The year 2025 has been marked by fast-moving regulatory developments that directly affect how companies establish, license, operate, and maintain compliance in Indonesia. A key theme has been the operationalization of policy through a large number of implementing instruments, ministerial regulations, agency regulations, decrees, and technical guidelines, driving procedural change faster than many businesses can internalize within their governance and operating models.

For businesses, especially foreign investors and fast-scaling domestic groups, the practical challenge is no longer simply “what the law says,” but how the licensing and compliance process actually runs in the relevant system (OSS and sectoral portals), how deadlines are measured, how data must align across submissions, and what administrative consequences follow from gaps or inconsistencies.

This is precisely where a structured advisory approach is critical. ET Consultant positions itself as a business and legal consultant supporting local and multinational clients to start and manage business operations in Indonesia, with core expertise spanning business incorporation, licensing & legal, accounting & taxes, immigration, and advisory. 

Key Figures: What the 2025 “Volume” Signals for Compliance Strategy

The sheer scale of Indonesia’s regulatory output in 2025, reflected in the issuance of more than 2,600 legal instruments at the national level, is not merely a statistical observation. It is a structural indicator of how Indonesia now governs business activity: through continuous administrative calibration rather than isolated legislative reforms.

In practical terms, the Indonesian regulatory environment has entered an era of “regulatory density”, in which compliance is no longer determined primarily by a handful of core laws but by an expanding ecosystem of ministerial regulations, agency rules, circulars, decrees, and technical guidelines that operationalize those laws on a day-to-day basis.

1. Why the Volume Matters More Than the Headline Laws

For business actors, the most important implication of the 2025 regulatory volume is that legal risk is increasingly procedural rather than conceptual.

A company may fully understand the substance of a statute, yet still face sanctions, license revocation, or operational suspension because it failed to comply with:

• a newly issued reporting format,
• an updated OSS workflow,
• a revised data-submission deadline, or
• a technical verification requirement imposed by a ministry or agency.

In other words, regulatory exposure in Indonesia is now driven by “how” rather than merely “what.” This is particularly relevant for foreign investors and growing domestic enterprises, whose operations depend on:

• OSS-based business licensing,
• periodic investment activity reports (LKPM),
• tax filings and reconciliations,
• sector-specific compliance (e.g., BPOM, halal, environment, manpower, customs).

Each of these functions is governed not by a single law, but by a layered stack of administrative rules that can be amended multiple times in a single year.

2. Regulatory Proliferation as a Compliance Risk Multiplier

The 2025 figures show that the majority of new instruments were issued by:

• Ministries, and
• Government agencies and supervisory bodies.

This matters because these institutions are the ones that:

• operate the OSS system,
• control sectoral licensing,
• conduct inspections,
• impose administrative sanctions, and
• process corporate and investment data.

As a result, regulatory proliferation translates directly into:

• more data points that must be accurate and consistent,
• more interfaces where compliance can fail (OSS, INATRADE, BPOM portals, tax systems, manpower systems), and
• more administrative triggers for audits, suspensions, or enforcement actions.

From a governance perspective, companies operating in Indonesia must now assume that regulatory compliance is dynamic, not static. A license or approval that was valid six months ago may remain legally valid but become procedurally non-compliant due to:

• updated reporting obligations,
• new submission templates,
• additional declarations, or
• revised verification mechanisms.

3. Sectoral Concentration: Where Compliance Risk is Most Intense

The 2025 figures also show a clear concentration of regulatory activity in certain business-critical sectors, notably:

• Tax and Non-Tax Charges
• Trade and Import/Export
• Pharmaceutical, Healthcare, and Food Regulation
• Natural Resources
• Employment

These are precisely the sectors where:

• government revenue is collected,
• consumer protection is enforced,
• strategic resources are controlled, and
• labor relations are regulated.

For businesses operating in these fields, compliance risk is therefore compounded:

• not only are the rules numerous,
• but enforcement incentives are high.

This creates a regulatory environment in which documentation quality, reporting discipline, and licensing architecture become as important as commercial performance.

4. What This Means for Corporate Governance in 2025 and Beyond

In this environment, Indonesian regulatory compliance can no longer be managed as a purely legal or administrative function. It must be embedded into the company’s operating model. A compliant business in 2025 is not merely one that:

• holds the correct licenses, or
• files taxes on time,

but one that also:

• maintains consistent OSS data,
• updates business activity information as operations evolve,
• aligns its corporate structure with its actual business model, and
• anticipates regulatory changes rather than reacting to them.

This is where professional advisors become essential, not just to interpret laws, but to translate regulatory volume into structured compliance systems.

The Centerpiece of 2025: Risk-Based Licensing Reform GR No. 28 of 2025

The most structurally important regulatory reform affecting Indonesia’s business environment in 2025 is the enactment of Government Regulation No. 28 of 2025 on Risk-Based Business Licensing (Perizinan Berusaha Berbasis Risiko – “PP 28/2025”). This regulation does not merely amend prior rules; it represents a recalibration of how the Indonesian State governs business entry, operation, and supervision through the OSS system.

Where earlier frameworks focused primarily on categorizing business activities by risk level and attaching different types of licenses to each category, PP 28/2025 moves further by transforming risk-based licensing into a performance-based administrative regime. In practical terms, this means that business licensing in Indonesia is no longer a one-time approval process, but a continuously monitored compliance system driven by digital verification, service-level commitments, and escalating administrative control.

One of the most significant shifts introduced by PP 28/2025 is the formalization of Service Level Agreements (SLA) within the licensing ecosystem. For the first time, the Government has tied the OSS licensing workflow to measurable processing timelines, particularly for what are referred to as “basic requirements”, such as land use conformity, environmental approvals, and building approvals. These requirements have historically been the most unpredictable and delay-prone elements of business establishment in Indonesia. By anchoring them to SLA, PP 28/2025 signals a move toward greater legal certainty and predictability, not by reducing regulatory obligations, but by forcing government agencies to process them within defined timeframes.

However, this improvement in predictability also brings a corresponding increase in compliance exposure for business actors. Under PP 28/2025, the OSS system is no longer simply a submission portal; it becomes a compliance control instrument. Once a business actor submits data, uploads documents, and obtains a license through OSS, those inputs become binding representations to the State. Any inconsistency between what is declared in OSS and what actually occurs on the ground may now give rise to administrative sanctions, suspension, or even revocation of business licenses.

PP 28/2025 also materially expands the scope of risk-based licensing by increasing the number of sectors subject to the OSS-RBA framework. The addition of sectors such as investment, cooperatives, creative economy, legal metrology, geospatial information, and electronic systems and transactions brings a far broader range of commercial activity under the centralized licensing and supervision regime. This expansion is not merely administrative; it reflects a policy choice to bring more business activity into a data-driven, digitally supervised regulatory environment.

In this context, licensing becomes inseparable from corporate governance. Business actors are no longer assessed only on whether they obtained a license, but also on whether they continuously fulfill the commitments embedded in that license, including compliance with basic requirements, reporting obligations, and sector-specific technical standards. PP 28/2025 introduces explicit authority for the Government to impose administrative sanctions for violations of basic requirements, business licenses (PB), and supporting business licenses (PB UMKU). This is a fundamental change from the previous regime, where sanctions were often regulated only at the subsector level and applied unevenly.

For foreign investors and domestic companies alike, the practical implication is that the licensing strategy must now be integrated into business strategy. The choice of KBLI, the structuring of project locations, the sequencing of basic requirements, and the timing of OSS submissions are no longer purely formal decisions. They determine how a company will be supervised, audited, and sanctioned over the life of its operations.

This is precisely why PP 28/2025 elevates the role of professional licensing and regulatory advisors. The legal risk in Indonesia’s licensing system no longer lies primarily in whether a permit is obtained, but in whether the entire regulatory architecture behind that permit is correctly designed and continuously maintained. Errors in OSS data, misalignment between actual operations and declared activities, or failure to update licenses when a business evolves can now trigger enforcement consequences that directly affect the ability of a company to operate.

For ET Consultant’s clients, PP 28/2025, therefore, represents both an opportunity and a risk. On the one hand, clearer timelines and standardized digital processes make market entry more predictable. On the other hand, the digitalization and centralization of compliance mean that mistakes are easier to detect, easier to trace, and easier to enforce. Companies that treat licensing as a one-time administrative hurdle will find themselves exposed, while those that treat it as a living compliance system will be positioned to operate with stability and regulatory confidence in Indonesia’s increasingly data-driven regulatory environment.

Implementing Rules: Regulation of the Minister of Investment/BKPM No. 5 of 2025 as the Operational Guide for OSS-Based Licensing

While Government Regulation No. 28 of 2025 establishes the policy architecture of Indonesia’s modern risk-based licensing regime, it is Regulation of the Minister of Investment and Downstream Industry/Head of BKPM No. 5 of 2025 (“Permen BKPM 5/2025”) that determines how this system actually operates in practice. In regulatory terms, Permen BKPM 5/2025 functions as the procedural constitution of Indonesia’s OSS system, defining not only how applications are submitted but how they are verified, approved, monitored, and sanctioned.

For business actors, this distinction is critical. PP 28/2025 answers the question of what must be licensed and under what risk category. Permen BKPM 5/2025 answers the more commercially decisive question: how the State will process, validate, and control those licenses on a daily basis.

One of the most important features of Permen BKPM 5/2025 is that it fully embeds risk-based licensing into a digitally controlled compliance lifecycle. Under this framework, the OSS system is no longer merely an application portal. It becomes the Government’s single source of truth regarding a company’s legal identity, business scope, risk classification, investment data, and compliance status. Every KBLI, every project location, every investment value, and every license category is cross-validated inside OSS and linked to multiple supervisory authorities.

This means that licensing is no longer transactional. It is continuous.

Once a company obtains a Business Identification Number (NIB) and its core licenses, its obligations do not stop. The company is permanently tied to a set of regulatory commitments that are visible, traceable, and enforceable through OSS. Any divergence between what a company actually does and what is recorded in OSS may now be detected through:

• LKPM investment reporting,
• sectoral supervisory systems,
• environmental and building databases,
• customs and import platforms, and
• inter-agency data sharing.

Permen BKPM 5/2025, therefore, shifts the compliance paradigm from permit-based legality to data-based regulatory control.

A further commercially significant reform introduced by Permen BKPM 5/2025 is the way in which basic requirements are integrated into the OSS workflow. In previous regimes, environmental approvals, building approvals, and spatial conformity often existed outside OSS, creating legal uncertainty and fragmented compliance. Under the new framework, these elements are now structurally embedded into the licensing chain. OSS will not only record whether a company holds these approvals, but will also use them as gating conditions for the issuance and maintenance of business licenses.

For companies operating in office towers, industrial estates, shopping centers, and shared commercial buildings, Permen BKPM 5/2025 also introduces important practical flexibility. Where a building manager or owner has already secured the necessary environmental and building approvals, business tenants may rely on those documents for OSS licensing purposes. This significantly reduces entry barriers for service companies, retailers, and professional businesses operating within multi-tenant properties. However, it also means that companies must verify the legal status of their building at the outset, because any deficiency at the building-level may cascade into licensing risks for every tenant.

Another core element of Permen BKPM 5/2025 is the reinforcement of investment reporting (LKPM) as a compliance control instrument. LKPM is no longer merely a statistical reporting tool. It now operates as a regulatory verification mechanism. OSS and BKPM use LKPM data to test whether a company’s declared business activities, investment values, and operational status match what is recorded in its licenses. Failure to submit LKPM on time, or submission of inconsistent data, may trigger warnings, system blocks, or administrative sanctions.

For PMA companies in particular, this creates a tight regulatory loop:

corporate structure → KBLI → OSS license → investment plan → LKPM reporting → compliance evaluation → continued license validity.

This loop means that licensing, corporate governance, and financial reporting are now legally interconnected. Companies that treat these functions as siloed departments expose themselves to regulatory contradictions that can be costly to fix once detected.

From the perspective of ET Consultant, Permen BKPM 5/2025, therefore, represents the point at which Indonesian investment law becomes operational reality. It is not enough to know that a business is legally permitted. A business must be able to demonstrate, through OSS and LKPM, that it is behaving in accordance with its regulatory profile.

This is why regulatory advisory in 2025 is no longer simply about interpreting laws. It is about designing and maintaining a coherent OSS architecture that aligns corporate form, business activities, investment flows, and licensing data into a single, defensible regulatory narrative. In an environment where the State supervises businesses through digital systems rather than ad-hoc inspections, the quality of a company’s OSS footprint has become one of its most valuable compliance assets.

Practical Compliance Roadmap: How Businesses Should Respond After 2025

The regulatory reforms of 2025 do not merely introduce new rules; they fundamentally alter how compliance is constructed and enforced in Indonesia. Under the combined framework of PP 28/2025 and Permen BKPM 5/2025, business legality is no longer defined by the existence of a license alone, but by the consistency, accuracy, and continuity of regulatory data across multiple government systems.

As a result, companies operating in Indonesia must shift from a mindset of “obtaining permits” to one of maintaining regulatory integrity.

1. Licensing must be designed, not merely obtained
   The first and most important step in post-2025 compliance is to recognize that OSS architecture is now part of corporate governance. The selection of KBLI codes, the definition of business activities, the classification of risk levels, and the mapping of project locations collectively determine how a company will be regulated, supervised, and sanctioned.A poorly designed licensing structure may appear compliant on day one but become unsustainable as soon as the business begins to operate, expand, import, hire foreign staff, or raise capital. Companies must therefore approach licensing as a strategic design exercise, ensuring that their OSS profile reflects not only their current operations but also their medium-term business trajectory.This is especially critical for PMA companies, whose investment thresholds, reporting obligations, and sectoral restrictions are directly linked to the KBLI and project data stored in OSS.
2. Basic requirements must be treated as operational foundations
   Under the 2025 regime, basic requirements such as environmental approvals, land use conformity, and building approvals are no longer peripheral documents. They are the legal foundation upon which the entire licensing structure rests.If a company occupies a building that is not legally compliant, operates in a location that is not zoned for its activity, or fails to maintain required environmental documentation, its OSS-based licenses become vulnerable, regardless of how complete the corporate paperwork may be.Accordingly, companies must integrate land, building, and environmental compliance into their business planning from the outset. For service companies and tenants in commercial buildings, this requires careful legal due diligence on the status of the premises before any OSS submission is made.
3. LKPM is now a compliance verification tool, not a formality
   Investment reporting (LKPM) has evolved into one of the most powerful enforcement tools in Indonesia’s regulatory system. Through LKPM, BKPM cross-checks whether:
   • the company is actually operating,
   • investment values are realistic,
   • business activities match licensed KBLI, and
   • project locations are active.Discrepancies between OSS licenses and LKPM reports are among the most common triggers for regulatory scrutiny. Companies that fail to submit LKPM on time, or that submit inaccurate data, are effectively flagging themselves for further examination.For this reason, financial reporting, corporate governance, and licensing compliance must be aligned into a single internal control system. LKPM should be treated with the same seriousness as tax filings or audited financial statements.
4. Corporate, tax, immigration, and licensing must move together
   One of the defining features of the post-2025 environment is the integration of regulatory databases. Changes in one area increasingly ripple into others. A change in shareholding structure may affect:
   • beneficial ownership reporting,
   • investment classification,
   • tax obligations, and
   • OSS licensing status.Expanding a business line or adding a new product category may require
   • new KBLI registration,
   • new PB or PB-UMKU licenses,
     
   • BPOM or sectoral approvals,
     
   • customs and import updates, and
   • amended LKPM submissions.Companies that manage these functions in isolation inevitably create regulatory inconsistencies that can undermine their legal standing.
5. From static compliance to regulatory governance
   The practical lesson of 2025 is that compliance in Indonesia is no longer static. It is a living system that must evolve alongside the business. A legally resilient company in this environment is not the one that has the most permits, but the one whose:
   • OSS data,
   • investment reports,
   • tax records,
   • immigration files, and
   • operational reality

This is precisely the space in which ET Consultant operates. By integrating business incorporation, licensing, tax, immigration, and regulatory advisory into a unified service framework, ET Consultant enables clients not only to enter the Indonesian market but to remain compliant, credible, and investable within it, even as the regulatory kaleidoscope continues to turn.

Conclusion

The regulatory landscape of Indonesia in 2025 reflects a fundamental shift in how the State governs economic activity. Through the combination of risk-based licensing under Government Regulation No. 28 of 2025 and the digitally enforced procedural framework of Ministerial Regulation BKPM No. 5 of 2025, Indonesia has moved away from permit-centric regulation toward a system of continuous, data-driven regulatory supervision. Business legality is no longer determined at the moment a license is issued, but rather through the ongoing coherence between corporate structure, OSS records, investment reporting, tax compliance, immigration status, and operational reality.

In this environment, regulatory compliance has become inseparable from corporate governance. Every business decision, whether it concerns expansion, restructuring, capital injection, hiring, importing, or entering a new line of activity, now has direct regulatory consequences that are reflected, verified, and enforced through interconnected government systems. The cost of inconsistency is no longer merely administrative; it now directly affects a company’s ability to operate, transact, and grow within Indonesia.

For companies that treat licensing and compliance as a one-time hurdle, this environment presents increasing risk. For those that treat regulatory architecture as part of their business strategy, however, Indonesia offers a clearer, more predictable, and more investable framework than ever before.

In a regulatory environment defined by speed, complexity, and digital enforcement, businesses require more than legal interpretation; they require regulatory design, execution, and continuous alignment. ET Consultant stands at this intersection. By integrating business incorporation, OSS-based licensing, accounting and tax compliance, immigration services, and regulatory advisory into a single strategic framework, ET Consultant enables companies to build a defensible regulatory footprint from the first day of operation and to maintain it as their business evolves.

Whether you are establishing a new investment vehicle, expanding into new KBLI sectors, restructuring your group, or seeking to stabilize your compliance position under the 2025 regime, ET Consultant provides the legal, technical, and procedural expertise required to navigate Indonesia’s regulatory kaleidoscope with confidence. In an era where regulatory integrity determines commercial viability, the right advisory partner is no longer optional, it is a core business asset.

***

ET Consultant is a Business Consultant and Legal Consultant Expert that provides support for local and multinational clients to start and manage their business operations in Indonesia. ET Consultant specializes in Business Incorporation, Licensing & Legal, Accounting & Taxes, Immigration, and Advisory Services.

Ready to find out more?

Excellent and Trusted Consultant (ET Consultant)
PPHUI Building Lantai 2 suite 210 Jl. H.R. Rasuna Said Kav. C-22 Kuningan
Jakarta Selatan, 12940 Indonesia.
Tlp : 021 5290 7039
Email : info@et-consultant.com