The government of Indonesia has further strengthened the governance framework for child protection in digital spaces through the issuance of Ministry of Communication and Digital Affairs Regulation No. 9 of 2026 on the implementing regulation for Government Regulation No. 17 of 2025 concerning Electronic System Governance in Child Protection (“MOCDA 9/2026”).
This regulation has been effective since 6 March 2026 and further regulates various requirements applicable to Electronic System Operators (Penyelenggara Sistem Elekronik, “ESPs”) concerning the protection of children under 18 years old who use or access electronic system products, services, and features (“Children”), including the use or access of products, services, and features provided by ESPs that are connected to the internet or have the capability to connect to the internet.
Obligation to Disclose Minimum Age Restrictions
Pursuant to Article 2 and Article 3 of MOCDA 9/2026, PSEs are required to provide information regarding the minimum age restrictions applicable to Children for the online services provided. Such information must be provided in language that is easily understood and in a format and manner that is easy to use or access by Children as well as their parents or guardians.
Article 2 paragraph (3) of MOCDA 9/2026 further stipulates that the minimum age restriction for Children is at least 3 (three) years old, with the following age group classifications:
- 3 – 5 years old;
- 6 – 9 years old;
- 10 – 12 years old;
- 13 – 15 years old; and
- 16 – under 18 years old.
Accordingly, PSEs are prohibited from targeting online services toward children below such minimum age. In addition, PSEs are required to inform users of any changes to the minimum age restrictions before such changes become effective; ensure that minimum age information remains available where cooperation with other PSEs exists in the development or marketing of services; and retain documentation related to age restriction information for as long as the services remain accessible to Children.
Obligation to Verify Child Users
Article 7 of MOCDA 9/2026 requires PSEs to implement age verification mechanisms for child users in accordance with the risk level of the online services provided.
Age verification may be conducted using certain technologies, whether developed internally or through cooperation with third parties. In its implementation, PSEs must ensure that the use of such technologies complies with child protection requirements and prevailing laws and regulations concerning personal data protection.
The regulation also authorizes the Minister to determine certain technologies deemed reliable for conducting age verification.
Risk Level Assessment
Products, services, and features specifically designed for, or likely to be used or accessed by, Children must undergo a risk level assessment. The applicable risk classifications consist of either high-risk or low-risk. The risk level assessment is conducted based on the following aspects:
- contact with unknown persons;
- exposure to pornographic content, violent content, content harmful to life safety, and other inappropriate content for Children;
- exploitation of Children as consumers;
- threats to the security of Children’s Personal Data;
- addiction;
- psychological health disorders in Children; and
- physiological disorders in Children.
Self-Assessment
In conducting the self-assessment, PSEs are required to assess the aspects mentioned above. Further provisions regarding the self-assessment and its indicators are summarized as follows:
| No | Risk Aspect | Indicators |
| 1 | Interaction with unknown persons | Child accounts and/or content may be discovered by unknown personsChild accounts and/or content are automatically recommended to other users based on the Child’s profileInformation relating to Child accounts or profiles is displayed on user profilesPossibility of interaction with unknown personsOther parties may configure online services or create forums or activities facilitating interaction with unknown persons |
| 2 | Exposure to harmful content | Online services allow others to communicate with and send content to Children or allow Children to access harmful content sent by othersAutomatic content recommendations relating to harmful content based on Children’s profilesAdvertisements containing harmful contentOnline services may be configured to create forums or activities that connect or gather Children, potentially exposing them to harmful content |
| 3 | Economic exploitation | Targeting Children with goods or services (e.g., paid content advertisements and similar activities)Provision or operation of subscription-based online services Provision of payment systems facilitating the purchase of goods or servicesProfiling Children through online services to optimize advertising performance, pricing, or sales strategies |
| 4 | Personal Data Protection (“PDP”) | Collection and/or processing of Children’s personal data without parental/guardian supervisionDisplaying Children users’ personal dataChildren users may modify privacy settings without parental/guardian consentPreparation and implementation of security measures based on the nature and risks of Children’s personal data Compliance with prevailing PDP laws and regulations |
| 5 | Addiction and excessive use | Implementation of technologies and/or designs encouraging Children to use online services excessively and/or with increasing intensity |
| 6 | Psychological disorders | Interaction between Children and unknown personsExposure of Children to harmful content Targeting Children with goods or services Unsafe processing of Children’s personal dataExcessive or increasingly intensive use of online services by Children |
| 7 | Physiological disorders | Excessive or increasingly intensive use of online services by Children that may create risks to Children’s physical condition or biological functions |
Networking Services and Social Media Platforms
Article 30 of MOCDA 9/2026 specifically stipulates that networking services and social media platforms are automatically classified as products, services, and features with a high-risk profile unless otherwise determined based on the self-assessment results and risk profile determination by the Minister. The networking services and social media platforms referred to are services that:
- allow social interaction between two or more users;
- allow users to connect or interact with some or all other users; and/or
- allow users to upload materials to the products, services, and features.
As a consequence of such high-risk classification, PSEs providing social media and networking services are required to deactivate accounts belonging to users under 16 years old.
The enactment of MOCDA 9/2026 further emphasizes the obligations of PSEs in implementing child protection measures within digital services. Through obligations relating to minimum age disclosure, user age verification, and self-assessment of online service risks, the Government aims to strengthen the governance of child protection in digital spaces more comprehensively.
For consultation assistance or other legal services from SW Counselors at Law, please contact:
Fanny, S.H.
Senior Associate
T. (+6221) 2222-0200
Bella Siboro, S.H.
Associate
T. (+6221) 2222-0200
