Indonesia is preparing to swap a non-binding circular letter for a binding Presidential Regulation (Perpres) on artificial intelligence — a transition that will reshape how a 270-million-person digital economy governs algorithmic systems. The Ministry of Communication and Digital Affairs (Komdigi), led by Minister Meutya Hafid, has been advancing the draft to give regulators enforcement teeth that the 2023 Circular Letter No. 9 on AI ethics never had, while layering AI-specific obligations on top of the existing electronic systems operator (PSE) framework under Government Regulation 71/2019.
The move is overdue, but the details will matter enormously. Indonesia's AI ambitions, codified in the National AI Strategy (Stranas KA) 2020–2045, depend on a regulatory environment that attracts capital, allows experimentation, and avoids importing the worst features of heavier regimes elsewhere. Done well, the Perpres can lock in trust without strangling a fragile but promising domestic AI sector. Done poorly, it risks pushing Indonesian developers offshore and entrenching the dominance of better-resourced foreign incumbents.
From soft guidance to hard law
Circular Letter No. 9 of 2023, issued by Komdigi's predecessor Kominfo, set out broad ethical principles — inclusivity, security, accountability, human-centricity — that AI developers and electronic system operators were "urged" to follow. As soft law, it carried moral weight but no penalties. Companies could nod at it in policy documents and move on.
The Perpres changes that posture. As a Presidential Regulation, it sits squarely in the hierarchy of binding Indonesian legal instruments, below statutes but with direct enforceability. It is also being designed to interlock with PP 71/2019 — the workhorse regulation that defines how private electronic system operators (PSE Privat) must register with the government, classify content, and respond to takedown requests. Bringing AI under this umbrella means model providers, deployers, and platforms hosting generative outputs will likely face registration, transparency, and possibly content-moderation obligations specific to AI systems.
Building on a flawed but functional base
The PSE framework is not without controversy. The 2022 enforcement push that briefly blocked PayPal, Yahoo, and other major services for missing registration deadlines was a reminder that broad ministerial powers, applied bluntly, can damage user welfare. Civil society groups including SAFEnet have warned that grafting AI rules onto this base risks compounding those concerns — particularly if takedown obligations extend to AI-generated content without clear due-process safeguards.
Yet there is a credible path that avoids these pitfalls. Indonesia's regulators have shown they can take a more graduated approach when the politics allow: the Personal Data Protection Law (UU PDP), passed in 2022, broadly tracks GDPR principles while building in a long transition period and a phased enforcement design. A similar instinct should guide the AI Perpres.
What a pro-innovation Perpres looks like
Three design choices will determine whether the regulation accelerates or slows Indonesia's AI ecosystem:
- Risk tiering, not blanket rules. The EU AI Act's risk-based architecture — light obligations for most systems, heavy ones only for genuinely high-risk uses like critical infrastructure or biometric identification — is the right starting point. Applying the same compliance burden to a chatbot startup and a medical diagnostic system is a recipe for regulatory failure.
- Carve-outs for research and open source. Indonesia's universities and a growing community of Bahasa-language model developers are still early in their work. Mandatory pre-deployment certification for every model would foreclose the very ecosystem Stranas KA hopes to build.
- Interoperability with ASEAN. The ASEAN Guide on AI Governance and Ethics, endorsed in early 2024, took a deliberately light-touch, principles-based approach. Indonesia, as ASEAN's largest economy, sets the tone — a domestic regime that diverges sharply from the regional guide risks fragmenting the bloc's digital market.
The geopolitical context
Indonesia is regulating AI at a moment when the global landscape is bifurcating. The EU AI Act is now in force and being interpreted; the US under the current administration has pulled back from prescriptive federal AI rules; China continues its assertive, content-focused approach via the Cyberspace Administration. Smaller jurisdictions are choosing sides — or, more accurately, choosing influences.
Indonesia's pragmatic instinct, visible in both its data protection law and its broader digital economy strategy, has historically been to borrow selectively. The Perpres should continue that tradition: import the EU's risk-tiered scaffolding without its scope creep, adopt Singapore's emphasis on voluntary frameworks and sandboxes where possible, and resist the temptation to use AI rules as a vehicle for the kind of broad content control that has periodically drawn criticism of the PSE regime.
Why proportionality matters now
Indonesia's domestic AI sector is small but growing. A handful of startups are building Bahasa-language models, AI-powered fintech, and agritech applications suited to local conditions. None of them have the legal teams or compliance budgets of OpenAI or Google. A heavy Perpres — particularly one that requires pre-market approval or extensive impact assessments for general-purpose models — would not stop foreign AI from reaching Indonesian users. It would simply ensure that only foreign AI reaches them.
The right test for Komdigi's draft is whether an Indonesian founder, reading the regulation, would still want to build an AI company in Indonesia. If the answer is no, the rules need rewriting before they are signed. The opportunity to get this right — to give Indonesia a credible, enforceable AI regime that does not foreclose its own innovation ambitions — is still open. It will not stay open for long.