Generally, Indonesian law recognises two main types of business organisation: those structured as non-incorporated business entities (badan usaha) and those operating as duly incorporated legal entities (badan hukum). Legal entities such as limited liability companies, foundations and co-operatives are independent legal personalities that may be held liable for actions taken as a corporate organisation. Business organisations in Indonesia typically operate as limited liability companies.

Corporate governance requirements applicable to Indonesian companies are principally regulated under Indonesia’s Law No 40 of 2007 regarding Limited Liability Companies, as amended (the “Company Law”). In addition, specific corporate governance requirements also apply to:

• publicly traded companies;
• companies operating within certain business sectors, such as oil and gas, banking, and financial services; and
• state-owned enterprises.

A limited liability company is also subject to its articles of association, which must be determined by the founding shareholders at the time of the company’s incorporation. A company’s articles of association may not contravene the Company Law. However, they may regulate matters in greater detail and deviate from certain default standards in the Company Law, provided they do not conflict with its mandatory provisions.

Publicly traded Indonesian companies are subject to Indonesia’s Law No 8 of 1995 regarding Capital Markets, as amended, as well as to regulations of the Financial Services Authority (Otoritas Jasa Keuangan – OJK) and the Indonesia Stock Exchange.

At the end of 2024, the OJK enacted OJK Regulation No 45 of 2024 concerning the Development and Strengthening of Issuers and Public Companies (“OJK Reg, 45/2024”). This regulation repeals, either wholly or partially, a number of previous regulations, including those governing the registration and delisting of public companies, rights issues and the disclosure of material information or facts.

One of the key developments introduced by OJK Reg, 45/2024 is a refinement of corporate governance provisions, particularly regarding the disclosure of material information and facts and the responsibilities of controllers of public companies.

Whereas the previous regime required public companies to disclose material information within two business days, the new regulation mandates that such disclosures be made as soon as possible and no later than prior to the opening of the next business day’s first trading session. This expedited timeline is intended to promote greater transparency and uphold market integrity.

In addition, OJK Reg, 45/2024 reasserts the obligation of public companies to identify and report their controllers to the OJK, along with any subsequent changes thereto. The term “controller” is defined broadly to include any party that directly or indirectly owns more than 50% of the paid-up voting shares, or otherwise has the capacity, whether directly or indirectly and by any means, to determine the management and/or policies of the company. Under this regulation, the designated controllers are entrusted with broader responsibilities, including but not limited to:

• convening and attending general meetings of shareholders (GMS);
• ensuring the business continuity of the public company; and
• appointing members of the board of directors (BOD) and board of commissioners (BOC).

Notably, OJK Reg, 45/2024 provides that controllers may be held personally liable for losses incurred by the company based on a resolution of independent shareholders at a GMS or a decision of the OJK or a competent court if it is proven that the controller:

• in bad faith, exploited the company for personal gain;
• committed unlawful acts involving the company; or
• misused the company’s assets, either directly or indirectly, resulting in the company’s inability to fulfil its obligations.

The BOD is responsible for the day-to-day management of the company, under the supervision of the BOC.

The BOD is generally authorised to make any decision relating to the management of the company, though some decisions are subject to the approval of the BOC and/or the general meeting of shareholders (GMS). The payment of interim dividends to shareholders, for example, is decided by the BOD but requires the approval of the BOC. The BOD is also required to seek GMS approval to transfer or encumber the company’s assets exceeding 50% of the company’s net assets in one or more transactions, or to undertake a merger with another company. The articles of association may also list other actions by the BOD not specified in the Company Law that would require prior approval of the BOC and/or the GMS.

The BOC is authorised to make decisions relating to the supervision of the BOD’s management of the company, including providing advice to the BOD and suspending members of the BOD.

The Company Law does not expressly regulate the process by which the BOD and the BOC make decisions, though as a matter of practice, Indonesian companies commonly include in their articles of association provisions governing the conduct of BOD and BOC meetings, such as quorum and voting requirements.

Any member of the BOD may act without prior approval of the entire BOD, unless the company’s articles of association regulate otherwise. The BOC, on the other hand, must act collectively based on a BOC resolution, meaning that each member of the BOC cannot act individually without authorisation pursuant to a BOC resolution.

The Company Law does not prescribe a mandatory organisational structure for the BOD or the BOC. However, in practice, the articles of association of Indonesian companies commonly regulate that where the BOD and BOC each comprise more than one member, a president director and a president commissioner must be appointed.

The Company Law does not assign specific roles to different members of the BOD. These roles may be assigned under the articles of association.

Under the Company Law, limited liability companies in Indonesia are required to have at least one director and one commissioner. There are no statutory restrictions on the number of directors and commissioners, but certain companies are required to have more than one director and commissioner. For instance, publicly traded companies and financing companies are required to have at least two directors and two commissioners. Banks and insurance companies are required to have at least three directors and three commissioners.

The appointment and removal of members of the BOD and the BOC may only be determined by a resolution of the GMS. Directors and commissioners may be appointed for a specific term and may be reappointed. Each appointment is effective on the date specified by the GMS or, in the absence of such specification, on the date the GMS is deemed closed.

Any individual may be appointed as a member of the BOD and the BOC provided they have legal capacity and have not, within the previous five years:

• been declared bankrupt;
• served as a member of the BOD or BOC of a company deemed responsible for that company’s bankruptcy; or
• been criminally convicted of an offence causing financial loss to the state and/or a criminal offence relating to the financial sector.

BOD and BOC members may be dismissed at any time through a GMS provided there is a valid reason for such dismissal. The director or commissioner concerned must be given the opportunity to present a defence against the proposed dismissal, unless that director or commissioner does not object to the dismissal. The dismissal becomes effective on the date the GMS is deemed closed or on any specific date determined by the GMS.

A member of the BOD may also be suspended by the BOC for a specified reason. During the suspension, the BOD member is not authorised to perform directorial duties. Within 30 days of the suspension, a GMS must be convened to decide whether the suspension will be lifted or if the director will be permanently dismissed.

A company’s articles of association may further govern the appointment, replacement and dismissal of BOD and BOC members. Unless specified otherwise in the articles of association, the GMS quorum and voting requirements for the appointment and dismissal of BOD and BOC members shall be a simple majority.

The Company Law does not recognise the concept of independent directors and, accordingly, does not generally require Indonesian companies to appoint independent directors. However, the Company Law does recognise the concept of independent commissioners, allowing a company’s articles of association to require the appointment of one or more independent commissioners.

The Company Law addresses potential conflicts of interest by prohibiting members of the BOD from acting as legal representatives of the company in certain matters in which they are conflicted. This is to ensure that representation is always in the company’s best interest, aligning with directors’ fiduciary duties.

In addition, Law No 5 of 1999 regarding the Prohibition of Monopolistic Practices and Unfair Business Competition, as amended, explicitly prohibits individuals from concurrently serving as directors in other companies operating in the same market or closely related business industries.

The Company Law mandates that directors have the primary responsibility of managing the company in the company’s best interests, ensuring that their actions are in alignment with their fiduciary duties as well as the company’s purposes and objectives. Additionally, the Company Law assigns the BOD the responsibility of representing the company in both legal and non-legal matters.

The members of the BOD are entrusted to act in the best interest of the company, ensuring their actions align with the company’s objectives and purposes. In fulfilling their duties, BOD members may also consider the advice provided by the BOC, provided such advice similarly aligns with the company’s best interests and objectives. Ultimately, BOD members are obligated to serve solely in the best interest of the company, without consideration of the interests of other parties or bodies.

Under the Company Law, members of the BOD are required to perform their duties in good faith and with full responsibility. Generally, BOD members are not personally liable for company losses, provided their actions are conducted in the company’s interest and in accordance with the provisions of the company’s articles of association. However, BOD members may be personally liable for company losses if they are found guilty of misconduct or negligence in performing their duties. In such instances, claims may be brought against the relevant BOD members by other company organs.

If the BOD comprises two or more members, liability is joint and several, meaning each member responsible for the misconduct or negligence may be held jointly and individually liable.

On behalf of the company, shareholders representing at least one-tenth of the total shares with voting rights may file a lawsuit against BOD members in the relevant district court to seek compensation for losses suffered by the company. In addition, members of the BOC or other BOD members may also bring claims on behalf of the company against any BOD member whose misconduct or negligence has caused losses to the company.

As a principle, there is a clear separation between the personal assets and liabilities of the members of the BOD and those of the company. It is essential to determine whether a director is acting in a personal capacity or on behalf of the company. As discussed previously, a director may incur personal liability if they are found to have engaged in misconduct or negligence in the performance of their duties.

A director cannot be held personally liable for company losses if:

• the loss was not caused by their fault or negligence;
• they have managed the company in good faith and with due care, in the interests of and in accordance with the company’s purposes and objectives;
• they do not have a direct or indirect conflict of interest in the management actions that caused the losses; and
• they have taken action to prevent the loss or its continuation.

The Company Law provides that the remuneration payable to BOD and BOC members may be determined by the GMS. The GMS may delegate such authority to the BOC, in which case the remuneration of the BOD and BOC members would be determined by a resolution of the BOC.

The Company Law also requires the remuneration payable to members of the BOD and BOC to be included in the company’s annual report. The annual report shall be submitted by the BOD to the GMS after it has been reviewed by the BOC. The Company Law does not require separate public disclosure of remuneration, fees or benefits payable to members of the BOD or other company officers.

Certain companies regulated by the OJK are, however, required to make their annual reports publicly available. As the remuneration of BOD and BOC members must be included in the annual report, such companies are effectively required to disclose the remuneration of BOD and BOC members to the public.

In principle, Indonesian law recognises the separate legal personality of a company and its shareholders, meaning that shareholders cannot be held personally liable for the actions or obligations of the company. However, there are certain exemptions. Indonesia’s corporate criminal liability rules can hold shareholders liable if a crime committed by the company can be attributed to them. In the context of public companies, a controller may be held liable for losses suffered by the company in certain circumstances.

While shareholders do not participate in the day-to-day management of a company, they have significant influence over the company’s affairs due to their ownership of shares and resolutions that they may take through a GMS. Also, as outlined previously, shareholders can determine the appointment and dismissal of BOD members, who are responsible for the company’s management. Shareholder approval is also required for significant corporate actions, such as amending the company’s articles of association, approving mergers and acquisitions, and deciding on liquidation.

Another key variable in discussing the relationship between shareholders and the company is the distribution of dividends as a form of return on shareholders’ investment. Under the Company Law, shareholders, through the GMS, have the authority to distribute the company’s net profits, including as annual dividends. However, the Company Law stipulates that dividends can only be distributed if the company has a positive profit balance and the mandatory reserve requirements are met for a given fiscal year. This indicates that dividends depend on the company’s profitability; if the company does not generate net profits, shareholders will not receive dividends. This underscores the link between the company’s financial performance and the benefits shareholders can receive from the capital they have invested in the company.

The Ministry of Law (MOL) maintains records of the shareholders of Indonesian companies, which are publicly accessible.

As previously discussed, under the Company Law, a company’s BOD, not its shareholders, is responsible for the management of the company. Thus, shareholders are not responsible for the day-to-day management of the company. However, shareholders, through the GMS, can influence the company’s management as they will be able to decide corporate actions taken by the company, including mergers and acquisitions, capital injection and the dissolution of the company.

The Company Law requires companies to hold an annual GMS each year, typically to approve annual reports and the allocation of profits, including the distribution of dividends. Other shareholder meetings, known as “extraordinary GMSs”, may also be held to adopt binding resolutions.

To initiate a GMS, the BOC or a shareholder or group of shareholders representing at least 10% of the company’s shares with voting rights may request the BOD to convene a GMS. The BOD must then issue GMS notices to shareholders. If the BOD fails to do so, the BOC is authorised to issue the notices. If both the BOD and the BOC fail to act, the requesting shareholder or group of shareholders may file a petition to the competent district court for permission to convene the GMS.

A GMS is validly convened if it meets the quorum requirements and may pass binding resolutions if the voting thresholds are satisfied. Generally, a simple majority quorum is required to convene a GMS, and a simple majority of shareholders present or represented at the GMS is sufficient to pass binding resolutions. Stricter requirements apply for certain agenda items:

• super majority – for amendments to the articles of association, a GMS may be convened if shareholders representing at least two-thirds of the total voting shares attend or are represented at the meeting, and may pass binding resolutions if approved by at least two-thirds of the shareholders present or represented at the meeting; and
• absolute majority – for mergers, consolidations, acquisitions, spin-offs, filing for bankruptcy, liquidation of the company, extension of the company’s term and the sale, transfer, disposal or encumbrance of assets exceeding 50% of the company’s total net assets, a GMS may be held if shareholders representing at least three-fourths of the total voting shares attend or are represented at the meeting, and may pass binding resolutions if approved by at least three-fourths of shareholders present or represented at the meeting.

If the applicable quorum requirements are not met, a second GMS may be called with adjusted quorum requirements, depending on the agenda items. If the quorum for the second GMS is not satisfied, the company may apply to the competent district court to determine the quorum requirements for a third GMS.

The minutes of a GMS must be incorporated into a notarial deed and submitted to the MOL for the registration of any changes resolved at the meeting. Such changes may include amendments to the articles of association, changes to the composition of the BOD and BOC, adjustments to shareholding or capital structures, and changes to the company’s registered domicile.

As discussed previously, shareholders representing at least one-tenth of the total shares with voting rights may file a lawsuit against a director if the director is found guilty of misconduct or negligence in performing their duties.

Additionally, in cases where the company undertakes the following actions, and if a shareholder does not agree with such actions and incurs a loss as a result, such shareholder has the right to request the company to buy back their shares at a fair price:

• amendments to the articles of association;
• transfer or pledge of company assets valued at more than 50% of the company’s net assets; or
• mergers, consolidations, acquisitions or demergers.

However, this buyback is subject to the following conditions:

• it must not result in the company’s net assets becoming less than the company’s total paid-up capital plus the mandatory reserves that have been set aside; and
• the total nominal value of all shares repurchased by the company must not exceed 10% of the total paid-up capital in the company.

If this threshold is exceeded, the company must seek to have the remaining shares purchased by other parties.

Under OJK Regulation No 4 of 2024 regarding Reports on Ownership of or Any Ownership Changes in Public Company Shares and Reports on Activities of Guaranteeing Public Company Shares (“OJK Reg, 4/2024”), BOD and BOC members directly or indirectly owning shares with voting rights must submit a report of their ownership and any changes thereof to the OJK. Additionally, the following parties are bound by the same obligation:

• shareholders owning at least 5% of the voting shares; and
• parties who are considered controllers of public companies.

If parties subject to this disclosure obligation see their ownership of voting shares decrease to less than 5%, they are required to report this change to the OJK.

OJK Regulation No 4/2024 stipulates that this report must be submitted to the OJK no later than five working days from the date when such person acquires the voting shares or from the date of any change in the ownership of such voting shares.

Companies in Indonesia are subject to certain reporting obligations to the government, which require the disclosure of financial information. These reporting requirements apply on various reporting cycles, ranging from monthly to annual submissions.

In general, companies are subject to the requirements of the MOL under Minister of Law Regulation No 49 of 2025 regarding the Requirements and Procedures for the Establishment, Amendment, and Dissolution of a Limited Liability Company, which require companies to submit the GMS approval of the BOD’s annual report to the MOL. This requirement results in the submission of the company’s financial statements to the MOL, as the financial statements form part of the BOD’s annual report that is approved by the GMS.

In addition to the foregoing, certain reporting obligations involving the submission of financial information apply only to companies in specific sectors. For example, companies in the insurance sector are required to submit periodical reports to the OJK, while companies in the banking sector are required to submit periodic reports to Bank Indonesia and the OJK. These reporting requirements obligate such companies to disclose and submit financial information, including their financial statements.

Companies in Indonesia are required to disclose their corporate governance arrangements. In addition, companies must report any changes to the composition of the BOD and BOC to the MOL. Failure to do so may result in the relevant appointment not being recorded in the MOL’s database, with the consequence that any applications submitted to the MOL on behalf of the company by such members may be rejected.

Notwithstanding the foregoing, there is a reporting requirement applicable to all companies that requires extensive disclosure of corporate governance arrangements, namely the submission to the MOL of the GMS approval of the BOD’s annual report, as described previously. This submission requires disclosure of the company’s activities, the supervisory duties performed by the BOC, and the salaries and allowances of the BOD and BOC for the relevant financial year.

All companies in Indonesia are registered with the MOL. Registration with the MOL is essential, as under the Company Law, a company is deemed established upon the issuance of a MOL decree approving its establishment. The MOL maintains the company registry through its website, known as the General Legal Administration System (Sistem Administrasi Hukum Umum – “Sistem AHU”). This company registry is publicly available and allows the public to obtain general information on companies established and registered with the MOL.

Companies are required to make certain mandatory filings with the MOL through Sistem AHU, including changes to the composition of the BOD or BOC, amendments to the articles of association and the commencement of corporate actions such as mergers, acquisitions, spin-offs and liquidations. As the authority responsible for maintaining the company registry, the MOL also exercises supervisory powers over companies in Indonesia through monitoring, evaluation and the imposition of administrative sanctions.

AML obligations in Indonesia are governed by Law No 8 of 2010 regarding the Prevention and Eradication of Money Laundering Crime (the “AML Law”), as amended. The implementation of AML obligations is generally supervised by the Indonesian Financial Transaction Reports and Analysis Center (Pusat Pelaporan dan Analisis Transaksi Keuangan – PPATK).

The AML Law stipulates reporting requirements for companies in Indonesia, in particular for financial service providers and goods and/or services providers (referred to under the AML Law as “Reporting Parties”), for the purpose of preventing money laundering. These reporting requirements are triggered on an ad hoc incidental basis. The AML Law sets out certain events that give rise to reporting obligations for Reporting Parties.

Pursuant to the AML Law and its implementing regulations, financial service providers are required to submit reports to the PPATK in the event of:

• suspicious financial transactions;
• suspicious financial transactions related to terrorism financing;
• cash financial transactions in the amount of at least IDR500 million or its equivalent in foreign currency, whether conducted in one transaction or in several transactions within one business day; and/or
• financial transactions involving fund transfer to or from abroad.

Goods and/or services providers are required to submit reports to the PPATK in the following circumstances:

• the transaction of the service user has a value equal to or exceeding IDR500 million or its equivalent in foreign currency;
• a financial transaction is specifically requested by the PPATK to be reported as a suspicious financial transactions;
• the goods and/or services provider does not proceed with the customer due diligence process because it suspects the financial transaction is related to money laundering or terrorism financing offences; or
• the goods and/or services provider terminates a business relationship with a customer because the customer refuses to comply with the customer due diligence process or the provider doubts the accuracy of the information provided by the customer.

In addition to these reporting requirements, the AML Law requires implementation of the KYC principle by Reporting Parties in the course of their business activities as part of efforts to prevent money laundering. The KYC principle referred to herein encompasses customer due diligence and enhanced due diligence, as set out in the recommendations of the Financial Action Task Force on Money Laundering. The AML Law also requires Reporting Parties to retain all records, notes, and documents relating to transacting parties for a minimum of five years following the cessation of the business relationship with the relevant customer.

Failure to comply with the requirements under the AML Law, including the reporting requirements, may result in the imposition of administrative sanctions on Reporting Parties. The imposition of sanctions on Reporting Parties will not extend to members of the board, as the Company Law adopts the principle of separation of liability, which draws a clear distinction between the liabilities of a company and those of its corporate organs, including the boards.

All companies in Indonesia are required to prepare financial statements, which are included in the BOD’s annual report and submitted to the GMS for approval. However, not all companies in Indonesia are required to have their financial statement audited by an external auditor. Only certain companies that meet the criteria set out under the Company Law are required to do so. These criteria are as follows:

• the business activities of the company consist of collecting and/or managing public funds;
• the company issues debt acknowledgement instruments to the public;
• the company is a public company;
• the company is a state-owned company;
• the company has assets and/or total annual turnover with a value of at least IDR50 billion; or
• it is required by laws and regulations.

The appointment of external auditors is typically made upon the approval of the GMS. The appointed external auditor must be an independent public accountant licensed to provide services in Indonesia. In this regard, specific requirements apply to the appointment of external auditors by financial service providers, which restrict the appointment of the same public auditor for a specified period, thereby requiring mandatory rotation of external auditors after a certain period.

Indonesian laws and regulations do not expressly address geopolitical risk in the context of corporate governance. Nonetheless, for the purpose of ensuring the company’s compliance, the BOD, as the body responsible for the day-to-day management of the company, is expected to identify, manage and mitigate any geopolitical risk to which the company may be exposed, under the supervisory oversight of the BOC.

With respect to international sanctions, unilateral sanctions imposed by foreign jurisdictions do not automatically bind Indonesian companies. However, Indonesian companies with international exposure may be effectively compelled to observe such sanctions in practice. Whether this obligation arises depends on the nature of the company’s business activities and international dealings and should be identified and managed by the BOD under the supervision of BOC.

In certain industries, such as financial institutions, directors and commissioners have a duty to oversee and manage risk management and internal control systems.

In general, ESG reporting obligations are closely linked to corporate social responsibility (CSR) obligations under the Company Law. Under the Company Law, CSR implementation is mandatory only for companies whose business activities are related to natural resources.

Under Government Regulation No 47 of 2012 regarding the Social and Environmental Responsibilities of Limited Liability Companies (“GR 47/2012”), CSR is implemented by the BOD based on the company’s annual work plan, which must be approved by the BOC or GMS in accordance with the company’s articles of association. The implementation of the CSR must then be reported in the BOD’s annual report, which is submitted for approval by the GMS.

Specific CSR implementation and reporting obligations are imposed on public companies and financial institutions. These obligations are regulated by the OJK under OJK Regulation No 51/POJK.03/2017 regarding the Implementation of Sustainable Finance for Financial Service Institutions, Issuers, and Public Companies (“OJK Reg 51/2017”), which requires public companies and financial service providers companies to implement CSR and subsequently report on their CSR implementation to the OJK, as well as publish such information to the public.

At present, the development of ESG-related matters has been incremental, with no major regulatory changes to date. Nonetheless, the Indonesian government continues its effort to embed the ESG principles within the national legal framework. This is reflected in the issuance of several recent policies, including in the financial sector, where the OJK has issued Version 3 of the Indonesia Taxonomy for Sustainable Finance, demonstrating the sector’s commitment to contributing to Indonesia’s Sustainable Development Goals. Moreover, in line with this commitment, the OJK is currently preparing a new regulation on sustainable finance to replace OJK Reg 51/2019, with the aim of aligning its policies on sustainable finance with evolving developments.

There are no specific requirements under Indonesian laws and regulations that mandates companies in Indonesia to establish an AI-dedicated board or committee.

There are no specific laws or regulations in Indonesia governing the use of AI. The Ministry of Communication and Digital Affairs (MOCDA) is in the process of preparing a draft regulation on AI. In the absence of a dedicated regulatory framework, AI may fall within the category scope of “Electronic Agent” as regulated under Law No 11 of 2008 regarding Electronic Information and Transactions, as last amended by Law No 1 of 2024 (the “EIT Law”). There are also several non-legally binding instruments issued by the government in the form of codes of ethics and guidelines governing the use of AI.

Given the absence of specific laws and regulations on AI, there is currently no requirement for companies to establish dedicated bodies or committees to oversee AI use. Accordingly, the governance and management of AI within companies are generally handled internally.

There have been several key developments in Indonesia’s regulatory landscape relating to the use of AI. In particular, the Indonesian government is currently preparing a Presidential Regulation on AI to establish a national governance framework for AI ethics, which is intended to serve as the overarching AI governance framework in Indonesia. In addition, a Joint Ministerial Decree signed by seven ministries has recently been issued, establishing guidelines for the use of AI in the education sector.

As noted in 8.2 AI Use-Related Risks, there are currently no laws or regulations in Indonesia specifically governing the use of AI, including any statutory framework for allocating liability arising from AI use. Nevertheless, in the event of IP or data breaches, disclosure failures or unfair practices resulting from a company’s use of AI, the company itself would be solely liable for any resulting harm and/or losses. As discussed previously, the Company Law adopts the principle of separation of liability, meaning that the liability would not extend to the company’s boards.

Given the absence of specific laws and regulations governing the use of AI, there are currently no reporting requirements relating to the use of AI.