What Risk-Based Licensing Framework Applies Under PP 5/2021?
1.0 Introduction and Regulatory Context
The Indonesian government has fundamentally reformed its business licensing system through Peraturan Pemerintah Nomor 5 Tahun 2021 tentang Penyelenggaraan Perizinan Berusaha Berbasis Risiko (Government Regulation No. 5/2021 on the Implementation of Risk-Based Business Licensing). This regulation represents the most comprehensive overhaul of Indonesia's business licensing architecture in decades, replacing the previous Perizinan Berusaha Terintegrasi Secara Elektronik (Electronic Integrated Business Licensing) framework established under PP 24/2018 with a fundamentally different paradigm based on risk classification and proportionate regulatory oversight. The regulation implements Article 12 of Law No. 11/2020 on Job Creation (UU Cipta Kerja), Indonesia's landmark omnibus law designed to stimulate economic growth by reducing regulatory barriers, streamlining administrative procedures, and creating a more predictable business environment. PP 5/2021 entered into force upon promulgation in 2021 and establishes mandatory requirements for all business licensing across Indonesia's sixteen economic sectors, from marine and fisheries to energy and mineral resources, from health and pharmaceuticals to telecommunications and electronic systems.
The risk-based licensing framework established by PP 5/2021 fundamentally reorients Indonesia's regulatory philosophy from uniform ex-ante approval requirements toward differentiated regulatory treatment based on objective risk assessment. Prior to this regulation, Indonesian businesses faced a complex, fragmented licensing landscape characterized by multiple overlapping permits, inconsistent requirements across jurisdictions, lengthy approval timelines, and limited regulatory predictability. Small businesses with minimal environmental or safety risks confronted the same bureaucratic requirements as large industrial facilities with significant potential for public harm. This uniform approach created substantial compliance costs that disproportionately burdened micro, small, and medium enterprises (MSMEs) while failing to concentrate regulatory oversight on activities genuinely requiring intensive government supervision. The regulation addresses these systemic inefficiencies by introducing a three-tier risk classification system (low, medium, high) with licensing requirements calibrated to each risk level, an integrated electronic licensing platform (Sistem OSS) that replaces multiple agency-specific systems, and standardized national criteria for risk assessment that reduce jurisdictional inconsistencies and regulatory arbitrage opportunities.
The legal foundation of PP 5/2021 derives from Indonesia's constitutional framework and the Job Creation Law's comprehensive economic reforms. Article 5(2) of the 1945 Constitution establishes the President's authority to enact government regulations, while Law No. 11/2020 specifically mandates regulatory reform of business licensing procedures to enhance investment climate and facilitate business operations. The regulation explicitly supersedes PP 24/2018, creating a clean break from the previous integrated licensing framework. Unlike its predecessor, PP 5/2021 adopts risk-based differentiation as its organizing principle, meaning licensing requirements vary systematically based on scientifically determined risk levels rather than uniform procedural requirements. The regulation establishes detailed risk assessment methodologies, defines licensing requirements for each risk category, specifies supervisory protocols adapted to risk levels, creates enforcement mechanisms including sanctions for non-compliance, and establishes coordination procedures among the Lembaga Pengelola dan Penyelenggara OSS (OSS Management and Implementation Agency), sectoral ministries, provincial governments, and district/city governments.
Understanding PP 5/2021 requires recognizing its position as the operational backbone of Indonesia's post-Cipta Kerja business environment. The regulation is not merely administrative guidance—it establishes binding legal requirements that determine whether businesses can lawfully commence operations, defines the documentary evidence of licensing compliance, specifies government agencies' authority to conduct oversight and enforcement, and creates the procedural framework through which Indonesia's sixteen economic sectors implement their sector-specific licensing standards. The regulation has been supplemented by numerous ministerial regulations establishing sector-specific standards, including PERMEN ESDM No. 5/2021 (energy and mineral resources), Permenaker No. 6/2021 (manpower), Permenkominfo No. 3/2021 (telecommunications and electronic systems), and PERMENBKPM No. 5/2021 (investment supervision). For businesses operating in Indonesia, PP 5/2021 fundamentally determines compliance requirements, operational timelines, and regulatory risk exposure. For government agencies, it establishes mandatory coordination protocols and limits regulatory discretion to impose requirements beyond the regulation's framework. For legal practitioners and policy analysts, the regulation presents complex interpretive questions regarding risk classification methodologies, the relationship between national and subnational licensing authority, enforcement of standardized requirements across diverse sectoral contexts, and the regulation's interaction with pre-existing sectoral regulations that may contain inconsistent provisions.
2.0 Key Definitions and Scope
PP 5/2021 establishes an extensive definitional framework in Article 1 comprising 26 distinct definitions that govern interpretation of the regulation's risk-based licensing requirements. These definitions create precise technical meanings for fundamental concepts that might otherwise be subject to varying interpretations across Indonesia's diverse sectoral and jurisdictional contexts. The definitional framework covers three primary categories: core business licensing concepts, risk assessment and classification terminology, and institutional structures implementing the risk-based licensing system.
The foundational definition of "Perizinan Berusaha" (Business Licensing) in Article 1(1) establishes that business licensing means "legalitas yang diberikan kepada Pelaku Usaha untuk memulai dan menjalankan usaha dan/atau kegiatannya" [legality given to Business Actors to commence and conduct their business and/or activities]. This definition establishes business licensing as legal authorization rather than mere administrative registration, meaning licenses confer legally protected rights to conduct specified business activities. The definition encompasses both commencement authorization (permission to begin business operations) and ongoing operational authorization (permission to continue conducting business), establishing that licensing is not a one-time approval but ongoing legal status subject to compliance with applicable standards and supervisory requirements. Article 1(2) defines "Risiko" (Risk) as "potensi terjadinya cedera atau kerugian dari suatu bahaya atau kombinasi kemungkinan dan akibat bahaya" [potential occurrence of injury or loss from a hazard or combination of likelihood and consequences of hazard]. This definition adopts standard risk assessment terminology combining probability of occurrence with magnitude of potential consequences, establishing that risk classification considers both how likely harm is to occur and how severe that harm would be if it materialized.
Pasal 1 (Selected Key Definitions):
"Dalam Peraturan Pemerintah ini yang dimaksud dengan:
1. Perizinan Berusaha adalah legalitas yang diberikan kepada Pelaku Usaha untuk memulai dan menjalankan usaha dan/atau kegiatannya.
2. Risiko adalah potensi terjadinya cedera atau kerugian dari suatu bahaya atau kombinasi kemungkinan dan akibat bahaya.
3. Perizinan Berusaha Berbasis Risiko adalah Perizinan Berusaha berdasarkan tingkat Risiko kegiatan usaha.
4. Perizinan Berusaha Untuk Menunjang Kegiatan Usaha adalah legalitas yang diberikan kepada Pelaku Usaha untuk menunjang kegiatan usaha."
[Translation: "In this Government Regulation, what is meant by:
1. Business Licensing is legality given to Business Actors to commence and conduct their business and/or activities.
2. Risk is the potential occurrence of injury or loss from a hazard or combination of likelihood and consequences of hazard.
3. Risk-Based Business Licensing is Business Licensing based on the risk level of business activities.
4. Supporting Business Licensing is legality given to Business Actors to support business activities."]
Article 1(3) defines the regulation's central concept: "Perizinan Berusaha Berbasis Risiko adalah Perizinan Berusaha berdasarkan tingkat Risiko kegiatan usaha" [Risk-Based Business Licensing is Business Licensing based on the risk level of business activities]. This definition establishes that licensing requirements shall vary systematically based on scientifically determined risk classifications rather than uniform procedural requirements regardless of risk. The definition of "Pelaku Usaha" (Business Actor) in Article 1(11) encompasses "orang perseorangan atau badan usaha yang melakukan usaha dan/atau kegiatan pada bidang tertentu" [individual persons or business entities conducting business and/or activities in certain fields], establishing broad applicability covering both sole proprietorships and corporate entities. Article 1(12) defines "Nomor Induk Berusaha" (NIB/Business Identification Number) as "bukti registrasi/pendaftaran Pelaku Usaha untuk melakukan kegiatan usaha dan sebagai identitas bagi Pelaku Usaha dalam pelaksanaan kegiatan usahanya" [evidence of Business Actor registration to conduct business activities and as identity for Business Actors in conducting their business activities]. This definition establishes NIB as both registration evidence and business identity number, functioning analogously to tax identification numbers but specifically for business licensing purposes.
The regulation establishes critical distinctions among different types of business authorizations. Article 1(13) defines "Sertifikat Standar" (Standard Certificate) as "pernyataan dan/atau bukti pemenuhan standar pelaksanaan kegiatan usaha" [statement and/or evidence of fulfillment of business activity implementation standards], while Article 1(14) defines "Izin" (License/Permit) as "persetujuan Pemerintah Pusat atau Pemerintah Daerah untuk pelaksanaan kegiatan usaha yang wajib dipenuhi oleh Pelaku Usaha sebelum melaksanakan kegiatan usahanya" [approval of the Central Government or Regional Government for implementation of business activities that must be fulfilled by Business Actors before implementing their business activities]. This distinction is legally significant: Standard Certificates may be issued based on business actor declarations with subsequent verification, while Licenses require government approval before business activities may commence. Medium-risk activities generally require Standard Certificates, while high-risk activities require formal Licenses, establishing differentiated regulatory intensity corresponding to risk levels.
The institutional definitions establish the regulatory architecture implementing risk-based licensing. Article 1(21) defines "Sistem Perizinan Berusaha Terintegrasi Secara Elektronik (Online Single Submission)" or "Sistem OSS" as "sistem elektronik terintegrasi yang dikelola dan diselenggarakan oleh Lembaga OSS untuk penyelenggaraan Perizinan Berusaha Berbasis Risiko" [integrated electronic system managed and operated by the OSS Agency for implementation of Risk-Based Business Licensing]. Article 1(22) defines "Lembaga Pengelola dan Penyelenggara OSS" (OSS Management and Implementation Agency) as "lembaga pemerintah yang menyelenggarakan urusan pemerintahan di bidang koordinasi penanaman modal" [government agency conducting government affairs in the field of investment coordination], establishing that the investment coordinating agency (historically BKPM, now reorganized under ministerial structures) operates the licensing system. Article 1(25) defines "Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu" (DPMPTSP/Investment and One-Stop Integrated Services Agency) as provincial and district/city agencies responsible for regional investment affairs, establishing the subnational implementation structure. Article 1(26) defines "Hari" (Day) as "hari kerja sesuai dengan yang ditetapkan oleh Pemerintah Pusat" [working day in accordance with what is established by the Central Government], ensuring consistent interpretation of procedural timelines across jurisdictions and avoiding confusion between calendar days and working days.
| Definition Category | Indonesian Term | English Translation | Regulatory Significance |
|---|---|---|---|
| Core Authorization | Perizinan Berusaha | Business Licensing | Legal authorization to commence and conduct business activities |
| Risk Foundation | Risiko | Risk | Potential injury/loss from hazard considering likelihood and consequences |
| Regulatory Paradigm | Perizinan Berusaha Berbasis Risiko | Risk-Based Business Licensing | Licensing requirements vary systematically by risk classification |
| Primary Identifier | Nomor Induk Berusaha (NIB) | Business Identification Number | Registration evidence and business identity for all licensing |
| Medium Risk Authorization | Sertifikat Standar | Standard Certificate | Declaration-based authorization with subsequent verification |
| High Risk Authorization | Izin | License/Permit | Government pre-approval required before business commencement |
| Digital Infrastructure | Sistem OSS | OSS System (Online Single Submission) | Integrated electronic licensing platform replacing multiple systems |
3.0 Core Requirements and Provisions
The risk-based licensing framework established by PP 5/2021 fundamentally reorganizes business licensing requirements into a three-tier classification system with licensing requirements proportionate to scientifically determined risk levels. Articles 7-15 establish the comprehensive risk assessment methodology, risk classification categories, and corresponding licensing requirements for each risk level. This framework represents a fundamental departure from Indonesia's previous uniform licensing approach, introducing differentiated regulatory treatment that concentrates intensive government oversight on activities genuinely requiring careful supervision while enabling low-risk activities to commence operations with minimal regulatory burden.
Article 7 establishes the foundational principle that risk-based business licensing must be conducted "berdasarkan penetapan tingkat Risiko dan peringkat skala kegiatan usaha meliputi UMK-M dan/atau usaha besar" [based on determination of risk level and business activity scale ranking covering MSMEs and/or large businesses]. This provision establishes two dimensions of classification: risk level (low, medium, high) and business scale (micro/small/medium enterprises versus large enterprises), enabling further differentiation within risk categories based on business size. Article 7(2) mandates that risk level determination must be based on risk analysis conducted "secara transparan, akuntabel, dan mengedepankan prinsip kehati-hatian berdasarkan data dan/atau penilaian profesional" [transparently, accountably, and prioritizing precautionary principles based on data and/or professional assessment]. This requirement establishes procedural safeguards ensuring risk classifications are evidence-based rather than arbitrary administrative decisions.
Pasal 8 (Risk Analysis Implementation):
"Pelaksanaan analisis Risiko sebagaimana dimaksud dalam Pasal 7 dilakukan oleh Pemerintah Pusat melalui:
a. pengidentifikasian kegiatan usaha;
b. penilaian tingkat bahaya;
c. penilaian potensi terjadinya bahaya;
d. penetapan tingkat Risiko dan peringkat skala usaha; dan
e. penetapan jenis Perizinan Berusaha."
[Translation: "Implementation of Risk analysis as referred to in Article 7 is conducted by the Central Government through:
a. identification of business activities;
b. assessment of hazard level;
c. assessment of potential occurrence of hazard;
d. determination of Risk level and business scale ranking; and
e. determination of Business Licensing type."]
Article 9 establishes that hazard level assessment must evaluate four mandatory aspects: "(a) kesehatan; (b) keselamatan; (c) lingkungan; dan/atau (d) pemanfaatan dan pengelolaan sumber daya" [health; safety; environment; and/or utilization and management of resources]. For certain activities, hazard assessment may include additional aspects suited to the activity's nature. The regulation specifies that hazard assessment must consider: (a) business activity type; (b) business activity criteria; (c) business activity location; (d) resource limitations; and/or (e) volatility risk. Article 9(4) establishes four categories for assessing likelihood of hazard occurrence: "(a) hampir tidak mungkin terjadi; (b) kemungkinan kecil terjadi; (c) kemungkinan terjadi; atau (d) hampir pasti terjadi" [almost impossible to occur; unlikely to occur; likely to occur; or almost certain to occur]. The combination of hazard severity assessment and likelihood assessment produces the final risk classification.
Article 10 establishes the three-tier risk classification system with an important subdivision:
Pasal 10 (Risk Classification):
"(1) Berdasarkan penilaian tingkat bahaya, penilaian potensi terjadinya bahaya, tingkat Risiko, dan peringkat skala usaha kegiatan usaha, kegiatan usaha diklasifikasikan menjadi:
a. kegiatan usaha dengan tingkat Risiko rendah;
b. kegiatan usaha dengan tingkat Risiko menengah; dan
c. kegiatan usaha dengan tingkat Risiko tinggi.
(2) Kegiatan usaha dengan tingkat Risiko menengah sebagaimana dimaksud pada ayat (1) huruf b terbagi atas:
a. tingkat Risiko menengah rendah; dan
b. tingkat Risiko menengah tinggi."
[Translation: "(1) Based on assessment of hazard level, assessment of potential occurrence of hazard, Risk level, and business activity scale ranking, business activities are classified into:
a. business activities with low Risk level;
b. business activities with medium Risk level; and
c. business activities with high Risk level.
(2) Business activities with medium Risk level as referred to in paragraph (1) letter b are divided into:
a. medium-low Risk level; and
b. medium-high Risk level."]
The licensing requirements corresponding to each risk classification establish progressively intensive regulatory oversight. Article 12 establishes that low-risk business activities require only the Nomor Induk Berusaha (NIB), which functions simultaneously as registration evidence and legal authorization to conduct business. For micro and small enterprises conducting low-risk activities, Article 12(2) specifies that the NIB also serves as deemed compliance with Indonesian National Standards (SNI) and halal product guarantee requirements, significantly reducing compliance burdens for small businesses. This provision recognizes that requiring formal certification for micro-enterprises conducting inherently low-risk activities imposes disproportionate costs without meaningful public protection benefits.
Articles 13-14 establish differentiated requirements for medium-risk activities based on the medium-low versus medium-high subdivision. Medium-low risk activities require: (a) NIB; and (b) Standard Certificate (Sertifikat Standar). Article 13(2) specifies that the Standard Certificate for medium-low risk activities "merupakan legalitas untuk melaksanakan kegiatan usaha dalam bentuk pernyataan Pelaku Usaha untuk memenuhi standar usaha" [constitutes legality to implement business activities in the form of Business Actor declaration to fulfill business standards], meaning businesses self-certify compliance through declarations submitted via the OSS System. These declarations enable businesses to commence preparation, operation, and commercial activities immediately, with government verification conducted subsequently during supervisory activities. Article 13(4) requires that businesses must actually fulfill declared standards when conducting operations, establishing legal liability for false declarations.
Medium-high risk activities have more stringent requirements. Article 14 requires: (a) NIB; and (b) Standard Certificate issued by the Central Government or Regional Government based on verification of business actor compliance with standards. The procedural sequence differs fundamentally from medium-low risk activities. After obtaining NIB, businesses must submit declarations via the OSS System, which triggers issuance of an "unverified Standard Certificate" that authorizes only preparation activities, not operational or commercial activities. Article 14(6) specifies that operational and commercial activities require a verified Standard Certificate issued after government verification confirms actual compliance with standards. If businesses fail to obtain verified certificates within prescribed timelines, or if supervision reveals no actual preparation activities within one year of NIB issuance, Article 14(7) mandates cancellation of the unverified Standard Certificate.
Pasal 15 (High-Risk Licensing Requirements):
"(1) Perizinan Berusaha untuk kegiatan usaha dengan tingkat Risiko tinggi sebagaimana dimaksud dalam Pasal 10 ayat (1) huruf c berupa:
a. NIB; dan
b. Izin.
(2) Izin sebagaimana dimaksud pada ayat (1) huruf b merupakan persetujuan Pemerintah Pusat atau Pemerintah Daerah untuk pelaksanaan kegiatan usaha yang wajib dipenuhi oleh Pelaku Usaha sebelum melaksanakan kegiatan usahanya."
[Translation: "(1) Business Licensing for business activities with high Risk level as referred to in Article 10 paragraph (1) letter c comprises:
a. NIB; and
b. License.
(2) License as referred to in paragraph (1) letter b constitutes Central Government or Regional Government approval for implementation of business activities that must be fulfilled by Business Actors before implementing their business activities."]
High-risk activities require formal government Licenses (Izin) issued through application and approval processes before operational or commercial activities may lawfully commence. Article 15(3) permits use of NIB for preparation activities before License issuance, but operational and commercial activities require both NIB and approved License. For high-risk activities requiring standard fulfillment, Article 15(5) specifies that governments must issue separate Standard Certificates for business standards and product standards based on verification of compliance. Article 16 authorizes governments to delegate verification functions to certified or accredited agencies or professional experts, enabling technical verification by qualified specialists rather than requiring generalist government officials to assess complex technical compliance.
Article 17 establishes critical distinctions between business activity phases. Preparation activities include: (a) land acquisition; (b) building construction; (c) equipment or facility procurement; (d) human resource procurement; (e) business standard fulfillment; and/or (f) other activities before operational/commercial implementation including feasibility studies and construction-period operational financing. Operational and commercial activities include: (a) goods/services production; (b) goods/services logistics and distribution; (c) goods/services marketing; and/or (d) other operational and commercial activities. This distinction determines when different licensing requirements must be fulfilled—NIB suffices for preparation, but operational/commercial activities require full licensing appropriate to risk level.
| Risk Level | Licensing Requirements | Authorization Process | Operational Authorization |
|---|---|---|---|
| Low Risk | NIB only | Automatic upon registration | Immediate upon NIB issuance |
| Medium-Low Risk | NIB + Standard Certificate (declaration-based) | Self-certification via OSS System | Immediate upon declaration submission |
| Medium-High Risk | NIB + Standard Certificate (verified) | Declaration → unverified certificate (preparation only) → government verification → verified certificate | Requires verified Standard Certificate after government verification |
| High Risk | NIB + License (Izin) | Application → government approval process → License issuance | Requires approved License before operations commence |
4.0 Sectoral Application and Compliance
PP 5/2021 establishes comprehensive sectoral coverage spanning Indonesia's entire economy through sixteen defined sectors, each subject to risk-based licensing requirements adapted to sector-specific characteristics while maintaining consistent risk assessment methodologies and licensing frameworks. Article 6(2) enumerates the covered sectors: (a) marine and fisheries; (b) agriculture; (c) environment and forestry; (d) energy and mineral resources; (e) nuclear energy; (f) industry; (g) trade; (h) public works and public housing; (i) transportation; (j) health, pharmaceuticals, and food; (k) education and culture; (l) tourism; (m) religious affairs; (n) postal services, telecommunications, broadcasting, and electronic systems and transactions; (o) defense and security; and (p) manpower. This comprehensive sectoral enumeration establishes that virtually all commercial activity in Indonesia falls within the risk-based licensing framework, with exceptions only for activities explicitly exempted by subsequent provisions.
Article 6(3) establishes that sectoral risk-based licensing regulations must address four mandatory components: (a) KBLI codes/related KBLI codes, KBLI titles, activity scope, risk parameters, risk levels, business licensing types, timeframes, validity periods, and business licensing authority; (b) requirements and/or obligations for risk-based business licensing; (c) guidelines for risk-based business licensing; and (d) business activity standards and/or product standards. These four components ensure comprehensive specification of licensing requirements—KBLI codes identify which specific business activities are covered, risk parameters and levels determine applicable licensing requirements, procedural guidelines ensure consistent implementation, and business/product standards establish substantive compliance requirements that businesses must fulfill.
Article 6(4) specifies that detailed KBLI codes, risk parameters, risk levels, licensing types, timeframes, validity periods, and licensing authority are established in Lampiran I (Annex I), which forms an integral part of the regulation. Article 6(5) similarly specifies that sector-specific requirements and obligations are established in Lampiran II (Annex II). Article 6(6) specifies that implementation guidelines are established in Lampiran III (Annex III). These extensive annexes contain the detailed technical specifications determining which specific business activities fall within each risk category and what specific requirements apply. The annexes are legally binding regulatory provisions, not merely advisory guidance, meaning businesses and government agencies must comply with annex specifications as mandatory legal requirements.
Article 6(7) establishes a critical delegation: business activity standards and product standards for each sector are established through ministerial or agency head regulations. This delegation recognizes that detailed technical standards require specialized sectoral expertise that generalist government regulation writers cannot provide, and that technical standards require more frequent updating than comprehensive government regulations can accommodate. Article 6(10) establishes important procedural safeguards for this delegation: ministerial or agency head regulations establishing standards must be issued "setelah mendapat persetujuan Presiden dan berkoordinasi dengan kementerian yang menyelenggarakan koordinasi, sinkronisasi, dan pengendalian urusan kementerian dalam penyelenggaraan pemerintahan di bidang perekonomian" [after obtaining Presidential approval and coordinating with the ministry conducting coordination, synchronization, and control of ministerial affairs in conducting government in the economic field]. This requirement ensures that sectoral ministries cannot unilaterally impose burdensome standards inconsistent with the regulation's risk-based framework, as Presidential approval and economic coordinating ministry coordination provide oversight preventing regulatory capture or excessive requirements.
Pasal 6(11) (Prohibition on Additional Requirements):
"Kementerian/lembaga, pemerintah provinsi, pemerintah kabupaten/kota, Administrator KEK dan Badan Pengusahaan KPBPB dilarang menerbitkan Perizinan Berusaha di luar Perizinan Berusaha yang diatur dalam Peraturan Pemerintah ini."
[Translation: "Ministries/agencies, provincial governments, district/city governments, SEZ Administrators and FTZ Management Agencies are prohibited from issuing Business Licensing outside the Business Licensing regulated in this Government Regulation."]
This prohibition is legally significant, establishing that the risk-based licensing framework is comprehensive and exclusive—government agencies cannot impose additional licensing requirements beyond those specified in PP 5/2021 and implementing ministerial regulations. This provision addresses a chronic problem in Indonesian regulatory practice where agencies imposed overlapping and sometimes inconsistent requirements, creating uncertainty and excessive compliance burdens. Under Article 6(11), any licensing requirement not authorized by PP 5/2021's framework is ultra vires and legally unenforceable, providing businesses with legal protection against agency overreach.
The regulation establishes specific provisions accommodating micro, small, and medium enterprises (MSMEs) recognizing their economic importance and limited administrative capacity. Article 12(2) specifies that NIBs for micro and small enterprises conducting low-risk activities serve as deemed compliance with SNI (Indonesian National Standards) and halal product guarantees, eliminating separate certification requirements that would impose disproportionate costs. This provision recognizes that formal certification processes designed for large manufacturers impose prohibitive costs on micro-enterprises producing inherently low-risk products for local markets, and that requiring such certification would either drive micro-enterprises into informality or force business closure without meaningful public protection benefits.
The regulation establishes comprehensive supervision and enforcement mechanisms ensuring compliance with licensing requirements. Article 6(12) specifies that sector-specific risk-based business licensing is subject to "pembinaan dan Pengawasan oleh menteri/kepala lembaga, gubernur, bupati/wali kota, Administrator KEK, atau kepala Badan Pengusahaan KPBPB sesuai kewenangan masing-masing" [guidance and supervision by ministers/agency heads, governors, district heads/mayors, SEZ Administrators, or FTZ Management Agency heads according to their respective authorities]. This provision establishes shared supervisory responsibility across national, provincial, and district/city levels, with authority determined by the licensing authority specified for each activity type. The regulation's extensive provisions on supervision procedures, enforcement mechanisms, and sanctions (established in subsequent chapters not excerpted here) create accountability mechanisms ensuring that licensing is not merely a paper exercise but is backed by meaningful compliance verification and consequences for violations.
| Sector | Primary Sectoral Authority | Representative Activities Covered | Implementing Ministerial Regulations |
|---|---|---|---|
| Energy and Mineral Resources | Ministry of Energy and Mineral Resources | Mining, oil and gas, electricity generation, renewable energy | PERMEN ESDM No. 5/2021 |
| Environment and Forestry | Ministry of Environment and Forestry | Forestry concessions, environmental services, wildlife management | Various PERMENLHK regulations |
| Manpower | Ministry of Manpower | Labor-intensive industries, manpower agencies, workplace safety | Permenaker No. 6/2021 |
| Telecommunications and Electronic Systems | Ministry of Communication and Information Technology | Telecommunications services, data centers, electronic commerce | Permenkominfo No. 3/2021 |
| Trade | Ministry of Trade | Import/export licensing, warehousing, distribution | Permendag No. 26/2021 |
| Public Works and Public Housing | Ministry of Public Works and Public Housing | Construction services, water resources, housing development | Various PERMENPUPR regulations |
5.0 Implementation Challenges and Practical Considerations
The implementation of PP 5/2021's risk-based licensing framework presents substantial operational challenges that affect businesses, government agencies, and legal practitioners navigating Indonesia's transformed regulatory environment. While the regulation establishes a theoretically superior framework compared to the previous uniform licensing approach, successful implementation requires resolution of technical complexities, institutional coordination challenges, and interpretive ambiguities that have emerged during the regulation's first years of operation.
The OSS System integration challenge represents a fundamental implementation bottleneck. The regulation mandates that all risk-based business licensing must be processed through the Sistem OSS electronic platform, replacing multiple agency-specific licensing systems with a single integrated platform. While this consolidation theoretically simplifies licensing procedures, practical implementation has encountered significant technical difficulties. The OSS System must integrate with dozens of separate government information systems covering land administration, environmental permitting, building permits, tax registration, and sector-specific technical requirements. When these backend systems experience technical problems, data synchronization failures, or integration incompatibilities, businesses find themselves unable to complete licensing procedures despite having fulfilled substantive requirements. The regulation provides limited guidance on responsibility for system failures, timeframe extensions when technical problems prevent timely processing, or alternative procedures when the OSS System is unavailable for extended periods.
The risk classification determination process presents interpretive challenges, particularly for business activities that fall at the boundaries between risk categories or involve multiple KBLI codes with different risk classifications. Article 8 establishes that risk classification is determined by the Central Government through a five-step process, but the regulation provides limited transparency regarding how classification decisions are made or how businesses can challenge risk classifications they believe are inappropriate. Businesses operating in emerging sectors not clearly captured by existing KBLI codes face particular uncertainty, as there may be no established risk classification for their activities. The regulation's annexes establish thousands of individual KBLI code risk classifications, but these cannot comprehensively anticipate all possible business models, particularly in rapidly evolving technology sectors where new business models emerge faster than regulatory classifications can be updated.
The coordination between national and subnational licensing authority creates jurisdictional ambiguities. The regulation assigns licensing authority variously to the Central Government, provincial governments, or district/city governments depending on the activity type and risk classification. Article 6(4) specifies that licensing authority is established in Annex I, but determining which government level has authority for specific activities requires detailed analysis of complex annex tables. When businesses operate across multiple jurisdictions or when activities involve both national and regional authority aspects, determining which government agency has primary licensing responsibility can be unclear. The regulation provides limited dispute resolution mechanisms when multiple government agencies claim authority over the same activity or when agencies disagree about risk classifications and applicable requirements.
Standard Certificate verification timelines for medium-high risk activities create operational uncertainty. Article 14 establishes that medium-high risk activities receive unverified Standard Certificates enabling preparation activities, with verified certificates required before operational or commercial activities can commence. However, the regulation does not establish binding timelines for government verification, creating risk that businesses complete substantial preparation investments based on unverified certificates only to face indefinite delays in verification preventing operational commencement. Article 14(7) specifies that unverified certificates will be cancelled if verified certificates are not obtained within prescribed timeframes, but determining what "prescribed timeframes" apply requires reference to sector-specific ministerial regulations that may establish varying timelines across sectors. Businesses planning major investments based on medium-high risk Standard Certificates face significant regulatory uncertainty about when they can commence operations and generate revenue.
The prohibition on additional licensing requirements established in Article 6(11) creates enforcement challenges when government agencies persist in imposing requirements beyond the risk-based licensing framework. While the regulation clearly prohibits agencies from issuing licenses outside the framework, determining whether specific agency requirements constitute prohibited additional licensing or permissible regulatory oversight requires case-by-case analysis. Agencies sometimes recharacterize licensing requirements as "technical recommendations," "operational guidelines," or "voluntary certifications" that are theoretically not mandatory licensing but are enforced through practical denial of government services or contracts unless obtained. The regulation provides limited enforcement mechanisms for businesses to challenge such informal additional requirements, particularly when challenges would require confronting agencies that businesses depend on for ongoing regulatory approvals.
The sectoral ministerial regulation delegation established in Article 6(7) creates potential for inconsistency when ministerial regulations establish standards that are practically difficult to fulfill or that reintroduce complexity that the risk-based framework was designed to eliminate. While Article 6(10) requires Presidential approval for ministerial regulations establishing standards, oversight mechanisms may not effectively prevent standards that impose disproportionate burdens, particularly when technical complexity makes it difficult for non-specialist reviewers to assess whether standards are truly necessary for public protection or represent excessive requirements favoring incumbent businesses or creating unnecessary barriers to entry. Businesses face challenges determining which ministerial regulations apply to their activities and ensuring they comply with potentially dozens of separate ministerial regulations across different sectoral authorities.
The interaction between PP 5/2021 and pre-existing sectoral regulations creates transitional interpretation questions. The regulation explicitly supersedes PP 24/2018, but many sector-specific regulations predating PP 5/2021 contain licensing requirements potentially inconsistent with the risk-based framework. Determining whether such pre-existing requirements remain valid, have been implicitly superseded by PP 5/2021, or require explicit repeal through amended sectoral regulations presents complex legal analysis. Courts and government agencies have not established consistent interpretive approaches, creating uncertainty about which requirements businesses must fulfill when risk-based licensing requirements appear to conflict with pre-existing sectoral licensing provisions.
The MSME accommodation provisions, while beneficial in reducing burdens on small businesses, create potential competitive distortions when micro and small enterprises receive deemed compliance with SNI and halal requirements while medium and large enterprises conducting identical activities must obtain formal certification. While this differentiation is justified by the disproportionate impact of certification costs on small businesses, it creates situations where product safety or quality standards may effectively differ based on business size rather than actual product risk, potentially disadvantaging consumers unable to determine whether products were produced by certified large businesses or deemed-compliant small businesses.
Despite these implementation challenges, PP 5/2021 represents a substantial improvement over Indonesia's previous licensing framework. The risk-based approach concentrates regulatory resources on activities genuinely requiring intensive oversight while enabling low-risk activities to commence rapidly, the OSS System integration (despite technical challenges) provides superior transparency and timeline predictability compared to opaque multi-agency processes, and the prohibition on additional licensing requirements provides legal protection against agency overreach. Businesses operating in Indonesia must engage proactively with the risk-based licensing framework, ensuring they correctly classify their activities, fulfill appropriate licensing requirements for their risk category, maintain documentation of compliance with applicable standards, and monitor sector-specific ministerial regulations establishing detailed technical requirements for their sectors. Legal practitioners advising on Indonesian business operations must conduct detailed analysis of KBLI code classifications, risk-level determinations, applicable ministerial regulations, and coordination between national and subnational licensing authorities while anticipating continued evolution of implementing regulations as government agencies refine operational procedures based on practical implementation experience.
Official Source: PP No. 5 Tahun 2021 (BPK Details)
Disclaimer
This article was AI-generated under an experimental legal-AI application. It may contain errors, inaccuracies, or hallucinations. The content is provided for informational purposes only and should not be relied upon as legal advice or authoritative interpretation of regulations.
We accept no liability whatsoever for any decisions made based on this article. Readers are strongly advised to:
- Consult the official regulation text from government sources
- Seek professional legal counsel for specific matters
- Verify all information independently
This experimental AI application is designed to improve access to regulatory information, but accuracy cannot be guaranteed.