Indonesia: Ministry of Communication and Digital adopted Regulation on Child Protection in Electronic Systems introducing age verification and self-assessment obligations

On 6 March 2026, the Minister of Communication and Digital adopted the Regulation on Child Protection in Electronic Systems. The regulation mandates that operators provide clear information regarding minimum age limits for their products, services, and features, categorised into five specific age groups: 3 to 5 years, 6 to 9 years, 10 to 12 years, 13 to 15 years, and 16 to under 18 years. Operators are strictly prohibited from targeting children under the age of three. To ensure compliance, operators must implement technical and operational age verification mechanisms, which can be developed independently or with third-party providers. The policy requires operators to conduct regular self-assessments to evaluate risks such as contact with unknown individuals, exposure to inappropriate or violent content, consumer exploitation, and data security threats. These assessments must be reported to the Ministry for verification. Based on this verification, the Ministry designates products as either high-risk or low-risk. Social media and social networking services are automatically classified as high-risk unless a self-assessment proves otherwise. High-risk social media operators are specifically required to deactivate accounts of children under the age of 16. The Ministry, through the Director General, is empowered to monitor compliance, conduct examinations of electronic systems, and receive public complaints. Non-compliant operators may face administrative sanctions, including written warnings, fines, temporary suspensions, or access termination. Operators have the right to file objections against these sanctions within 21 days. Existing operators must submit their initial self-assessment reports within three months.