Toby Grainger, Olswang Partner and Head of the Indonesia Group, looks at the implications for customers and service providers of Indonesia’s latest announcement on cloud policy.
A sigh of relief for Indonesian Data Centres and the notorious GR 82?
The Jakarta Post reported this month that the requirement to build data centres in Indonesia will be eased, as it incurs high costs and threatens competitiveness. The report is based on comments made by Communications and Information Minister, Rudiantara.
A reminder: What does GR 82 say?
GR 82 (i.e. Government Regulation No. 82/2012) requires an electronic system operator for public services to locate its data centres and disaster recovery centres in Indonesia. The law was introduced for the purposes of law enforcement, protection and sovereignty.
Why is it problematic?
One of the problems with GR 82 is that the term “public services” is broadly defined. It includes the provision of goods, services, and administrative services provided by government institutions or state-owned enterprises. It also extends to the provision of services by non-government institutions in banking, insurance, health, security, industrial services and social activities. This is where the perceived problem with GR 82 lies: private sector businesses in these sectors must have data centres in Indonesia.
This requirement poses two challenges to businesses in Indonesia:
- It is not easy to build data centres in Indonesia. As the Jakarta Post also reported, Indonesia was included in the bottom three for data centre building based on an IDC data centre index ranking released in 2014 (among 13 Asia-Pacific countries, excluding Japan). It is expensive to build data centres in Indonesia. A lack of adequate infrastructure and uneven electricity distribution were cited as the main challenges for enterprises looking to build data centres in Indonesia.
- Business need to be able to transfer data to other locations. GR 82 also makes it hard for businesses (local and international) to transfer data to other locations for legitimate business purposes. In today’s online world, the ability to use and transfer their data should be something businesses can take for granted. This move, if confirmed, appears to be an acknowledgment that a more restrictive approach would hamper the ability of local and international companies to practically do business in Indonesia, and that such an approach would not be necessary to achieve the policy objectives.
How long could this recent sigh of relief last?
Businesses will likely breath a sigh of relief upon reading this report. However, this could just be temporary. Changes to regulations can take a long time in Indonesia and nothing is set in stone just yet.
GR 82 already provides for a transition period and its requirements do not apply in practice until 1 October 2017. If the requirements are formally eased before then, then businesses will have more reliable grounds for relief. However, unless there is a formal change, businesses (for now) should still work to the 2017 deadline.
We warmly welcome this positive report and we hope that the Ministry moves quickly down this path.
With thanks to Matthew Hunter.