A New Front Door for Every Phone Number
As of July 1, 2026, anyone buying a new SIM card in Indonesia must first look into a camera. The Ministry of Communication and Digital Affairs (Komdigi) has made facial-recognition verification mandatory nationwide for new mobile registrations, replacing the system that matched a buyer's National Identity Number (NIK) and family card (Kartu Keluarga) against civil-registry data. Director General Edwin Hidayat Abdullah confirmed the mandate took full effect with "no more extensions after July 1, 2026," according to a report carried by the Indonesian National Police's public information portal Tribratanews.
This isn't an added check layered on top of the old one. Komdigi followed through by ordering the Directorate General of Population and Civil Registration to disable NIK/KK lookups for SIM registration entirely, according to trade publication MLex, after discovering some carriers were still activating subscribers without biometric verification days into the mandate. The fallback isn't paused for stragglers — it's being switched off. The rule is issued under Ministry of Communication and Digital Regulation No. 7 of 2026, branded internally as SEMANTIK, and requires facial data to be processed as encrypted templates rather than stored images, per Biometric Update.
The Trial Data Is Real, and It Looks Good
Skeptics of biometric mandates often point out that governments roll them out on faith, without evidence the technology works at scale. That objection doesn't fully apply here. Indonesia ran a five-month voluntary trial from January through April 2026 across its three largest carriers — Telkomsel, Indosat Ooredoo Hutchison, and XL Smart — registering roughly 1.4 million new numbers by facial recognition, per Indonesia's state news agency Antara. Verification took under two minutes, faster than the paperwork-heavy NIK lookup it replaces, and officials reported no customer complaints. Whatever one thinks of the policy, the underlying claim — that this system functions and that users tolerated it — has more grounding than most identity-tech mandates get before launch.
Steelmanning the Objection
The strongest case for the mandate is straightforward: Indonesia's NIK/KK system was trivially gameable. Fraudsters could register numbers against stolen or borrowed identity documents, and those numbers then fed phishing, loan-shark, and impersonation scams that Indonesian financial regulators have spent much of 2026 trying to contain. A verification method tied to a live face is harder to spoof at the point of sale than a photocopied ID card, and faster for legitimate customers besides. That is a real, evidence-backed improvement, not just a talking point.
But the objection from digital-rights groups isn't really about whether facial recognition works — it's about what happens once every mobile number in the country is cryptographically bound to a face on file with the state. Access Now has made this case against mandatory SIM registration broadly: "the potential for abuse and function creep is high, especially when it comes to the use of registration information for surveillance," and centralizing identity verification behind one government-linked database creates a single point of failure that becomes "a premium target for malicious actors." Privacy International has documented the same pattern across roughly 50 African countries with mandatory SIM registration as of 2019: registries built to fight fraud end up doubling as tools to identify who was calling whom, from where, at what time — a capability with obvious chilling effects on journalists, dissidents, and anyone whose identity documents don't match their lived reality.
Where the Line Actually Sits
The useful distinction here isn't "biometrics good" versus "biometrics bad" — it's between adding a stronger verification option and eliminating a weaker one. Indonesia's own safeguards are, on paper, reasonable: telecom operators serve only as verification channels rather than data custodians, biometric templates (not raw photos) are what's retained, and Komdigi says the system meets ISO 27001 and liveness-detection standards under ISO/IEC 30107-3. A user-facing portal to check which numbers are registered to one's identity, cited by Biometric Update, is a genuine accountability feature many jurisdictions lack.
What's disproportionate is Komdigi's decision to shut off the NIK/KK path rather than let it coexist as a slower, non-biometric option for people who decline facial capture — a group that in Indonesia plausibly includes exactly the populations Access Now and Privacy International flag as most exposed to surveillance risk. The Philippines took a comparably invasive approach with its 2022 SIM Registration Act, registering over 113 million cards by mid-2023 without a biometric requirement, per Wikipedia's sourced tally — proof that fraud reduction and universal verification don't strictly require a face-scan mandate with no opt-out.
Indonesia has built a technically competent system and gathered real evidence before scaling it — better practice than most governments manage. The remaining gap is optionality: publish an independent audit of the trial data, and restore a non-biometric verification path for those who ask for one, rather than treat foreclosure of the old system as the price of fighting SIM fraud.