Foreign Electronic System Operator Registration: Explained

Issue 1, January 2026

Indonesia regulates electronic systems based on their impact when accessed or used within its territory. As a result, foreign digital businesses (including foreign e-commerce apps, such as electronic system operators, "Foreign ESOs") may be subject to Indonesian regulatory obligations even when they operate entirely offshore and have no physical presence in Indonesia. This requirement has been actively enforced in recent years, and non-compliance may result in consequences such as access blocking.

This Advisory sets out a concise overview of the Foreign ESO registration regime, focusing on when registration is required, which entity within a business or group is responsible for registration, and the implications of registering, or failing to register, under Indonesian law.

1.    Who are Foreign ESOs?

According to ESO Regulations[1], private ESOs are individuals, legal entities and members of the public that are regulated or supervised by the relevant ministry or institution according to the prevailing laws and regulations, and that operate internet portals, sites or applications through which they engage in:

a. the provision, management and operation of goods and services and trading;

b. the provision, management or operation of financial transaction services;

c. the delivery of materials or paid digital content through data networks, by downloading these through portals or sites, their delivery through e-mail or through other applications to users’ devices;

d. the provision, management and operation of communications services, including but not limited to, text messages, voice calls, video calls, e-mails, online chats in the form of digital platforms, networking services and social media;

e. the provision of search engines, electronic information in text, audiovisual, animation, music, video, film and game form or any combination of the above (either partly or wholly); and/or

f. the processing of personal data for the operation of public services related to electronic transaction activities.

Under ESO Regulations, private ESOs must be registered with the Ministry of Communication and Digital Affairs (“MOCDA”) before being made available in Indonesia. The registration obligation also applies to Foreign ESOs, i.e. parties that are is established under the laws of another country or permanently domiciled in another country, but meet the following criteria:

a. they provide services within the territory of Indonesia;

b. they do business in Indonesia; and/or

c. their electronic systems are used or offered in Indonesia.

Based on the above classifications, foreign parties operating electronic systems such as e-commerce, messaging, social media and gaming applications, even though these platforms may be managed overseas, are subject to ESO registration requirements, so long as the platforms are available in Indonesia. Specifically for foreign e-commerce, please note that it may also be required to establish an Indonesian Trading Representative Office (Kantor Perwakilan Perusahaan Perdagangan Asing di bidang Perdagangan melalui Sistem Elektronik – KP3A Bidang PMSE) if they meet the criteria set out by the Ministry of Trade.


2. Who must Register?

In practice, there can be uncertainty as to which entity within a group structure is required to register as an ESO, particularly where system operations are outsourced or operated by a regional or local affiliate.

In this case, from a strict interpretation of the ESO Regulations, the obligation to register as an ESO lies with the owner of the electronic system. The relevant assessment focuses on legal ownership and control over the system, rather than who performs the day-to-day technical or operational functions. The Foreign ESO, as the system owner, should therefore be recorded as the registered ESO.

3. Where to Register?

Registration is conducted through the Online Single Submission (OSS) system, https://oss.go.id/id, by completing the registration form with detailed information regarding both the Foreign ESO as well as the electronic system itself, among others:

Foreign ESO Details                                                      

a. the identity of the foreign private ESO;

b. the identity of the company’s management or person in charge;

c. the certificate of domicile and certificate of incorporation (translated to Indonesian language by a sworn translator);

d. the number of users in Indonesia; and

e. the value of transactions originating in Indonesia. 

Electronic System Details

a. a general description of the electronic system’s operation including:

i. the name of the electronic system;

ii. the sector of the electronic system (the options of which are provided by the OSS system);

iii. the URL website;

iv. the domain name system and/or IP server address;

v. a description of the business model;

vi. a brief description of the electronic system’s function and business process;

vii. information about the personal data (of Indonesian users) processed;

viii. information about the location of the management, processing and storage of the electronic system and electronic data; and

ix. a statement to the effect that the ESO guarantees it will comply with the obligation to provide access to the electronic system and electronic data to ensure the effectiveness of supervision and law enforcement in accordance with the prevailing laws and regulations (see further explanation in No. 4);

b. the obligation to ensure that its information security complies with the prevailing laws and regulations;

c. the obligation to protect personal data in accordance with the prevailing laws and regulations; and

d. the obligation to conduct an electronic system feasibility test in accordance with the prevailing laws and regulations.

Once a Foreign ESO has successfully registered, the MOCDA, through the OSS system, will issue evidence of registration, which will be valid indefinitely unless the ESO violates any provisions under the relevant regulations.

4.    General Post-registration Obligations under ESO Regulations

a.    Handling of Prohibited Electronic Information or Documents

Private ESOs are responsible for the organization of their electronic systems and the management of electronic information and electronic documents in their electronic systems in a manner that is reliable, safe and responsible. Private ESOs must also ensure that their electronic systems do not contain or facilitate the dissemination of prohibited electronic information or documents

b.    Access to Electronic Systems and Electronic Data for Government Authorities

For supervision and law enforcement, Indonesian ministries, institutions and law enforcement agencies can request access to a Foreign ESOs’ electronic system and electronic data, and the Foreign ESO must provide access upon receipt of a request from a government authority. For this, Foreign ESOs must appoint at least one liaison officer, an individual will suffice, who is domiciled in Indonesia to be in charge of handling requests for access from the Indonesian government.

c.    Requests for the Termination or Normalization of Access

Foreign ESOs are required to take down prohibited electronic information and documents, including those that can facilitate the dissemination of prohibited content. Members of the public, ministries, institutions, law enforcement, and the judiciary can submit requests for the taking down of access to prohibited electronic information and documents.

Upon instructions from the MOCDA, the Foreign ESO must process the termination of access order within 24 hours of receiving the instruction, or if the content requires urgent action (e.g. materials related to child pornography or terrorism, or materials likely to threaten public order), within four hours of receiving the instruction.

d.    Personal Data Protection

Foreign ESOs that process personal data must comply with the applicable personal data regulations in Indonesia, which includes acquiring, collecting, processing, analyzing, storing, displaying, publishing, transmitting, distributing or deleting personal data.

5.    Related Sanctions

If a registered Foreign ESO fails to comply with the ESO Regulations, it may have the following administrative sanctions imposed on it:

a. a written warning (through e-mail or other electronic media);

b. a fine;

c. a temporary suspension of its business (which we believe would be more relevant to domestic ESOs, not Foreign ESOs);

d. the revocation of the organizer’s registration (through e-mail or other electronic media); and

e. the blocking of access to its electronic system.

For unregistered Foreign ESO, in practice, they typically take the form of administrative measures, including requests for content removal, orders to register as an ESO, and the blocking of access to electronic systems.

A Foreign ESO, whether registered or not, whose access to the electronic system has been blocked can submit a request for normalization to the MOCDA to restore access to the electronic system.

 -----

Click the "download file" button to read the PDF version.

If you have any questions, please contact:

1. Maria Sagrado, Managing Partner – maria.sagrado@makarim.com
2. Budhy Apriastuti Evita, Senior Associate – budhy.apriastuti@makarim.com
3. Kaila Arinta Nazneen, Associate – kaila.nazneen@makarim.com

_{M&T Advisory is a digital publication prepared by the Indonesian law firm, Makarim & Taira S. It informs generally on the topics covered and should not be treated as legal advice or relied upon when making investment or business decisions. Should you have any questions on any matter contained in M&T Advisory, or other comments in general, please contact us at the emails provided at the end of this article.}