Indonesia Set to Finalize AI Rules and National Roadmap This Month

Indonesia Set to Finalize AI Presidential Regulation by September 2025

Indonesia is in the final stage of issuing a Presidential Regulation on artificial intelligence. The measure will set a legal framework for use, development, and risk mitigation, backed by an AI roadmap and ethical guidelines. The initiative permit has been submitted to the State Secretariat, and completion is targeted for September 2025.

Status and timeline

The initial draft was completed in July 2025. Public consultations ran in August and closed on August 22. The draft is now in harmonization with the Ministry of Law and Human Rights and the Ministry of State Secretariat. The government expects to finalize the text this month.

Scope and structure

The regulation will provide principles for AI adoption and clarify what can, cannot, and must be anticipated in deployment. It will be paired with a national AI roadmap guiding ministries and agencies across transportation, healthcare, education, and finance. The draft draws on the AI Policy Dialogue Country Report through collaboration with the United Kingdom. Stakeholder input included JICA and BCG.

Interaction with existing laws

The framework is being aligned with the Electronic Information and Transactions Law (ITE) and the Personal Data Protection Law (PDP). Ethical provisions build on existing circulars, including Circular No. 9 of 2023. For reference, see the PDP Law (Law No. 27/2022) on the government regulation database here and the ITE Law here.

What legal teams should prepare now

• Inventory all AI use cases and classify by business unit, purpose, data types, and external vendors.
• Map data flows and confirm PDP Law compliance: legal basis, purpose limitation, minimization, retention, and cross-border transfers.
• Draft AI impact and risk assessment templates covering safety, accuracy, bias, explainability, cybersecurity, and human oversight.
• Establish governance: accountable roles, approval workflows, and a risk register for models and datasets.
• Update procurement and vendor due diligence: training data provenance, IP warranties, audit rights, incident notice, and model change logs.
• Prepare transparency artifacts: user notices, capability limits, and mechanism for feedback and complaints.
• Strengthen incident response for AI-specific events, including model misuse, data leakage, and harmful outputs.
• Document everything: model cards or equivalent, testing evidence, versioning, and access controls.

Key issues to watch in the final text

• Scope and definitions: who is covered (developers, deployers, importers, public sector) and what counts as high-risk use.
• Pre-deployment requirements: impact assessments, testing, and approvals for sensitive applications.
• Transparency and record-keeping: disclosure duties, labeling, auditability, and log retention.
• Data governance: lawful basis, sensitive data safeguards, children's data, and cross-border transfer conditions.
• Accountability: human oversight, liability allocation, vendor obligations, and supervisory authority powers.
• Enforcement: sanctions, remediation orders, and timelines for compliance and transition.

Sector implementation

The roadmap will guide how ministries deploy AI in transportation, healthcare, education, and finance. Expect sector-specific principles and coordination needs where AI decisions affect safety, clinical outcomes, students, or financial integrity. Agencies will likely standardize risk assessments and documentation to support oversight.

Timeline checkpoints for counsel

• July 2025: Initial draft completed.
• August 2025: Public consultation conducted; inputs closed August 22.
• September 2025: Finalization targeted after harmonization with Law and Human Rights and the State Secretariat.
• After issuance: Watch for implementing guidance, sector circulars, and transitional periods.

Practical next steps

Form a cross-functional AI governance group with Legal, Compliance, Risk, Security, Data, and Product. Pilot an AI impact assessment on one high-impact use case and use the outputs to refine your controls and documentation. Update contracts and internal policies so they are ready once the Presidential Regulation is issued.

If your team needs structured training on AI risk, tooling, and policy, see curated programs by role here.