The Communications and Information Ministry is closely monitoring startups that provide digital signatures services to prevent any misuse, an official has said.
To do so, the ministry has armed itself with Ministerial Regulation No. 11/2018 on electronic certification vendors, which was issued on Sept. 6.
The regulation contains 14 requirements for the digital signature vendors, including a requirement to possess a local digital signature infrastructure and other facilities that had passed stress testing as well as penetration testing, which evaluates a system's security through a simulated attack.
The vendors are also required to own a system that produces and manages digital signatures as well as a system that issues, manages and guarantees the security of electronic certificates.
Digital signature vendors must also be registered as an Electronic System Providers (PSE) as stipulate under Government Regulation (PP) No. 82/2012 on implementing electronic transaction systems.
“Digital signature vendors that have not registered [with the ministry] will be producing illegal digital signature products,” the ministry's information application control director, Riki Arif Gunawan, said in Jakarta on Sunday as quoted by kontan.com.
Marshall Pribadi, the CEO of Privy Identitas Digital (PrivyID), welcomed the regulations as critical to the business' continuity.
“With the ministry's close monitoring, the people need not worry about the security or validity of digital signatures,” said Marshall.
The ministry has recognized PrivyID as a digital signature vendor since Dec. 7. (bbn)