Indonesia: Government Regulation Number 17 of 2025 concerning the Governance of Electronic System Implementation in Child Protection including age verification requirement enters into force

On 27 March 2027, the Government of Indonesia Regulation Number 17 of 2025 concerning the Governance of Electronic System Implementation in Child Protection has been fully implemented following the conclusion of the two-year transition period that began on 27 March 2025. The regulation mandates Electronic System Operators (ESOs) to verify the age of users accessing Products, Services, and Features, based on minimum age and age range classifications detailed in Article 20, namely: 3–5 years, 6–9 years, 10–12 years, 13–15 years, and 16–17 years. Verification mechanisms must be aligned with these ranges and proportionate to the risks posed to children’s rights. ESOs must ensure data minimisation, limiting processing strictly to age verification purposes, and must delete verification data once objectives are met, unless retention is legally required. The process must safeguard privacy and personal data, particularly for children, and include technical protections against unauthorised access or data breaches. ESOs must provide users with accessible means to contest or correct identified ages and ensure inclusivity for users with protected characteristics. Where age verification cannot be reliably executed, ESOs are obligated to apply default protective measures to all users. The level of verification assurance must correspond to the risk profile of the Product, Service, or Feature being accessed. Verification is mandatory where account registration is required, and parental consent is also required based on age and risk level.