Digital business in Indonesia: overview

A Q&A guide to digital business in Indonesia.

The Q&A gives a high level overview of matters relating to regulations and regulatory bodies for doing business online, setting up an online business, electronic contracts and signatures, data retention requirements, security of online transactions and personal data, licensing of domain names, jurisdiction and governing law, advertising, tax, liability for content online, insurance, and proposals for reform.

To compare answers across multiple jurisdictions, visit the Digital Business Country Q&A tool.

This Q&A is part of the global guide to digital business law. For a full list of jurisdictional Q&As visit www.practicallaw.com/digital-business-guide.

Iman Sjahputra, Wawan Santoso, Willy Isananda and Angga Karona, Iman Sjahputra & Partners
Contents

Regulatory overview

1. What are the relevant regulations for doing business online (for business-to-business and business-to-customer)?

The following are the relevant regulations for doing business online:

  • Law No. 11 of 2008 on Electronic Information and Transactions (Electronic Information and Transaction Law).

  • Law No. 7 of 2014 on Trade (Trade Law).

  • Law No. 8 of 1999 on Consumer Protection (Consumer Protection Law).

  • Government Regulation No. 82 of 2012 on Electronic Systems and Transactions (Electronic System and Transaction Regulation).

  • Law No. 36 of 1999 on Telecommunications.

  • Indonesian Civil Code.

  • Indonesian Business Code.

 
2. What regulatory bodies are responsible for passing legislation in this area?

The law is determined by legislative bodies (in this case, the People's Representative Council) and confirmed by the President. The President implements laws by making government regulations. The relevant ministry (for matters related to digital business, the Ministry of Communication and Informatics) and related departments and other government institutions can also issue implementing regulations.

The Indonesian Civil Code is still applicable now (except for some parts) but the Indonesian Business Code is more relevant in a business context.

 

Setting up a business online

3. What are the common steps a company must take to set up an existing/new business online?

The common steps for a company to take are:

  • Setting up a corporate vehicle/legal entity to best suit the purpose of business.

  • Conducting market research to determine profitable market share.

  • Setting up the business to comply with any relevant regulations or issues such as local morality requirements, child safety features, personal data collection (including payment), customer service requirements and language requirements.

  • Creating and registering a website and domain name with the relevant authorised institutions.

  • Registering for appropriate intellectual property rights.

  • Submitting a registration of electronic transactions to the trustworthiness certification body in order to obtain a trustworthiness certificate.

In addition, it is necessary to consider:

  • That the use or collection of personal data must be conducted with the data owner's express consent.

  • For e-commerce, the business is obliged to provide frank and accurate information and service to consumers and provide service and maintenance of its products.

  • Any agreement (including terms and conditions, policies and cookies) involving Indonesian customers must be translated into Indonesian.

 
4. What are the relevant parties that an online business can expect to contract with?

Generally, a business will need to enter into contracts with:

  • A website developer. An online business will need to build and maintain a website to fit its particular specifications and business purpose. Generally the developer will provide or recommend a hosting service for the business. Considering the large amount of criminal practice online, the site will have to be developed with strong security. Use of confidential information must also be properly considered, as well as advertising and distribution.

  • Banks and other payment service providers. An online business must secure an agreement with the relevant and necessary providers who are widely used and familiar in the market. A business will also need to tackle personal data protection (payment data is considered to be personal data) and obtain consents from consumers for any issue involving personal data.

  • Content owners. If there is any content that is not owned by the business. Intellectual property issues must be incorporated into contracts and generally a business will limit the liability of any third party content to that party.

  • Consumers. Any terms and conditions (including cookies) must comply with personal data laws, access to information, customer service and language requirements (see Question 3). If a business' limitation of liability is uncertain, this can be void under local law.

  • Delivery services (if there is no internal delivery service). Any contract must regulate the availability and commercial terms of a delivery service.

 
5. What are the procedures for developing and distributing an app?

In any app development, licensing and ownership of intellectual property rights (including the newly developed intellectual property, whether developed deliberately or unintended) must be addressed. If a licence is required, the company must put one in place and set out any relevant terms and conditions of use. A business must include clauses on personal data collection and use in the terms and conditions in accordance with the Electronic Information and Transaction Law and its implementing regulations.

Distribution will be managed by entering into contracts with various app stores that provide services to the majority of users. It is also possible to market the app by co-operating with government bodies, corporate entities or other public bodies. When distributing the app, a company must also provide any training or information necessary to familiarise the user with it.

A digital business must also maintain and operate the app; taking into consideration any security concerns (which are prevalent in Indonesia at the moment) (see Question 18).

 

Running a business online

Electronic contracts

6. Is it possible to form a contract electronically? If so, what are the requirements for electronic contract formation?

It is possible to form a contract electronically. Transactions that are part of an electronic contract will bind the parties to it (Article 18, Electronic Information and Transaction Law). A choice of law in electronic transactions can be made only if the contracts involve foreign elements and their applicability must be in harmony with the principles of private international law.

Electronic transactions can be conducted through electronic contracts or using any other means as long as the parties consent (Article 47, Electronic System and Transaction Regulation).

An electronic contract is considered to be the same as a regular contract, but in a different form. It must therefore incorporate all the usual elements of a contract, including:

  • The parties' mutual consent.

  • The parties' capacity and authorisation to enter into it.

  • The contract's objective.

  • It must be lawful.

For electronic contracts, the parties must fully read, review and understand it. A single or double click at the end of a contract is generally not considered to operate as consent. Contracts that subjects users to new, additional or continuous changes made unilaterally by the business are prohibited and will be void (Article 18, Consumer Protection Law).

Consumers must have a "cooling-off" period and any attempt to limit the liability of the company to pay a refund will void the agreements (Consumer Protection Law).

 
7. What laws govern contracting on the internet?

See Question 1.

In addition, Law No. 24 of 2009 on National Flag, Emblem and Anthem provides that the Indonesian language must be used in any memorandum of understanding or agreement (including agreements under international public law) which involves a:

  • State institution.

  • Government institution.

  • Private Indonesian entity.

  • Indonesian citizen.

If a memorandum of understanding or an agreement involves foreign parties, it should also be drafted in the national language of the foreign parties and/or English. Any electronic contract involving an Indonesian must be made in the Indonesian language (Article 48 (1), Electronic System and Transaction Regulation).

All business -to-consumer contracts are covered by the Consumer Protection Law.

Several important things to note include:

  • A seller must provide information containing its identity, legal status and competence, whether as producer, supplier, provider or intermediary (Article 9, Electronic Information and Transaction Law).

  • A seller must provide frank and accurate information (including instructions for use, maintenance and service) about the goods to be sold (Consumer Protection Law).

  • Certain types of "boilerplate" clauses are prohibited and in some cases, consent given by a single or double click at the end of the terms and conditions is not considered to be sufficient (Consumer Protection Law).

  • Most limitations of liability or transfer of liability to the buyer will be void under the Consumer Protection Law.

Even though customer service support must be provided, there is no direction on the method to be used as long as the buyer is provided with the answer and/or service required in a manner that they fully understand.

 
8. Are there any limitations in relation to electronic contracts?

All regular contracts can be made electronically, except for:

  • Certificates that under law must be made in writing, including negotiable instruments, valuable documents, and documents used in the enforcement of civil procedure, criminal procedure and state administration.

  • Certificates and their papers that under law must be made by notarial deed or land conveyance deeds.

Electronic information and/or electronic records will be lawful to the extent that the information contained in them is accessible, displayable, assured as to its integrity, and subject to accountability (Articles 5 and 6, Electronic Information and Transactions Law).

 
9. Are there any data retention requirements in relation to the formation of electronic contracts?

The following applies to data retention:

  • Electronic system providers must retain all transaction data in Indonesia (Article 43, Electronic System and Transaction Regulation).

  • Electronic system providers must be able to redisplay electronic information and/or electronic records in their entirety in accordance with the retention period provided for under relevant laws and regulations (Article 16, Electronic Information and Transaction Law). For example, every note containing information on the rights and obligations or information relating to the business activity of a company must be retained for ten years (Law No. 8 of 1997 on Company Documents).

 
10. Are there any trusted site accreditations available?

The Ministry of Communications and Informatics decreed that all e-commerce sites must be accredited by a particular organisation to ensure accountability. Public or private electronic system providers (when using the electronic system for a public service) must have a trustworthiness certificate issued by the trustworthiness certification body. Private electronic system providers that do not provide public services can also have a trustworthiness certificate.

Proof that the relevant certificate has been obtained is demonstrated by displaying a trusted mark certification logo on the company's homepage.

The certification body is independent. It was established by professionals and is recognised and supervised by the government, which has the authority to audit and issue a trustworthiness certificate.

 
11. What remedies are available for breach of an electronic contract?

Most remedies that are available for breach of a regular contract are also available for breach of an electronic contract. Under the freedom of contract principle, most remedies are decided by agreement between the parties.

However, there are several additional remedies imposed by the Electronic Information and Transaction Law and the Consumer Protection Law (see Questions 6 and 7).

E-signatures

 
12. Does the law recognise e-signatures?

Applicable legislation

The following legislation applies to e-signatures:

  • Articles 53-58 of the Electronic System and Transaction Regulation.

  • Articles 11-13 of the Electronic Information and Transaction Law.

Definition of e-signatures

An electronic signature means a signature that contains electronic information that is attached to, associated or linked with other electronic information used for verification and authentication.

Format of e-signatures

An e-signature is data added to a document by complex mathematic calculations through symmetric encryption, by using the private key of the sender and data that can only be described by using a public key that belongs to the sender. Using this method, the originality of a document and validity of the sender can be guaranteed.

 
13. Are there any limitations on the use of e-signatures?

Electronic signatures will have legal force and effect if they satisfy the following requirements:

  • The creation data can only be associated with the signatories.

  • The creation data at the time of the electronic signing process can only be in the power of the signatories.

  • Any alteration to an electronic signature that occurs after signing is identifiable.

  • Any alteration to the electronic information associated with the signature after signing is identifiable.

  • Certain specified methods are adopted to identify relevant signatories.

  • Certain methods are used to demonstrate that the signatories have given their consent to the associated electronic information.

 

Implications of running a business online

 

Cyber security/privacy protection/data protection

14. Are there any laws that regulate the collection or use of personal data? To whom do the data protection laws apply?

Using any information gathered through electronic media that involves personal data requires consent from the person to whom the data relates (Article 26, Electronic Information and Transactions Law). Any person whose right is infringed can lodge a legal action.

Payment data made using a credit card, charge card or other electronic means is also considered to be personal data and the seller must always obtain the buyer's consent.

These laws apply to any person who commits legal acts governed by the Electronic Information and Transaction Law, both within and outside Indonesia, which have legal effect within or outside Indonesia and are detrimental to the interest of Indonesia.

For further information on data protection laws in Indonesia, see Data Protection in Indonesia: overview.

 
15. What data is regulated?

Personal data is an individual's data, stored and maintained with its truth and confidentiality protected (Article 1 (27), Electronic System and Transaction Regulation). Article 26 of the Electronic Information and Transactions Law regulates only individuals' personal data and not business data which are neither individual nor personal.

Companies that offer products through electronic systems must provide information containing its identity, legal status and competence, whether as producer, supplier, provider or intermediary (Article 9, Electronic Information and Transaction Law).

Business data is regulated specifically under certain laws including:

  • Law No. 10 of 1998 on the amendment of Law No.7 of 1992 on Banking.

  • Law No. 7 of 1971 on Basic Provisions on Archiving.

  • Law No. 8 of 1997 on Company Documents.

  • Law No. 36 of 1999 on Telecommunications.

 
16. Are there any limitations on collecting personal data? Are there any specific limitations on storage of personal data in the cloud?

There are limitations on collecting and using personal data (see Question 14).

The Ministry of Communications and Informatics is currently working on the draft of a regulation stating that consent from the owner of personal data does not grant a right to collect and/or use all of that data.

Only personal data that is relevant to the purpose of the transaction can be collected and/or used, and it must be accurate.

The limitations on collecting and/or using personal data are also applicable to storage of personal data in the cloud. Using information containing personal data can only be conducted with the consent of the person concerned (the owner of the personal data). Failure to comply can lead to civil action by the infringed party.

 
17. Is the use of cookies allowed? If so, what conditions apply to their use that impact system design?

Using cookies can identify information about the user. Article 26 of the Electronic Information and Transaction Law (see Question 14) applies to the use of cookies as long as the cookies collect personal data.

If the cookies are merely used for analytical purposes and include no personal data, then Article 26 of the Electronic Information and Transaction Law will not apply.

 
18. What measures must be taken by companies or the internet providers to guarantee the security of internet transactions?

See Question 10.

A public or private electronic system provider (using the electronic system for public service) must have a trustworthiness certificate issued by the trustworthiness certification body. Private electronic system providers that do not provide public services can also have a trustworthiness certificate. If a company has the certificate, any transactions that are conducted by it are considered to fulfil a reasonable standard for consumers.

Furthermore, a company can use various types of security technology including the use of cryptography (for example, short time passwords, public key infrastructure and/or single use credit) and steganography. Companies can also apply common security technology, for example:

  • User identification, passwords and shadow passwords.

  • Firewalls.

  • Technology to monitor attacks

  • Monitoring data logs.

  • Routine back-up.

  • Encryption.

The Electronic System and Transaction Regulation provides that the electronic systems operators must (Articles 18, 23 and 30, Electronic System and Transaction Regulation):

  • Provide an audit trail record of all activities of the electronic system operation.

  • Ensure the proper functioning of the electronic system by keeping interoperability and compatibility with the previous and/or related systems.

  • Have an electronic system capability certificate for public services.

 
19. Is the use of encryption required or prohibited in any circumstances?

Electronic signature providers and their supporting services must use the electronic signature generator tool that applies cryptographic techniques when transmitting and storing electronic signatures (Article 57 paragraph 2, Electronic System and Transaction Regulation).

Furthermore, there are several internal regulations in various governmental bodies requiring the use of encryption for information that, if disclosed to an unauthorised party, will jeopardise national security (classified information).

For example, the National Code Institution (NCI) states that the transmission of classified information must be conducted through a secured communications network and encrypted as recommended by the NCI. Classified information must also be secured using cryptography and not be stored in personal computers or mobile devices.

 
20. Can government bodies access or compel disclosure of personal data in certain circumstances?

In certain circumstances, the authorities (the police or a judge in court proceedings) are given powers under the law, related to their duties and functions, to compel and request information, (including from electronic system users) to reveal and disclose personal data. Examples include:

  • Court evidence. A judge can ask users and internet service providers to disclose personal data provided that it is solely in the public interest.

  • Banking law. In a criminal action, the head of Indonesian Central Bank can permit the police, a prosecutor or a judge to obtain information from banks about the account of a suspected or accused criminal.

  • Civil action. As part of an action between a customer and the bank, the directors of the bank can give the court information on the financial position of a customer, or any other evidence required by the case (Articles 42 and 43, Banking Law).

 
21. Are there any regulations in relation to electronic payments?

Illegal collection and/or use of personal data will be subject to civil action by the harmed party.

Provisions on electronic payments are principally regulated under the Trade Law. Every business trading goods and/or services using an electronic system must provide that the data and/or information is complete and correct, and must contain (Article 65, Trade Law):

  • The identity and authority under which the businesses operate as producers or distributors.

  • The technical requirements of any offered goods.

  • The technical requirements or qualifications for any offered services.

  • The price and payment for any goods and/or services.

  • The method for delivering the goods.

Internet banking services and transactional internet banking services are regulated by the Bank of Indonesia Regulation No. 9/15/PBI/2007 on the Implementation of Risk Management in the Use of Information Technology by Commercial Banks.

Anyone providing e-money, e-wallet or payment cards will be reported to the Indonesian Financial Transaction Reports and Analysis Centre if there any allegations of money-laundering (Article 17 (a) (11) and (12), Law No. 8 of 2010 on Money Laundering).

 

Linking

22. Are there any limitations on linking to a third party website and other practices such as framing, caching, spidering and the use of metatags?

The Electronic Information and Transaction Law prohibits any person from knowingly and unlawfully altering, adding, reducing, transmitting, tampering with, deleting, moving or hiding electronic information and/or records belonging to others or the public.

It also prohibits any person from knowingly and unlawfully moving or transferring electronic information and/or records to or from the electronic systems of unauthorised persons (Article 32, Electronic Information and Transaction Law).

Acts covered by the law are those that result in any confidential electronic information and/or records being compromised so that the data becomes accessible to the public in its entirety in an improper manner.

In practice, authority in the form of user consent is desirable in order to avoid any violation.

 

Domain names

23. What regulations are there in relation to licensing of domain names?

Domain name regulations can be found in Articles 73 to 83 of the Electronic System and Transaction Regulation and Article 23 and 24 of the Electronic Information and Transaction Law.

Domain name administrators residing outside the territory of Indonesia and any domain names they have registered will be recognised as long as they do not contravene the law or regulations (Article 24 paragraph 3, Electronic Information and Transaction Law).

Domain name operators (the domain name registrar and registry) are convened by the government and/or the community. The community is a legal entity under the Indonesian law. For example, Internet Domain Name Management Indonesia (PANDI) is a legal entity that has the authority to organise the domain management of .id. It is formed by the representatives of the information technology community of Indonesia and the Government (the Ministry of Communications and Informatics).

Such communities must be incorporated companies in Indonesia (Article 74, Electronic System and Transaction Regulation).

 
24. Do domain names confer any additional rights (in relation to trade marks or passing off) beyond the rights that are vested in domain names?

Domain names do not confer any additional rights and are different from trade marks. Registration and the authorised body in charge of domain names are also different from trade marks.

For a trade mark to be registered, an application is made to the Directorate General of Intellectual Property Rights and the Ministry of Law and Human Rights of Indonesia. It must pass through substantive examination and publication phases before being issued with a certificate. Indonesia employs a first-to-file principle for trade marks. The mark is subject to cancellation (if it infringes another's rights or is applied for in bad faith) and deletion (based on non-use) (Law No. 15 of 2001 on Marks (Trade Mark Law).

On the other hand, domain names are just addresses or the identity of state administrators, persons, business entities and/or the public, and are obtained on a first-applicant basis. This first applicant principle in domain name policy is different from the one used for intellectual property rights because there is no examination procedure like there is for trade marks (Article 23, Electronic Information and Transaction Law).

It is possible to register a domain name as a trade mark but will be considered as a mark, not a domain name, and therefore the Trade Mark Law will apply. If the domain name infringes a registered trade mark, it will contravene the Trade Mark Law as an act of passing off. To object to the alleged infringement of a person's trade mark rights, it must be raised either during the publication period of by filing a cancellation lawsuit in the commercial court.

 
25. What restrictions apply to the selection of a business name, and what is the procedure for obtaining one?

In Indonesia, a person can establish a business entity using a limited liability company, firm or commanditaire vennotschaap (CV).

A firm is a business consisting of two or more persons with a shared name, in which the liability is shared equally and not limited to each owner.

A CV is a business entity established by two or more persons in which one or more will act as active partners and the others will be passive partners. The active partners will manage the CV and the passive partners will have a share but not manage it. If a passive partner joins to manage the CV then he will be considered active.

Limited liability companies cannot use names which:

  • Have been legally used by another company or are in principle the same as the name of another company.

  • Conflict with public order and/or morality.

  • Are the same as or similar to names of state, government, or international institutions, except with permission from them.

  • Are not in accordance with the purpose and objective of the business activities or only show the purpose and objective of the company without an actual name.

  • Consist of figures or a series of figures, characters or a series of characters that do not form words.

  • Have the meaning of company, legal entity, or civil association.

  • Are letters of the alphabet.

Where the name of a company is an abbreviation, it must comply with all the points above except for the fifth one (Article 5, Government Regulation No. 43 of 2011 on the Procedure of Submission and Use of Company Name and Article 16, Law No. 40 of 2007 on Limited Liability Companies).

A company must be approved by the Ministry of Law and Human Rights (MLHR). A public notary will check the registered company name on the legal entity administration system of the MLHR. If the name is already taken, it will be rejected by the MLHR.

The Indonesian language must be used in the company name. Failure to comply can lead to rejection of the proposed company name.

Unlike companies, CVs and firms are not legal entities and there are no specific regulations for choosing names. However, there are several rules in the Indonesian Business Code that apply. Generally, when choosing a CV or firm name, it will accord with the area and characteristic of the business. Approval from the MLHR is not required and the name will generally be registered in the District Court of the CV or firms' domicile.

 

Jurisdiction and governing law

26. What rules do the courts apply to determine the jurisdiction for internet transactions (or disputes)?

The parties to an agreement are free to determine which court, arbitration, or other alternative dispute resolution institutions have jurisdiction to handle disputes. In the absence of a choice, the issue of jurisdiction will be decided under the principles of private international law (Article 18 paragraph 4 and 5, Electronic Information and Transaction Law).

In consumer contracts, dispute settlement can be conducted either in or out of court based on the choice of the disputing parties. Every consumer who has suffered damages can file charges against the company through the body which is responsible for settling disputes between consumers and companies. Settlement out of court will not avoid any criminal responsibility. If an effort to settle the dispute outside court has been made, charges can only be filed in court if the efforts are declared unsuccessful by one or both of the parties to the dispute (Article 45, Consumer Protection Law).

 
27. What rules do the courts apply to determine the governing law for internet transactions (or disputes)?

The parties have the power to choose the law applicable to international electronic transactions. This law is binding in the same way as to any contract. A choice of law in electronic transactions is usually only expressed when there is a foreign element and it must be in harmony with the principles of private international law.

When there is no choice of law, the principles of private international law apply (Article 18 paragraph 2 and 3, Electronic Information and Transaction Law).

Since information technology use for electronic information and transactions is cross-territorial in nature, the law applies to legal acts not only in Indonesia and/or committed by Indonesian citizens, but also to acts committed outside Indonesia by both Indonesian and foreign citizens, or Indonesian and foreign legal entities, having legal effect in Indonesia (Article 2, Electronic Information and Transaction Law).

For consumer contracts, see Question 26.

 
28. Are there any ADR/ODR options available to online traders and their customers? What remedies are available from the ADR/ODR methods?

The parties to an agreement are free to determine which court, arbitration, or other alternative dispute resolution institutions have jurisdiction to handle disputes. In the absence of a choice, the issue of jurisdiction will be decided under the principles of private international law (Article 18 paragraph 4 and 5, Electronic Information and Transaction Law).

Disputes or differences of opinion can be resolved by the parties through ADR in good faith by waiving the "resolution of dispute" lodged in the District Court. The resolution of dispute is carried out at a direct meeting of the parties and if it cannot be resolved by the parties, they can ask for it to be resolved with the assistance of one or more expert advisors or a mediator.

If the parties fail to meet or reach an agreement within 14 days with the assistance of one or more expert advisors or a mediator, they can contact an arbitration institution or an ADR institution to appoint a mediator. Any attempt at resolving the dispute through a mediator will be confidential and must be reached and signed in writing within 30 days. The written agreement will be final and binding on the parties for execution in good faith and must be registered at the District Court within 30 days after signing. The agreement must then be completely implemented within 30 days after its registration (Law No. 30 of 1999 on Arbitration and Alternative Dispute Resolution (Arbitration and ADR Law)).

There are still disagreements between experts over online dispute resolution (ODR) and whether electronic ADR agreements are enforceable. The Arbitration and ADR Law does not explain the requirement for a "written form" of agreement, but does not require an agreement to be printed. However, electronic information and/or records are deemed to be lawful to the extent that the information contained in them is accessible, capable of display, assured as to its integrity and accountable (Article 6, Electronic Information and Transaction Law). So as long as these requirements are met, it is likely that electronic form ADR agreements will be lawful. Even though ODR is not clearly regulated, neither the Arbitration and ADR Law nor the Electronic Information and Transaction Law prohibit it.

 

Advertising/marketing

29. What are the relevant rules on advertising goods/services online/via social media?

The Consumer Protection Law explicitly regulates advertisements, under which companies must:

  • Provide true, clear, frank and non-misleading information on the condition of and guarantee for the goods and/or services.

  • Provide compensation and/or replacement of the goods/services if not in accordance with the agreement.

  • Not produce and/or trade in goods and/or services that do not accord with the condition, guarantee, efficacy, quality, composition, process, style, mode or use as stated on the label or information about the goods/services.

  • Limit certain boilerplate clauses.

Infringement of the above can lead to civil and/or criminal action.

Any business entity offering products electronically must provide complete and accurate information as to the contract terms, manufacturer and products offered (Article 49 paragraph 1, Electronic System and Transaction Regulation). Infringement entitles the consumer to bring a civil action against the company.

 
30. Are there any types of services or products that are specifically regulated when advertised/sold online (for example, financial services or medications)? 

All advertised products must comply with the Consumer Protection Law and the Electronic Information and Transaction Law and its implementing rules. For instance, the Electronic Information and Transaction Law prohibits the transmission of electronic information including advertisements that:

  • Contain content that contravenes propriety.

  • Promote gambling.

  • Are offensive and/or defamatory.

  • Are extortionate and/or threatening.

There are also some specific regulations regarding the advertisement of tobacco products. For example, it is not possible to show a cigarette or its smoke, a person smoking, the cigarette's packaging, or encourage people to smoke tobacco products. Failure to comply can lead to the advertisement needing to be revised, a written warning and/or temporary prohibition on advertising (Government Regulation No. 109 of 2012 on the Safeguards of Material Containing Addictive Substances in the Form of Tobacco for Health).

There are also prohibitions on advertising materials containing racism, pornography and violence (Law No. 44 of 2008 on Pornography and Law No. 35 of 2014 on Child Protection).

 
31. Are there any rules or limitations in relation to text messages/spam emails?

It is forbidden to knowingly and without authority or unlawfully commit any act that results in a fault on an electronic system and/or that results in an electronic system not working properly (Article 33, Electronic Information and Transaction Law). In addition, an electronic system operator must provide a security system that includes procedures and systems to prevent and solve threats or attacks that cause disruption, failure and loss.

Anyone who sends electronic information must also ensure that the information is true and is not interfering in its nature (Articles 44 and 20, Electronic System and Transaction Regulation).

The sender of any mass text messages or short messaging service is forbidden to send any messages that do not accord with public interest, moral propriety, security and public order (Article 17, MCI Regulation No. 1 of 2009 on the Implementation of Premium and Short Messaging Service Provider to Broad Destination).

 
32. Are there any language requirements in your jurisdiction for a website that targets your particular jurisdiction or whose target market includes your jurisdiction?

An electronic system provider that operates systems furnished with procedures or guidelines must include languages, information, or symbols that are understandable to users (Article 16, Electronic Information and Transaction Law).

In addition, the Indonesian language must be used in any memorandum of understanding or agreement (including agreements under international public law) which involve a state institution, a government institution, a private Indonesian entity or an Indonesian citizen. If a memorandum of understanding or an agreement involves foreign parties, it must also be drafted in the national language of the foreign parties and/or English. Failure to translate can lead to legal action and in some cases, to the agreement being deemed void (Article 31, National Flag, Language, Emblem and Anthem Law).

 

Tax

33. Are sales concluded online subject to taxation?

Online sales are subject to taxation. There is no specific law governing taxation of online transactions, so laws on taxing conventional goods apply. Any gains made as a result of online sales are the target of such taxes (Article 4 paragraph 1, Law No. 36 of 2008 on the Fourth Amendment of Law No. 7 of 1983 on Income Tax).

Online businesses are obliged to pay income tax under the law (Directorate General of Taxes Regulation No. PER-32/PJ/2010 of 2010 on the Implementation of Income Taxation, Article 25, Individual Tax Subject Business Actor in Particular (PER 32/2010)). Even though the business does not have a physical presence, there is still a binding obligation to pay income tax. The rate of tax for online businesses is 0.75% of the monthly gross circulation for each place of business (in case of an online business, a website), conducted through the following banks:

  • Bank Persepsi (commercial bank authorised by the Minister of Finance to accept state income).

  • Bank Devisa Persepsi (commercial bank authorised by Minister of Finance to accept state income from export or import).

  • Kantor Pos Persepsi (Post Office authorised by the Minister of Finance to accept state income).

These rules are also strengthened by the Circular Letter of the Directorate General of Taxes No. 62/PJ/2013.

 
34. Where and when must online companies register for VAT and other taxes? Which country's VAT rate will apply?

Value added tax (VAT) is based on the consumption of goods and services within Indonesia and imposed on production and distribution.

A company must be registered with the tax office as to be able to claim VAT credit, however, only a resident or permanent establishment can have a VAT registration.

A company that produces, imports or exports taxable goods, conducts trading activities or renders taxable services must register with the Directorate General of Tax as a taxable entity (with the exception of small businesses). Small businesses can still be subject to VAT if they so choose and the VAT law will fully apply to them.

A business is considered to be small if it generates gross income of up to IDR 4.8 billion annually (Minister of Finance Regulation No. 197/PMK.03/2013). Any business exceeding that amount is not considered small and will be subject to VAT.

The following goods and services are subject to VAT:

  • Delivery of taxable goods (tangible or intangible) by an entity in Indonesia.

  • Import of taxable goods.

  • Rendering of taxable services in Indonesia.

  • Use in Indonesia of intangible taxable goods from outside Indonesia.

  • Use of offshore taxable services in Indonesia.

  • Export of taxable goods, intangible goods and taxable services by an entity in Indonesia.

The disposal of fixed assets and self-construction activities are also subject to VAT.

If an online shop sells goods or services that are subject to VAT, it must issue a tax invoice (Law No. 42/2009 on the Third Amendment of Law No. 8/1983 on Value Added Tax of Goods and Services and Sales Tax of Luxury Goods).

 

Protecting an online business

Liability for content online

35. What laws govern liability for website content?

The Electronic Information and Transaction Law prohibits the transmission of electronic information including advertisements that:

  • Contain content that contravenes propriety.

  • Promote gambling.

  • Are offensive and/or defamatory.

  • Are extortionate and/or threatening.

Violation can lead to criminal action with sentences up to six years in prison and a fine of up to IDR1 billion.

If online content contains pornography, the person running the business can imprisoned for a minimum of six months and a maximum of 12 years and suffer a fine from IDR 250 million up to IDR6 billion. In addition, the government can block the site (Law No. 44 of 2008 on Pornography).

If the online content contains defamation, incitement, misleading statements and falsehood or shows violence, pornography, gambling, the illegal use of narcotics or racist material, this is punishable with up to five years in prison and a fine of up to IDR10 billion (Law No. 36 of 2002 on Broadcasting).

 
36. What legal information must a website operator provide?

Businesses offering products through electronic systems must make available full and true information about contractual conditions, manufacturers, and products. This includes information containing its identity, legal status and competence, whether as producer, supplier, provider or intermediary (Article 9, Electronic Information and Transaction Law).

Other necessary information includes the requirements for agreements to be valid and details of offered goods and/or services (such as names, addresses and descriptions of the goods/services).

The "electronic agent" (any device in an electronic system made to perform an automatic action organised by a person) must contain or submit information to protect the rights of users including (Article 35, Electronic System and Transaction Regulation):

  • The identity of the electronic agent's operator.

  • The object of the transaction.

  • Security details of the electronic agent.

  • The procedures for using the device.

  • A phone number for any complaints.

See also Question 29.

 
37. Who is liable for the content a website displays (including mistakes)?

The business owner/operator is responsible for the website including ensuring that its content complies with any applicable laws. There are also other parties who can be liable including the electronic systems provider. These providers are responsible for:

  • Supplying systems in a reliable and secure manner and for their proper operation. They are also responsible for use of the system by state administrators, people, business entities and/or the public.

  • Any abuse of electronic signatures on the site.

 
38. Can an internet service provider (ISP) shut down a website, remove content, or disable linking due to the website's content and without permission?

The Ministry of Communications and Informatics (MCI) is the active regulating body deciding whether a site should be blocked, and an ISP must act based on the MCI's instructions. This can be done without the site owner's permission.

The public can report directly to the directorate general of the MCI to urge the blocking of a site containing negative content. The report must be lodged through e-mail or through the tool provided on the MCI website. When negative content is reported the MCI can warn the site provider and give them 48 hours to comply with any instructions (Article 4 paragraph 1 and Article 14, MCI Regulation No. 39 of 2014).

 

Insurance

39. How should an online business be insured?

Online businesses must have the same insurance as other businesses with e-commerce as one of its insurance objects (because the activity can involve risk and loss).

If there is any loss attributed to an e-commerce transaction, the party that is most liable in Indonesia is the certification authority, because most companies delegate their site security to them. Therefore, it is common for certification authorities to have good insurance covering liability for a break in the security system causing a party to be harmed. This type of insurance is often reinsured.

 

Reform

40. Are there any proposals to reform digital business law in your jurisdiction?

The Ministry of Communications and Informatics has proposed a draft of a digital-based convergence law. This draft is viewed as crucial considering the massive developments in information technology and new industries. The draft law is due to complete the current telecommunication laws which are deemed to not be up to date. It will also add to the Electronic Information and Transaction Law and the Broadcasting Law.

Other than that, e-commerce sites involving transactions with Indonesian buyers are encouraged to use Indonesian domains, but this is not yet a legal requirement.

 

Online resources

Ministry of Communication and Informatics

W www.indonesia.go.id/en/ministries/ministers/ministry-of-communication-and-informatics/1663-profile/178-kementeriandepartemen-komunikasi-dan-informatika.html

Description. This is the official website for the Ministry of Communication and Informatics.

Regulation of the State Cryptography Agency No. 10/2012 on the Information Management and Protection of Classified Information

W http://jdih.lemsaneg.go.id/attachments/article/100/perkakepka-20120904_194709.pdf

Description. This is an official website from the Ministry of Communications and Informatics and maintained by it. It is available in Indonesian only.

Bani Arbitration Centre

W www.baniarbitration.org/ina/procedures.php

Description. BANI (Indonesian National Board of Arbitration) is an Indonesian arbitration body formed by the government. This is its official and maintained website. It is available in Indonesian and English, however the translation is for guidance only.

Government Regulation No. 109/ 2012 on Materials that Contain Addictive Substances in Tobacco Products in the Interest of Health

W http://sipuu.setkab.go.id/PUUdoc/173643/PP1092012.pdf

Description. This is an official site of the Indonesian secretariat and is available in Indonesian only.

Ministerial Regulation of Communications and Informatics No. 1/2009 on the Implementation of the Premium Message Service and Short Messaging Service

W https://jdih.kominfo.go.id/produk_hukum/view/id/320/t/peraturan+menteri+komunikasi+dan+informatika+nomor+01permkominfo012009+tanggal+8+januari+2009

Description. This is an official website of the Ministry of Communication and Informatics and maintained by it. It is only available in Indonesian.

Network National Documentation and Legal Information (Jaringan Dokumentasi Dan Informasi Hukum)

W http://jdih.mahkamahagung.go.id/v3/

Description. This is an official website of the Supreme Court of Indonesia and maintained by it. Most regulations in Indonesia can be found on this site and they are arranged by years. It is only available in Indonesian.



Contributor profiles

Iman Sjahputra, Managing partner

Iman Sjahputra & Partners

T +62 21 57936750
F + 62 21 5793 6751
E sjahputra@imansjahputra.com
W www.imansjahputra.com

Professional qualifications. Registered Indonesian Intellectual Property Consultant; Indonesian bar qualified

Areas of practice. Intellectual property; internet; international business transactions; international trade; foreign and domestic investments.

Non-professional qualifications. Legal doctorate, University of Padjadjaran; LLM, American University, Washington College of Laws, USA; Bachelor of Law (SH) and Candidate Notary (CN), University of GadjahMada; completed international intellectual property courses in Japan

Languages. English, Indonesian, Mandarin

Professional associations/memberships. International Trademark Association; International Association for the Protection of Intellectual Property; Asian Patent Attorneys Association; American Intellectual Property Law Association; Asean Inter-Parliamentary Assembly; Indonesian Advocates Association (Perhimpunan Advokat Indonesia); IIPS

Publications.

  • Indonesian Limited Liability Company Regulations.

  • Land Mortgage Regulation and related materials.

  • Indonesian Customs and Taxes Regulation.

  • New Labour Regulations in Indonesia.

  • New Indonesian Trademark Law: Question & Answer.

  • Problems of the Indonesian Internet Law, Justice Alleys.

Wawan Santoso, Partner

Iman Sjahputra & Partners

T +62 21 5793 6750
F +62 21 5793 6751
E santoso@imansjahputra.com
W www.imansjahputra.com

Professional qualifications. Registered Indonesian Intellectual Property Consultant; Indonesian bar qualified

Areas of practice. Intellectual property; international corporate and business; agency; franchise; contracts; distributorship; joint ventures; internet law.

Non-professional qualifications. LLM, Western Reserve University, School of Law, USA; Bachelor of Law (SH), University of Trisakti.

Languages. English, Indonesian

Professional associations/memberships. Indonesian Advocates Association (Perhimpunan Advokat Indonesia)

Willy Isananda, Associate

Iman Sjahputra & Partners

T +62 21 5793 6750
F +62 21 5793 6751
E tunggal@imansjahputra.com
W www.imansjahputra.com

Professional qualifications: Indonesian Bar

Areas of practice. Intellectual property; civil law; corporate and business; franchise.

Non-professional qualifications. LLM, University of Michigan Law School, USA; US Legal Studies Program, Yale University, USA; Bachelor of Law (SH), University of Indonesia.

Languages. English, Indonesian.

Angga Karona, Associate

Iman Sjahputra & Partners

T +62 21 5793 6750
F +62 21 5793 6751
E mail@imansjahputra.com
W www.imansjahputra.com

Professional qualifications: Indonesian Bar

Areas of practice. Intellectual property; corporate.

Non-professional qualifications. Bachelor of law (SH), University of Indonesia.

Languages. English, Indonesian.


{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1248288612982", "objName" : "Digital business in Indonesia overview", "userID" : "2", "objUrl" : "http://uk.practicallaw.com/cs/Satellite/resource/5-621-1310?null", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "22e97be00:15b1badfc49:4f64", "analyticsSessionCookie" : "22e97be00:15b1badfc49:4f65", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }