Indonesia's new SIM rule: facial biometrics mandatory from July 1

The Indonesian government has announced a new regulatory framework requiring all telecommunications operators to implement mandatory facial biometric verification for the registration of new SIM cards starting 1 July. This directive, issued through the Ministry of Communication and Informatics, aims to enhance national security and curb the rising incidence of digital fraud linked to unverified mobile numbers. Under the new guidelines, subscribers must undergo a live facial recognition scan during the activation process to ensure their identity matches the official national database.

This strategy represents a significant shift from the previous registration model which relied primarily on National Identity Card numbers and Family Card numbers. Authorities have noted that the older system was susceptible to manipulation, as demographic data could be misappropriated or sold online by third parties. By introducing a biometric layer, the government intends to create a more robust link between a physical individual and their digital identity, making it significantly harder for fraudulent actors to operate anonymously across mobile networks.

Telecommunications providers operating across the archipelago, including Telkomsel, Indosat Ooredoo Hutchison, and XL Axiata, are now required to integrate their retail and digital registration systems with the central population registry. This integration will verify the biometric data in real-time against the records held by the Directorate General of Population and Civil Administration. Operators have been advised to update their internal infrastructures and mobile applications to support high-resolution image capture and secure data transmission protocols before the mid-year deadline.

The implementation of facial recognition technology is expected to assist the Indonesian National Police in investigating cybercrimes, including phishing, online gambling, and financial scams. Criminals frequently use pre-activated or falsely registered SIM cards to hide their tracks, a practice the ministry hopes to eliminate through strict biometric compliance. Critics and privacy advocates have raised questions regarding data protection, prompting the government to reiterate that all collected biometric information will be subject to the Personal Data Protection Act to prevent unauthorised access or leaks.

Existing mobile subscribers who have already registered under the previous system may not be immediately required to undergo biometric verification, though the ministry may introduce a phased re-registration process in the future. For now, the focus remains on new activations and porting requests to ensure that all fresh entries into the national mobile ecosystem are fully authenticated. The move aligns Indonesia with several other regional markets that have already adopted biometric requirements to secure their digital infrastructure.

As the 1 July deadline approaches, the Ministry of Communication and Informatics will conduct a series of audits to ensure that all service providers are technically capable of meeting the new standards. The department has indicated that non-compliant operators could face administrative sanctions or restrictions on their ability to issue new subscriptions. Industry analysts expect that while the new rules may initially slow down the customer acquisition process, the long-term impact will be a more transparent and secure telecommunications market across the country.