On 10 April 2025, the Indonesian government took a decisive step towards modernising its digital infrastructure with the enactment of Ministry of Communication and Digital Affairs Regulation No. 7 of 2025 (“New Regulation”). The measure is designed to support the rapid expansion of technologies such as the Internet of Things (IoT) and machine-to-machine (M2M) communications, both of which are increasingly critical to sectors ranging from consumer electronics to industrial automation.
Unlike conventional SIM cards, which are physical and user-replaceable, embedded SIMs (eSIMs) are integrated directly into devices and can be activated remotely. This innovation offers greater flexibility, enhanced data security, and more seamless integration across devices and networks. However, it also introduces new compliance responsibilities for Indonesia’s mobile satellite network providers (“Providers”).
The New Regulation sets out a series of key obligations for Providers intending to implement eSIM-based services, including:
- establishing and operating systems capable of managing local International Mobile Subscriber Identity (IMSI) numbers;
- integrating subscription management systems with both Mobile Subscriber Integrated Services Digital Network (MSISDN)—essentially the phone numbers assigned to mobile users—and local IMSI numbers;
- ensuring customer registration processes meet identity verification and data accuracy standards;
- adopting standard operating procedures (SOPs) to safeguard customer privacy and comply with personal data protection laws;
- implementing data security measures in all eSIM provisioning systems, including encryption, access control, and certified system use; and
- where third-party vendors are engaged, ensuring they are registered as Electronic Systems Operators (Penyelenggara Sistem Elektronik or PSE) and comply with applicable standards.
Non-compliance carries consequences. The Ministry may issue up to three written warnings (each allowing 30 working days for rectification) and may publicly disclose violations on its official website.
Recognising the operational adjustments required, the New Regulation provides a two-year transition period for Providers currently utilizing, or planning to adopt, eSIM technology. By 11 April 2027, all relevant systems, processes, and infrastructure must align with the regulatory framework.
The introduction of this framework is more than a technical upgrade—it reflects Indonesia’s ambition to position itself as a digitally competitive economy. By setting clear technical, security, and compliance standards, the New Regulation lays the groundwork for more secure, scalable, and interoperable connectivity, opening the door for innovation across industries and creating a more resilient digital ecosystem.