Indonesia’s Push to Regulate Digital Financial Asset Offerings: A Framework for Crypto and Token Issuers

In recent years, Indonesia has witnessed a growing wave of digital-asset innovation—from data-exchange platforms to blockchain-based projects. Specifically on initial coin or token offerings (“ICO“), many of these initiatives have been launched overseas due to the lack of clear local rules. This trend has led to missed opportunities for Indonesia, such as potential tax revenue, professional service providers’ revenues, and domestic economic growth that could have come from hosting these projects locally.^[1]

To address this, Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan or “OJK“) has drafted a regulation on ICOs, and released the draft on 19 September 2025 (“Draft Regulation“) for public consultation. This new framework aims to regulate offerings of both tokenised assets and crypto-assets.

While OJK had previously issued rules for trading digital assets (OJK Regulation No. 27 of 2024), those rules did not cover ICOs.^[2]

This client alert outlines key aspects of the Draft Regulation, including:

1. What constitutes a digital financial asset offering;
2. How digital financial assets are categorised;
3. Who can issue them and the requirements to do so;
4. How the offering process works; and
5. How OJK will supervise and enforce the rules.

What Constitutes a Digital Financial Asset (DFA) Offering

The Draft Regulation does not use the term “ICO” directly. Instead, it refers to a “Digital Financial Asset (“DFA“) offering”, which means any activity where a company (as the issuer) sells its DFA to the public to raise funds.

According to the Draft Regulation, an activity will be considered a public offering if:

1. It is conducted through a digital financial asset market operated by a licensed digital financial asset trader;^[3] and
2. It is promoted widely, such as through mass media or to more than 100 people.

This means that any token sale targeting Indonesian investors that fulfil the above conditions may fall under OJK supervision. This is a big step forward in providing legal certainty, especially for foreign companies or platforms that actively market their tokens in Indonesia.

However, the Draft Regulation has not provide a clear guidance on how reverse-solicitation scenarios (where Indonesian investors engage with foreign issuers without being directly targeted) will be treated. We expect there will be clearer guidance in the final version of the Draft Regulation. 

How Digital Financial Assets Are Categorised

The Draft Regulation divides DFAs into two main categories, each with different rules and requirements:

To avoid overlapping with other regulations and ensure proportional supervision with other authorities, the Draft Regulation explicitly excludes certain types of DFAs from its scope. These exclusions include:

1. DFAs classified as securities under capital market laws;^[4]
2. DFAs issued by a central bank, such as a Central Bank Digital Currency (CBDC);
3. Non-transferable or intra-group DFAs, including closed-loop utility tokens, loyalty or reward points, or non-transferable “soulbound” tokens used solely to access an issuer’s services;^[5]
4. DFAs with unique and non-fungible characteristics, such as digital art or NFT-based collectibles;
5. DFAs distributed free of charge, for example through airdrop mechanisms used in projects;^[6]
6. DFAs generated automatically as rewards for maintaining distributed ledgers or validating transactions, such as mining or staking rewards (i.e., native tokens);^[7] and
7. Any other categories determined by OJK in future DFA regulatory updates.

Who Can Issue DFAs and its Requirements

The Draft Regulation introduces, for the first time, a clear legal framework outlining which entities are eligible to issue and offer DFAs in Indonesia.

1. Legal form and governance

To ensure accountability and effective supervision, only Indonesian limited liability companies (Perseroan Terbatas) incorporated under Indonesian Companies Law (Law No. 40 of 2007, as amended) can issue DFAs.

Issuers are also required to meet governance and management standards, including:

• Maintaining a board of directors where most members are Indonesian citizens, which under the Draft Regulation is expected to mean a simple majority rather than a supermajority requirement;

• Preparing an information document (white paper) that explains the project, use of proceeds, token allocation, offering price, and valuation by an OJK-registered appraiser;

• Maintaining a business continuity plan;

• Entering into a cooperation agreement with a licensed DFA trader; and

• Obtaining a due diligence report from the trader before conducting any offering, which must be signed by a member of the trader’s board of directors. The report should verify the issuer’s business, key personnel, digital asset characteristics, legal and regulatory compliance, governance standards, AML/CFT controls, and safekeeping arrangements. 

2. Licensing thresholds

The Draft Regulation introduces a three-tier authorisation system based on the total value of the offering and type of DFA offering:

• OJK approval process – Issuers must obtain OJK approval if the total offering value is at least IDR1 billion (approximately USD59,850 at USD1 = IDR16,707);

• OJK notification process – For offerings below IDR1 billion, issuers are only required to submit a notification to OJK. However, if multiple offerings are conducted within a one-year period and their combined value reaches or exceeds IDR1 billion, a full OJK approval will be mandatory; or

• CFX Exchange approval process – Applicable to unbacked crypto-assets, where the trader must obtain prior approval from the licensed crypto exchange in Indonesia, which is PT Central Finansial X (“CFX Exchange“) (instead of OJK) if the total value of the offering, whether conducted once or multiple times within one-year period, reaches at least IDR1 billion.

3. Custody and operational requirements

To ensure the integrity and proper management of DFA offerings, the Draft Regulation sets out detailed custody and operational obligations for issuers:

• Backed crypto-asset issuers must enter into an agreement with an OJK-approved asset custodian to store the reserved assets;^[8]
• Tokenised-asset issuers must implement policies and procedures for customer service, complaint handling, IT governance, and cyber security; and

• Unbacked crypto-asset offerings require the CFX Exchange approval. 

4. Licensing process and oversight

For backed crypto-asset and tokenised-asset issuers, applications and notifications must be submitted through OJK’s online licensing system at https://sprint.ojk.go.id. Once an application is filed, OJK will review supporting documents, and may request additional information.

OJK will issue an approval or rejection within 40 working days of submission. For issuers under the notification regime, the offering must commence within 30 working days after the notification is submitted.

On the other hand, for unbacked crypto-assets, applications for approval must be submitted to the CFX Exchange by following its procedures. The CFX Exchange is required to issue an approval or rejection within ten working days.

How the Offering Process Works 

As outlined in the Licensing Thresholds section, the Draft Regulation introduces a three-tier framework for conducting DFA offerings, based on the offering value and asset type. These tiers consist of approval from OJK, notification to OJK, and approval of the CFX Exchange.

Once the applicable process is completed, the issuer may proceed with a public offering, which is generally divided into two methods:

1. Single Offering – a one-time public sale conducted over a defined period of three to five working days; and
2. Continuous Offering – a recurring or open-ended sale that allows investors to purchase DFAs over an extended period.

Under the Draft Regulation, the step-by-step process for conducting a DFA offering consist of (i) public offering announcement, (ii) ordering or selling process, (iii) DFA allocation, and (iv) settlement process. The settlement process must be done with an OJK-approved clearing and settlement institution, such as PT Kliring Komoditi Indonesia. These steps apply to both offering methods, except that the allocation phase does not apply to continuous offerings. To safeguard investor assets, the Draft Regulation also requires issuers to segregate client assets from their own.

Additionally, while the Draft Regulation provides a comprehensive framework governing pre-offering approval, governance, disclosure, and offering methods (single or continuous), it does not prescribe the commercial sale model (e.g., fixed-price or algorithmic pricing) or whether the supply should be static or elastic. Instead, the Draft Regulation is expected to allow the issuer to determine its own commercial and supply-related aspects.

After the offering, issuers are required to implement a buyback mechanism that allows investors to redeem their DFAs under specified conditions. The buyback procedure must also comply with the relevant regulatory requirements and ensure fair treatment of investors.

Settlement of DFA transactions must generally be completed within five working days. However, for tokenised financial assets, the settlement period may extend up to 180 working days if the liquidation of the underlying asset is required.

In the event the fundraising target is not achieved, investor funds must be returned. Conversely, if the offering is successful, issuers are required to use the proceeds strictly in accordance with the project’s stated objectives, ensuring transparency and accountability in the utilisation of raised capital.

Buyback payments may be made in:

1. the tokenised asset itself or its equivalent fiat funds, in the case of tokenised-asset issuers; or
2. the reference currency, underlying asset, or other reserved asset (subject to investor approval), in the case of backed crypto-asset issuers. 

How OJK will Supervise and Enforce the Rules

The Draft Regulation grants OJK broad supervisory and enforcement powers over all participants in the DFA ecosystem, including issuers, DFA traders, custodians, and clearing institutions. OJK’s oversight includes the authority to conduct inspections, request reports, suspend activities, and impose sanctions for non-compliance.

Administrative sanctions may include written warnings, temporary suspension of business activities, administrative fines, dismissal of management, inclusion of responsible parties in the OJK’s blacklist, and revocation of business licences.

In serious cases, such as fraud, misrepresentation, or misuse of investor funds, violations may also trigger civil or criminal liability under the Financial Sector Development and Reinforcement Law (PPSK Law).^[9]

Looking Ahead

The Draft Regulation marks a pivotal step in Indonesia’s digital finance journey, set to further develop and strengthen the regulatory framework for DFA activities. While OJK Regulation No. 27 of 2024 already governs the sale and trading of DFAs, the Draft Regulation will fill the remaining gap by regulating ICOs.

For potential issuers, this framework will open the door to onshore fundraising through DFA offerings, including tokenisation. Both domestic and foreign companies can soon explore new capital-raising models within Indonesia’s digital markets, unlock liquidity from existing assets, and structure offerings under a clear legal regime.

Overall, the Draft Regulation reflects a balanced and forward-looking approach by encouraging innovation while ensuring regulatory safeguards. It signals Indonesia’s commitment to recognising DFA offerings as a legitimate and well-supervised part of its financial ecosystem.

Contribution Note

This Legal Update is contributed by the Contact Partners listed above, with the assistance of Daniar Supriyadi (Associate, Assegaf Hamzah & Partners), Ryan Armandha Andri Anwar (Associate, Assegaf Hamzah & Partners) & Fahdrazi Fajar Fahmy (Associate, Assegaf Hamzah & Partners).

__________________________________

^[1] Globally, token-based fundraising has demonstrated significant capital-raising capacity. The first ICO, Mastercoin (2013), raised around USD5 million (approximately IDR82.9 billion). Ethereum’s ICO (2014) collected about USD18 million (around IDR298.5 billion) over 42 days, followed by Neo (2016) with USD4.5 million (around IDR74.6 billion). Later, Telegram’s private ICO (2018) raised more than USD1.7 billion (around IDR28.2 trillion), while EOS set a record with approximately USD4 billion (aroundIDR 66.3 trillion), based on an exchange rate of USD1 = IDR16,585.

^[2] For further analysis on the OJK No 27 of 2024, please refer to our previous alert available here. Assegaf Hamzah & Partners. (2025, January 9). Changing of the Guards in Indonesia’s Crypto-asset Sector. Retrieved from https://www.ahp.id/changing-of-the-guards-in-indonesias-crypto-asset-sector/

^[3] As of 15 October 2025, licensed digital financial asset traders includes entities, such as Tokocrypto, Pluang, Mobee, Indodax, BTSE.ID, Naga Exchange, Usenobi, Ajaib, Floq, Kriptosukses, Pintu, Bitwewe, Triv, Upbit, Reku, Bitwyre, Nanovest, Koinsayang, Samuel Kripto, Bittime, ASTAL, CYRA, CoinX, Stockbit Crypto, and Coinvest, as listed in the OJK’s list of licensed digital financial asset traders available at https://www.ojk.go.id/id/Fungsi-Utama/ITSK/Perizinan-ITSK-Aset-Keuangan-Digital-Aset-Kripto/Pages/Daftar-Penyelenggara-Perdagangan-Aset-Keuangan-Digital-Posisi-15-Oktober-2025.aspx.

^[4] Please note that the Draft Regulation has not provided clear guidance on how or when DFAs would not be considered securities. The current wording on exclusions is ambiguous, potentially creating uncertainty for businesses in determining whether a particular DFA transaction falls under the Draft Regulation or instead within the remit of capital market (securities) regulation).

^[5] Examples include Shopee Coins, GoPay Points, GrabRewards, and Tokopedia Points in Indonesia, as well as international equivalents such as Starbucks Rewards, Amazon Coins, Binance Account Bound (BAB) Tokens, and Roblox Robux, which function as closed-loop or non-transferable tokens limited to use within their respective platforms or ecosystems.

^[6] Examples include Uniswap (UNI, 2020), Arbitrum (ARB, 2023), and Optimism (OP, 2022) — all of which distributed tokens to early users or contributors through airdrops as part of their network or governance launches. Retrieved from https://uniswap.org/, https://arbitrum.io/, and https://www.optimism.io/ respectively.

^[7] Examples of native tokens include Bitcoin (BTC), Ether (ETH), Solana (SOL), and Cardano (ADA). These are created directly by and operate on their own blockchain networks, functioning as the core transaction and validation tokens that sustain network operations through mining (proof of work) or staking (proof of stake).

^[8] DFA traders must segregate client holdings from company assets and maintain custody arrangements with OJK-licensed custodians, such as PT Kustodian Koin Indonesia or PT Tennet Depository Indonesia, as listed in the OJK’s Custodian for Digital Financial Assets including Crypto Assets (as of 15 October 2025). Retrieved from https://www.ojk.go.id/id/Fungsi-Utama/ITSK/Perizinan-ITSK-Aset-Keuangan-Digital-Aset-Kripto/Documents/Daftar%20Penyelenggara%20Perdagangan%20Aset%20Keuangan%20Digital%20Posisi%2015%20Oktober%202025.pdf

^[9] Please see our previous alert (click here) for an analysis of the PPSK Law.