Indonesia Expands Child Safety Rule to Ecommerce, Fintech

Indonesia’s Ministry of Communication and Digital has expanded its child protection rule for electronic systems, PP Tunas, to cover ecommerce, fintech, banks, search engines, and other digital services likely to be used by children, according to ministry official Mediodecci Lustarini. The rule applies to both public and private electronic system operators and is not limited to the eight major social and video platforms often associated with the original policy.

Compliance Requirements and Risk Assessment

Digital service operators covered by the rule must complete a self-assessment of their risk profile across seven areas: contact, content, consumer exploitation, data security, addiction, and children’s mental and physical health. Adult-only services can be exempt if they document strict age checks under Ministerial Decree No. 142 of 2025.

Penalties and Enforcement Timeline

Operators must complete their self-assessment within three months. Missing that deadline can result in written warnings, fines, temporary suspension, or a full service block in Indonesia. The government has already taken enforcement action, issuing a formal warning to Google over YouTube after it failed to meet initial requirements.

Background and Regulatory Context

PP Tunas followed alarming figures, including more than 5.5 million documented cases of child sexual abuse material in Indonesia from 2021 to 2024. The government prioritized child safety over market concerns in implementing the rule.

Industry Implications and Implementation Challenges

The government labeled eight platforms as “high-risk” before the self-assessment deadline, fueling concern over due process. That early designation could extend to games, social media, ecommerce, online lending, buy now, pay later services, and interactive livestreaming as profiling expands beyond the initial group. Companies in those sectors now need to review product design, data handling, and privacy policies to meet the new rules.