Look at the Forbes billionaires list for 2026. Elon Musk at the top, followed by Larry Page and Sergey Brin, then Jensen Huang, then Bezos and Zuckerberg further down.
The people accumulating the most extraordinary wealth in human history are almost uniformly building technology, not pulling resources out of the ground. The world has sent a pretty clear signal about where value is being created and where it is going.
Indonesia is still largely betting on the ground. We are a resource economy in an era where the resource that actually matters is compute and the people who know how to use it. Other countries are racing toward whatever the next stage of civilizational development looks like, and we are still arguing about whether ChatGPT needs to fill out a form.
That form is PSE, Penyelenggara Sistem Elektronik, and it is one of the more telling examples of how Indonesian policymakers think about the internet: as a space to be administered, not participated in.
What PSE Actually Requires
Under Ministerial Regulation No. 5 of 2020, any platform operating in Indonesia, local or foreign, must register with the government. Once registered, platforms must remove content the ministry deems harmful within 24 hours, or four hours in what the ministry decides is an “urgent” situation, without a court order. They must also grant government authorities access to user data and communications as a condition of registration, not as the result of any judicial process.
Here is the part almost nobody talks about. If you are a foreign platform, you need to appoint a local Indonesian representative. That representative carries personal legal liability if the platform fails to comply.
A named human being in Indonesia is legally accountable for decisions made by a corporation on another continent. Think about what that means for any Indonesian developer or startup that wants to build on top of a foreign AI API. The compliance cost is not just paperwork. It is someone’s neck on the line.
The regulation sits on top of something older. UU ITE, the foundational cyber law underpinning all of this, was drafted starting in 2003 and passed in April 2008, the same year the App Store did not exist yet. Generative AI and CDNs as global infrastructure were not imaginable use cases when the people writing this law sat down to define what an “electronic system” was. The law has been amended since, but the skeleton is the same one built for a much simpler internet.
We already know the government will use it. In July 2022, Kominfo blocked Steam, PayPal, Yahoo, and Epic Games after they missed the registration deadline. #BlokirKominfo trended with tens of thousands of tweets. Freelancers who depended on PayPal to receive international payments were locked out overnight. The government reopened PayPal for five days so people could withdraw their money, then closed it again until PayPal registered.
The pattern was established: the government has the button and will press it on platforms with users who have something to lose inside, because those users will pressure the platform to comply. That was 2022. The targets since then have gotten considerably more important.
The Wrong Tool for the Wrong Things
The Cloudflare situation illustrates how badly scoped this regulation is. Cloudflare is part of the internet’s core infrastructure, a content delivery network and security layer underneath tens of thousands of websites, many of them Indonesian. When Cloudflare had a global outage in November 2025, Canva and ChatGPT went down with it. Two days later, Komdigi threatened to block it.
The government’s justification was online gambling. A sampling of 10,000 gambling sites showed 76% were using Cloudflare infrastructure to mask IP addresses and evade blocking. So the proposed solution was to threaten the infrastructure layer itself. A ministry official literally suggested that Cloudflare should be “more selective” about which customers it accepts.
This is the kind of statement you make when you do not know what a CDN is. Cloudflare does not inspect or approve customer content, it moves data.
The reason this matters legally is something called safe harbor, which is the foundational principle behind how internet infrastructure operates everywhere else in the world. In the US it is Section 230. In the EU it is enshrined in the Digital Services Act. The basic idea is that a company providing the pipes is not responsible for what flows through them, as long as it acts when properly notified through a legal process. This is why we do not sue telephone companies when someone uses a phone to plan a crime.
Article 19 and virtually every international framework on internet governance applies the same logic to internet infrastructure: you cannot hold a passive conduit liable for content it does not control. Without safe harbor, no infrastructure company can operate at scale, because the legal exposure would be unlimited.
PSE has no equivalent protection. It makes no distinction between a platform that publishes content and a company that moves packets. Cloudflare registering as a PSE would mean accepting legal responsibility for what its customers do, which is precisely the liability that safe harbor exists to prevent. The government is essentially asking Cloudflare to sign away the legal architecture that makes it viable as a business, and framing it as a simple administrative requirement.
Then there is Wikipedia. The Wikimedia Foundation resisted PSE registration for months, specifically because the data access requirements put anonymous Indonesian Wikipedia editors at risk. Many contributors write about politically sensitive topics under pseudonyms.
In February 2026, Komdigi responded by blocking the login system for all Wikimedia properties, preventing Indonesian editors from accessing their accounts. By April, the ministry issued a final ultimatum: register within seven days or face a nationwide block.
Wikimedia eventually registered, after negotiating specific commitments from the government on user privacy and editorial independence. A nonprofit volunteer encyclopedia had to sit across from a ministry and negotiate to protect its own editors from government data requests!
And Now AI
Indonesia is in the top five countries globally for ChatGPT usage, alongside the US, India, Brazil, and the UK, accounting for 36% of all ChatGPT traffic. Our adoption grew 85% between late 2025 and early 2026, the fastest in Southeast Asia.
Kominfo started eyeing ChatGPT for PSE compliance back in February 2023, and by November 2025 Komdigi had formally warned OpenAI along with 24 other platforms to register or face blocking.
The ministry seems to believe this gives Indonesia meaningful leverage over OpenAI. It does not hold up when you look at the numbers.
Indonesia accounts for about 3.9% of total ChatGPT traffic, which sounds significant until you ask how much of that is paying. OpenAI had to create a separate discounted tier, ChatGPT Go, priced at $4.50 a month, specifically for markets like Indonesia because the standard $20 plan was not converting here. We are a big market by volume and a discount market by revenue. Indonesia’s actual contribution to OpenAI’s bottom line is a fraction of its share of visits.
OpenAI has no office here. Its data lives elsewhere. If the compliance burden, including the personal liability clause for a local representative, ever outweighed the value of the Indonesian market, they could stop serving us. That would hurt Indonesian users and developers enormously. It would not particularly affect OpenAI’s business.
We are not a market they need. We are a market they are slowly trying to convert, with a product they had to reprice specifically for us.
The Indonesia Emas Contradiction
I want to be specific about who is making these decisions, because “the government doesn’t understand tech” is easy to say and easy to dismiss.
The current minister, Meutya Hafid, is a former TV journalist and Golkar politician whose degrees are in Manufacturing Engineering and Political Science. She came to this portfolio from chairing the DPR’s Commission on defense and foreign affairs. Her predecessor was arrested mid-tenure for corruption in the national data center project. The official who told Cloudflare it should be more selective about its customers is a career civil servant.
This ministry has never been led by someone who built or operated digital infrastructure. The result is regulation designed by people who have never had to think seriously about what the systems they are regulating actually do. When the OSS registration portal was not even functional for foreign platforms when the 2022 deadline hit, that is what happens when a bureaucracy designs a compliance system for an industry it does not understand from the inside.
This is the same government whose centrepiece is Indonesia Emas 2045, a vision of Indonesia as a top-five global economy by its centennial, with AI explicitly named as a key driver. We currently spend 0.28% of GDP on research and development, one of the lowest rates among countries that claim serious AI ambitions.
Reaching that vision requires researchers who can access global tools freely, and developers who can build on foreign AI platforms without putting a named Indonesian individual at personal legal risk. PSE, built on a 2008 law and administered by career politicians and civil servants, pushes in the opposite direction.
I want to be fair. The stated goals of PSE are not invented. There are legitimate reasons to want foreign platforms to be legally accountable in Indonesia. But the mechanism serves whoever is running the ministry more than it serves Indonesian users. The data access requirements, the personal liability for local representatives, the “public order” catch-all with no fixed legal definition, these are leverage tools. And pointing them at the platforms driving the next wave of economic value creation is not governance. It is reflex.
Other countries are racing to get AI companies to invest locally, train local talent, and integrate into their economies. We are sending warning letters and asking them to register on a portal that was not working when we announced the deadline.
The richest people in the world built the internet and they are now building AI. Indonesia is still largely in the ground. And our response to that gap is more paperwork.
What I Think This Is Really About
Here is the thing that keeps nagging at me. The government’s loudest justification for PSE has always been online gambling. Block the sites, protect the people, clean up the internet. Komdigi has blocked hundreds of thousands of URLs. It threatened Cloudflare specifically because gambling operators were hiding behind its infrastructure.
And yet. PPATK reported that approximately 97,000 TNI and Polri members were involved in online gambling. That is not a fringe problem. That is systemic.
More specifically, ten Komdigi employees were arrested in late 2024 for protecting gambling sites. The same people whose job was to identify and block those sites were accepting payments from gambling operators to keep them running. Eighteen people were arrested in total. The ministry enforcing PSE had its own staff on the payroll of the industry PSE was supposedly built to fight!
This is not an argument about bad apples. It is a question about what the infrastructure of control actually enables. PSE gives the ministry direct access to platforms, content, and user data, with minimal judicial oversight and maximum discretion. That kind of power does not stay pointed in one direction. It follows incentives. And when the people holding it are the same people taking money to look the other way, the question of who PSE actually protects becomes very uncomfortable.
We have a constitution that answers this clearly. UUD 1945 Pasal 28F guarantees every citizen the right to communicate and access information freely. Pasal 28E ayat 3 guarantees freedom of expression. UU No. 39 Tahun 1999 on Human Rights guarantees the right to hold and disseminate opinions. These are not suggestions. They are the legal foundation this country is built on.
PSE, as written and as enforced, sits in tension with all of them.
I am not saying the internet should be lawless. I am saying that a regulation built on a pre-smartphone law, administered by political appointees, used to threaten AI companies and encyclopedias and infrastructure providers, while the ministry’s own employees were moonlighting as protection for gambling syndicates, is not a governance tool. It is a power grab dressed in the language of order.
The internet is not going to cooperate. You cannot meaningfully block it without making sacrifices Indonesia has not shown it is willing to make. Every year the tools get better at routing around restrictions. Every arrest and every PPATK report and every investigative piece in Tempo exists because information moves and people share it. Transparency is not a side effect of the internet. It is the mechanism.
The government cannot control the internet without eventually being exposed by it. The smarter move is to stop trying to control things it cannot control, clean up what is actually within its power to fix, and let Indonesians use the tools that the rest of the world is already using to build the future.
Leave us alone. We know what we are doing.