Good for Indonesia
How they are implementing it is interesting but immaterial.
The key is that Indonesia required foreign companies deemed “Private Electronic System Providers” must register. The registration requires a self-assessed (non-audited) certification that "they've complied with local security and privacy requirements."
That's it. Foreign companies that ignored it are being punished - as they should be. From another article, it appears Google and Amazon requested an extension before the deadline and that's why they weren't on the list.
Biting the hand that feeds IT
