top of page
Indonesia Legal Business Guidelines

Business Compliance

Language Requirement

 

Each entrepreneur who intends to conduct business in Indonesia must comply with the prevailing regulations regarding the use of Bahasa for business transactions in Indonesia. The obligation to use Bahasa in conducting business transactions is highlighted under Law No. 24/2009 and PR No. 63/2019. Bahasa is the official language for transactions and commercial documents in Indonesia.  The following documents are required to use Bahasa in respect to conduct businesses in Indonesia:  

  • state official documents;

  • MoU or agreement; and 

  • for the name of trademarks and business institutions. 

 

The Obligations to Use Indonesian in State Official Documents

 

Law No. 24/2009 obligates the state official documents, for instance decisions letters, commercial papers, statement letters, identity card, and court decisions to use Bahasa.  Moreover, certain agreements for instance sales and purchase deeds/akta jual-beli and agreement letters/surat perjanjian also qualify as state official documents.  The relevant laws allow state official documents, which apply internationally, to be accompanied with the foreign language version.  It is worth noting that the nature of the foreign language version is complimentary to state official documents and the Bahasa version must be the official governing language of the documents. Hence, the Bahasa prevails as the main reference in the event of differing interpretations between the Bahasa and the foreign language version.  

 

The Obligations to Use Indonesian in MoU or Agreement

 

An MoU or an agreement involving a state institution, a government agency, a domestic private entity, or an Indonesian citizen must use Bahasa.  The impact of this provision on the binding contractual language between the parties gives rise to the issue of how language is regulated for MoUs or agreements involving a foreign party.

The Involvement of Foreign Parties

 

An MoU or an agreement involving a foreign party is allowed to be executed in bilingual form, which consists of Bahasa, and accompanied by a foreign language translation and/or a English version.  It is worth noting that the foreign language translation and/or English version of the MoU or agreement is only used as an equivalent or translation of the Bahasa, in order to reconcile the understanding of the MoU or agreements involving foreign party.  However, in the event of any inconsistencies or differing interpretations between the language versions, the governing language shall be determined through a mutual  agreement between the parties involved in the MoU or agreement. 

 

Indonesian Parties


Article 31 (1) Law No. 24/2009 jo. Article 26 (1) PR No. 63/2019 affirms that any MoU and agreement involving an Indonesian party (i.e., an Indonesian state institution, an Indonesian government agency, a domestic private entity, or an Indonesian citizen) mandates the use of Bahasa. The option to choose the governing language and utilize the foreign language translation and/or English version of the MoU or agreement is only applicable in cases where the MoU or agreement involves a foreign party.  

 

Obligations to Use Indonesian for Trademarks and Business Institutions

 

Article 35 (1) PR No. 63/2019 states that the name of trademarks is obliged to use Bahasa. The obligation to use Bahasa for the name of trademarks is only limited to trademarks owned by Indonesian citizens or domestic legal entities, while foreign licensing trademarks are exempted from this obligation.  

Moreover, in accordance with Article 36 PR No. 63/2019, the name of business institutions is required to be in Bahasa. However, this obligation is applicable solely to business institutions that are either incorporated or owned by Indonesian citizens and domestic legal entities in the form of limited liability companies, where all the shares are owned by Indonesian citizens or domestic legal entities.  

Legal Consequences for Non-Compliance to Use Indonesian

 

Law No. 24/2009 and PR No. 63/2019 do not provide for any provisions in relation to sanctions for non-compliance. The current laws and regulations state that the supervision of this regulation from central government is conducted by the ministry who is responsible for education, of which is MoECRT.  Moreover, it also mentioned that the use of Bahasa is supervised by the regional government, which is carried out by the governor and/or mayor, or regent in accordance with their authority.  

Despite the uncertainty regarding the sanctions for non-compliance, the failure to fulfill the obligation to use Bahasa would constitute a breach and may result in the agreement being declared null and void. 

The Investment Activity Report/Laporan Kegiatan Penanaman Modal (LKPM)

General Provisions on LKPM

Every investor in Indonesia has the obligation to generate LKPM and submit it to BKPM.  The LKPM is a report regarding the development on investment realization, and problems that are encountered by entrepreneurs. This report must be generated and submitted periodically.  Subsequently, entrepreneurs are obliged to submit an LKPM for each business sector and/or location through the OSS system.  LKPM submission will refer to data on business licensing, including data changes contained in the OSS system based on the current period, and shall be conducted in accordance with the following provisions: 

 

  • small business actors shall submit an LKPM every 6 (six) months within 1 (one) year report;

  • large and medium business actors shall submit an LKPM every 3 (three) months.

However, LKPM submission is not mandatory for: 

  • micro business actors; and

  • upstream oil and gas, banking, non-bank financial institutions, and insurance businesses.

Accordingly, the LKPM submission is conducted within the following provisions: 

  • any entrepreneur shall have the right to access the OSS system, which is obtained after the entrepreneur has conducted an NIB registration;

 

  • the provision on LKPM submission for micro business actors with the following submission period:

    1. report of semester I is submitted no later than 10 July on the respective year; and

    2. report of semester II is submitted no later than 10 January on the following year;

 

  • LKPM for large and medium business actors must consist of:

  1. An LKPM on the construction/preparation stage for business activities that have not commenced production/operated commercially yet; and

  2. An LKPM on production/commercial operations for business activities that have already commenced production/are operating commercially;

 

  • LKPM submission for LKPM on the construction/preparation/production/commercial stage within the following period:

  1. report of the quarter I is submitted no later than 10 April on the respective year;

  2. information of quarter II is submitted no later than 10 July on the respective year;

  3. report of quarter III is submitted no later than 10 October on the respective year;

  4. information of quarter IV is submitted no later than 10 January on the following year.

Sanctions

There are consequences for an entrepreneur who does not conduct an LKPM submission. An entrepreneur who does not submit an LKPM will be subject to the following administration sanctions by the OSS Agency, provincial DPMPTSP, DPMPTSP in respective regency/city, KPBPB entrepreneur, KEK administrator, ministry/agency or other relevant institution:

 

  • written warning;

  • temporary suspension of business activities;

  • revocation of business licenses; or

  • revocation of business licenses to support business activities. 

 

Legalization of Foreign Documents

 

Background

Under current regulations, requirements for the legalization of documents apply to public documents.  These requirements apply to the MoLHR, MoFA, and foreign embassy or consulate of a country where the document is to be produced. In practice, this process involves several authorities, subsequently leading to an inconvenient and arduous waiting time.

However, in January 2021, Indonesia declared its accession to the ‘Convention Abolishing the Requirement of Legalization for Foreign Public Documents’ commonly known as the “Apostille Convention” by way of enactment of PR No. 2/2021.

The Apostille Convention only applies to the following, which are deemed as public documents:

  • documents emanating from an authority or official connected with state courts or tribunals, including those emanating from a public prosecutor, a clerk of a court, or a process-server;

  • administrative documents;

  • notarial acts; and

  • official certificates placed on documents signed by persons in their private capacity, such as official certificates recording the registration of a document or its existence on a specific date and notarial authentications of signatures.

 

Therefore, the abovementioned documents are exempt from the legalization requirement under current regulations. However, the Apostille Convention shall not apply to the following documents: 

 

  • documents signed by a diplomatic or consular official; and

  • administrative documents directly related to commercial or customs activities. 

Procedure on Legalizing Document at MoFA

The legalization of documents is to create administrative order and provide legal certainty in using documents inside and outside the territory of the Republic of Indonesia.  Aside from the exempted documents above, the following documents are required to be legalized by MoFA: 

  • documents issued in the territory of the Republic of Indonesia which will be used abroad;

  • documents issued abroad or issued by a foreign  representative domiciled in the territory of the Republic of Indonesia, which will be used in the territory of the Republic of Indonesia; and

  • documents to be used abroad which are issued by foreign state representatives who are domiciled in the territory of the Republic of Indonesia.

 

The procedures to legalize the abovementioned documents are as follows:

Legalization Process at Ministry of Foreign Affairs

Legalization Process at Ministry of Foreign Affairs

Source: MoFA Reg. No. 13/2019.

However, it is essential to note that an application to legalize documents may be rejected if the documents are in the following condition: 

  • the specimen is not suitable;

  • documents are unreadable;

  • information is not in line with uploaded documents; and/or

  • there is a report which indicates misuse of data and information by the applicant.

 

If documents are not legalized due to the abovementioned issues, the documents cannot be used either in the territory of the Republic of Indonesia or abroad as a consequence. It is important to note that falsification of legalized documents is punishable by a maximum of 6 (six) years imprisonment.  Moreover, forgery of documents is punishable by a maximum of 8 (eight) years imprisonment if the following documents are forged: 

 

  • authentic deeds;

  • in debentures or certificates of debts of a state or part thereof or of a public institution;

  • in shares or debentures or share certificates, debt certificates of an association, foundation, partnership, or company;

  • in counterfoils, dividend or interest evidence belonging to one described document under the preceding numbers, or in evidence issued in substitution for these documents; and/or

  • in credit or commercial papers intended for circulation.

 

The Role of Notary and Notarial Documentation

The involvement of a notary is required in conducting transactions in various sectors. The notary is a public official who is authorized to make authentic deeds and has other powers, of which are referred to in Law No. 30/2004 .  In general, public notaries are generally authorized to prepare authentic deeds encompassing all actions, agreements, and stipulations mandated by laws or requested by the concerned party to be documented in an authentic deed.   Moreover, the notary is also authorized to guarantee the deed’s drafting date, keeping the deed, providing the grosse, copy, and except of the deed, as long as the making of the deed is not designated for exemption towards another official or other parties stated by the law. 

The public notaries are also authorized to do the following matters: 

  • to validate the signature and set a specific date of the private letter by registering it in a particular book;

  • to book personal letters by registering for a specific book;

  • to make a copy of the original private letters in the form of a copy containing a written description in the said letter;

  • to validate the compatibility of the photocopy with the original documents;

  • to provide legal education in connection with the making of the deeds;

  • to make the deeds relating to the land matters; and

  • to make a deed of auction minutes.

 

However, it is essential to note that aside from the abovementioned, a notary is specifically required for the matters relating to the legal entities such as limited liability company, foundation, and cooperatives and land matters as follows.

 

The Role of the Notary in relation to the Existence of Limited Liability Companies

 

The Deed of Incorporation and Articles of Association of Limited Liability of Companies

The notary must draft the deed of incorporation of limited liability companies in Bahasa.  Besides, the deed of incorporation shall include the AoA and other matters, as per the following: 

 

  • full name, place, and date of birth, occupation, residential, and nationality of the individual founder, or name, domicile, and complete address, as well as the number and date of the MoLHR decree regarding the ratification of legal entity promotors of the company;

  • full name, place, and date of birth, occupation, residential, and nationality of the first members of the BoD and the BoC to be appointed; and

  • names of shareholders who have subscribed to the shares, the detail of the number of shares and nominal value of shares subscribed and paid-up.

 

Moreover, the AoA of the company must include the following matters: 

  • name and domicile of the company;

  • purposes and objectives as well as the business activities of the company;

  • the period of incorporation of the company;

  • amount of authorized capital and issued capital, and paid-up capital;

  • number of shares, shares classification if any, including the number of the shares for each category, rights attached to each share, and share nominal value;

  • name of title or position and the number of members of the BoD and the BoC;

  • determination of the place and procedures for holding a GMS;

  • methods of appointment, replacement, and dismissal of the members of the BoD and the BoC; and

  • the method for profit utilization and dividends distribution.

If the shareholders intend to amend the AoA, the amendments shall be declared under a notarial deed in Bahasa.  However, it is essential to note that if the amendment is not drawn up in a notarial deed of minutes of the meeting, it shall be drawn up in a notarial deed no later than 30 (thirty) days following the date of the GMS’ resolution. 

It is worth noting that if the following amendments want to be made to the AoA, it must first obtain the approval of the MoLHR: 

  • name and/or domicile of the company;

  • purposes and objectives, as well as, the business activities of the company;

  • the period of incorporation of the company;

  • the amount of authorized capital;

  • the reduction of issued and paid-up capital; and/or

  • the change of the company’s status from private company to issuer, or otherwise.

The MoLHR must be notified of any other amendments that are not mentioned above.  The notary shall submit an application for approval and/or notification of the amendment of the AoA to the MoLHR within 30 (thirty) days since the date of the notarial deed, containing the amendments of the AoA. 

Transfer of Shares

 

The notary has an important role in the transfer of shares, as such a transfer will be conducted through a deed of transfer of rights.  The transfer of shares can be executed by way of sale, purchase, grants, or inheritance. Subsequently, the notary shall submit a notification of the change to the shareholding composition, due to transfer of rights, to the MoLHR within 30 (thirty) days of the registration date of such a transfer of shares. 

Mergers, Acquisitions, Consolidations, and Spin-offs

 

The plan to conduct a merger, consolidation, acquisition, and/or spin-off, of which has been approved by the GMS, shall be set forth into a deed drawn up by notary in Bahasa.  In addition, the deed of acquisition, which is executed directly by the shareholders, shall be obliged to be stated in a notarial deed in Bahasa. 

 In regards to consolidation, the relevant deed drawn up by notary shall be the basis for the  drafting of the new consolidating company’s incorporation deed.  The notary shall enclose the copy of the consolidation deed in the application to the MoLHR in order to obtain the MoLHR decree regarding allowing for the ratification of the consolidating company. 

 

The Role of Notary related to the Existence of Foundations

 

The Deed of Incorporation and Articles of Association of Foundations

 

The incorporation of foundations shall be carried out by means of an incorporation deed written in Bahasa.  The incorporation deed shall at least incorporate the AoA and the following matters: 

 

  • the name and domicile of the foundation;

  • the purposes and objectives;

  • the period of incorporation of the foundation;

  • the amount of initial assets separated from the personal assets of the founder in the form of money or goods;

  • method of acquisition and utilization of how to acquire and use assets;

  • the procedures used for the appointment, dismissal and replacement of members of the Governing Board/Pembina, the Executive Board/Pengurus, and the Supervisory Board/Pengawas;

  • the rights and obligations of the Governing Board/Pembina, the Executive Board/Pengurus, and the Supervisory Board/Pengawas;

  • the procedures for organizing a foundation’s organ meeting;

  • the provisions regarding amendments to the AoA;

  • the procedures used for the merger and dissolution of foundations; and

  • the use of remaining assets upon liquidation or distribution of foundation’s assets after dissolution.

 

A foundation obtains its legal entity status upon the approval of deed of incorporation by the MoLHR.  The notary shall file an application of such approval to MoLHR within 10 (ten) days of the signing date of the foundation’s deed of incorporation. Such application shall be filed by the notary in writing.  The approval of this application will be delivered within 30 (thirty) days from its completion. 

It is important to note that a foundation’s AoA may be amended, with the exception of the foundation’s aims and objectives.  Amendments to the foundation’s AoA can only be done following a Governing Board/Pembina’s meeting resolution.  Such a meeting can be convened if it is attended by at least 2/3 (two thirds) of the Governing Board/Pembina’s members. The amendment of AoA shall then be incorporated under a notarial deed in Bahasa. 

In Merger Process

 

A merger regarding a foundation can be done by merging 1 (one) or more foundations with another, resulting in the dissolution of the merging foundations.  The proposal for foundation mergers can be submitted by the Executive Board/Pengurus to the Governing Board/Pembina.  A merger in relation to a foundation can only be carried out on the basis that the  Governing Board/Pembina’s meeting resolution was attended by at least ¾ (three quarters) of the Governing Board/Pembina’s members and was approved by at least ¾ (three quarters)  of the Governing Board/Pembina’s attending members. 

The foundation merger plan must be approved by each foundation’s Governing Board/Pembina.  Upon approval, the said merger plan shall be incorporated under a merger deed, drawn up by a notary in Bahasa.  Such merger plan deeds shall be conveyed by a notary to the MoLHR, in order to obtain approval. This is done in case the merger is followed by an amendment to the foundation’s AoA, requiring the MOLHR’s approval.  The approval from MoLHR will then be provided within 60 (sixty) days from the date of the accepted application.  
 

The Role of Notary related to the Existence of Cooperatives

 

The incorporation of cooperatives shall be carried out by means of an incorporation deed containing the AoA. The AoA must, at least, cover the following matters: 

 

  • a list of promotors;

  • the name and domicile of the cooperatives;

  • the purposes and objectives, as well as, the business activities;

  • the provisions regarding membership;

  • the provisions regarding membership’s meeting;

  • the provisions regarding management;

  • the provisions regarding capital matters;

  • the provisions regarding the duration of association;

  • the provisions regarding remaining results of operations; and

  • the provisions regarding penalties.

 

Meanwhile, the amendment of a cooperative’s AoA are to be carried out based on the members’ meeting resolution.  Unless the AoA stipulate otherwise, the resolution can be carried out if the meeting is attended by at least ¾ (three quarters) of the members and approved by at least ¾ (three quarters) of the Governing Board/Pembina’s attending members. 

The MoCSME will provide a ratification of amendment to the cooperative’s AoA within 30 (thirty) days at the latest if: 
 

  1. it does not contravene Law No. 25/1992; and

  2. it does not contravene public order and decency. 

The Deed, Legalization, and Waarmerking

 

Deed

In the context of providing legal services to the public, a notary carries out their position, recording all legal events into an authentic deed, and automatically guaranteeing the certainty of the making of the deed, keeping the deed, providing grosse, copies and quotations of the deed. 

A deed functions as a proof of rights in the form of authentic written evidence made before or by an authorized official.  The power of the official will ensure that an agreement, stipulation, or a legal event made or carried out received legal certainty and protection.

Moreover, the authenticated deed will contain the rights and obligations of the parties. Should any dispute arise between the parties in the future, the authenticated deed can act as valid proof of said rights and obligations. 

 

Legalization

 

Legalization refers to the notary’s act of legalizing signatures and determining the certainty of the private letter’s date. The legalization is then recorded or registered into a special register.  Such special register will record signature validations and ascertain the date of documents relating to letters, lists, household affairs letters, and other writing documents that were made without intermediaries, or not performed made not in the presence of a public official. 

 

Waarmerking

 

Waarmerking is not clearly defined or regulated by the prevailing regulations in Indonesia. However, Law No. 30/2004 implicitly defines waarmerking as the act of registering private letters in a special register. In practice, the notary’s authorization is also known as the underhand registration of letters with the code: “Register”, or Waarmerking, or Waarmerk. 

 

The Role of Notary related to Land Transactions

 

The General Role of Notary in Land Transactions

 

A notary who is eligible to act as a PPAT will play an important role in transactions of land. PPATs can concurrently serve as a notary at the domicile of a notary.  The main task of a PPAT is to carry out land registration activities by making deeds as evidence of the completion of certain legal actions, including: 

 

  • the sale and purchase;

  • exchanges;

  • grants;

  • deposits in kind (inbreng);

  • the sharing of joint rights;

  • the granting of HGB or right to use over freehold title;

  • the granting of a mortgage; and/or

  • the granting power of attorneys to encumber a mortgage.

The PPAT will operate within one province region.  In order to execute the abovementioned tasks, the PPAT is authorized to make authentic sales and the purchase of land deeds, encompassing all the legal aspects regarding land titles and the right of ownership over a unit in a multi-story building/hak milik atas satuan rumah susun located within their jurisdiction.  The making of such deeds must be observed by at least 2 (two) witnesses. 

Land Registration and Encumbrance of Right

 

The transfer of land titles and the right of ownership over units in a multi-story building/hak milik atas satuan rumah susun through the sale and purchase, exchange, grants, deposit in kind (inbreng) and other legal actions of transfer of rights, excluding the transfer of rights through auction, can only be registered if it is proven by deeds. In particular, deeds made by the authorized PPAT according to the provisions of prevailing laws and regulations. 

Within 7 (seven) business days from the signing date of the relevant deed, the PPAT is obliged to submit the deed made along with any relevant documents, as well as a written notification to the BPN of registration. 

Moreover, the PPAT is also obliged to register an encumbrance of right over land such as: a mortgage, the right to use and the right to lease buildings, and any other encumbrances over land titles, or the right of ownership over a unit in a multi-story building/hak milik atas satuan rumah susun.This registration is determined by drafting authorized deeds in accordance with applicable laws and regulations. Such a registration of the encumbrances of rights over land must also be submitted within 7 (seven) business days from the signing date of the relevant deed to BPN, accomplished by attaching any relevant documents and a written notification. 

Mortgage/Hak Tanggungan

A mortgage is the right over collateral imposed upon a land title, along with other objects. It plays an integral part of the transfer of land, along with the settlement of certain debts, which give priority to certain creditors over others.  A mortgage shall be outlined in a mortgage deed drafted by a notary, who is also eligible to act as a PPAT.  The purpose of a mortgage deed is to ensure the settlement of more than 1 (one) debts. If 1 (one) land is encumbered with more than 1 (one) mortgage right, then the rank of each mortgage is determined according to the date of registration at the BPN. In the event that there is more than 1 (one) mortgage registered on the same date, then the rank is determined by the drafting date of the relevant mortgage deed. 

A mortgage, and any other relevant documents, shall be registered to the BPN within 7 (seven) business days from the signing date of the mortgage deed by the PPAT.  Moreover, the encumbrance of a mortgage may also be performed by way of providing the power of attorney from relevant party. The power of attorney must be within a notarial deed, and must comply with the following terms: 

  • not provide the authorization of another legal action other than the encumbrances of the mortgage; 

  • not mention any substitution right; and

  • provide clear information regarding the subject matter of the mortgage, any outstanding amounts, the name and identity of creditor, and the name and identity of debtor in case the debtor is not the grantor of mortgage.

The power of attorney shall not be revoked or terminated unless the expiration period has passed. The relevant power of attorney must also be followed by the drafting of mortgage deed within 1 (one) month of its provision to the PPAT.  The notary is also responsible for registering the transfer of the mortgage to the BPN due to cessie, subrogation, inheritance, or other reasons that may cause the mortgage to be transferred to a new creditor.  

 

Taxation

 

Taxes are mandatory contributions from individuals or entities to the state, they are utilized to meet state necessity and the people’s welfare.  The government utilizes taxes to provide equal distribution of welfare by providing health insurance, government support, aid, and public facilities procurement. 

Regarding parties who are obligated to pay taxes, generally any individual (whether Indonesian or foreign) residing in Indonesia and entities incorporated or domiciled in Indonesia are considered as taxpayers, unless the relevant laws and regulations stipulate otherwise. Hence, it can be understood that taxpayers are classified into the subsequent 3 (three) categories:  
 

 

  • Individuals

    1. domestic: Indonesian or foreign citizens that are domiciled in Indonesia or reside in Indonesia for more than 183 (one hundred eighty-three) days in a twelve-month period or in a tax year reside in Indonesia and wishes to be domiciled in Indonesia.

    2. overseas: 

      • individuals not residing in Indonesia.

      • foreign citizens residing in Indonesia for no longer than 183 (one hundred eighty-three) days in a twelve-month period;

      • Indonesian citizens residing outside of Indonesia for longer than 183 (one hundred eighty-three) days in a twelve-month period and fulfill the requirements of: i) domicile; ii) center of main activity; iii) location of routine activities; iv) tax subject status; or v) other requirements stipulated by law.

  • Entities

    1. incorporated or domiciled in Indonesia, except certain entities provided by the  government that fulfill the following requirements: i) established based on regulation; ii) capital sourced from State Budget or Regional Budget; iii) income placed into Central Government or Local Government budget; and iv) bookkeeping audited by state functional supervisors.

    2. not incorporated or domiciled in Indonesia which conduct business or activities through permanent establishment/badan usaha tetap in Indonesia; and

    3. not incorporated or domiciled in Indonesia which receive or obtain income from Indonesia, that is not through the permanent establishment of businesses or activities badan usaha tetap in Indonesia.

  • Permanent Establishment

    1. ​Permanent establishment is a business establishment used by: 

      • individuals not residing in Indonesia; 

      • individuals who have not stayed in Indonesia for more than 183 days (one hundred and eighty-three) in any twelve-months period; or 

      • entities not incorporated and domiciled in Indonesia to conduct business or activities in Indonesia.

    2. ​The permanent establishment can be in the form of: 

      • place of management;

      • company branch;

      • representative office; 

      • company building; 

      • factory; 

      • workshop/bengkel; 

      • warehouse; 

      • space for promotion and selling; 

      • mining and exploration of natural resources; 

      • oil and gas mining area;

      • fisheries, livestock, farming, plantation, or forestry;

      • construction projects, installation, and assembly projects/proyek perakitan;

      • services in any form provided by an employee or other individual, as long as it is conducted for more than 60 (sixty) days in a twelve-month period;

      • individual or entity acting as an agent without independent position;

      • agent or employee of insurance company not incorporated and domiciled in Indonesia which accepts insurance premiums or risk cover in Indonesia; and

      • computer/electronic agents, or automatic tools which are owned, rented, or used by electronic transaction organizers to conduct business activities through the internet.
         

 

Tax Identity

 

Subsequently, for the purpose of tax administration and the implementation of a self-assessment system, taxpayers have the obligation to register themselves to KPP, KP4, or through e-registration at www.pajak.go.id to be given a tax identity. Tax identity format is divided into 2 (two) categories, namely, NPWP and NPPKP. 

NPWP

The NPWP is a number issued to a taxpayer as a means of tax administration which is used as a personal or taxpayer identity in the conduction of taxation rights and obligations.  It is necessary for taxpayers to hold a NPWP, otherwise a taxpayer can be subject to a rate 20% (twenty percent) higher than the average tax rate applied to taxpayers who have NPWP.  Additionally, holding a NPWP is one of the SIUO processing requirements.

NPPKP

The NPPKP is a taxpayer identifier which is categorized as a PKP and subject to both VAT and a VAT on luxury goods.  In order to be confirmed as a PKP, local research will be carried out to determine the existence and activities of the business concerned. With the inauguration of an entrepreneur as a PKP, a tax invoice/faktur pajak must be issued upon delivery of taxable goods or taxable services. 

Tax Collection System

Generally, there are 3 (three) types of tax collection system, namely: the self-assessment system, official assessment system, and withholding assessment system. Since the amendment of tax laws and regulations in 1983 – known as the Indonesian tax reform, Indonesia has changed its tax collection system from an official assessment system to a self-assessment system.  As of current, the self-assessment system is the most used tax collection system in Indonesia. 

 

Self-Assessment System

 

Through the self-assessment system, taxpayers are required to carry out their tax obligations independently. They must register themselves, calculate their own payable tax, pay taxes to the bank or post office, and report the calculated results and tax payments that have been made to the KPP. Furthermore, the tax collection system is applicable for the imposition of central taxes, such as income tax and VAT which will be explained further in the next section.  

 

Official Assessment System

 

The official assessment system is one of the tax collection systems which enables the tax authority as a tax collector to determine the amount of tax payable by taxpayers.  In this type of tax collection system, the taxpayer is passive as the payable tax is determined and informed by the tax authority. The official assessment system applies to regional taxes, such as land and building tax which will be explained further in the next section.  

Withholding Assessment System

 

In the withholding assessment system, the amount of payable tax is calculated by third parties who are neither taxpayers nor tax authorities. This type of tax collection system makes tax obligations easier to meet. This is because it is the role of third parties to calculate the tax payable and directly withdraw certain amount of taxes that should be paid by each taxpayer. An example of a withholding system is the deduction of employee income by the treasurer, other parties who are eligible to deduct, or the related agency. Hence, the employees no longer need to fulfill or pay payable tax themselves. Indonesia imposes a withholding assessment system for several types of taxes, including: 

 

  • Article 4 (2) Law No. 7/1983 (PPh Final), regarding tax imposed on entity and/or personal taxpayers for several types of income specified in Article 4 (2) Law No. 7/1983, where both income and the withholding tax are final;

  • Article 21 Law No. 7/1983 (PPh 21), regarding tax imposed on income in the form of salaries, wages, allowances, and other payments in connection with employment, services, honorarium, and activities conducted by individuals who are resident tax subjects;

  • Article 22 Law No. 7/1983 (PPh 22), regarding income tax imposed on certain business entities, both government and private, who carry out export and import activities; 

  • Article 23 Law No. 7/1983 (PPh 23), regarding tax imposed on income in the form of dividends, interest, royalties, gifts, bonuses, rent and other incomes in connection with the use of assets, excluded from rent for land and/or buildings, fees in connection with technical, management, construction, consulting services, and other services that have been deducted by Article 21 Law No. 7/1983 (PPh 21). 

  • Article 26 Law No. 7/1983 (PPh 26), regarding tax imposed to tax subjects who provide income to foreign tax subjects.  

 

Types of Tax in Indonesia

In Indonesia, taxes are classified into 2 (two) categories, which are central taxes/pajak pusat and regional taxes/pajak daerah. Central taxes are managed by the central government, particularly by the Directorate General of Taxation under the MoF. Subsequently, the types of taxes which are categorized as central taxes are as follows: 

  • income tax;

  • VAT;

  • VAT on luxury goods;

  • stamp duty;

  • land and building tax; and

  • acquisition of rights on land and buildings duty.

 

Whereas, regional taxes are taxes managed by the regional governments at both the provincial and regency levels. In this case, regional taxes are handled by the Regional Revenue Agency/Dinas Pendapatan Daerah which is governed under Law No. 1/2022. Regional taxes are further divided into 2 (two), namely provincial taxes and regency/city taxes.  

 

  • provincial taxes

    1. motor vehicle taxes;

    2. excise/tax for transfer of ownership of motor vehicles;

    3. heavy equipment tax;

    4. motor vehicle fuel tax; 

    5. surface water tax;

    6. cigarette tax; and

    7. additional tax for non-metals minerals and rocks.

  • regency/city taxes

    1. rural and urban land and building tax;

    2. excise/tax acquiring rights on land and buildings.

    3. goods and services tax;

    4. advertisement tax;

    5. ground water tax;

    6. tax on non-metal minerals and rocks;

    7. tax on swallows’ nest;

    8. additional tax for motor vehicle; and

    9. additional tax for tax transfer of ownership of motor vehicles.

Income Tax

Income Tax/Pajak Penghasilan (PPh) is a tax imposed on an individual or entity on income they earned or received in a tax year.  Subsequently, the object of income tax is any additional economic capacity derived from Indonesia or outside Indonesia that can be used by the taxpayer for consumption or to increase the wealth of the respective taxpayer.  The taxable objects of income tax can be in the form of salaries, bonuses, honorarium, any other compensation for the workers performance, business profits, interests, royalties, and any other incomes stipulated in Law No. 7/1983.  Subsequently, in order to support ease of doing business, the government exempts dividends distributed based on GMS (interim dividends) and dividends originating from within Indonesia received by domestic taxpayers, as the object of income tax.  

Under Law No. 7/1983, the subject of income tax is distinguished into 2 (two) types, there are domestic tax subjects and foreign tax subjects.  Domestic tax subjects include any individuals who reside, or entities incorporated or domiciled in Indonesia within the period of time specified in Law No. 7/1983.  While foreign tax subjects include any individuals who do not reside in Indonesia, or are entities incorporated or domiciled outside Indonesia.  Furthermore, income tax is imposed on tax subjects who are obliged to pay, withhold, and collect taxes due on tax objects. 

Value Added Tax (VAT)

 

VAT is a tax imposed on the consumption of taxable goods or taxable services in a customs area. Customs area/daerah pabean refers to the territory of the Republic of Indonesia which includes land, waters, and air space thereon. Individuals, entities, or government who consume taxable goods or services are subject to the imposition of VAT. Generally, all goods and services are categorized as taxable goods or services, unless otherwise stipulated by Law No. 8/1983. The following are the objects of VAT which will be imposed to entrepreneurs who conduct:  

 

  • local delivery of taxable goods and/or services;

  • import and export of taxable goods;

  • consumption of services and/or intangible foods from offshore within domestic customs territory; and 

  • export intangible taxable goods and taxable services. 

 

However, the goods and services which are exempted from the obligation of VAT are specified in Article 4A Law No. 8/1983, for instance basic necessities of the community. 

The producer of goods and/or services, who is the PKP, collect, deposit, and report the VAT. However, the party who is obliged to pay the VAT is the end consumer of the goods and/or services produced by the PKP.  The end consumer will be imposed a single VAT rate at 11% (eleven percent), and in terms of exports, the VAT rate is 0% (zero percent).  

 

Value Added Tax on Luxury Goods

 

Aside from being subject to VAT, purchases of certain taxable goods which are classified as luxury goods are also subject to a VAT on luxury goods/pajak pertambahan nilai atas barang mewah. This tax imposition has the same characteristics as VAT, which is imposed on the end consumer who consumes or utilizes the goods. The objects of taxable luxury goods and their rates are stipulated and regulated in the sectoral regulations regarding VAT on luxury goods, which include: 

 

  • goods that are not included as basic necessities; 

  • goods that only consumed by certain communities;

  • goods that generally consumed by high-income communities; and/or

  • goods that are consumed to indicate the status. 

Furthermore, Article 8 (1) Law No. 8/1983 stipulates a sales tax rate on luxury goods of at least 10% (ten percent) and a maximum of 200% (two hundred percent). 

 

Land and Building Tax

 

Land and building tax are tax imposed on the ownership or utilization of land and/or buildings.  In basic terms, it is categorized as one of the central taxes, however almost all the realization of land and building tax revenue is submitted to the regional government, both provincial and/or regency/city. Subsequently, the objects of land and building tax are: 

 

  • environmental roads located within building areas such as hotel, factory and its emplacement, and other buildings that are within the building area;

  • toll road;

  • swimming pool;

  • luxury fence;

  • sport venue;

  • shipyard and dock;

  • luxury garden;

  • oil, water and gas storages/refineries, and oil pipelines; and

  • other facilities that produce benefits.

 

The subject of land and building tax is a person or entity that has rights over land and/or receives benefits over land, and/or owns, controls and/or receives benefit from a building.  Based on Article 5 Law No. 12/1985, the tax rate imposed on land and buildings is 0.5% (zero point five percent).  Subsequently, land and building tax is imposed based on the sales value of taxable objects/nilai jual objek pajak.  The sales value of taxable objects is the average price obtained from reasonable buying and/or selling transactions, and if there is no such transaction, the sales value of taxable objects will be determined by price comparisons with other similar objects, obtaining new value, or selling value of the replacement tax object.  

Aside from an obligation to pay land and building tax, ownership through the acquisition of rights over the land and/or buildings also gives rise to BPHTB.  As well as land and building tax, BPHTB is categorized as a central tax, however its realization revenue is submitted to the regional government, both provincial and/or regency/city. 
 

Stamp Duty

Stamp duty/bea materai is a tax imposed on certain documents.  It is imposed on documents which represent the occurrence of civil relation, and it can be used as valid evidence in court. 
Documents which require stamp duty are specified in Law No. 10/2020, as follows: 

  • letters of agreement;

  • certificates;

  • letters of statement;

  • notarial deeds;

  • land deeds made by PPAT;

  • securities transaction documents;

  • auction documents; 

  • documents stating the amount of money with a nominal value more than Rp5.000.000,00 (five million Rupiah) that mentions the receipt of money or contains acknowledgment that the debt in whole or in part has been paid or taken into account; and 

  • other documents. 

 

Stamp duty is payable as a fixed amount of Rp10.000,00 (ten thousand Rupiah) for documents as mentioned above.  

 

Taxes Exemptions

In relation to the ease of doing business in Indonesia, the government provides a facility in a form of tax holiday. Tax holiday is a tax incentive for entrepreneurs. Taxpayers who conduct a new investment in a pioneer industry may obtain reduction or even exemption of income tax for entrepreneurs in a certain term. Provisions on tax holiday are regulated in Law No. 25/2007, tax holidays are provided through exemption or reduction of corporate income tax in a specific amount and period may only be granted to: 

 

  • a new investor engaged in a pioneer industry; 

  • entities with added value and high externality;

  • entities which introduce new technology;

  • entities with strategic value for the national economy;

  • entities with legal status as an Indonesian legal entity; and

  • entities whose debt-to-equity ratio are prescribed by the MoF.

 

In accordance with MoF Reg. No. 130/2020, the tax exemption or reduction facility (tax holiday) applies to these following pioneer industries:  

Business Sectors that are Exempted from Tax
Business Sectors that are Exempted from Tax

Business Sectors that are Exempted from Tax

Source: MoF Reg. No. 130/2020.

Currency

Indonesian Rupiah is the prevailing currency for any transaction within the Republic of Indonesia.  all transactions must utilize Indonesian Rupiah for payments and settle any obligations that involve cash payments, and/or other financial transactions.  The obligation to use Indonesian Rupiah is required for both cash and any transactions that are using cashless tools and mechanisms.  However, there are some exemptions on the obligation for the use of Indonesian Rupiah as a prevailing currency. In accordance with Article 4 BIR No. 17/2015, the obligation to use Indonesian Rupiah will be exempted for the following: 

  • certain transactions involving national income and expenditures;

  • included grants to or from foreign countries;

  • international trade transactions;

  • foreign currency savings in banks; and

  • international financing transactions.

The exemption to use of Indonesian Rupiah also applies to transaction in foreign currencies, such as business activities in foreign currencies which are conducted by banks, transactions of securities issued by Indonesian government in foreign currencies, as well as other transactions in foreign currencies which are conducted in accordance with the laws and regulations. 

Obligation to Comply with Laws on TKDN

The Local Content Requirements in Indonesia

Common with many developing countries, Indonesia aspires to upgrade its industrial competitiveness, as well as increase the value-added of its manufacturing sector. One of the ways is by using local content requirement policy, which is frequently known as TKDN policy in Indonesia. According to RPJMN 2020-2024, one of the policy directions to increase economic added value in 2020-2024, is by increasing high value-added exports as well as strengthening TKDN. The said policy directions shall be conducted through the following strategies:  

Strategies to Increase High Value-Added Exports and Strengthening TKDN

Strategies to Increase High Value-Added Exports and Strengthening TKDN

Source: Appendix I PR No. 18/2020.

In congruence with RPJMN 2020-2024, Law No. 3/2014 requires the government to increase the use of local products.  The local products must be used by: 

  • state institutions, ministries, non-ministry government institutions, and regional working units in the procurement of goods/services if their sources of financing come from the APBN or APBD including domestic or foreign loans or grants; and 

  • BUMN, BUMD, and private business entities of which financing for the procurement of goods/services comes from the APBN, APBD, and/or of which work activities are conducted through any cooperation between the government and private business entities and/or which utilize resources controlled by the state.

Additionally, in the above-mentioned case of procurement, it is required to use of local products if there is a local product available with a combined volume of TKDN and BMP equal to or exceeding 40% (forty percent).  It is also specifies that the volume of TKDN should be at least 25% (twenty five percent).  This policy aligns with the obligations on BMP, as the maximum amount of BMP allowed is 15% (fifteen percent).  These regulations are of outmost importance as the tender documents will outline the minimum requirements for local content. 

Other than the obligation to use local content, the government also encourages private business entities to increase the use of local products.  For such purposes, the government may provide facilities which are at least in the form of:  
 

  • price preferences and administrative incentives in the procurement of goods/services; and 

  • certification on the local component level.

 

The requirement to use local items shall be carried out in compliance with the amount of local content accommodated in any goods/services as indicated by the percentage of local content used.  Such percentage which is generally referred to as TKDN, shall be measured in compliance with the regulations stipulated by the Minister for Industry.  TKDN is the utilization of local items, which is measured on the basis of the amount of local components found in goods, services and a combination of goods and services.  The composition of TKDN consists of (i) TKDN of goods; (ii) TKDN of services; and (iii) TKDN of combination of goods and services.  Further description of the local components contained on each output can be found below:

Indonesia Legal Business Guidelines - IP

The Composition of TKDN on each Output

Source: MoI Reg. No. 16/2011.

The Calculation Procedure for Local Content Requirements in Indonesia

 

TKDN of Goods

 

TKDN for goods shall be calculated based on the ratio between the prices of finished goods reduced by the price of foreign components upon the price of finished goods.  The price of the finished goods is the production cost incurred by the company to produce an item.  The production costs include (i) costs for direct materials/supplies; (ii) direct labor costs; and (iii) factory indirect costs (factory overhead).  The calculation of production costs does not include the calculation of profit variables, company overhead, and output taxes. 

The Equation for TKDN for TKDN of Goods Percentage

The Equation for TKDN for TKDN of Goods Percentage

Source: MoI Reg. No. 16/2011.

TKDN of Goods

TKDN for services is calculated based on ratio between the overall services price reduced by price of foreign services against the overall services price.  The overall services price as mentioned before, is a cost which is incurred to produce services which are calculated until the onsite location.  The overall services costs shall consist of: (i) workers’ cost; (ii) working tool/working facility cost; and (iii) general service cost.  The calculation of production costs does not include the calculation of profit variables, company overhead, and output taxes. 

The Equation for TKDN of Service Percentage

The Equation for TKDN of Service Percentage

Source: Appendix V MoI Reg. No. 16/2011.

Combined TKDN of Goods and Services

 

Combined TKDN of goods and services refers to the ratio of the total cost of local components to the overall price of goods and services.  The overall cost includes expensed associated with the production of the goods and services up to the onsite location.  The calculation of the combined TKDN applies to various work activities involving the combination of goods and services, such as construction works and integrated construction works. 

The Equation for TKDN of Combination of Goods and Services Percentage

The Equation for TKDN of Combination of Goods and Services Percentage

Source: Appendix VII MoI Reg. No. 16/2011.

The Sectors with Specific Local Content Requirements in Indonesia

 

According to GR No. 29/2018, beyond the general requirements, the Minister may provide a minimum limit of TKDN specifically for each sector.  Sectors that have specific regulations can be seen on the following chart: 

Sectors with Specific Local Content Requirements in Indonesia

Sectors with Specific Local Content Requirements in Indonesia

Source: Consultant Analysis.

The Sanctions of Local Content Requirements Violation

 

In order to promote the use of local products, any official in the procurement of goods/services who violates the regulation regarding utilization of local products shall be subject to administrative sanctions, in the form of: 

 

  • written warnings;

  • administrative fines; and/or

  • dismissal from the position as an official for the procurement of goods/services.

 

These sanctions are, however, do not apply if local products are not available or are insufficient.  In addition to sanctions against officials, financial sanctions can also be imposed on those who violates the obligation, with the aim of promoting the mandatory use of local components. The imposition of financial sanctions, in the form of administrative fines, requires evidence of a breach of the duty to cooperate in the procurement of goods/services with the use of local items.

All composition of TKDN calculations, including TKDN for goods, TKDN for services, as well as TKDN of combination of goods and services are carried out based on accountable data.  If the data used in the equation cannot be accounted for, the value of the TKDN for the variable involved would be assessed as zero. In this regard, financial sanctions would be imposed on suppliers of goods/services who are knowingly providing goods/services with the TKDN implementation value that does not satisfy the TKDN quoted on the tender phase.  

Such financial sanctions shall be determined on the basis of the gap between the quoted TKDN value and the TKDN implementation value multiplied by the bid price, with the difference in the TKDN value being no more than 15% (fifteen percent).  The calculation for financial sanctions can be seen below:

The Equation for Financial Sanctions for the Violation of Local Content Requirements

The Equation for Financial Sanctions for the Violation of Local Content Requirements

Source: MoI Reg. No. 16/2011.

Data Protection

Personal data protection is essential for protecting human rights as part of the protection of private life guaranteed under Article 28G (1) of the 1945 Constitution. The Government of Indonesia has finally enacted Law No. 27/2022 concerning personal data protection on 17 October 2022. Prior to the enactment of Law No. 27/2022, the aspects of personal data protection were covered in more sector-specific legislation, for instance, Law No. 11/2008, GR No. 71/2019, and many others. Even though personal data protection has been covered by several laws and regulations in Indonesia, there is still a pressing need for one. As personal data leakage from the use of information technology and communication increases from time to time, Law No. 27/2022 is urgently needed.

Article 2 Law No. 27/2022 states that Law No. 27/2022 will not apply to personal data processing carried out by individuals in private or household activities, however, it does apply to any individual, public agency, or international organization that carries out legal actions as regulated by Law No. 27/2022 if they are (i) located within the Indonesian jurisdiction; and (ii) outside the Indonesian jurisdiction but having a legal impact in the Indonesian jurisdiction and/or for individuals who are Indonesian citizens outside the Indonesian jurisdictions who are the subjects of personal data.

Law No. 27/2022 defines personal data as any electronic and/or non-electronic data that may directly or indirectly identify a person.  Personal data falls into two categories: 

  • General personal data: full name; gender; nationality; religion; marital status; and/or personal data that may identify an individual.

  • Specific personal data: health data and information; biometric data; genetics data; criminal record; children’s data; personal finance data; and/or other data pursuant to the prevailing laws and regulations.

A subject of personal data is defined as any individual with associated personal data.  Law No. 27/2022 grants data subjects nine rights, including but not limited to:

  • the right to be informed about clarity of identity, the basis of legal interests, purpose of requesting and use of personal data, and accountability of the party requesting personal data; 

  • the right to complete, update, and/or correct errors and/or inaccuracies of personal data in accordance with the purpose of processing personal data; 

  • the right of access and obtainment of copies of personal data in accordance with the prevailing laws and regulations; 

  • the right to end processing, deleting, and/or destructing the personal data in accordance with the prevailing laws and regulations; 

  • the right to withdraw consent to processing of personal data who has been given to the Personal Data Controller; 

  • the right to file objection to automated decision making based solely on automatic processing, including profiling, which has legal consequences or have a significant impact on the personal data subject; 

  • the right to delay or limit processing of personal data in a proportionate manner with the purpose of processing personal data; 

  • the right to file objections and accept compensation for violations of processing personal data in accordance with the prevailing laws and regulations;  and

  • the right to (i) obtain and/or use personal data from Personal Data Controller in an appropriate form with the usual structure and/or format used or readable by electronic systems; and (ii) use and transmit personal data to other Personal Data Controllers, throughout the system used to communicate securely with each other in accordance with the principles of Personal Data Protection based on Law No. 27/2022. 

Furthermore, Law No. 27/2022 differentiates between Personal Data Controllers and Personal Data Processors as defined below:

  • Personal Data Controller is every person, public agency and international organization that acts individually or jointly in determining the purposes of and has control over the processing of personal data. 

  • Personal Data Processor is every person, public agency and international organization that acts individually or jointly in processing personal data on behalf of personal data controllers. 

Regarding Personal Data Processors, personal data processing covers the following actions relating to data: 

  • acquisition and collection;

  • processing and analysis;

  • storage;

  • correction and updates;

  • demonstration, announcement, transfer, dissemination, or disclosure; and

  • removal or destruction.

Meanwhile, the Data controllers’ obligations are as follows:

  • If processing personal data requires consent, provide the data subject with information on: 

  1. whether the relevant personal data being processed are legal;

  2. the purpose of processing personal data;

  3. the kind of personal data that will be processed and its significance;

  4. the length of time that personal data-containing documents are kept for;

  5. the specifics of the personal data that was collected;

  6. the time frame for processing personal data; and

  7. the rights of the person providing the data.

  • verify the personal data to make sure that it is accurate, complete, and consistent in accordance with the prevailing laws and regulations; 

  • correct personal data errors and/or inaccuracies, and then inform the data subject of the update; 

  • give the data subject access to both the processed personal data and the background to the personal data; 

  • assess the impact of personal data protection when the processing of personal data may pose a "high risk" to the data subject in accordance with a number of regulated parameters; 

  • take a variety of regulated measures to protect and ensure the security of the processed personal data; 

  • maintain confidentiality, prevent unauthorized and illegal access, and supervise all parties involved in the processing of personal data; 

  • stop processing the personal data if the data subject withdraws consent for personal data processing; 

  • (under a variety of regulated circumstances), delete personal data and notify the data subject; 

  • within 3 (three) days of a failure to protect a data subject's personal data, notify the data subject in writing and the relevant agency (which the President has yet to establish);  

  • notify the data subject of the transfer of personal data if a data controller conducts a merger, spin-off, acquisition, consolidation, or dissolution. 

Data processors’ obligations are as follows:

  • If a data controller appoints a data processor, the latter must process personal data based on the personal data controller’s instruction and in accordance with Law No. 27/2022. They also must obtain the data subject’s written approval prior to involving other data processors.

  • Certain data controller’s obligations will be applicable to data processors.

Law No. 27/2022 introduces the obligation for data controllers and data processors to appoint a designated official or officer who will be in charge of minimizing the risks of personal data breaches and ensuring compliance with personal data protection principles in a variety of regulated situations. 

For a data controller to transfer personal data abroad, either to other data controllers or processors, the transferring data controller must ensure that the country receiving the data has a level of personal data protection that is at least as high as Law No. 27/2022. Otherwise, the data controller is responsible for ensuring that personal data is adequately and legally protected. 

There are several possible administrative sanctions in the event of failure to fulfill the criteria for cross-border data transfer as per a data processor’s obligations and data controller’s obligations. These sanctions are as follows:

  • written warnings;

  • temporary suspension of personal data processing activities;

  • deletion or destruction of personal data; and/or

  • administrative fines.

Following the enactment of Law No. 27/2022, all provisions of laws and regulations governing the Protection of Personal Data, are declared to still be valid if they do not conflict with the provisions of Law No. 27/2022.  In this regard, the provisions on personal data protection can be found separately in several laws and regulations. The associated primary law on personal data protection is Law No. 11/2008, which predominantly accommodates the need to regulate the use of technology. However, it sets the foundation for personal data protection as it defines personal data protection as part of privacy rights, which has expanded to the digital space.  The privacy rights are defined as follows:  

Indonesia Business Legal Guidelines - Privacy Right

Definition of Privacy Rights

Source: Elucidation of Article 26 (1) Law No.11/2008.

Subsequently, Law No. 11/2008 gives birth to GR No. 71/2019 and MoCI Reg. No. 20/2016 as  implementing regulations. Though both implementing regulations provide the measures for personal data protection, they regulate in different areas. This is evident as they define personal data differently. GR No. 71/2019 defines personal data as all data concerning a person, whether identifiable by its own or combined with other information directly or indirectly through electronic and/or non-electronic systems,  whereas  MoCI  Reg. No. 20/2016 defines personal data as certain types of personal data that have their validity preserved, maintained, and safeguarded, as well as their confidentiality protected.  Based on both definitions, we can conclude that personal data protection means protecting every activity concerning personal data and protecting privacy rights, while personal data means every data that identifies a person, individually or combined with other information, which is preserved and its confidentially protected.  

Personal Data Protection Outside Law No. 27/2022

 

Article 26 (1) Law No. 19/2016 stipulates protection on privacy rights by obligating that personal data usage shall require consent from the personal data owner. Consequently, any person whose privacy rights are violated may file a lawsuit for the losses incurred.  On the other hand, it also prohibits the deliberate transfer of electronic information against the law to an electronic system owned by another person.  The right to be forgotten is set out in Article 26 (3) Law No. 19/2016 which states that every electronic system provider is obliged to delete irrelevant electronic information and/or document under its control at the request of the related person concerned by court order. Subsequently, the electronic system provider shall provide a mechanism for deleting irrelevant electronic information and/or document.  

Furthermore, GR No. 71/2019 regulates that the electronic system provider is obliged to conduct personal data protection principles in processing personal data consisting of: 

  • personal data collection is conducted in a limited and specific manner, legally valid, fair, with consent and agreement of personal data owner;

  • personal data processing is conducted following its objectives;

  • personal data processing is conducted by ensuring the rights of personal data owner;

  • personal data processing is conducted accurately, completely, not misleading, up-to-date, accountable, and considering the intention of personal data processing;

  • personal data processing is conducted by protecting the personal data security from loss, misappropriation, illegal access and disclosure, as well as alteration or destruction of personal data;

  • personal data processing is conducted by notifying the purpose of collection, processing   activities, and failure in protecting personal data; and/or

  • personal data processing is destroyed and/or deleted unless in a retention period following the need based on laws and regulations.

Suppose there has been a failure in protecting personal data in accordance with the principles as stipulated above, the electronic system provider shall notify in writing the personal data owner. 

In terms of irrelevant electronic information or documents, the electronic system provider shall delete the irrelevant electronic information or document under its control based on the request of the relevant person.  Hence, the obligation to delete certain electronic information or documents introduces the right to erasure and delisting,  reflecting the right to be forgotten in Law No. 11/2008. Data that is subject to erasure may consist of personal data that: 

  • was obtained and processed without the consent of the personal data owner;

  • the consent of personal data owner has been withdrawn;

  • are acquired and processed illegally;

  • no longer is in accordance with the acquisition purpose based on the agreement and/or laws and regulations;

  • the exceed the stipulated utilization period accorded within the agreement and/or laws and regulations; and/or

  • is displayed by the electronic system provider, which causes a loss for the personal data owner.

 

Data owners may request deletion of irrelevant electronic information or/document from the search engine list (right to delisting) by acquiring a court order. 

This provision ensures protection for personal data owners to take down information when it is transmitted or spread unlawfully. Article 26 MoCI Reg. No. 20/2016 stipulates that the data owner has entitlement to:

 

  • the confidentiality of their personal data;

  • file a complaint to the MoCI in the context of resolving dispute of personal data for the failure in the protection of the confidentiality of their personal data by the electronic system operator;

  • gain access or opportunity to change or update their personal data without interference from the personal data management system, unless otherwise stipulated by the prevailing laws and regulations;

  • gain access or opportunity to obtain historical of personal data that has been submitted to the electronic system operator as long as it is still in accordance with the prevailing laws and regulations; and

  • request the destruction of their certain personal data in the electronic system managed by electronic system operators, unless otherwise stipulated by the prevailing laws and regulations.

 

It is worth pointing out that MoCI Reg. No. 20/2016 is the first regulation that specifically regulates personal data protection in an electronic system in Indonesia. Beyond the definition, personal data protection comprises protection toward the acquisition, collection, processing, analyzing, storage, display, announcement, delivery, dissemination, and erasure of personal data.  

To ensure the foregoing, MoCI Reg. No. 20/2016 obliges the certification of electronic systems  and that each electronic systems provider must have internal policy on data protection as a preventive action to avoid any form of failure.  The internal policy must be drafted by considering certain aspects, such as technology implementation, human resources, method, and costs.  Other preventive actions to avoid protection failure include: 

  • increasing awareness of personal data protection to its human resources; and

  • holding training on how to prevent personal data protection failure.

Although the regulation has determined the forms of preventive measures, it does not eliminate the potential failure from occurring. When it does, the electronic systems provider must notify the personal data owner in writing with the following conditions: 

  • it should be accompanied with the reasons or causes of the failure;

  • may be carried out electronically if the personal data owner has granted approval for  which it has been declared at the time when the acquisition and collection of their personal data takes place; 

  • should ascertain that the personal data owner has received it if such failure contains potential harm against the personal data owner; and

  • written notice should be sent to the personal data owner no later than 14 (fourteen) days after the failure is known. 

 

In the event that the electronic systems provider does not give the abovementioned written notification to the personal data owner, the electronic systems provider is subject to administrative sanctions by the MoCI.  However, it is worth noting that the imposition of administrative sanctions does not eliminate criminal or civil responsibilities.  The administrative sanctions shall be imposed in the form of: 

 

  • a written reprimand;

  • administrative fine;

  • temporary suspension;

  • access termination; and/or

  • removal from the list.

From the owner's perspective, all personal data owners have the right to file a complaint to the MoCI for the failure of personal data protection based on the following reasons: 

  • there is no written notice of the failure of personal data protection made by the electronic system provider to the personal data owner, regardless of it being potentially or non-potentially harmful; or

  • the personal data owner in relation to the failure of personal data protection has suffered a loss, even though written notice of the failure has been carried out, yet the notification is too late.

The MoCI may coordinate with the head of Supervisory Institutions and Sector Administrators to follow up on the complaint.  The aforesaid complaint shall be settled by way of deliberation or through other alternative dispute resolution,  and the settlement authority is delegated to the DGIA by the MoCI.  Consequently, the DGIA may establish a personal data dispute settlement panel.  If the settlement has not been agreed upon, the personal data owner may file a lawsuit on the occurrence of the failure.  The timeline for above is as follows:

Data Breach Procedure

Data Breach Procedure

Source: MoCI Reg. No. 20/2016.

Sectoral Laws on Personal Data Protection

 

Apart from Law No. 27/2022 and MoCI Reg. No. 20/2016, the recognition of personal data protection is spread in various sectoral regulations outlined below:

Telecommunication and Information Sector

Personal data protection in the telecommunication sector is regulated under Law No. 36/1999, which protects individuals from the misuse of telecommunication means. Individual privacy rights are recognized and protected through the prohibition of wiretapping on information channeled through telecommunication networks in any form.  Wiretapping means any activity installing tools or enhancements to telecommunication networks for the purpose of obtaining information in an invalid way.  However, in special cases, wiretapping is allowed by virtue of laws and regulations, for instance, in the event there is a presumption of corruption, the Corruption Eradication Commission may perform wiretapping in conducting preliminary investigations. 

Apart from wiretapping, Law No. 36/1999 also requires telecommunication services providers to ensure the confidentiality of information sent and/or received by customers of telecommunication networks and/or telecommunication services provided,  unless required for criminal justice process purposes. In this case, the telecommunication services provider is allowed to record information and provide the necessary information based on: (i) a written request from the Office of the Prosecutor and/or the Chief of the Indonesian National Police for certain crimes; or (ii) a request form an investigator for certain crimes. 

Furthermore, Law No. 14/2008 stated that the information related to privacy rights are not part of the public information that the government agency shall provide.  The aforesaid provision is also supported by Article 17 Law No. 14/2008 that stipulates the restriction of the public information which may be obtained by the applicant of the public information. It states that the public information should not include public information which when opened and provided may reveal confidential personal information, namely: 
 

  • history and condition of family members;

  • history, condition, and treatment of a person's physical or psychological health;

  • a person's financial condition, assets, income, and bank account;

  • evaluation results in relation to capability, intellectuality, recommendation based on capability of a person; and

  • records in relation to a person's activities of formal education or non-formal education units.

 

Administration Sector

 

As for personal data protection in the administration sector, Law No. 23/2006 regulates that the resident personal data must be stored and protected by the state.  The resident personal data that must be protected consists of:  

  • information on physical and/or mental disability;

  • fingerprint;

  • iris;

  • signature; and 

  • other data element that is a person's ignominy.

The responsible minister for protection and granting access of personal data to the province officer or officer of implementing agency is the MoHA.  The consequence of spreading personal data illegally is imprisonment of 2 (two) years maximum and/or maximum fine of Rp25.000.000,00 (twenty five million Rupiah). 

Finance and Banking Sector

 

In the banking sector, Law No. 7/1992 states that banks and its affiliations are obliged to keep the information on the depositors and their deposits confidential, except in the following events: 

 

  • for the purpose of taxation, the Chairman of BI based on MoF's request authorizes the issuance of a written instruction for the bank to provide information and written proof as well as documents on the Depositors financial condition;

  • for the purpose of settlement of bank receivables that have been submitted to the Accounts Receivable Agency and State Auction Committee for State Receivable Affairs, the Chairperson of BI issues permits to obtain information from the bank regarding the deposit of the depositors;

  • for the purpose of criminal justice processes, the Chairperson issues permit to the police, prosecutor, or judge to obtain information from the bank regarding the deposit of the suspect or defendant in the bank;

  • in civil cases between the bank and its customer, the board of directors may inform the court regarding the financial condition of the customer concerned and provide other information relevant to the case; and

  • in the event of exchanging information between banks, the board of directors may inform its   customers financial condition to the other bank.

Moreover, OJK regulates the data protection in OJK Reg. No. 6/2022. It stipulates that the financial services business actor is prohibited in any way from providing data and/or information related to its customers to a third party.  Nonetheless, there are exceptions to the said prohibition. Those exceptions are triggered in the event that: (i) the customers give written consent; or (ii) it is obligated by the relevant laws and regulations.  In this regard, when the financial services business actor obtains personal information from a third party in conducting its activities, the financial services business actor shall make a written statement conveying that the third party has obtained written consent from the related person to give the referred information to any party, including the financial services business actor and inform the customers in regard to where the financial services business actor may obtain such information.  Other than that, the financial services business actor shall uphold consumer protection in performing its business activities.  Additionally, OJK regulates personal data protection by issuing OJK Circular Letters No. 14/SEOJK.07/2014 that define the scope of data and/or personal information and constraints for the financial services business actor related to the data/personal information. 

Trade Sector

 

In respect of the trade sector, Law No. 7/2014 stipulates that the use of an electronic system for any business trading goods and/or services must comply with the provisions of the laws and regulations on electronic information, which are Law No. 11/2008 and its implementing regulations.

Considering how digital transactions has evolved, the Indonesian government formed and enacted GR No. 80/2019 to ensure data protection in digital commerce, specifically on transactions by means of an electronic system must optimize protection on personal data.  In particular, GR No. 80/2019 regulates the personal data protection standards, or the prevalence shall at least meet the following rules of protection:
 

  • personal data must be obtained legally from the personal data owner accompanied by the existence of choices and guarantees for the safeguarding and prevention of loss to the owner of said personal data;

  • personal data must be owned for one or more purposes that are described in a specific and valid manner, and cannot be further processed in a way that is not in accordance with the said purposes;

  • personal data that are obtained must be proper, relevant, and not too broad in relation to the purpose of their processing as previously conveyed to the personal data owner;

  • personal data must be accurate and up to date by way of giving opportunities to the personal  data owner to update its personal data;

  • personal data must be processed in accordance with the purpose of the acquisition and  allocation, and said data cannot be possessed for longer than required;

  • personal data must be processed in accordance with the rights of the personal data owner as regulated under the laws and regulations;

  • the party which stores personal data must possess a proper security system to prevent leaks or prevent any unlawful utilization or processing of personal data. As well as being responsible for unexpected losses and damages to the said personal data; and

  • personal data cannot be sent to another country or area outside Indonesia, except the country and area that have been declared as having the same protection level and standard as Indonesia by the MoT.

 

Health Care Services Sector

 

Compared to other sectors above, the health care services sector is the first sector that regulates data protection in detail, especially for data found in a patient's medical records. According to Law No. 29/2004, the patient's medical record must be stored and kept confidential by the doctor or dentist and the directors of the health care facility.  This provision is restated in Law Number 36 of 2009 on Health,  Law Number 44 of 2009 on Hospital,  Law Number 36 of 2014 on Health Workers,  and Law Number 38 of 2014 on Nursing. 

A patient's rights include the right to confidentiality in relation to the health condition that has been shared with the health care provider.  In the event a data loss occurred due to leakage of data and information on a patient's health condition obtained by health worker while conducting its work, then  the related patient may claim compensation from the person, health  worker, and/or health care services  provider who caused loss due to error or negligence.

bottom of page