by Setyawati Fitrianggraeni, Sri Purnama, Fildza Nabila Avianti
On the 15th March 2023, Indonesia’s President, Joko Widodo raised worry about government workers using international credit cards. He desires that the country’s card issuer safeguard transactions from potential US penalties, as was done to Russia, whilst also reducing reliance on foreign companies and asserting greater control over the country’s financial transaction. Last year, the government introduced the Government Credit Card (KKP) scheme for domestic use by government organisations and employees. Whilst it has yet to be widely embraced, President Joko Widodo’s drive is anticipated to increase local acceptability before they seek to internationalise it.
This statement raises the topic of Digital Sovereignty and why it is important for nations, in this context is Indonesia, to start considering of switching its dependency on international services to building its own. Floridi (2020) found that digital sovereignty is a central element in policy discourses on digital issues, but it remains highly contested. Meanwhile, Pohle and Thiel through their work “Digital Sovereignty”, suggested that digital sovereignty is understood more as a discursive practice in politics and policy than as a legal or organisational concept.
According to Couture, the concept of digital sovereignty is used to describe various forms of independence, control, and autonomy over digital infrastructures, technologies, and data. Whilst the notion of digital sovereignty is generally used to assert some form of collective control of digital content and/or infrastructures, the interpretation, subject, means and definition of sovereignty can significantly differ. However, the urgencies to implement this are still needed to be scrutinised as well as Indonesia’s capacity on creating digital independence from foreign parties’ interferences. Is Indonesia ready? What should we expect coming out of this?
THE URGENCY OF DIGITAL SOVEREIGNTY IN INDONESIA AND ITS BENEFITS
As digital sovereignty refers to a nation’s ability to maintain control over its digital assets, infrastructure, and data, as well as to protect the digital rights and privacy of its citizen, by having a heavy reliance to international digital services might make the effort to have a secure networks and protection of the digital realm counterproductive. For instance, the digital industries are mainly monopolised by the big tech companies, such as Microsoft, Google, and AWS. In the case that there are data breaches or disputes between parties that must push those service providers to convey its user’s data might lead to the leaks of Indonesia’s citizen big data into the dark web.
Further, if disputes arise between users and the services, there will be fraction in the implementation of the laws considering that the foreign services still must be in compliance with their national legislations that are disadvantaging its customers who are nationals of foreign countries. Another concern lies within the possibilities of the country involvement to this technology sector that have full control over the digital sphere in times of crises, just like what happened in Russia and Ukraine. The growing and worsening mistrust between nations and heavy reliance on foreign technologies might disabled a whole country’s cybersecurity systems that are needed not only for war, but on a day-to-day basis, such as bureaucracy or public health sectors.
Indonesia has seen a considerable increase in cyberattacks and security breaches in recent years. In 2019, Indonesia experienced about 290 million cyberattacks. These dangers include data breaches, financial fraud, cyber espionage, and critical infrastructure assaults, emphasising the need for Indonesia to bolster its digital sovereignty and cybersecurity capabilities. However, the lack of control to its own digital realm might raise the confusion on pinning the blame and who should be made liable on these attacks.
Digital sovereignty is intrinsically linked to innovation and technological advancement since a nation with more control over its digital assets and infrastructure may more effectively promote local enterprises and startups. Strengthening Indonesia’s digital sovereignty may assist in establishing an enabling environment for local ICT enterprises, boosting innovation and global market competitiveness. Additionally, fostering technical autonomy and decreasing dependency on foreign digital goods and services may help grow a healthy and self-sufficient digital economy.
INDONESIA’S CURRENT LEGAL AND REGULATORY FRAMEWORK
Indonesia has never made any official statement on aiming into digital sovereignty. However, there are relevant legal frameworks that touch the bases of digital sovereignty.
As the umbrella regulation that provides guidance on electronic information and transactions, Article 15 of the ITE Law regulates that any electronic system provider must provide electronic systems in reliable and secure manner and shall be responsible for the proper operation of the electronic systems. This means that all electronic system providers, regardless of whether the system is used for governmental, commercial, or personal purposes, must ensure the operation of the system runs reliably, safely, and responsibly.
Indonesia’s Government Regulation Number 71 of 2019 on Implementing Electronic Systems and Transactions (GR 71/2019) replaces Government Regulation Number 82 of 2012 (GR 82/2012). Among the revisions included in the new GR 71/2019 are the following, amongst others:
This regulation did not reach the possibility that the providers of the storage or servers might be purchased or subscribed from an international company, which has access to their data control and still have to submit to foreign laws or their company’s origin. Further, this GR also lets operators of private scope store data offshore even though it involves the citizen of Indonesia’s data, whilst the previous version of this GR mandated whether public and private sector to store data onshore.
Through the Law on National Defence, it can also be presumed that the existing electronic systems in Indonesia are expected to become a unified system that is solid, reliable, and secure nationally. This is in line with the principle of national defence in Article 1 point 1 of the Law on National Defence, that national defence is all efforts to defend state sovereignty, territorial integrity of the Republic of Indonesia, and the safety of the entire nation from threats and disturbances to the integrity of the nation and state. Therefore, the management of electronic systems implemented in Indonesia is also expected to become a national defence effort in building and fostering the capability, deterrence of the state and nation, and overcoming any threat, as stated in Article 6 of the Law on National Defence.
POLICY RECOMMENDATIONS AND STRATEGIES FOR IMPLEMENTATION
There are several policy suggestions and implementation strategies, first, establishing a comprehensive national plan for digital sovereignty. This establishment can be implemented through a coordinated approach and linkage with national development objectives. Second, enhancing the legal and regulatory structure through updating existing regulations and establishing new legal frameworks. Third, improving digital infrastructure and the digital ecosystem through increasing broadband connectivity and supporting local technology companies and start-ups. Fourth, enhancing digital literacy and public awareness, which can be undertake through national digital literacy campaigns and integration of digital literacy into the education system. Lastly, promoting international collaboration and cooperation which can be achieved through regional and global partnerships and participations in international forums.
Due to rising cyber threats and digital technology dependence, digital sovereignty is a global challenge for countries. Indonesia needs digital sovereignty to maintain national security, economic progress, and social development in the fast-growing digital environment. Increased internet usage, a vibrant technology industry, and expanding investment in digital initiatives show that Indonesia has developed its digital infrastructure and ecosystem. The digital gap, low digital literacy, and the need for a comprehensive legal and regulatory framework to manage developing digital concerns continue. Indonesia must combine national interests with international commerce and obligations to attain digital sovereignty
The information contained in this Legal Insight is not intended to provide legal opinion or views of the Anggraeni and Partners law offices against a particular legal issue.
Neither party may assume that he or she should act or cease to act or choose to act on a particular matter based on this information without seeking advice from professionals in the field of law in accordance with certain facts and circumstances it faces.
For further information, please contact:
P: 6221. 7278 7678, 72795001
H: +62 811 8800 427
Fildza Nabila Avianti
Research Associate Ocean Maritime
Junior Legal Research Analyst
Research Group Transnational Litigation and Tort Law
 The Jakarta Post, “Jokowi wants local governments to ditch Visa, Mastercard”, TheJakartaPost, (March 2023).
 Ricky Mohammad Nugraha and Petir Garda Bhwana, “Jokowi Lauds Domestic Govt Credit Card, International QRIS Launch”, TempoCo, (August 2022).
 Luciano Floridi, “The Fight for Digital Sovereignty: What It Is, and Why It Matters, especially for the EU”, Springer Philosophy & Technology, 33, (2020), pp. 369-378.
 Stephane Couture and Sophie Toupin, “What does the notion of “sovereignty” mean when referring to the digital?”, New Media & Society, Vol. 21, Iss. 10, (2019), pp. 2305-2322.
 Stephane Couture and Sophie Toupin, “What Does the Concept of ‘Sovereignty’ Mean in Digital, Network and Technological Sovereignty?”, GigaNET: Global Internet Governance Academic Network – Annual Symposium 2017, (2018), pp. 2.
 Benjamin Cedric Larsen, The Geopolitics of AI and the rise of digital sovereignty (Brookings Institute 2022).
 This report is released by Indonesian National Cyber and Crypto Agency (Badan Siber dan Sandi Negara, or BSSN). The number shows a 25% increase compare to the previous year, when cybercrimes had caused losses of USD 34.2 billion for Indonesia. See, Noor Halimah Anjani, “Cybersecurity Protection in Indonesia”, Research Report, Policy Brief Number 9, Centre for Indonesian Policy Studies (CIPS), Jakarta.
 Organisation for Economic Co-operation and Development, Going Digital: Shaping Policies, Improving Lives – Summary, (Paris: OECD, 2019).
 Jeanette Hofmann, “Multi-Stakeholderism in Internet Governance: Putting a Fiction into Practice”, Journal of Cyber Policy, Vol. 1, Iss. 1, (2016), pp. 29-49.
 Article 20 and 21 of the Government Regulation Number 71 of 2019 on the Implementation of Electronic Systems and Transactions regulates that Electronic Systems Operators of the Public Scope must have a continuity of operations strategy to address disruptions or catastrophes in line with the risk of the resultant consequences. Private Electronic System Operators are permitted to manage, process, and/or store Electronic Systems and Electronic Data inside and/or outside Indonesia. If the Electronic System and Electronic are managed, processed, or kept outside of Indonesian territory, the Private Electronic System Operator is obligated to guarantee the efficacy of monitoring by the relevant Ministries or Agencies and law enforcement. The regulatory and supervisory authorities of the financial industry impose additional regulations on the administration, processing, and storage on Electronic Systems.
 In the United States, The CLOUD Act was enacted in response to problems the Federal Bureau of Investigation (FBI) encountered in acquiring remote data from service providers through Stored Communications Act (SCA) warrants since the SCA was created before cloud computing was a viable technology. During a 2013 investigation into drug trafficking, the FBI obtained an SCA warrant for emails that a U.S. citizen had stored on one of Microsoft’s distant servers in Ireland, but Microsoft refused to comply. This legal dispute led to Microsoft Corp. v. United States before the Supreme Court. The FBI maintained that Microsoft had complete control over the data and should be forced to provide it in response to the demand. However, Microsoft asserted that the SCA did not apply to data housed outside the United States. The challenge acknowledged that while the FBI could request a mutual legal assistance treaty (MLAT) to aid in data discovery during cross-border law enforcement, the process to acquire a new MLAT if one is not already in place or to process a request through an existing MLAT can be time-consuming and hinder law enforcement efforts.
 The Indonesian government should design a comprehensive national digital sovereignty policy incorporating input from diverse stakeholders, such as the commercial sector, academia, and civil society. Fulvio Castellacci and Clara Vinas-Bardolet, “Internet Use and Job Satisfaction”, Computers in Human Behaviour, Vol. 90, (January 2019), pp. 141-152.
 The plan should be aligned with Indonesia’s more significant economic and social development objectives, ensuring that digital sovereignty activities contribute to inclusive and sustainable progress. See, World Bank, “Ensuring a More Inclusive Future for Indonesia through Digital Technologies”, Press Release Number 2022/004/EAP, (2021).
 Existing rules and regulations should be reviewed and updated to accommodate increasing digital concerns, including data protection, privacy, and security. See, United Nations Conference on Trade and Development, “Digital Economy Report 2019 – Value Creation and Capture: Implications for Developing Countries”, UNCTAD, (2019).
 Novel legal frameworks may be necessary to meet particular digital sovereignty concerns, such as data localisation and cross-border data flows. See, Anupam Chander and Uyen P. Le, “Data Nationalism”, Emory Law Journal, Vol. 64, Iss. 3, (2015), pp. 677-739.
 To bridge the digital gap, the government should prioritise investments in broadband infrastructure, especially in undeserved rural regions. See, World Bank, Op. Cit.
 The government may aid the creation of local technology enterprises by offering financial assistance, tax benefits, and access to innovation centres and incubators. See, PricewaterhouseCoopers, “Indonesia’s Fintech Lending: Driving Economic Growth Through Financial Inclusion”, PWC Indonesia – Fintech Series, (2019).
 The government, in partnership with the commercial sector and educational institutions, should establish a national digital literacy campaign to increase public awareness and enhance digital skills across the population. See, Nancy Law, David Woo, Jimmy de la Torre, Gary Wong, A Global Framework of Reference on Digital Literacy Skills for Indicator 4.4.2., (Montreal: UNESCO Institute for Statistics, 2018).
 Digital literacy should be included in the national curriculum at all school levels to ensure students gain the skills essential to flourish in the digital age. See, Organisation for Economic Co-operation and Development, Op. Cit.
 Indonesia should aggressively participate in regional and global partnerships on digital sovereignty, engaging with other nations to build common norms, standards, and best practices. See, ASEAN, ASEAN Digital Masterplan, (Jakarta: ASEAN, 2020).
 Indonesia should engage in international forums on digital policy, such as the G20 Digital Economy Task Force and the Internet Governance Forum, to exchange information and learn from other nations. See, G20, “G20 Ministerial Statement on Trade and Digital Economy”.