Artificial Intelligence Guide Questions - Indonesia

1. What are your country's legal definitions of “artificial intelligence”?

As of the writing of these responses, there are no specific regulations governing artificial intelligence (“AI”) in Indonesia. However, Law No. 11 of 2008 on Electronic Information and Transactions, as lastly amended by Law No. 1 of 2024 (“EIT Law”) is specific in describing AI as an “Electronic Agent”. This identification is based on the fact that there is a congruence in an AI's conduct with the automation of information processing. Article 1 (8) of EIT Law further defines an Electronic Agent as any device in an electronic system constructed to conduct automation to provide or process certain information as instructed and designated by an individual.

Other clear definitions of AI are provided in non-binding instruments issued by sectoral authorities in Indonesia. The Ministry of Communication and Informatics (“MoCI”) issued Circular Letter No. 9 of 2023 on Artificial Intelligence Ethics (“MoCI CL 9/2023”), which defines AI as a form of programming on a computer device that carries out precise data processing and/or data analysis. The Financial Services Authority (Otoritas Jasa Keuangan or “OJK”) has also issued Guidelines on Responsible and Trustworthy of AI in the Financial Technology Industry (“OJK AI Guidelines for P2P Company”), which emphasizes that AI is a combination of computer science, technological machine learning, and big data to perform, solve, and provide solutions for certain problems.

 

2. Has your country developed a national strategy for artificial intelligence?

Yes, the Indonesian government through the Agency for the Assessment and Application of Technology (Badan Pengkajian dan Penerapan Teknologi or “BPPT”), together with other government institutions, universities, associations, organizations, and experts have developed the Indonesian National Strategy on Artificial Intelligence (Strategi Nasional Kecerdasan Artifisial Indonesia or “Stranas KA”), which was launched on 10 August 2020.

Generally, Stranas KA serves as a comprehensive roadmap of national policy for advancing AI technology in Indonesia for 25 years, from 2020 until 2045. The main purpose of this national strategy is to ensure that the development and utilization of AI technology is aligned with national interests and acted accordingly with ethical responsibility based on the Indonesian state values and principles. Overall, Stranas KA outlines the ethics and policies on utilizing AI, data, and infrastructure aspects, etc., with specific attention to the key focus areas and priority sectors. In addition, it also provides lists of statistical data that portray the correlation between the utilization of AI technology and Indonesia’s situation, such as the state of natural and human resources. With the presence of Stranas KA, the Indonesian government and other stakeholders are strongly expected to be competent and willing to develop a legal framework regarding AI that aligns with Indonesia’s National Interest.

 

3. Has your country implemented rules or guidelines (including voluntary standards and ethical principles) on artificial intelligence? If so, please provide a brief overview of said rules or guidelines. If no rules on artificial intelligence are in force in your jurisdiction, please (i) provide a short overview of the existing laws that potentially could be applied to artificial intelligence and the use of artificial intelligence, (ii) briefly outline the main difficulties in interpreting such existing laws to suit the peculiarities of artificial intelligence, and (iii) summarize any draft laws, or legislative initiatives, on artificial intelligence.

In addition to EIT Law as elaborated in Point 1, Indonesia has also implemented regulations, voluntary standards, and ethical principles related to the use of AI technology. For your reference, please refer to the following points in a short description of the implemented regulations in the utilization of AI:

a) Law No. 27 of 2022 on Personal Data Protection (“PDP Law”): It is important to note that the utilization of AI will be closely related to the processing and control of personal data. An Electronic System Operator, as the party responsible for the creation and operation of AI as Electronic Agent, must comply with PDP Law, regulating the person’s rights and obligations as of the controller.

For instance, in carrying out its activities, an Electronic Agent Operator must fulfil their obligations in processing the personal data, such as obtaining the consent, protecting the vital interests, and meeting other legal obligations based on the applicable laws deemed appropriate for the purposes of the Electronic Agent Operator in processing and controlling personal data (Article 20 (2) of PDP Law).

b) Government Regulation (“GR”) No. 71 of 2019 on Organization of Electronic Systems and Transactions (“GR 71/2019”): As the implementing regulation of EIT Law, GR 71/2019 stipulates procedures that Electronic Agent Operators should comply with. Article 39 of GR 71/2019 states that in carrying out activities involving an Electronic Agent or AI, an Electronic Agent Operator must comply with the general principles, such as (i) providing the precautions, (ii) securing and integrating the system of information technology, (iii) maintaining the security control over the electronic transactions, (iv) maintaining the efficient and effective cost, and (v) providing the consumer protection.

c) MoCI CL 9/2023: This regulation outlines ethical values that must be applied by operators and users in carrying out AI-based programming activities. Generally, MoCI CL 9/2023 serves as a guideline for the implementation of AI activities in compliance with the existing laws. Under MoCI CL 9/2023, implementation of AI should consider (i) inclusivity, (ii) humanity, (iii) security, (iv) accessibility, (v) transparency, (vi) credibility and accountability, (vii) protection of personal data, (viii) sustainable development and environmental considerations, and (ix) respect towards intellectual property rights.

d) OJK AI Guidelines for P2P Companies: This guideline is imposed on operators of P2P Companies. A P2P lending provider that utilizes AI technology must adhere to the basic principles, such as (i) aligning with the nation’s interests and upholding the ethical responsibilities, (ii) optimizing the beneficial use of AI, (iii) prioritizing the fair and accountable use of AI through validity, accuracy, fairness, and nondiscrimination, (iv) maintaining transparency in AI processing, and (v) having an adequate system security.

Please note that OJK AI Guideline for P2P Companies and MoCI CL 9/2023 are not legally binding. They only serve as the soft laws, meaning they are not legally binding as statutory laws and regulations, because they are not subject to the hierarchy of laws and regulations in Indonesia. The content of these instruments do not constitute legal norms but merely explanations and/or instructions on how to implement certain matters (i.e., AI) in the appropriate manner.

Having regard to the above position, we note that within the Indonesian regulatory regime, the regulations on AI primarily focus on the operators (i.e., Electronic Agent Operators), while they do not take into account the fact that AI is closely associated with programs that can be performed on their own in the operation of big databases without the operators for the inputs/commands. This poses significant challenges in determining the burden of proof and accountability in the utilization of AI in Indonesia, as technological advances have demonstrated autonomy in newer forms of AI.

 

4. Which rules apply to defective artificial intelligence systems, i.e. artificial intelligence systems that do not provide the safety that the public at large is entitled to expect?

Although no regulations specify the required steps that must be taken by an Electronic Agent Operator in the occurrence of failure or defect in the AI or Electronic Agent system, according to Article 40 (1) paragraph (g) of GR 71/2019 states that an Electronic Agent Operators are obliged to establish the necessary procedures to reduce the impact of (i) incidents, (ii) fraud, and (iii) failures or defects in the systems they own and operate.

Failure to comply with this provision will make the Electronic Agent Operator subject to administrative sanction(s) in the form of warning letters, fines, temporary suspension, access termination, and/or being delisted from the Indonesian government’s company registry (Article 100 of GR 71/2019).

5. Please describe any civil and criminal liability rules that may apply in case of damages caused by artificial intelligence systems.

Criminal Liability: An Electronic Agent Operator can be subject to criminal sanctions under EIT Law. For instance, if an Electronic Agent Operator intentionally commits a criminal act that results in the disclosure of confidential information and/or documents to the public, the operator may become subject of an up to 10 years imprisonment and/or an up to IDR 5 billion fine. (Article 48 (3) jo Article 32 (3) of EIT Law). As Electronic Agent Operators are also deemed as data controllers, criminal sanctions can be imposed on them for intentionally breaching PDP Law, with regard to any incidents caused by AIs as Electronic Agents. Based on Article 67 (2) of PDP Law, a controller and/or processor who intentionally or unlawfully discloses personal data shall be punished with a maximum 4 years imprisonment and/or IDR 4 billion fine.

Civil Liability:

On the other hand, Indonesian law does not specifically regulate civil liability for any damages caused by AI or Electronic Agent Operators. Generally, based onArticle 1365 of the Indonesian Civil Code (“ICC”), any party committing acts-of-tort (causing damages to a third party) is obliged to provide compensation. The elements that determine the existence of tort are identified as follows:

a. There is an unlawful act. According to Indonesian Law, an unlawful act refers to any act, which violates the written or unwritten law (i.e. norms and decency);

b. There is fault. Fault can be on purpose or the result of negligence;

c. There are damages. The unlawful act causes material and/or immaterial injury or damages to another party; and

d. There is causality. The act directly correlates with the tortuous result

Administrative Sanction

Generally, the government can impose administrative sanctions on an AI or Electronic Agent Operator for violating certain provisions of the law. Under Article 100 (2) of GR 71/2019, an AI or Electronic Agent Operator that violates the standard operating procedure, and does not comply with the principles of data security in electronic transactions can be subject to administrative sanctions, in the form of:

(a) a written warning;

(b) administrative fines;

(c) temporary suspension;

(d) termination of access; and/or

(e) delisting from the government’s company registry.

If an Electronic Agent is held liable for failing to protect personal data during the data processing, the administrative sanctions may be in the form of:

(a) written warnings;

(b) temporary suspension of personal data processing activities;

(c) erasure or destruction of personal data; and/or

(d) administrative fines.

(Article 57 (1) and (2) of PDP Law)

 

To read the full article, please click here.


The article above was prepared by Marshall Situmorang (Partner)Audria Putri (Senior Associate) and M. Irfan Yusuf (Associate).

Disclaimer: The information herein is of general nature and should not be treated as legal advice, nor shall it be relied upon by any party for any circumstance. Specific legal advice should be sought by interested parties to address their particular circumstances.