As Banks will be required to report the results of implemented Self-Assessments within 15 business days of the end of the relevant reporting year, the Draft Circular states that Self-Assessments should be scheduled for initial implementation by December 2023 and then reported by the end of June 2024.

The competence units that have been introduced under the decree include the following: 1) Stipulation of PDP strategy; 2) Preparation of a PDP risk matrix; 3) Implementation of the monitoring of PDP in accordance with compliance with relevant regulations; 4) Preparation of PDP governance; 5) Ensuring that PDP is fully integrated into incident response management

The Minister of Communication and Informatics is currently preparing a Draft Decree on Technical Standards for Telecommunications Equipment/Devices Specifically Short-Range Devices (SRD), which addresses ten specific types of SRD, including: 1) Bluetooth IEEE 802.15.1; 2) Ultra-Wide Band (UWB); 3) Low-Rate Wireless Personal Area Networks (LR-WPAN) IEEE 802.15.4; 4) Cordless telephones; 5) Wireless Power Transmission (WPT)

During the period prior to the declaration of any Cyber Crisis, the following three major measures should be implemented at the least: 1) Incident response; 2) Follow-up to an issued Cyber Crisis early warning by PSE; and 3) Determination of Cyber Crisis status by the president

The classification of telecommunications tools and/or devices that utilize the radiofrequency spectrum has now been adjusted

Digital Platform Companies are also required to meet a total of eight obligations that may result in the imposition of sanctions for any acts of non-compliance. However, only press companies that have been verified by the Council may submit requests that address the implementation of the above obligations to the Council

Generally speaking, this legal framework addresses various aspects that relate to the organization of cyber defense and security by Banks, including the following areas: 1) Inherent risk assessment; 2) Implementation of risk management in relation to cyber security; 3) Cyber defense processes; 4) Assessments of cyber security maturity levels; 5) Cyber security risk levels; 6) Cyber security testing; 7) Cyber defense or security units and functions; 8) Procedures for the filing of cyber incident reports

This regulation sets out a broader, more comprehensive set of requirements for the acknowledgment and registration of PSrE in comparison with the previous regulation. Furthermore, the new regulation also states that prior to obtaining an acknowledgment as a PSrE, an electronic services provider will first be required to secure an acknowledgment as a potential PSrE

When the Draft Circular comes into force, commercial banks will be required to carry out annual assessments of any inherent risks that relate to cyber security for the latest positions for December, which should encompass the following aspects: 1) Technology; 2) Banking products; 3) Organizational characteristics; and 4) Cyber incident track records

PDP Bill which was issued via the official website of the Indonesian House of Representatives on 20 September 2022 contains a total of 16 chapters and 76 articles. Said chapters address the following areas: 1) General provisions; 2) Principles; 3) Types of personal data; 4) Rights of Data subjects; 5) Data processing; 6) Obligations of Data controllers; 7) Data transfers; 8) Administrative sanctions; 9) Institution; 10) International cooperation; 11) Public participation; 12) Dispute settlement processes; 13) Prohibitions on the use of Data; 14) Criminal provisions; 15) Transitional provisions; and 16) Closing provisions