Indonesia's New Digital Child Protection Regime: Key Takeaways for Electronic System Operators
24 June 2026

As part of the Indonesian government's ongoing efforts to enhance child protection in the digital space, the Ministry of Communication and Digital Affairs has issued Minister of Communication and Digital Affairs Regulation No. 9 of 2026 on the Implementing Regulation of Government Regulation No. 17 of 2025 on Governance of Electronic System Operations for Child Protection ("MoCD Regulation 9/2026"). As the implementing regulation of Government Regulation No. 17 of 2025, MoCD Regulation 9/2026 establishes more detailed technical requirements and compliance measures for Electronic System Operators ("ESOs") to ensure a safer digital environment for children.

 

Minimum Age Requirements

MoCD Regulation 9/2026 introduces mandatory age verification and age assurance requirements for ESOs. The regulation defines a child as any individual under 18 years of age and requires ESOs to specify the minimum age for accessing their products or services, with the lowest permissible age threshold being 3 years old. The regulation further classifies children into five age groups: (i) 3–5 years old; (ii) 6–9 years old; (iii) 10–12 years old; (iv) 13–15 years old; and (v) 16–under 18 years old, and requires digital products and features to be designed and configured in accordance with the relevant age category. In addition, ESOs are required to conduct a self-assessment to ensure that the products, services, and features they develop and/or operate comply with the applicable minimum age requirements and child age classifications.

 

Age Verification Mechanism

To ensure compliance with the age restrictions, ESOs are required to implement age verification mechanisms through appropriate technical and operational processes, whether developed internally or provided by third-party service providers. The Ministry may also designate approved age verification technologies for regulatory purposes. As a result, digital platform operators may need to enhance their age assurance, identity verification, and parental authentication systems to comply with the new requirements.

 

Risk Self-Assessment

ESOs are required to assess and classify their products, services, and features according to the level of risk posed to children, which may be categorized as either low-risk or high-risk. The risk assessment must take into account various factors, including: (i) contact with unknown individuals; (ii) exposure to pornographic content, violent content, content that endangers life and safety, or other age-inappropriate content; (iii) exploitation of children as consumers; (iv) threats to the security of children's personal data; (v) addictive features or design elements; (vi) adverse impacts on children's psychological health; and (vii) adverse impacts on children's physiological health. The results of such assessment will determine the level of protective measures that must be implemented by the ESO.

 

Social Media and Social Networking Services as High-Risk Platform

MoCD Regulation 9/2026 classifies social networking and social media platform as high-risk service, unless otherwise determined based on the ESO's self-assessment and the Minister's risk-profile designation. A service may be categorized as a social networking or social media service if it: (i) enables online social interaction between two or more users; (ii) allows users to connect or interact with other users; (iii) and/or permits users to upload content to the platform. To comply with the applicable age restrictions, ESOs operating these services are required to deactivate the accounts of children under 16 years of age.

 

Conclusion

MoCD Regulation 9/2026 introduces a comprehensive framework for child protection in the digital environment, requiring ESOs to implement age-based access controls, conduct self-assessments and risk assessments, and adopt appropriate age verification mechanisms. The regulation also imposes additional obligations on high-risk services, particularly social media and social networking platforms.

To prepare for compliance, ESOs should review their products, services, and features against the applicable age classifications, conduct the required self-assessments and risk assessments, evaluate existing age verification measures, and identify whether any of their services may be classified as high-risk under the regulation. Early assessment and implementation will be crucial to ensuring compliance and mitigating regulatory risk.

 

 

Related Articles
©2026 Bagus Enrico & Partners . All Rights Reserved Privacy Policy