The Urgency for Electronic System Provider Registration

The Ministry of Communication and Informatics Affairs (the MOCI) has recently issued Circular Letter No. 3 of 2022 on the Effective Date of Private ESP Registration (the Circular Letter). Pursuant to the Circular Letter, the MOCI has urged electronic system providers (ESP) to register their electronic system and obtain the Electronic System Provider Certificate (Tanda Daftar Penyelenggara Sistem Elektronik – TD PSE or ESP Certificate).?

What is this Circular Letter About?

The Circular Letter is intended as a confirmation and enforcement to the requirement for ESP registration for Private ESPs (as defined below).

Back in 2020, the Indonesian government enacted a regulation regarding the private electronic systems provider under MOCI Regulation No. 5 of 2020 on Electronic System Provider in the Private Sector, as amended by MOCI Regulation No. 10 of 2021 (MOCI Reg 5/2020) - as the implementing regulation of the Government Regulation No. 71 of 2019 regarding Implementation of Electronic System and Transaction (GR 71/2019).

MOCI Reg 5/2020 provides that a privately run ESP shall register as an ESP to the MOCI and obtain the ESP Certificate.

Who is This Requirement For?

Any private ESPs, (i) local Private ESPs and (ii) foreign Private ESPs.

GR 71/2019 and MOCI Reg 5/2020 defines “Electronic System” as series of electronic devices or procedures that functions to prepare, collect, process, analyze, store, display, announce, transmit, and/or disseminate electronic information; while an “Electronic System Provider” is defined as any person, state administrator, business entity, and community that provides, manages, and/or operates an Electronic System individually or jointly for Electronic System Users for their own needs and/or the needs of other parties.

GR 71/2019 distinguishes an ESP into two categories, as follows:

1. ESP in the public sector (Public ESP) – ESP that is run by the state administrator agency (legislative,
2. executive, and judiciary in central and regional levels and other institutions established by statutory regulations) or its appointed institution. The regulator and supervisor authorities in financial sector are exempted; and
3. ESP in the private sector (Private ESP) – ESP that is run by an individual, legal entity, business entity, and community.

MOCI Reg 5/2020 further implicitly classifies Private ESPs into (i) a local Private ESP – ESPs established in and under the laws of Indonesia and (ii) foreign Private ESP – ESPs established under foreign jurisdictions.?

Under MOCI Reg 5/2020, foreign Private ESPs that falls under the following criteria is required to obtain the ESP Certificate:

1. Offers its services in Indonesia;
2. Conducts its business in Indonesia; and/or
3. Its electronic system is being used and/or offered in Indonesia.

Based on the foregoing, any foreign platform, application and/or websites that are accessible from and used in Indonesia is required to be registered as an ESP.

How do Private ESPs Comply with This Requirement?

The application of the ESP Certificate is conducted through the Online Single Submission (OSS) system run by the Ministry of Investment of Republic of Indonesia (previously known as Indonesia Investment Coordinating Board, Badan Koordinasi Penanaman Modal) (MOI).

The Private ESP shall register as an ESP to the MOCI via the OSS system if the Private ESP falls under the following categories:

1. Electronic System Provider which is regulated or supervised by the Ministry or Agency based on the provisions of laws and regulations; and/or
2. Electronic System Provider which has online portals, sites, or apps through the internet used for:
3. providing, managing, and/or operating the offer and/or trade of goods and/or services;
4. providing, managing, and/or operating financial transaction services;
5. delivering paid digital material or content through data network either by downloading through a
6. portal or website, delivery through electronic mail, or through other apps to the Subscriber’s
7. device;
8. providing, managing, and/or operating communication services, including but not limited to short
9. messages, voice calls, video calls, electronic mail, and online conversations in the form of digital
10. platforms, networking services and social media;
11. search engine services, services for providing Electronic Information in the form of text, sound,
12. image, animation, music, video, film and game or a combination of part and/or all of them; and/or
13. processing Private Data for public service operational activities related to Electronic Transaction
14. activities.

Currently, foreign ESP registration may be conducted through OSS-RBA at https://oss.go.id with detailed

procedures and contact information at https://komin.fo/pendaftaranpseprivat. When Should Private ESPs Register to the Authorities?

Before or no later than 20 July 2022.

In August 2021, the Indonesian government introduced a new licensing system based on a risk-based mechanism known as the OSS-RBA. MOCI Regulation No. 10 of 2021 provides a grace period for the registration of Private ESP to be conducted at the latest six (6) months upon the risk-based approach licensing becoming effective through the OSS system. The Circular Letter further stipulates that the ESP registration through the OSS-RBA is effective from 21 January 2022 – hence the 20 July 2022 deadline.

Any Private ESPs that have obtained the ESP Certificate prior to the enactment of MOCI Reg 5/2020 is required to re-register themselves through the OSS-RBA.

Why is it Relevant Just Now?

Prior to 21 January 2022, the system that manages foreign ESP registration was still under construction and synchronization, and was yet to be operational - until recently.

What are the Repercussions of Non-Compliance??

Private ESPs will be subject to administrative sanctions, the pinnacle of which is access blocking to their electronic system, e.g., platform, application, website.

****

This client brief is not intended to serve as and should not be relied on as legal advice or as a substitute for legal advice in individual cases. If you have any questions or concerns about any of the above issues, please reach out to Naufal Fileindi at [email protected] or Eliza Anggasari at [email protected] or Benediktus Febriasto at [email protected] to obtain more elaborate advice.?

Naufal Fileindi

Partner

[email protected]?

Naufal is a Partner at Guido Hidayanto & Partners and leads the firm's digital technology, data protection and privacy, and Intellectual Property group.

Naufal handles general corporate, advisory, and mergers and acquisition matters. He has acted for leading global and multinational companies on their corporate restructuring, transactions and advisory relating to e-commerce, technology and media, data protection and privacy. He also handles plantation and forestry, renewable energy, real estate, and employment matters, and have represented several real estate and major plantation companies.

Naufal graduated from Universitas Indonesia and was honored as the Best Outstanding Student in 2010. He is an Indonesian licensed lawyer and a member of Peradi. He is a certified Data Protection Officer and is also certified as a Qualified Risk Governance Professional (QRGP).

Naufal is selected as one of the Super 50 TMT Lawyers in Asia 2022 by Asia Legal Business.?

Eliza Anggasari

Associate

[email protected]?

Benediktus Febriasto

Associate

[email protected]?