含羞草社区

Indonesia has emerged as a leading player in the region’s digital ecosystem and is increasingly positioned at the forefront of AI adoption. The government set out its long-term AI vision through the Artificial Intelligence National Strategy for Indonesia 2020-2045: AI Towards Indonesia Vision 2045. A 2023 Kearney report analysing global business trends projected that AI could contribute USD366 billion to Indonesia’s GDP by 2030.

As Indonesia moves forward with this ambition, its AI governance framework remains at an early stage, reflecting the broader challenge of aligning legislative and institutional responses with the country’s fast-moving technological development.

This regulatory gap presents both challenges and opportunities to strengthen accountability, enhance legal certainty, and build public trust in AI technologies. It also makes Indonesia’s evolving approach to AI governance – through existing legal instruments, emerging policy initiatives and ongoing regulatory efforts – particularly worthy of closer examination.

Framework and governance

Existing legal instruments governing AI. Indonesia has yet to introduce a law or regulation that specifically addresses AI-related matters. Instead, the operation and use of AI are subject to existing general laws and regulations. These include those governing the operation of electronic system regulations in the Electronic Information and Transactions Law, amended by Law No.1 of 2026 on Criminal Adjustment (EIT Law) and Government Regulation No.71 of 2019 on the Provision of Electronic Systems and Transactions.

Under this framework, AI may be construed as an “electronic agent”, defined as “a device within an electronic system created to perform certain actions on specific electronic information automatically, which is operated by a person”.

However, this definition is arguably inadequate for AI systems because AI operates not merely in an “automatic” manner but often autonomously, exhibiting human-like adaptive behaviour and complex problem solving capabilities. Such autonomy enables AI to generate personalised and context-specific output, rather than producing purely binary results like other conventional programming models.

In the absence of a detailed regulation governing the use and development of AI, the Ministry of Communication and Digital Affairs (MOCD) issued Circular Letter No.9 of 2023 on Artificial Intelligence Ethics (CL9) that essentially provides general guidelines on the values, ethics and control of AI-based consultation, analysis and programming activities undertaken by businesses undertakings and electronic system operators (ESOs).

Specifically, the operation of AI must uphold ethical values, notably inclusivity, security, accessibility, transparency, credibility and accountability.

In practical terms, AI operators are expected to: take responsibility for safeguarding society in use of data; ensure that AI is not used as a decision maker on matters concerning humanity; prevent discrimination and other harmful actions; and consider risk management and crisis management.

In addition to these generally applicable frameworks, AI deployment is also subject to sector specific regulation in certain industries. For example, the Financial Service Authority (OJK) overseeing financial service sectors has published the Indonesian Banking Artificial Intelligence Governance, which introduces:

1. 1. AI guiding principles including: reliability (AI decisions are dependable for banks to achieve their objectives); accountability (AI operators can be held responsible for proper functioning of AI systems); and human oversight (to ensure human intervention throughout the AI systems process, from precautionary measures and potential biases to preventing AI from generating output that contravenes ethical values and objectives);
   2. AI system risk management and classification (i.e. a series of frameworks to assess and classify the risk of AI systems according to the EU AI Act); and
   3. Guidelines for banks on implementing AI in their systems, encompassing all stages of the AI lifecycle, and serving as a minimum reference for the use of AI across banking operations and business processes.

The OJK has also introduced the Code of Conduct for Responsible and Trustworthy Artificial Intelligence in the Financial Technology Industry, which provides normative expectations regarding fairness, transparency, explainability and human oversight in the use of AI within financial technology services, complementing legal obligations under data protection and consumer protection regimes.

Emerging AI-specific policies and development. While Indonesia has yet to adopt a comprehensive and binding legal framework specifically governing AI, recent developments indicate the growing policy?driven approach to AI governance.

In this context, the MOCD published the National AI Roadmap White Paper in August 2025, which:

1. 1. Covers the conceptual framework of AI, issues analysis and government policy direction and strategy to address AI-related issues, including establishing a National AI Co-ordination Task Force to synchronise various stakeholders and harmonise sectoral laws and regulations in accordance with international standards;
   2. Introduces an AI lifecycle of conception, data collection, pre-processing, data processing, post-processing and evaluation of AI, in which each stage would be subject to certain principles to minimise risks associated with each stage; and
   3. Outlines key principles of AI governance including dignity, justice, accountability, personal data protection, transparency, security, sustainability, integrity, inclusivity, human involvement and oversight.

Complementing the AI roadmap, the MOCD also published the AI Ethical Guidelines to strengthen the ethical framework in CL9. The guidelines provide a general self-assessment questionnaire to help businesses evaluate AI systems against ethical standards. This includes questions on how to detect and mitigate AI biases, whether there are clear and sufficient accountability and redress measures, and whether AI decision-making processes are explainable to its users.

In parallel, as part of a broader effort to harmonise the country’s laws and regulations, the government is preparing a presidential regulation on AI. This is intended to address overarching policy concerns relating to accountability and security in the AI sector, and to function as a central reference point for aligning AI related initiatives across ministries and agencies.

Once enacted, it is expected to encourage regulatory harmonisation by requiring sectoral authorities to align their AI regulations and policies with the presidential regulation. However, no definitive timeline has been confirmed as to when this presidential regulation will be issued.

Key legal challenges

Notwithstanding recent developments, several legal and institutional issues continue to shape Indonesia’s approach to governing AI.

1. 1. Lack of unified legal definition of AI and fragmented regulatory approaches. Despite the numerous laws and regulations applicable to AI, Indonesia does not yet have a unified definition of AI. This creates uncertainty as to whether AI should be treated merely as an electronic agent like other programming models, or as a distinct new technology capable of making its own decisions. The current regulatory landscape governing AI remains fragmented. This approach could lead to overlapping authorities, inconsistent standards and regulatory gaps. As a result, business undertakings may face uncertainty in compliance requirements, while regulators may struggle to co-ordinate oversight effectively. Strengthening inter-institutional co-ordination and developing a more integrated regulatory framework is therefore important for effective AI governance.
   2. Privacy risks. The growing use of AI also raises concerns about personal data protection (PDP). AI development frequently involves collecting and processing large datasets, sometimes obtained through scraping publicly available information that may include personal data and sensitive personal data. When individuals are unaware that their data is being used to train/develop AI systems, issues of legal basis, transparency and accountability arise. To address these risks, AI developers must ensure that their practices align with the provisions in the PDP Law, and its implementing regulations in the future.
   3. Unclear liability and accountability framework. Indonesian law does not consider AI as a separate legal subject, leaving liability for AI-related harm to be determined based on a broader legal framework, such as the EIT Law and Indonesian Criminal Code. Liability therefore attaches only to individuals or business undertakings that unlawfully design, deploy or use AI. To date, there are no court decisions or specific legal provisions that clarify the issue of liability arising from the use of AI.

Conclusion

As Indonesia accelerates the integration of AI across sectors, the main challenge is not technological capability, but governance readiness.

Key legal gaps remain, including uncertainty over the definition of AI, privacy risks, inadequate child protection, and unresolved questions of liability and accountability.

The MOCD’s AI roadmap reflects a co-ordinated policy effort to guide AI development and inter-institutional alignment.

But while these initiatives provide important foundation, meaningful progress will depend on their incorporation into binding legal instruments that offer legal certainty and effective enforcement.

Ali Budiardjo Nugroho Reksodiputro
(ABNR Counsellors at Law)
Graha CIMB Niaga, 24th Floor
Jl. Jend. Sudirman Kav. 58
Jakarta 12190
Tel: +62 21 250 5125/5136
Fax: +62 21 250 5001
Email: info@abnrlaw.com