Companies must obtain all necessary licences relevant to their specific business activities, as licence requirements differ according to the business line.
Finally, concerning company management, companies must ensure that the management of the company – that is, the board of directors and the board of commissioners – meets the requirements applicable to their business line. Other important considerations include:
- maintaining at least two shareholders; and
- complying with any applicable foreign ownership restrictions prior to incorporation.