In Effect Regulation Data Protection Context Relevance

Indonesia PP 17/2025

Government Regulation No. 17 of 2025 - Governance of Electronic System Implementation in Child Protection

Indonesia's comprehensive child online protection regulation establishing age-appropriate design requirements for electronic systems accessible to children. Most granular age classification globally (5 groups). Requires risk assessments, privacy-by-default, parental consent, DPIAs, and prohibits data profiling of children. First of its kind in Asia and Global South.

Jurisdiction

Indonesia

Enacted

Mar 27, 2025

Effective

Mar 27, 2025

Enforcement

Ministry of Communication and Digital Affairs (MOCD)

Enacted March 27, 2025; full implementation begins March 1, 2026; two-year transition period until March 27, 2027

What It Requires

Transparency

Must disclose AI nature, data practices, or algorithmic decisions

User Rights

Must honor access, correction, and deletion requests

Who Must Comply

This law applies to:

• Electronic System Providers (ESPs) - public and private
• Any digital system reasonably accessible to or likely to be used by children
• Not limited to services designed for children - includes all child-accessible services

Capability triggers:

● accessibleToChildren (required)

● Required ◐ Increases applicability

Who bears obligations:

Operator

Safety Provisions

• Age-appropriate design by five age groups: 3-5, 6-9, 10-12, 13-15, 16-18 years old
• Privacy by default for any digital system likely to be used by children
• Risk self-assessment to determine high or low risk to children
• Data Protection Impact Assessments (DPIAs) mandatory for child-accessible services
• 24-hour parental consent window for under-17s
• Prohibition on profiling children's data
• Minimum age disclosure in Indonesian language
• Algorithm management to minimize impact on mental and behavioral development

Compliance Timeline

Mar 27, 2025

Regulation enacted and effective

Mar 1, 2026

Full implementation begins

Mar 27, 2027

Final compliance deadline (end of 2-year transition)

Enforcement

Enforced by

Ministry of Communication and Digital Affairs (MOCD)

Penalties

Written warning → Administrative fine → Temporary suspension → Access termination; additional penalties under Personal Data Protection Law (Law No. 27 of 2022)

Primary Source

Indonesian Government Regulation Database (BPK) (opens in new tab)

https://peraturan.bpk.go.id/Details/316698/pp-no-17-tahun-2025

Quick Facts

Binding: Yes
Mental Health Focus: Yes
Child Safety Focus: Yes
Algorithmic Scope: Yes

Why It Matters

Most comprehensive age-appropriate design regulation in Southeast Asia. Any AI companion service accessible to Indonesian children must implement age-specific protections, risk assessments, and DPIAs. Explicit requirement to minimize algorithmic impact on children's mental and behavioral development. Applies to all services reasonably accessible to children, not just child-targeted services.

Recent Developments

First age-appropriate design regulation in Asia and Global South, with IEEE SA contribution. Enacted March 27, 2025 with two-year transition period. Full implementation begins March 1, 2026. Most granular age groupings of any regulation globally.

What You Need to Comply

Electronic systems accessible to children must implement age-appropriate design based on five age groups, conduct risk assessments, complete DPIAs, obtain parental consent for under-17s, implement privacy-by-default, prohibit data profiling, and manage algorithms to minimize impact on children's mental and behavioral development.

NOPE can help

Cite This

APA

Indonesia. (2025). Government Regulation No. 17 of 2025 - Governance of Electronic System Implementation in Child Protection. Retrieved from https://nope.net/regs/id-gr-17-2025

BibTeX

@misc{id_gr_17_2025,
  title = {Government Regulation No. 17 of 2025 - Governance of Electronic System Implementation in Child Protection},
  author = {Indonesia},
  year = {2025},
  url = {https://nope.net/regs/id-gr-17-2025}
}

Related Regulations

In Effect ID • Data Protection

Indonesia UU PDP

Indonesia's comprehensive data protection law. Health and children's data = "specific personal data" with enhanced protections. Criminal penalties up to 6 years imprisonment.

In Effect BN • Data Protection

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN • Data Protection

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect NP • AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

In Effect PK • AI Safety

Pakistan AI Policy

Pakistan's national AI roadmap establishing six strategic pillars: AI Innovation Ecosystem, Awareness and Readiness, Research and Development, Infrastructure, Governance, and International Cooperation. Creates National AI Fund (NAIF), Centres of Excellence in 7 cities, and targets training 200,000 individuals annually.

In Effect MM • Online Safety

Myanmar Cybersecurity Law

Myanmar's cybersecurity law requiring platforms with 100,000+ users to register and imposing data retention requirements. Enacted post-2021 coup with uncertain enforcement.

Back to all regulations Check if this applies to you