Indonesia: President signed Regulation Concerning Child Protection Governance in Electronic System Administration including age verification requirement

On 28 March 2025, the President signed the Regulation Concerning Child Protection Governance in Electronic System Administration. The regulation mandates Electronic System Operators (ESOs) to verify the age of users accessing Products, Services, and Features, based on minimum age and age range classifications detailed in Article 20, namely: 3–5 years, 6–9 years, 10–12 years, 13–15 years, and 16–17 years. Verification mechanisms must be aligned with these ranges and proportionate to the risks posed to children’s rights. ESOs must ensure data minimisation, limiting processing strictly to age verification purposes, and must delete verification data once objectives are met, unless retention is legally required. The process must safeguard privacy and personal data, particularly for children, and include technical protections against unauthorised access or data breaches. ESOs must provide users with accessible means to contest or correct identified ages and ensure inclusivity for users with protected characteristics. Where age verification cannot be reliably executed, ESOs are obligated to apply default protective measures to all users. The level of verification assurance must correspond to the risk profile of the Product, Service, or Feature being accessed. Verification is mandatory where account registration is required, and parental consent is also required based on age and risk level.