Many companies in Indonesia have started using digital signatures in their day-to-day operations. Business contracts, cooperation agreements, financial documents, and even electronic medical records are now signed digitally in the hope of making processes faster and more efficient.

But there is one question that is often overlooked: is the digital signature your company uses actually legally binding?

The answer is not as simple as "yes" or "no." There is a crucial difference that every business user needs to understand before it is too late.

Not All Digital Signatures Carry the Same Legal Weight

In Indonesia, digital signatures are divided into two categories that are vastly different under the law.

1. An Uncertified Electronic Signature is a digital signature created without involving a government-recognized Electronic Certification Provider (PSrE). This category includes scanned image signatures and electronic signatures that are not issued through a certified Electronic Certification Authority (PSrE). Although they may still be admissible as electronic evidence, they do not provide the same level of identity verification and legal evidentiary value as a certified Electronic Signature.

2. A Certified Electronic Signature (TTE Tersertifikasi) is a digital signature issued by a PSrE that has received official recognition from the Ministry of Communication and Digital Affairs (KOMDIGI). Every certified TTE comes with an electronic certificate that proves the identity of the signer and ensures the integrity of the document cannot be altered after signing.

This distinction is not merely technical. It directly affects the level of legal certainty and the evidentiary strength of a document should a dispute arise in the future.

Regulations Requiring Certified Digital Signatures for Your Business

Many companies are unaware that Indonesian regulations are already very clear and specific in governing the use of certified electronic signatures. Here are the regulations that are directly relevant to your business:

1. Financial and Banking Sector

The Financial Services Authority (OJK), through POJK No. 21 of 2023 (concerning Digital Services by Commercial Banks) and POJK No. 10/POJK.05/2022, strictly encourages and mandates the use of certified electronic signatures (TTE) to ensure the legal validity of digital transactions.

In alignment with this, Bank Indonesia, through PBI No. 23/6/PBI/2021 concerning Payment Service Providers, emphasizes the vital importance of data encryption and secure authentication within the national payment system framework. For companies operating under the supervision of OJK and BI, compliance with these standards is an absolute policy directive.

2. Healthcare Sector

Ministry of Health Regulation (Permenkes) No. 24 of 2022 mandates the use of certified electronic signatures in electronic medical record systems. Healthcare providers that have yet to implement certified Electronic Signatures may be exposed to compliance risks, as their processes may not align with the regulatory requirements currently in effect.

3. Legal Documents and Court Proceedings

Supreme Court Regulation (PERMA) No. 7 of 2022 concerning Electronic Court Proceedings reaffirms that court documents are fully valid and legally recognized if signed using a certified electronic signature. This implies that business contract documents intended to serve as legal evidence in court must meet this standard to possess absolute evidentiary weight.

4. Primary Legal Foundation

Law No. 11 of 2008 concerning Electronic Information and Transactions, as last amended by Law No. 1 of 2024 (UU ITE), reinforces the role of Electronic Certification Providers (PSrE) as Digital Trust Providers. This provides the highest and most robust legal foundation for the entire certified digital signature ecosystem in Indonesia.

[ Not sure whether your company's digital signature system meets the three criteria above? The Indocyber team is ready to help you evaluate it. Click -> Consult Your Needs ]

3 Things to Check About Your Company's Certified Digital Signature

Based on the regulations above, there are three things every company needs to evaluate if it is already using or planning to use digital signatures.

1. Is your vendor officially certified as a PSrE?

A legitimate PSrE must hold official certification from KOMDIGI. Without this certification, the signatures issued do not carry the same legal force as certified TTE. Ensure your vendor is registered and recognized by KOMDIGI.

2. Does the signer identity verification process meet the required standards?

Certified TTE requires a standardized identity verification process. This means every signer's identity must be digitally verified before an electronic certificate is issued. This process cannot be done manually or through systems that are not connected to the official national population database.

3. Are signed documents protected against alteration?

One of the primary functions of certified TTE is to ensure document integrity. A signed document cannot be altered without invalidating the signature. If your current system does not have this mechanism, your documents are vulnerable to falsification that is difficult to prove legally.

Why This Is Becoming More Urgent in Today's Digital Era

The accelerated digital transformation in recent years has drastically increased the volume of digital documents within organizations. Contracts, agreements, approvals, and operational documents are now predominantly in digital format.

At the same time, threats to the authenticity and integrity of digital documents are also on the rise. Digital identity fraud, document manipulation, and technology-based fraud are no longer distant threats. Based on data from OJK through the Indonesia Anti-Scam Center (IASC), between November 2024 and June 2025 there were 166,258 scam reports with total losses reaching Rp3.4 trillion. This is a real risk that organizations across Indonesia are already experiencing.

Certified TTE is not merely about fulfilling regulatory obligations. It is a layer of protection that ensures every document signed within your organization has a complete audit trail, a verified signer identity, and integrity that cannot be manipulated.

Choosing the Right Certified Digital Signature Solution for Your Business

Not all digital signature solutions are designed for enterprise needs. There are several criteria to confirm before selecting the platform your company will use.

1. Ensure the provider holds official PSrE certification from KOMDIGI and is registered with OJK as an electronic signature provider. This is the minimum requirement that cannot be compromised.

2. Ensure the identity verification process is directly connected to the national population database. Identity verification that is not connected to an official data source does not provide sufficient assurance for compliance purposes.

3. Ensure the chosen solution is flexible enough to integrate with existing systems, whether through cloud-based or on-premise API, according to your company's data security requirements.

One solution that meets the criteria above is a KOMDIGI-certified PSrE Solution registered with OJK and operating under ISO/IEC 27001:2022 security standards. Indocyber provides certified digital signature services accessible through a web portal or integrated via API into existing systems.

Indocyber Global Teknologi is ready to help your company evaluate and implement a certified digital signature solution that is aligned with current regulations and your business operational needs.

[ Click -> Contact Us Now ]