The Government (through the Ministry of Communication and Informatics (MOCI)) has issued a draft amendment to Government Regulation No. 82 of 2012 (GR 82) on the Implementation of Electronic Systems and Transactions (Draft Amendment) for public comment and feedback. GR 82 is an implementing regulation of Law No. 11 of 2008 as amended by Law No. 19 of 2016 on Electronic Information and Transactions (EIT Law).

For context, under GR 82, electronic system operators1 that provide a "public service" were required to have onshore data centers and disaster recovery centers by 15 October 2017.

However, there has never been any clarification on the definition and coverage of "public service", there has been extensive lobbying from cloud providers and the business community (the latter on costs for business) and there have been different approaches taken by sectoral regulators. In October 2017, the MOCI indicated that it would revise GR 82 to introduce data categorization and lessen, where possible, the requirements for data localization.

The Draft Amendment addresses these points and expands on other matters. Unfortunately the Draft Amendment does not differentiate between data controllers and data processors as in other countries.