This briefing outlines the regulatory changes introduced by PP 28/2025. The regulation strengthens the risk-based business licensing framework, enhances the Online Single Submission (OSS RBA) ecosystem, and provides clearer post-licensing supervision standards. For boards, investors, and general counsel, PP 28/2025 increases procedural predictability and reduces ambiguity for activities that previously sat across multiple sectoral rules.
In practical terms, PP 28/2025 expands the list of activities covered by the risk-based regime and sets transparent expectations for documentation, standards, and monitoring. The policy intent is to make licensing faster for low-risk activities and more structured for higher-risk activities, while maintaining consistent oversight.
Six Sectors Newly Recognized in the Risk-Based Framework
PP 28/2025 widens the scope from 16 covered sectors to 22 and introduces six additions: Legal Metrology, Creative Economy, Geospatial Information, Cooperatives, Investment (Penanaman Modal), and Electronic Systems & Transactions. These categories now benefit from defined licensing routes and supervisory expectations.
1) Creative Economy
IP-centric activities—design, film, music, game development, advertising technology, and creator monetization—can be mapped to risk categories that determine whether an NIB alone is sufficient or whether a Standard Certificate or sectoral approval is required under PP 28/2025.
2) Geospatial Information
Mapping services, satellite/aerial imagery processing, location analytics, and geospatial data platforms fall within this sector. The regulation emphasizes data governance and quality standards for outputs that inform public or sensitive uses.
3) Cooperatives (Koperasi)
Commercial cooperatives now follow a standardized pathway with documentation aligned to risk-based licensing. As with companies, the specific business line determines the applicable instruments under PP 28/2025.
4) Investment Services
Corporate advisory, investment facilitation, and transaction support services are expressly covered to avoid grey areas. Under the regulation, the distinction between general consulting and regulated activity becomes clearer through risk mapping.
5) Trade and Legal Metrology
Businesses dealing with measuring instruments, calibration, and verification can obtain licensing aligned with the risk category, with technical standards and periodic verification tied to supervision under PP 28/2025.
6) Electronic Systems and Transaction Operations (ESTO)
Digital platforms operating electronic systems—e-commerce, fintech interfaces, SaaS, or social networks—follow better defined obligations, including operational readiness and cybersecurity considerations, within PP 28/2025.
Two Stages of Business Activity Under PP 28/2025 (Structure You Can Plan Around)
The regulation delineates two stages with clear sub-steps: (1) Memulai Usaha (start) and (2) Menjalankan Usaha (operate). The first stage covers legalities, basic requirements—KKPR and environmental approvals for non-AMDAL/UKL-UPL cases—and submission for business licensing. The second stage covers preparation (land, PBG/SLF where applicable, facilities, HR, standards, and PB requirements) and operational/commercial activities (production, logistics, marketing).
Risk Mapping and Required Licensing Instruments
PP 28/2025 maintains the risk analysis steps and maps each risk level to specific instruments as follows:
- Low Risk: NIB only
- Medium-Low / Medium-High Risk: NIB + Standard Certificate
- High Risk: NIB + License (Izin)
This matrix should be built into internal checklists and sequencing for compliance and inspection readiness.
PB vs PB UMKU and Who Issues What
PP 28/2025 separates Perizinan Berusaha (PB) from PB untuk Menunjang Kegiatan Usaha (PB UMKU) and clarifies issuing authorities: OSS institution; OSS on behalf of ministers/agency heads; provincial and district/city DPMPTSP; KEK Administrators; and KPBPB Authorities. The framework also provides special delegation in free-trade and free-port zones (KPBPB), where PB issuance is delegated to the Head of the KPBPB—especially relevant for FDI or treaty-based investments.
Expanded OSS Subsystems You Will Use
Beyond the existing modules, PP 28/2025 introduces three additional OSS subsystems and specifies what each contains:
- Persyaratan Dasar (KKPR, Environmental Approval, PBG/SLF) — access controlled via user rights.
- Fasilitas Penanaman Modal — eight fiscal facilities accessible with system access rights (e.g., import-duty exemptions, tax reductions, R&D and apprenticeship deductions).
- Kemitraan — mandatory/voluntary partnership features and monitoring.
These expansions affect how corporate teams plan filings and secure fiscal incentives.
Administrative Sanctions and Active Supervision
PP 28/2025 introduces a tiered administrative sanctions regime: warning, temporary suspension, administrative fine, police force (daya paksa), revocation of licenses/certifications/approvals, and revocation of basic requirements/PB/PB UMKU. Sanctions must be imposed by authorized officials through the OSS system. Build continuous monitoring and evidence files to demonstrate compliance during supervision.
NSPK Discipline and Local Rules
Norms, Standards, Procedures, and Criteria (NSPK) remain a central government function and the single reference. Heads of regions are prohibited from expanding provisions beyond PP 28/2025 when drafting local implementing rules—reducing regulatory variance risk for national operators.
Immediate Housekeeping: Update OSS Access Rights
PP 28/2025 instructs businesses to update any OSS access rights obtained before the regulation took effect, based on notifications sent via the registered email. Ensure your compliance leads coordinate this update to avoid access issues.
Frequently Asked Questions
Question: Under PP 28/2025, what triggers NIB-only versus further approvals?
Answer: The assigned risk level determines instruments: Low (NIB), Medium-Low/Medium-High (NIB + Standard Certificate), High (NIB + License).
Question: Does PP 28/2025 change foreign-ownership limits?
Answer: Market-access rules continue to apply; the regulation aligns licensing mechanics while sectoral caps remain governed by investment rules.
Question: What are the two operational stages I should plan for?
Answer: Memulai Usaha (legalities, basic requirements, licensing submission) and Menjalankan Usaha (pre-operation preparation and operational/commercial activities).
Question: How are sanctions applied under PP 28/2025?
Answer: Sanctions follow a defined ladder and are imposed by authorized officials via OSS; documentation discipline is essential.
Conclusion
Indonesia’s PP 28/2025 marks a significant step in strengthening the country’s risk-based licensing regime and expanding opportunities across six new business sectors. By streamlining procedures, clarifying supervision standards, and enhancing the OSS RBA ecosystem, the regulation provides greater certainty for both local and foreign investors. For companies planning to enter or expand in Indonesia, understanding the two operational stages, licensing instruments, and compliance requirements is essential to ensure smooth market entry and sustainable operations. With the right guidance, businesses can turn these regulatory changes into a competitive advantage and confidently position themselves in Indonesia’s evolving business landscape
