Does Indonesia have an AI law?

No cross-sector AI statute. Indonesia's AI compliance landscape is finance-first. The PDP Law (Law 27/2022) is the cross-sector data protection law, now fully enforceable. OJK financial innovation regulations and banking AI governance guidance provide sector-specific requirements.

What are the penalties under Indonesia's PDP Law?

Administrative sanctions include warnings, suspension, data deletion, and fines up to 2% of annual revenue. Criminal penalties include up to 6 years imprisonment and Rp6 billion fines. Corporate liability can result in fines up to 10 times the normal maximum plus business suspension.

PDP Law Fully Enforceable

Indonesia’s AI Obligations Start With Finance

Q: What is POJK 3/2024?

POJK 3/2024 is OJK's binding regulation on financial innovation, effective February 19, 2024. It covers sandbox requirements, licensing, monitoring and evaluation, consumer protection, and personal data protection for financial technology including AI systems.

The PDP Law is live. OJK’s sandbox is running. If you’re deploying AI in Indonesian financial services, the documentation requirements are already concrete.

Talk to Us About Compliance See the Framework

PDP Law (Law 27/2022)

Cross-sector data protection. Enacted October 2022. Transition ended approximately October 2024. Now fully enforceable.

Scope

Governs lawful processing, cross-border transfers, governance, sanctions, and DPO appointments.

Administrative sanctions

Warnings, suspension, data deletion, fines up to 2% of annual revenue.

Criminal penalties

Up to 6 years imprisonment + Rp6 billion fines.

Corporate liability

Fines up to 10x normal maximum + business suspension.

OJK Financial Innovation (POJK 3/2024)

Binding regulation effective February 19, 2024. Covers: sandbox requirements, licensing, monitoring and evaluation, consumer protection, and personal data protection.

Supplemented by SEOJK 5–8/2024 (sandbox mechanics, registration, reporting, association rules).

OJK Banking AI Governance

Launched April 29, 2025. Guidance for responsible AI development and implementation in banking. Establishes the minimum benchmark for the sector.

Soft law — not a POJK with direct sanctions — but the clearest current statement of what OJK expects from banks deploying AI.

Kominfo/Komdigi AI Ethics

Ministerial Circular No. 9/2023: businesses and electronic-system operators should create internal AI ethics policies.

National AI Roadmap 2026–2029 and draft AI Ethics presidential regulation are in development.

What’s Not Here Yet

No cross-sector AI statute. No general AI deployer law comparable to the EU. Bank Indonesia has digital finance frameworks but no standalone AI deployer regulation.

Indonesia is emerging, not mature. The clearest beachhead is finance.

What This Means for Your Organization

If you deploy AI in Indonesian financial services, the PDP Law and OJK regulations create concrete documentation requirements today. For other sectors, the direction is clear even if the timeline is not.

AOP builds documentation that maps to enforceable requirements — starting where the obligations are clearest.

Singapore → Deployer vs Developer → Book a Call →