The Notice
On June 26, 2026, Indonesia's Ministry of Communication and Digital Affairs (Komdigi) sent formal notification letters to 25 Private Scope Electronic System Operators (PSEs) — 15 foreign entities and 10 domestic ones, covering 57 websites and applications — warning them to complete registration under Peraturan Menteri Komunikasi dan Informatika No. 5/2020 by July 3, 2026 or face access blocking. The list, published by Komdigi, includes Strava, Qatar Airways, Qantas Airways, Accor, ANA Holdings, Best Western, Banyan Tree, IHG's Six Continents Hotels, and a cluster of smaller domestic hotel and app operators. Teguh Arifiyadi, Komdigi's Director of Supervision, Certification and Electronic Transactions, framed the move as routine: "Registration ensures digital governance remains orderly, secure, and accountable," he said, adding that non-compliance would trigger warning letters followed by administrative sanctions, including blocking.
The Legitimate Case for Registration
Komdigi's underlying demand is not unreasonable on its face. PM 5/2020, enacted November 24, 2020, requires private-sector electronic system operators — e-commerce platforms, payment services, communications tools, search engines, and content platforms — to register through Indonesia's online licensing system, maintain a point of contact reachable by regulators, and submit to data-access requests tied to law enforcement and consumer-protection supervision. A government that cannot identify who operates a service inside its borders, or reach anyone when a consumer complaint or fraud investigation arises, has a real accountability gap. Other jurisdictions solve the same problem with local-representative mandates — the EU's Digital Services Act and GDPR both require non-EU platforms to designate an accountable contact in the bloc. Indonesia asking a global airline or hotel chain selling directly to Indonesian consumers to file basic registration paperwork is, in principle, a modest ask.
Where the Enforcement Tool Outruns the Problem
The proportionality issue is not the registration requirement itself — it's the enforcement instrument attached to it. A seven-day window between notice and blocking gives a airline with a compliance team spread across multiple legal jurisdictions and a national aviation regulator relationship almost no time to route a registration request through internal legal review. Qantas and Qatar Airways are not the kind of actors PM 5/2020's content-moderation and data-governance provisions were written to target — they are essential travel infrastructure whose booking and check-in systems Indonesian travelers rely on directly. Blocking access to an airline's website over a missed registration filing punishes the Indonesian consumer trying to book or manage a flight far more than it punishes the airline, which can absorb the reputational cost and route around the block far more easily than a traveler stranded without access to their itinerary.
The 2022 Precedent Indonesia Is Repeating
This is not Komdigi's first attempt at this playbook, and the last one is instructive. Ahead of a July 21, 2022 registration deadline under the same PM 5/2020, Kominfo (as the ministry was then named) blocked PayPal, Yahoo, Steam, Epic Games, Dota, CS:GO and Origin.com for non-compliance, with the blocks taking effect July 29–31, 2022, as reported by The Register. The backlash was immediate — gamers and freelancers who depended on PayPal for income protested loudly enough that the ministry restored PayPal access within five days, and according to a tracking entry from Digital Policy Alert, the broader blocking directive was reversed entirely by August 6, 2022 — roughly a week after it took effect. The lesson from that episode was not that registration enforcement lacks teeth; it's that blanket, short-fuse blocking orders against widely used consumer services generate enough public pressure that the government backs down, leaving the underlying compliance problem unresolved and the enforcement threat itself less credible the next time it's issued.
What Proportionate Enforcement Would Look Like
Komdigi does not need to abandon PM 5/2020 to fix this. A risk-tiered approach — longer cure periods for multinational operators with documented registration efforts underway, sanctions scaled to whether a service is a low-risk utility (a fitness-tracking app) versus a systemically relied-upon one (an airline's booking portal), and published, predictable timelines rather than one-off notification letters — would achieve the accountability goal without recreating 2022's pattern of blocking, backlash, and retreat. As it stands, a one-week ultimatum aimed at Strava, Qantas and Qatar Airways looks less like a durable regulatory framework and more like a press-release deadline that both Komdigi and the companies involved have reason to expect will be renegotiated before it bites.