Thank You

You are now registered for our Rouse Insights Newsletter

Electronic Contract Best Practices: Indonesia

Published on 19 Dec 2022 | 8 minute read
This note discusses issues on electronic contract formation in Indonesia and proving click wrap agreements.

Contract Formation under the Indonesian Civil Code

At the outset, it is necessary to understand the basic requirements of contract formation in Indonesia.

The Civil Code in Article 1320 stipulates in the general term that "there must be consent of the individuals who are bound thereby".  The Indonesian Civil Code does not specifically stipulate paper documents or wet ink signatures.  But this is what the Indonesian courts have come to expect in order to prove the existence of a contract.

The conventional view of a valid contract is therefore that captured in a formal document with both parties appending their wet ink signature onto a paper document. This view is not likely to change in the near future.  So, it will not be possible to apply common law concepts of contract formation such as contract by conduct or contract by correspondence - where the act of assent is not captured in the same document.

The above sets the backdrop in the following discussion on the validity and enforceability of "electronic contracts" which by its very nature seeks to do away with the above traditional notion of contract under the Civil Code.



Electronic contract first gains its recognition under Law No. 11 of 2008 on Electronic Information and Transactions (the “ITE Law”) in Article 18 Paragraph (1):

Article 18

  • Electronic Transactions which are made into an Electronic Contract are binding on the parties.

The thinking back then was that signatures were still required albeit in electronic form. Article 11 of the ITE Law provides for the legality of electronic signatures:

Article 11

  • Electronic Signature has valid legal force and legal consequences as long as the following requirements are met:
  1. The Electronic Signature creation data is only related to the Signer;
  2. The Electronic Signature creation data at the time of the electronic signing process is only in the Signer’s possession;
  3. All changes to the Electronic Signature which happen after the signing are discoverable;
  4. All changes to the Electronic Information which are related to the said Electronic Signature after the signing are discoverable;
  5. There is a certain method that is used to identify who is the Signer; and
  6. There is a certain method that can show that the Signer has granted their approval in regard to the relevant Electronic Information.
  • Further provisions regarding Electronic Signature as referred to in paragraph (1) shall be regulated in a Regulation of the Government.

Electronic signatures were generally thought to require those issued by certification institutions - certified electronic signatures. To date, several local certification institutions have been commissioned by the Indonesian government. 

Subsidiary legislation to the ITE Law in the form of Government Regulation No. 71 of 2019 on the Administration of Electronic Systems and Transactions (the “GR No. 71/2019”) confirms that electronic signature can be certified or uncertified - Article 60 Paragraph (2) and Paragraph (4):

Article 60  

(2)    A Digital Signature shall consist of:

  1. A certified Digital Signature; and
  2. An uncertified Digital Signature.

(4)   The Uncertified Digital Signature as referred to in paragraph (2) letter b is made without using the services of the Indonesian Electronic Certification Provider.

So, this opens the door to "uncertified electronic signature" which could possibly include DocuSign.  However, note this caveat on evidential value as provided the elucidation to Article 60 Paragraph (2) of GR No. 71/2019 -

Paragraph (2)

The legal implications of the use of certified or non-certified Digital Signatures shall affect the strength of the evidentiary value.

It is arguable that uncertified signatures extend to DocuSign. There is also a view that a scan of a wet ink signature might also qualify as an uncertified signature - although the evidential weight is probably low. However, uncertified signatures notions will probably not extend to click wrap or shrink wrap agreements where the act of assenting is a temporal act of clicking a virtual button on the computer display - it does not result in a visible signature. This temporal act is not captured by anything visible and readily recognizable by the human eye as a signature in the traditional sense.  Nevertheless, it seems generally accepted that click wrap contracts are valid in Indonesia.


Click Wrap Agreement Legality

There are two issues in connection with click wrap agreements:

  1. Formation of legally bound agreement; and
  2. Terms and conditions that are to be associated with the agreement, assuming that the first hurdle of contract formation is cleared.

Contract Formation - click wrap contracts are still not on firm ground as discussed above.  It is arguable that the following provision in GR No. 71/2019 supports the recognition of click wrap agreements where there is no appending of signatures (wet ink or electronic).


Elucidation to Article 46 Paragraph (1)

Paragraph (1)

Electronic Transactions can include several forms or variants, including:

  1. The agreement is not conducted electronically, but the contractual relationship is completed electronically;

"Completion of contractual relationship" arguably includes click wrap. By this interpretation, a contractual relationship can be said to have been completed through the conduct of the parties such as the act of checking a click wrap button.

However, it would be of no practical effect if it is not possible to prove in court the entering of a click wrap agreement - usually in the event of a dispute.  To do this, it should at least have available tangible contemporaneous records of the act of checking and the terms agreed to.

Contractual terms in online contracts - Assuming that contract formation is not an issue, there is then the issue of proving the terms and conditions that comprise the agreement.  Bearing in mind that any record of the terms and conditions are in digitized form tucked away in the ether world repository.  Even if such terms and conditions can be printed when it becomes necessary because a dispute has arisen, there is still the challenge of proving that the printed terms and conditions were the ones to govern the agreement at the time of the user's act of clicking. 

This brings us to the point that the act of clicking is purely temporal.  Any subsequent printout will not be a contemporaneous record of the terms and conditions. In a more developed jurisdiction, evidence will be called to prove that the printed terms and conditions are the correct copy of the version stored in the computer system - the version of terms and conditions that the user previously gave his or her assent to.

Indonesian courts may not be receptive to such after-the-fact testimony to prove contemporaneous terms and conditions of online contracts. They are accustomed to printed agreements with wet ink signatures signifying parties' assent to the governing terms. Indonesian judges have the proclivity of dismissing claims where claimants veer off from their strict expectations of evidential proof. Any attempt to prove agreements other than the traditional mode might be at risk of such rejection.  See below under Best Practice where we propose record keeping of click wrap agreements.

An alternative to court litigation is no doubt arbitration where arbitrators are probably savvier in commercial matters and receptive to the non-traditional mode of proving online contracts.


Consent under Personal Data Protection Act

In this context, data subject consent probably comes to the fore.

The requirement for obtaining consent can be said to be well defined - Article 22 of Law No. 27 of 2022 on Personal Data Protection (the “PDPA”):

Article 22

  1. Approval for Personal Data processing shall be carried out through written or recorded consent.
  2. The approval as referred to in paragraph (1) may be submitted electronically or non-electronically.
  3. The approval as referred to in paragraph (1) has equal legal force.
  4. In the event that the approval as referred to in paragraph (1) contains other purposes, the request for approval must meet the following conditions:
  5. Can be clearly distinguished from other things;
  6. Is made in an understandable and accessible format; and
  7. Use simple and clear language.
  8. Approval that fails to meet the provisions as referred to in paragraphs (1) and (4) shall be declared null and void.

What is clear is that a positive act indicating assent is required. It cannot be implicit - that the data subject is deemed to give consent by continued use of the services on the website.  

Click wrap is therefore a viable option even if the PDPA quite clearly rules out implicit assent.

The act of clicking is nevertheless a temporal act - and the backend record might show no more than the IP address of the data subject (usually the only identity available to the data controller) and the act of checking off the box, and the associated set of terms and conditions. Note that the IP address is not a constant that is always associated with the same data subject. It is therefore not a reliable means to identify the user. If the identification of the data subject is not submitted prior to clicking, it can be foreseen that it will be difficult to prove the identity of the person who "clicked" at the material time.

Best Practice in Click Wrap Agreement Management

The primary consideration would be record keeping of the act of clicking. Bearing in mind that IP address as the source of the click will not be sufficient to identify the user without more such as name and residence. The system should therefore at least be set up with a prompt for the data subject to submit his or her name and other identifiers.

An automatic system should be set up to generate record keeping. Whenever a user checks off the click box, the record should be automatically generated with the following data field:

  1. User location.
  2. User email.
  3. The exact date and time the user affirmed consent to the terms of the contract.

The record generated should ideally be captured in an email to the user serving as a contemporaneous record.

The confirmation email to the user should be served as a record of the consent and the terms agreed to.  A system should be set up to safe keep emails.  Should any litigation arise, the email will serve as a contemporaneous record of the act of assent and the terms assented to.

The back-end process should be documented should the veracity of the records be challenged. 

The above makes no prediction of how the Indonesian court will eventually rule on the question of a click wrap contract.  Each case will have to be considered on its own merits.  Professional advice should be sought in respect of your business practice.


Please contact for more information.

Other related articles:

2022 Indonesian Data Protection Law

Data Controller responsibility in the event of data breach – Indonesia

Digital Services Regulations in Indonesia

Cross border data transfer – Indonesia

30% Complete
+62 21 5080 8157
Partner at Suryomurcito & Co (a member of the Rouse Network)
+62 21 5080 8157
+62 21 5080 8157
Partner at Suryomurcito & Co (a member of the Rouse Network)
+62 21 5080 8157