Indonesia: Government Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection including data protection regulation enters into force

On 27 March 2027, Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection enters into force following the conclusion of the two-year transition period that began on 27 March 2025. Under this regulation, Electronic System Operators (ESOs) are mandated to ensure personal data protection for children defined as individuals under 18 years of age. The data protection requirements include the mandatory implementation of a data protection impact assessment prior to the processing of children's personal data, parental or guardian consent as a prerequisite for data collection and usage, and the designation of a data protection officer responsible for safeguarding children’s data. The regulation prohibits profiling and unauthorised geolocation tracking of children and imposes limits on the collection and processing of data solely for age verification purposes. Additionally, ESOs must apply default high-privacy settings and offer children and parents accessible mechanisms for data correction, complaint submission, and objection to age-detection decisions. Risk-based classification of digital products, services, and features is enforced, where high-risk profiles trigger mandatory Ministerial verification and stricter data handling obligations.