Alfitria Nefi P, Jakarta - The Indonesian government is preparing a revision of the Cybersecurity and Resilience (RUU KKS) that will include penalties for platforms that fail to adequately protect their cybersecurity, according to the Deputy Head of the National Cyber and Encryption Agency (BSSN), Rachmad Wibowo.
"If I'm not mistaken, there will be [sanctions]," he stated after attending the Indonesia Digital Forum at JW Marriott on Thursday, May 15, 2025.
Rachmad noted that the proposed bill is currently undergoing harmonization at the Ministry of Law. "The law is aimed at making cyberspace more secure and comfortable," he explained, emphasizing that cybersecurity encompasses elements of infrastructure, users, and technology.
According to him, the government completed the harmonization process at the end of April and plans to hold a focus group discussion (FGD) to ensure proper socialization of this legislation.
The Cybersecurity and Resilience Bill is a priority within the government's National Medium-Term Development Plan (RPJMN) 2025-2029. Commissioner General Putu Jayan Danu Putra, Head of BSSN, stated that Indonesia still lacks comprehensive and specific regulations governing cybersecurity. He stressed the country's need for legal products that cover all aspects of cybersecurity governance.
Therefore, BSSN is actively pushing for the drafting of this bill. Putu asserted that without clear laws, the country remains vulnerable to cyber threats. "Legislation of this kind is not only to improve our national security but also to build public trust in our digital infrastructure," he added.
Indonesia currently has two Presidential Regulations (Perpres) that bolster cybersecurity governance: Presidential Regulation No. 47 of 2023 concerning National Cybersecurity Strategy and Cyber Crisis Management, and Presidential Regulation No. 82 of 2022 concerning the Protection of Vital Information Infrastructure.
These regulations are designed to guide the implementation of cybersecurity, enhance early preparedness for national cyber crisis threats, and safeguard public interests from all threats to the vital information infrastructure sector.
As a follow-up, BSSN has issued several derivative regulations. However, Rachmad underscored that cybersecurity is a shared responsibility, urging all parties to collaborate and work together to achieve optimal cybersecurity. "Therefore, I call on all parties to jointly support and push for the passage of the Cybersecurity and Resilience Bill," he concluded.
– Novali Panji Nugroho contributed to this article.