Indonesia: Government Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection including age verification requirement entered into force with grace period

On 27 March 2025, the Government of Indonesia Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection entered into force with a grace period. According to Article 49, all relevant parties must adjust their operations to comply with the regulation within two years of its enactment. The regulation mandates Electronic System Operators (ESOs) to verify the age of users accessing Products, Services, and Features, based on minimum age and age range classifications detailed in Article 20, namely: 3–5 years, 6–9 years, 10–12 years, 13–15 years, and 16–17 years. Verification mechanisms must be aligned with these ranges and proportionate to the risks posed to children’s rights. ESOs must ensure data minimisation, limiting processing strictly to age verification purposes, and must delete verification data once objectives are met, unless retention is legally required. The process must safeguard privacy and personal data, particularly for children, and include technical protections against unauthorised access or data breaches. ESOs must provide users with accessible means to contest or correct identified ages and ensure inclusivity for users with protected characteristics. Where age verification cannot be reliably executed, ESOs are obligated to apply default protective measures to all users. The level of verification assurance must correspond to the risk profile of the Product, Service, or Feature being accessed. Verification is mandatory where account registration is required, and parental consent is also required based on age and risk level.