Indonesia: Government Regulation No. 28 of 2025 on Risk-Based Business Licensing

On 5 June 2025, the Government of Indonesia issued Government Regulation No. 28 of 2025 on the Organization of Risk-Based Business Licensing (“GR 28/2025”), which entered into force on the same date. GR 28/2025 revokes and replaces Government Regulation No. 5 of 2021 (“GR 5/2021”).

The regulation introduces extensive institutional, procedural, and substantive reforms to the Online Single Submission (OSS) system, reaffirming the government’s commitment to a digitally integrated, risk-based licensing framework. GR 28/2025 comprises 552 articles across 14 chapters, codifying the licensing and post-licensing supervision landscape in greater detail than its predecessor.

Transition Period and Migration to the New OSS Platform

To facilitate the transition, Article 551(a) of GR 28/2025 requires the OSS Agency to update the OSS system no later than 5 October 2025. Until then, the existing OSS platform remains operational, and ongoing applications will continue to be processed under GR 5/2021, provided the required documentation is complete.

Once the updated system is launched, businesses with existing OSS accounts will be required to manually update their account data. This may include re-uploading licenses, revising business classifications, and completing new profile fields introduced under GR 28/2025. Although no explicit deadline has been set for this migration, prolonged inaction may affect the ability to submit LKPM investment reports or process amendments, extensions, or other licensing changes.

Article 549 provides a grandfathering clause under which licenses issued under GR 5/2021 remain valid unless GR 28/2025 offers more favourable terms. Business actors may therefore opt to seek reissuance under the new framework if doing so provides a compliance or operational benefit.

Structural Expansion of the OSS System

GR 28/2025 strengthens the OSS framework by expanding the licensing subsystems from five to eight. Newly integrated modules include:

• Principal License (Perizinan Dasar): now centralising environmental, land use, and building approvals, which were previously processed outside OSS, particularly when involving local government agencies.

• Investment Facilities: incorporating applications for tax allowances, import-duty exemptions, and other fiscal incentives.

• Partnerships: enabling the monitoring of mandatory and voluntary partnerships with SMEs and other business actors.

This expansion aims to improve regulatory coherence and reinforce the OSS’s role as a single window for licensing and compliance.

Sectoral Coverage and Risk Classification

GR 28/2025 extends risk-based licensing to seven additional business sectors, including the creative economy, geospatial information, cooperatives, electronic systems and transactions, and investment facilitation.

The risk classification methodology has also been updated. While the qualitative designations of Low, Medium-Low, Medium-High, and High risk remain, the number of KBLI entries has increased from 1,348 to 1,417. Although fewer activities are now classified as High or Medium-High risk, many previously unregulated activities have been formally categorised and integrated into the OSS framework.

The number of Supporting Business Licenses (PB UMKU) has been reduced from 1,006 to 357, reflecting consolidation of sectoral licensing requirements.

Service Standards and the Deemed Approval (Fiktif Positif) Mechanism

GR 28/2025 formalises and expands the use of Service Level Agreements (SLAs) across multiple types of business approvals, including:

• Technical Approvals (Persetujuan Teknis);

• Environmental Approvals (Persetujuan Lingkungan); and

• Building Approvals and Worthiness Certificates (PBG and SLF).

Each must now be subject to binding maximum processing times, integrated into the OSS system. Where an application is submitted in full compliance and the authority fails to act within the SLA, the license is deemed granted (fiktif positif). The OSS system must then issue proof of licensing with the same legal effect as a manually issued license.

This represents a significant departure from GR 5/2021, under which fiktif positif applied narrowly—mainly to Conformity of Spatial Utilization Activities (KKPR)—and often lacked clarity. GR 28/2025 broadens and codifies the mechanism, enhancing certainty and providing recourse against administrative delay.

At the same time, GR 28/2025 introduces safeguards. Articles 244 and 245 allow authorities to:

• conduct post-licensing audits;

• verify that application materials were accurate and complete at the time of deemed issuance; and

• revoke licenses if misrepresentation or non-compliance is discovered.

Revocation must be formally notified and digitally recorded in the OSS system, balancing efficiency with regulatory control.

Fast-Track Licensing in Strategic Zones

GR 28/2025 establishes accelerated procedures for licensing in strategic economic zones, including:

• Special Economic Zones (KEK);

• Free Trade Zones (KPBPB); and

• National Strategic Projects (PSN).

In these areas, certain verifications may be deferred until after licensing, subject to audit. KEK Administrators and KPBPB Heads are authorised to issue Business Licenses and PB UMKU licenses directly via OSS, expediting approvals for investors in priority zones.

However, companies must prepare all documentation as though undergoing full review, as deficiencies discovered post-approval may result in revocation and sanctions.

Outlook and Next Steps

At the time of writing, implementing regulations under GR 28/2025 have not yet been issued. The Ministry of Investment and Downstreaming is expected to revoke prior implementing regulations to align with the new regime, with new instruments anticipated by 5 October 2025, coinciding with the OSS system upgrade.

Businesses are advised to:

• monitor OSS and Ministry announcements for implementing regulations;

• review KBLI classifications for compliance impact;

• prepare to revalidate OSS accounts and licenses upon migration;

• audit existing Principal Licenses, Business Licenses, and PB UMKU;

• ensure documentation is accurate and complete to withstand post-issuance audits; and

• exercise caution when relying on fiktif positif, balancing efficiency with compliance risk.

We will continue to monitor regulatory developments and provide updates as the framework evolves.

By SSEK, Indonesia, a Transatlantic Law International Affiliated Firm. 

For further information or for any assistance please contact indonesia@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. TransatlanticLaw International Limited, based at 84 Brook Street, London W1K 5EH, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.