Introduction

In recent years, the rapid advancement of Artificial Intelligence (“AI”) has significantly transformed various sectors in Indonesia, ranging from financial services and healthcare to education and digital platforms. The increasing reliance on AI systems in both public and private sectors is a double-edged sword. On one hand, it demonstrates the technology’s potential to enhance efficiency and innovation. On the other hand, it may raise an issue on misuse of AI and the limitation of liability if negligence or misconduct occurs.

Despite this rapid development, Indonesia has yet to establish a comprehensive and binding legal framework specifically governing the development, deployment, and use of AI. At present, regulatory references concerning AI remain restricted and spread across several law and regulation, i.e. Law No. 11 of 2008 as amended by Law No. 19 of 2016 on Electronic Information and Transactions, Law No. 27 of 2022 on Personal Data Protection, and Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions.

The only specific legal guidance on the use of AI is found in the Minister of Communication and Informatics Circular Letter No. 9 of 2023 on Artificial Intelligence Ethics (Circular Letter 9/2023), which sets out general ethical principles such as inclusivity, transparency, accountability, data protection, and sustainability. However, as a circular letter, such instrument does not have binding legal force upon business actors or electronic system operators.

This raises a fundamental concern as to whether a non-binding ethical framework is sufficient to regulate a technology that carries significant legal, economic, and societal risks. In practice, the absence of a comprehensive and enforceable AI regulatory regime may give rise to legal uncertainty, weak accountability, and insufficient protection of individual rights. Without immediate regulatory intervention, the continued deployment of AI in critical sectors risks outpacing the legal framework.

As noted, the Circular Letter 9/2023 has outlined principle and ethical values of the use of AI. Violating these ethical values may cause an issue in the future. The current identified issues including violation of personal data protection, privacy and human rights, and intellectual property rights. 

In practice, Indonesia’s current approach to AI regulation remains fragmented and reactive, rather than systematic and forward-looking. While existing laws provide a general regulation for electronic systems and data protection, human rights and intellectual property rights, they do not specifically address the unique characteristics and risks associated with AI technologies.

The Circular Letter 9/2023, for instance, emphasizes important values, including fairness, security, transparency, and protection of personal data. It also encourages business actors and electronic system operators to implement internal policies relating to AI governance. However, this guidance is normative in general, lacking mechanisms for enforcement, supervision, or sanctions in the event of non-compliance. 

In practice, this limitation becomes particularly evident when AI systems are deployed in contexts involving automated decision-making. Decisions generated through AI may affect employment opportunities, access to financial services, or even public service delivery. More importantly, the current legal framework does not clearly regulate issues such as algorithmic accountability, explainability of AI systems, or liability in the event of harm caused by automated decisions.

Furthermore, while the Personal Data Protection Law provides safeguards for personal data processing, it does not fully address the complexities arising from AI systems that rely on large-scale data processing, including issues relating to data inference, profiling, and secondary use of data.As a result, there remains a regulatory gap between traditional data protection principles andthe realities of AI-driven technologies.

Practical Challenges and Legal Risks

The absence of a dedicated AI regulatory framework creates a number of tangible legal and operational challenges, i.e. legal uncertainty in allocation of liability, risk of algorithmic bias and discrimination as well as lack of transparency and oversight.

There is a significant degree of legal uncertainty regarding the allocation of responsibility when AI systems produce erroneous or harmful outcomes. It remains unclear whether liability should rest with the developer, the deployer, or the end user of the system. This ambiguity not only discourages innovation, but also exposes users to risks that remain unaddressed under the current legal framework.

In addition, the lack of enforceable standards increases the likelihood of algorithmic bias and discrimination. Without clear regulatory obligations, AI systems may inadvertently replicate or even amplify existing social inequalities, particularly in sectors such as recruitment, credit scoring, and law enforcement.

Likewise, the absence of robust oversight mechanisms undermines public trust in AI technologies. Users are often unaware of how decisions affecting them is made, particularly when such decision is generated through complex and opaque algorithms. This lack of transparency raises serious concerns regarding fairness, accountability, and due process.

Finally, from a business perspective, the absence of clear regulatory guidance may create uncertainty for investors and industry players. Companies operating in Indonesia may face difficulties in assessing compliance risks, particularly when compared to jurisdictions that have already adopted more structured AI regulations.

It is clear that a guideline is insufficient to address the multifaceted challenges posed by AI. While the Circular Letter 9/2023 serves as an important starting point, it must be complemented by a binding legal framework that provides clear rules, rights, and obligations.

A comprehensive AI regulatory framework in Indonesia should, at the very least, address the above challenges and the following key aspects:

1. Risk-Based Classification of AI Systems 
   A risk-based approach should be adopted, whereby AI systems are categorized based on their potential impact, with stricter requirements imposed on high-risk applications. Such an approach would ensure that regulatory measures remain proportionate while effectively mitigating potential harm.
2. Clear Allocation of Liability
   The framework should provide for clear allocation of liability, ensuring that accountability is properly assigned across the lifecycle of AI systems, from development to deployment and use.
3. Transparency and Explainability Obligations
   The framework should require a reasonable level of transparency in how AI systems operate, particularly in the context of automated decision-making. Individuals affected by such decisions should be able to understand, at least in general terms, how and why those decisions were reached.
4. Strengthened Data Governance
   The framework should place greater emphasis on data governance. While existing data protection laws provide a foundation, the framework needs to account for how AI systems actually use data in practice, including issues such as profiling, data inference, and large-scale data processing. 
5. Institutional Oversight and Enforcement
   An institutional oversight mechanism should be established to ensure effective supervision, compliance, and enforcement of AI-related regulations.

Conclusion
Such a framework is essential not only to provide legal certainty and protect individual rights, but also to ensure that AI development in Indonesia remains responsible, accountable, and sustainable.

This article is intended for general informational purposes only and does not constitute legal advice. For legal assistance or inquiries specific to your situation, please contact us at info@adplaws.com.