Dani Aswara, Jakarta – A number of civil society organizations contend that the draft of the Cybersecurity and Cyber Resilience Bill (RUU KKS) poses a significant risk to human rights and civil liberties. This criticism follows the finalization of the draft, which is slated for submission to the legislature as a national legislative priority in 2026.
Parasurama Pamungkas, a researcher-partner from Raksha Initiatives, highlighted a misconception in the bill's definition of cyber resilience. He argued that resilience should be interpreted as the strength and recovery of systems rather than a military-oriented defense strategy.
"In academic manuscripts, resilience is often equated with cyber defense, even though their scopes differ," Parasurama said in a press release on Tuesday, December 23, 2025.
This assessment emerged from discussions involving Raksha Initiatives, Centra Initiative, Imparsial, and DeJure. These organizations believe that despite revisions made since 2019 and early 2024, the substance of the bill remains problematic.
The coalition argues that this conceptual confusion has resulted in a bill that lacks a human-centric approach. The objectives appear to prioritize national security over the protection of individuals. "Effective cybersecurity should primarily protect individuals, followed by devices and networks," Parasurama stated.
From a procedural standpoint, critics highlighted a lack of transparency and minimal stakeholder engagement. The bill is seen as failing to reflect the principle of multistakeholderism by excluding input from the private sector and civil society. This exclusion raises concerns regarding risks to civil liberties, the protection of vulnerable groups, and press freedom.
Chikita Edrina, advocacy staff at LBH Pers, voiced similar concerns. She believes the lack of individual protection guarantees could heighten pressure on the press. "Journalists face more than just hacking; they deal with doxing and account takeovers," she said.
She added that the bill does not need to introduce new criminal offenses, as cybercrimes are already covered by the Electronic Information and Transactions (ITE) Law and the new Criminal Code. "The priority should be law enforcement against digital attacks on media and journalists, which currently go unchecked," she remarked.
Erwin Natosmal, a member of the Indonesian Advocates Association (Ikadin), warned that the bill could become a "new ITE Law." He noted that the bill does not firmly ground itself in human rights, pointing out the absence of references to the 1945 Constitution's human rights articles. "The only references mentioned are the authorities of the President and the DPR," Erwin stated.
He believes an overly state-centric orientation risks creating a culture of criminalization, mirroring the issues seen with the ITE Law. Meanwhile, Rhina, from the Institutional Strengthening Staff of Solidarity of Women, highlighted the lack of protection for vulnerable groups. She noted that women, particularly in rural areas, are highly susceptible to gender-based online violence (GBOV). "Low digital literacy makes them even more vulnerable," she said.
Rhina cited data from the National Commission on Violence against Women, which recorded at least 1,701 cases of GBOV in 2025. She suggested the actual number is likely higher due to underreporting and urged the bill to explicitly accommodate the protection of vulnerable groups.
Wahyudi Djafar, Co-Founder of Raksha Initiatives, suggested that policymakers are struggling to address the complexity of modern cyber threats. He explained that threats to the confidentiality, integrity, and availability of systems impact both individuals and the general public.
"Cybersecurity policies must be capable of protecting individual security," Wahyudi said. He also emphasized the need for a clear division of authority between institutions, noting that the military should not handle threats outside the scope of actual cyber warfare.
Cyber threats in Indonesia remain a serious concern. Kaspersky recorded 19.17 million web-based attack attempts in 2024. Additionally, the National Cyber and Crypto Agency reported 122.79 million internet traffic anomalies, with public services being the primary target.
While Indonesia was classified as a "Tier 1 Role Modeling" country in the 2024 Global Cybersecurity Index, the civil coalition insists that such accolades should not justify overlooking human rights and civil liberties in the drafting of the Cybersecurity and Cyber Resilience Bill.