Discover insight through our challenging cases.

Legal Compliance for E-Commerce Company

”The Parties that conduct E-Commerce activity has legal compliance including specific license, namely SIUPMSE, obligation to have Electronic System Provider Certificate, use an Indonesian domain name (dot id), and so forth.”

To face the growth of Electronic Commerce (“E-Commerce”) activity in Indonesia, Indonesia Government has issued the Government Regulation No. 80 of 2019 on Commerce through Electronic System (“GR 80/2019”) and Regulation of Minister of Trade No. 50 of 2020 on Business Licensing, Advertising, Development and Supervision of Businesses in Commerce through Electronic Systems (“RM 50/2020”), collectively referred to as (“E-Commerce Regulation”). Both regulations have introduced comprehensive legal compliance for parties that conduct E-Commerce activity including the specific license namely Trade Business License through Electronic System (“Surat Izin Usaha Perdagangan melalui Sistem Elektronik” or “SIUPMSE”), obligation to have Electronic System Provider Certificate, use an Indonesian domain name (dot id), and so forth. 

Furthermore and according to E-Commerce Regulation, business practitioners on E-Commerce activity are consists of Merchants, Commerce through Electronic System Provider (“Penyelenggara Perdagangan Melalui Sistem Elektronik” or “PPMSE”), and Intermediary Service Provider. As for the reason of concision, this article will confine its discussion to PPMSE as E-Commerce Company.

Definition of PPMSE

PPMSE is all parties that provide electronic system service with a platform as an Electronic Communication Facility to facilitating E-Commerce activity. The Electronic Communication Facility can function as media information, communication, transaction settlement, payment system and/or goods delivery system.

From now on, the business model of PPMSE can be comprised as follows:

  1. Online retail or Merchant that own PPMSE facility;
  2. marketplace;
  3. online classified ads;
  4. price comparators platform; and
  5. daily deals.

Entity Requirements of PPMSE

In under GR 80/2019, PPMSE must be in the form of individual, business entity, society, or state official agency. Furthermore, E-Commerce Regulation has not explicitly stated the amount of capital requirement for a business entity.

Nevertheless, RM 50/2020 has obligated PPMSE to have specific license, namely SIUPMSE as aforementioned. In according to Regulation of Minister of Trade Number 64 of 2020 on Amendment of Regulation of Minister of Trade Number 08 of 2020 on Electronic Integrated Business Licensing Services in Commerce Sector (“RM 64/2020”), SIUPMSE is classified into Indonesian Standard Industrial Classification (“Klasifikasi Baku Lapangan Usaha Indonesia” or “KBLI”) 63122, which known as Portal Web and/or Digital Platform with Commercial Purposes.

In accordance with Indonesian Negative Investment List 2016, KBLI 63122 have a limitation on foreign investment maximum 49% (forty-nine per cent) for PPMSE with investment amount less than IDR 100 billion. However, and as per this article written, references of Online Single Submission (“OSS”) website did not mention SIUPMSE as license type that includes in KBLI 63122 and regarded only to portal web license which issued by Ministry of Industry.

Legal Compliance for PPMSE

E-Commerce Regulation has stipulated several legal compliances which must be fulfilled by PPMSE. The several compliances are as follows:

  1. Obligation to have SIUPMSE with the following commitment:
  2. Electronic System Provider Certificate which issued by the Ministry of Communication and Information at last 14 (fourteen days) after SIUPMSE (non-effective) was issued.
  3. Website address and/or platform name.
  4. Consumer complaint service as contact number and/or email.
  5. Consumer complain service that stated contact information of Directorate General of Consumer Protection and Orderly Commerce.
  6. Use Indonesian high-level domain name (dot id) for system electronic in the form of an internet site.
  7. Use Internet Protocol Address (IP Address) by the prevailing laws and regulations.
  8. Use server devices placed in the data center. The server must be located in Indonesia as the requirement to obtain an Electronic System Provider Certificate.
  9. Fulfill technical requirements stipulated by relevant institutions and obtain Trustmark or “Sertifikat Keandalan” in accordance with the prevailing laws and regulations.
  10. Submission of data and/or information periodically to a government institution.
  11. Comply with all prevailing laws and regulations related to the business activity of E-Commerce.
  12. Obligation to have Standard Information Security Certificate as a requirement to obtain an Electronic System Provider Certificate. Standard Information Security Certificate can be regarded to Information Security Index (“Indeks Keamanan Informasi” or “KAMI”) held by State Cyber and Code Agency that leads to SNI ISO/IEC 27001:2013 (SMKI) certification.

Author: Kristalia Andiani Puteri

Gaffar & Co., Indonesian Boutique Law Firm which specializing and focus on commercial law areas include capital market and Fintech Services.

For further queries and information, please contact us:

+62- 21 2271 8638  | +62 – 811 877 216 | |

Share on linkedin