Skip to main content
NOPE
In Effect Regulation Data Protection

Indonesia PP 17/2025

Government Regulation No. 17 of 2025 - Governance of Electronic System Implementation in Child Protection

Indonesia's comprehensive child online protection regulation establishing age-appropriate design requirements for electronic systems accessible to children. Most granular age classification globally (5 groups). Requires risk assessments, privacy-by-default, parental consent, DPIAs, and prohibits data profiling of children. First of its kind in Asia and Global South.

Jurisdiction

Indonesia

Enacted

Mar 27, 2025

Effective

Mar 27, 2025

Enforcement

Ministry of Communication and Digital Affairs (MOCD)

Enacted March 27, 2025; full implementation begins March 1, 2026; two-year transition period until March 27, 2027

Indonesian Government Regulation Database (BPK)

Why It Matters

Most comprehensive age-appropriate design regulation in Southeast Asia. Any AI companion service accessible to Indonesian children must implement age-specific protections, risk assessments, and DPIAs. Explicit requirement to minimize algorithmic impact on children's mental and behavioral development. Applies to all services reasonably accessible to children, not just child-targeted services.

Recent Developments

First age-appropriate design regulation in Asia and Global South, with IEEE SA contribution. Enacted March 27, 2025 with two-year transition period. Full implementation begins March 1, 2026. Most granular age groupings of any regulation globally.

At a Glance

Applies to

Online PlatformSocial PlatformAI CompanionGaming Platform Minors-focused

Who Must Comply

  • Electronic System Providers (ESPs) - public and private
  • Any digital system reasonably accessible to or likely to be used by children
  • Not limited to services designed for children - includes all child-accessible services

Obligations fall on:

Safety Provisions

  • Age-appropriate design by five age groups: 3-5, 6-9, 10-12, 13-15, 16-18 years old
  • Privacy by default for any digital system likely to be used by children
  • Risk self-assessment to determine high or low risk to children
  • Data Protection Impact Assessments (DPIAs) mandatory for child-accessible services
  • 24-hour parental consent window for under-17s
  • Prohibition on profiling children's data
  • Minimum age disclosure in Indonesian language
  • Algorithm management to minimize impact on mental and behavioral development

Compliance & Enforcement

Key Dates

Mar 27, 2025

Regulation enacted and effective

Mar 1, 2026

Full implementation begins

Mar 27, 2027

Final compliance deadline (end of 2-year transition)

Penalties

Penalties pending regulatory determination

View on map

Indonesia

Focus Areas

Mental health & crisis
Child safety
Algorithmic accountability
Active safeguards required

Compliance Help

Electronic systems accessible to children must implement age-appropriate design based on five age groups, conduct risk assessments, complete DPIAs, obtain parental consent for under-17s, implement privacy-by-default, prohibit data profiling, and manage algorithms to minimize impact on children's mental and behavioral development.

See how NOPE helps

Cite This

APA

Indonesia. (2025). Government Regulation No. 17 of 2025 - Governance of Electronic System Implementation in Child Protection.

Related Regulations

In Effect ID

Indonesia UU PDP

Indonesia's comprehensive data protection law. Health and children's data = "specific personal data" with enhanced protections. Criminal penalties up to 6 years imprisonment.

In Effect BN

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect CN

China CSL Amendments

First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.

In Effect NP

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

In Effect PK

Pakistan AI Policy

Pakistan's national AI roadmap establishing six strategic pillars: AI Innovation Ecosystem, Awareness and Readiness, Research and Development, Infrastructure, Governance, and International Cooperation. Creates National AI Fund (NAIF), Centres of Excellence in 7 cities, and targets training 200,000 individuals annually.

All regulations Check if this applies to you

Last updated January 23, 2026. Verify against primary sources before relying on this information.