The introduction and rise of artificial intelligence (“AI”) in different industries and sectors, including the financial services sector and the telecommunications industry, is affecting almost every aspect of how those industries and sectors operate. Despite the many advantages of AI, the transition to its increased carries potential risks if not accompanied by appropriate laws and regulations. This increases the urgency for the authorities to issue laws and regulations on AI, in particular, to govern the limitations and restrictions on the utilization of this technological innovation.
Regulation of AI under the EIT Law
In 2020, the Indonesian Agency for the Assessment and Application of Technology (Badan Pengkajian dan Penerapan Teknologi or “BPPT”) issued the National Strategy on Artificial Intelligence 2020 – 2045 (Strategi Nasional Kecerdasan Artificial Indonesia 2020 – 2045 or “Stranas KA”). The issuance of Stranas KA followed a series of discussions organized by the BPPT between representatives of the relevant government authorities, including the Ministry of Research and Technology (now the Ministry of Education, Culture, Research and Technology), the Ministry of Communications and Informatics (“MOCI”), the Financial Services Authority (Otoritas Jasa Keuangan or “OJK”), universities and industry players.
Stranas KA serves as a guideline for ministries and governmental institutions in preparing Indonesia’s policies and regulations on AI, as well as for other stakeholders in carrying out activities utilizing AI in Indonesia. However, to date, Indonesia is yet to enact a law or any implementing regulations that specifically govern the use of AI.
Currently under Indonesian law, artificial intelligence is regulated as an Electronic Agent under Law No. 11 of 2008 regarding Electronic Information and Transactions (“EIT Law”). Electronic Agent is defined under the EIT Law as a device of an electronic system operated by a person made to automatically perform an action on certain electronic information. The implementing regulation of the EIT Law, Government Regulation No. 71 of 2019 regarding the Implementation of Electronic Systems and Transactions (“GR 71/2019”), further stipulates the general principles to be followed by the operator in providing AI services (“AI Operator”), namely:
- Prudential principles;
- Security and integration of information technology systems;
- Security control over electronic transaction activities;
- Cost-effectiveness and efficiency; and
- Consumer protection in accordance with the applicable laws and regulations.
The EIT Law and GR 71/2019 provide that the legal responsibility arising from the use of AI shall be borne by the AI Operator, save for any losses arising from the use of AI caused by the negligence of the user, in which case the liability shall be borne by the user.
In relation to the above, the EIT Law and GR 71/2019 only regulate the general principles in utilizing Electronic Agents and the obligations of an AI Operator in utilizing AI as one type of Electronic Agents. They do not provide specific regulations on the utilization of AI and the different subsets of AI.
Recent Developments in the Regulation of AI
There was a recent development in the regulation of AI under Indonesian law with the issuance of MOCI Circular Letter No. 9 of 2023, dated December 19, 2023, regarding Artificial Intelligence Code of Ethics (“MOCI CL 9/2023”) and the OJK Code of Ethics Guideline on Responsible and Trustworthy AI in the Financial Technology Industry (“OJK AI Guideline”).
MOCI CL 9/2023
Both MOCI CL 9/2023 and the OJK AI Guideline regulate the code of ethics to be considered and followed in utilizing AI. MOCI CL 9/2023 broadly regulates the code of ethics to be followed by both public and private electronic system operators engaged in AI-based activities, while the OJK AI Guideline serves as a guideline to be followed for the use of AI specifically in the financial technology industry.
MOCI CL 9/2023 defines AI as a form of programming on a computer device for carrying out the accurate processing and/or analysis of data. The implementation of AI is defined as activities in connection with research, product development, marketing, as well as the utilization of AI, including, but limited to, machine learning, natural language processing, expert system, deep learning, robotics, neural networks, and other subsets of AI utilization.
Essentially, MOCI CL 9/2023 obliges every implementation of AI to be based on the following code of ethics:
- Inclusivity;
- Humanity;
- Security;
- Accessibility;
- Transparency;
- Credibility and accountability;
- Personal data protection;
- Sustainable development and the environment; and
- Intellectual property.
OJK AI Guideline
The OJK AI Guideline was prepared by the OJK specifically for companies engaged in the financial technology sector and serves as a guideline to minimize any unprecedented risks that may arise due to the use of AI in their business activities to increase the efficiency of business processes in the industry. The OJK AI Guideline is based on the OJK’s study on the Organization for Economic Co-operation and Development AI Principles and the National Institute of Standards and Technology AI Risk Management Framework.
In the OJK AI Guideline, the OJK defines AI as a combination of computer science, machine learning technology, and big data developed to find patterns, make predictions, and provide solutions for certain problems. The following are the code of ethics principles in ensuring the responsible and trustworthy utilization of AI:
No. | Ethical Values | Notes |
1. | Based on Pancasila | Pancasila is the philosophical foundation of Indonesia provided under Indonesia’s Constitution. Financial technology players must ensure that the development and utilization of AI is aligned with the values of Pancasila. |
2. | Beneficial | The utilization of AI by financial technology players must provide added value for their business operations, as well as increase consumer welfare and support a sustainable economy. |
3. | Fair and Accountable | Financial technology players must ensure that the utilization of AI is based on the principles of fairness and non-discrimination, including but not limited to having an adequate risk mitigation framework. |
4. | Transparent and Explicable | Financial technology players must be transparent with their customers regarding the process involved in the utilization of AI in their business processes. |
5. | Robustness and Security | In ensuring the robustness and security of the utilization of AI, financial technology players must, among other things, have adequate recovery mechanisms in the event of cyberattacks. |
What’s Next?
Following the issuance of MOCI CL 9/2023, the government is in the process of preparing a Presidential Regulation specifically governing AI, based on Stranas KA. However, it is unclear when this Presidential Regulation might be enacted, especially considering that Indonesia just had a presidential election and the new administration will take office in October.
Conclusively, even with the issuance of MOCI CL 9/2023 and the OJK AI Guideline, specific laws and regulations governing AI are still essential to ensure the utilization of AI in Indonesia is carried out responsibly and to mitigate any risks that may arise.
This publication is intended for informational purposes only and does not constitute legal advice. Any reliance on the material contained herein is at the user’s own risk. All SSEK publications are copyrighted and may not be reproduced without the express written consent of SSEK.