Indonesia Indonesia platform regulation PSTE

Indonesia Widens Its Registration Dragnet From Netflix to Hotel Chains and Airlines

Komdigi's final warning to 22 unregistered platforms shows Indonesia's PSE regime hasn't loosened since 2022 — it has broadened to ordinary global businesses.

Indonesia's PSE Enforcement Wave, July 2026 People of Internet Research · Indonesia 22 platforms warned Final written warnings issued afte… Jul 13 blocking deadline Access-blocking sanctions apply fr… 8 platforms blocked in 2022 Yahoo, Steam, PayPal and others un… 2020 regulation year Permenkominfo 5/2020 is the legal … peopleofinternet.com
Indonesia's PSE Enforcement Wave, July… People of Internet Research · Indonesia 22 platforms warned Jul 13 blocking deadline 8 platforms blocked in 2022 2020 regulation year peopleofinternet.com

Key Takeaways

Indonesia's Ministry of Communication and Digital Affairs (Komdigi) has issued final written warnings to 22 foreign and domestic digital platforms — including Accor, Qatar Airways, Qantas, ANA, and Strava — threatening to cut off access starting July 13, 2026 if they do not complete registration as Private Scope Electronic System Operators, or PSE. Director General Alexander Sabar framed the letters as a last opportunity: "Melalui surat peringatan ini, kami memberikan kesempatan kepada PSE untuk segera memenuhi kewajiban pendaftaran" — through this warning, PSEs are given a chance to meet their registration obligation before enforcement follows (komdigi.go.id via Katadata).

The list, drawn from an original notification to 25 operators on July 1, spans airlines (Qatar Airways, Qantas, ANA), hospitality groups (Accor's Raffles and Pullman brands, Banyan Tree, Best Western, Barceló, Ascott, Hotel Indonesia Group), and consumer apps (Strava, plus education platforms Kodland and Stimuler). Three companies — Strava, PT Ayo Indonesia Maju, and Six Senses — have already begun the registration process and dropped off the enforcement track (Suara.com).

The Legal Machinery Behind the Threat

The warnings enforce Ministerial Regulation No. 5 of 2020 on Private Scope Electronic System Operators (Permenkominfo 5/2020), which requires any electronic system serving Indonesian users — commerce, communications, content, or booking platforms — to register through the government's OSS portal before the ministry treats it as compliant (JDIH Komdigi, official regulation text). The regulation sets a graduated sanction ladder — written warning, temporary suspension, then pemutusan akses (access blocking) — and, in its most severe form, registration-certificate revocation. Registration status can be checked through Komdigi's public portal, pse.komdigi.go.id (Komdigi PSE registration portal).

This is not a new posture. In July 2022, Komdigi briefly blocked Yahoo, Steam, PayPal, and several gaming platforms under the same regulation after they missed a registration deadline; roughly 200 foreign and 8,000 domestic operators had already registered by that point, and most of the blocked names complied within days and were restored (The Jakarta Post). What's changed in 2026 is the target list: instead of consumer tech platforms, Komdigi is now chasing airlines and hotel chains — companies whose Indonesia-facing presence is a booking site or loyalty app, not a core product line, and whose compliance teams may simply not have PSE registration anywhere near the top of a global regulatory queue.

The Case for the Rule

Komdigi's underlying argument is not baseless. A registration regime that requires any platform doing business with Indonesian consumers to name a local point of contact is standard practice in many jurisdictions — the EU's Digital Services Act imposes similar legal-representative requirements on non-EU platforms. Registration also gives Indonesian consumers a domestic recourse channel when a foreign booking platform mishandles a payment dispute or a data breach, and it lets regulators enforce consumer-protection and tax obligations that are otherwise difficult to reach across borders. A government with 280 million citizens and a fast-growing digital economy has a legitimate interest in knowing who is doing business inside it.

The problem is what registration is bundled with. Permenkominfo 5/2020 does not stop at a compliance mailbox — it obliges platforms to give Indonesian authorities access to user data and system information for law-enforcement and monitoring purposes, and requires takedown of content deemed to "disturb public order" within 24 hours, or four hours for urgent categories (Freedom House, Freedom on the Net). Indonesian civil society groups have long argued this converts a routine business-registration requirement into a lever for content control and surveillance that reaches far beyond what registering a local contact should require.

Why the Target List Matters

Applying an identical enforcement track to Qatar Airways' booking site as to a messaging app illustrates the proportionality gap. A social platform or e-commerce marketplace processes exactly the kind of user content and personal data the regulation's sanctions regime was built to police. An airline's Indonesia-facing web presence is overwhelmingly a payment and itinerary interface — the same compliance apparatus, including the data-access and takedown obligations, attaches regardless. Indonesia is not wrong to want foreign businesses accountable to a local address. It is on much weaker ground demanding that a hotel loyalty app accept the same content-surveillance conditions as a search engine, simply because both happen to fall under one 2020 rule written for a different generation of platforms.

The better model is closer to what the EU and UK have built: tiered obligations scaled to a platform's reach and risk, with light-touch registration for low-risk commercial sites and heavier content and data obligations reserved for platforms that actually host user-generated speech at scale. Until Komdigi narrows that gap, each new blocking wave — however procedurally justified — will keep reading as a blunt instrument used because it is the only one on hand, not because it fits the target.

"Seluruh PSE Lingkup Privat wajib mematuhi ketentuan yang berlaku" — all private-scope PSEs are obligated to comply with applicable provisions. — Alexander Sabar, Komdigi Director General

Sources & Citations

  1. Komdigi warning coverage (Katadata)
  2. Komdigi warning coverage (Suara.com)
  3. Permenkominfo 5/2020 official regulation text (JDIH Komdigi)
  4. Komdigi PSE registration portal
  5. The Jakarta Post: 2022 blocking of Yahoo, Steam, PayPal
  6. Freedom House: Freedom on the Net, Indonesia