Since geothermal survey and exploration activities were first mandated in 1974 by the then President of Indonesia, to subsequent changes to the geothermal legal framework up to late June this year, protection of data obtained from geothermal activities has only been regulated in general. 

Under the current Law No. 21 of 2014 on Geothermal ("Geothermal Law") and Government Regulation No. 7 of 2017 on Geothermal for Indirect Utilization ("GR 7/2017"), the Government of Indonesia ("GOI") controls and owns data obtained from geothermal activities. Consequently, any data relating to such activities cannot be transmitted, provided or transferred to any party by any means without prior consent of the GOI. Any transmission, provision or transfer of data obtained from general survey, exploration and exploitation activities requires prior consent from the Minister of Energy and Mineral Resources ("MEMR"). The Geothermal Law and GR 7/2017 provide that matters relating to data obtained from geothermal activities were to be regulated in a ministerial regulation. 

On 25 June this year, the MEMR finally issued Regulation No. 33 of 2018 on Management and Utilization of Data and Information on Geothermal for Indirect Utilization ("Reg 33"), which came into force on the same day.

Reg 33, which sets out detailed requirements on the data management and utilization, applies to all geothermal data obtained from geothermal activities performed before and after Reg 33 came into force, including those managed and maintained by existing joint operation contractors, holders of geothermal business authority (Kuasa Pengusahaan) and holders of geothermal business licenses.

Data Management and Utilization

As prescribed in the Geothermal Law and GR 7/2017, Reg 33 essentially covers the following areas:

  • Data management and utilization
    Geothermal data are owned by the GOI, and their management and utilization are arranged by the MEMR. For the life of the license, IPB holders manage data obtained from exploration and exploitation activities conducted in geothermal business areas. They are obliged to keep and protect the data from any misappropriation, and submit annual reports of any new or updated data to the MEMR.
    Reg 33 also includes the process and requirements to obtain MEMR approval for data disclosure to third parties.
  • Payment of compensation for geothermal data
    The MEMR sets a price for data prior to a geothermal business area offer ("Compensation"). The Compensation must be paid by the following parties to the GOI or public services enterprises/state owned enterprises that enter into cooperation with the GOI to finance or undertake the drilling of exploration wells:
    (a) the winner of a geothermal business area tender
    (b) any party that is given an assignment to:
    (i) undertake exploration, exploitation and/or utilization of data
    (ii) become an IPB holder

Categories of geothermal data

Reg 33 classifies geothermal data into four main categories:

a. general data, which are data on identification of potential geographical locations, well locations and operation production. Examples of general data are topography data, well location maps, and geothermal business area maps.

b. raw data, which are data containing a description or the quantity of the recording results from investigation of geology, geochemical, geophysics, geothermal well drilling activity and geothermal well production. Examples of raw data are technical data (geological, geochemical and geophysical surveys), rock surface samples, optical satellite images and high resolution orthophotos.

c. processed data, which are data obtained from analyzing and evaluating raw data. Examples of processed data are geophysical information data analysis, petrographic analysis and technical feasibility analysis.

d. interpretation data, which is obtained from interpreting raw data and/or processed data. Examples of interpretation data are geothermal business area development plans, environmental impact analysis (AMDAL), and bankable financial models of the geothermal business area.

A full list of the types of data which belong to each of the above categories is set out in attachment 1 of Reg 33. 

Based on an MEMR press release on 21 July 2017
(, the utilization of raw data and processed data requires prior MEMR approval, whilst general data and interpretation data are open for access. 

Disclosure requirements

We would like to highlight the following new areas governed by Reg 33:

  • Data utilization for the purpose of share transfer from one business entity to another  ("Share Transfer") is subject a non-disclosure agreement ("NDA") between the data provider and data recipient.
  • Data can only be disclosed to Indonesian legal entities.
  • Use of raw data and processed data requires MEMR approval.

Before Reg 33 came into force, prior MEMR approval was required for data disclosure for any purposes. To obtain the approval, the applicant had to enter into an NDA with the MEMR through the Directorate General of New and Renewable Energy ("EBTKE"). 
With the issuance of Reg 33, prior approval from the MEMR is still required for disclosure of the data, but Reg 33 focuses only on disclosure approval requirements and procedure for Share Transfers and for college student research purposes, without providing detailed procedures for other investment related activities, such as for financing.  

Specifically for data disclosure for the purposes of Share Transfers, the application for MEMR approval needs to include an NDA between the data provider and data recipient. There is no specific form of NDA prescribed by Reg 33. The approval or rejection process will take a maximum of 17 business days after receipt by the MEMR of a complete application for the approval.

Data disclosure for other purposes, including for financing purposes, seems to still require an NDA with the EBTKE to obtain the MEMR approval.

A concern arising from Reg 33 is that it does not provide any exemption for data disclosure to shareholders (e.g., in annual reports) or disclosure for the purpose of compliance with capital market regulations (e.g., for public offerings, bond issuances). For example, Reg 33 is silent on the situation where an IPB holder or its parent company is required to make a public disclosure to the capital market authorities and the public. It would be impractical to require prior MEMR approval and an NDA for each data recipient (including shareholders, bondholders and the capital market authorities).

Further, typical geothermal PPAs restrict Share Transfers prior to commercial operation. As such, for acquisition or partial interest transfer purposes, the exercise is typically carried out at a level above the shareholders/sponsors. As IPB holders must obtain prior approval from the MEMR to disclose data to a prospective acquiror or interested transferee for the purpose of the acquisition or partial interest transfer at the level above the shareholders/sponsors, this would give rise to the risk of transactions being aborted if the MEMR does not approve the disclosure  to the potential acquiror, especially when the potential acquiror is a foreign party.

Disclosure to Indonesian legal entities only

One critical element of Reg 33 is that it provides that disclosure for a Share Transfer or financing purposes (and also for any other purpose such as mineral and rock surveys or direct utilization of geothermal energy) can only be made to Indonesian legal entities. This would mean that any data disclosure to potential foreign banks for project finance purposes or any Share Transfer to a potential foreign shareholder/sponsor would not be approved. 

It is unclear why the MEMR imposed this new provision, which could affect the appetite of foreign lenders to provide project finance or foreign investors to make investments if they cannot access the data needed for them to make financing or investment decisions.

It is also unclear whether a public company IPB holder that has foreign and local shareholders could apply for the MEMR approval for the disclosure of data only to the local shareholders.

Sanctions for failure to protect data

With Reg 33 imposing data protection obligations on IPB holders or any party assigned to undertake a general survey or exploration or to add data about a geothermal business area, their failure to keep, secure and protect data from any misappropriation may lead to administrative sanctions, such as written warnings or revocation of right to extend IPB.

A maximum of three written warnings can be given with a period of one month for each warning. If the IPB holder still has not met its obligation one month after the last warning letter, the MEMR will revoke the IPB holder's right to extend its IPB.

Closing Remarks

Compared to the oil and gas sector where data protection has, for quite some time, been heavily regulated by the MEMR and SKK Migas (and also further agreed under production sharing contracts), data protection control for geothermal data under Reg 33 may seem quite relaxed. However, the limitation under Reg 33 that only allows disclosure to Indonesian legal entities would likely prevent the growth of foreign investment in the geothermal business as well as offshore financing for development of geothermal project. Also, the lack of exemption on data protection for shareholders/sponsors and for the purpose of compliance with capital market authorities will be impractical. 

The above limitation and absence of an exemption may be seen as deviating from laws and regulations in other sectors (such as the right of shareholders and sponsors to receive information under Law No. 40 of 2007 on Limited Liability Companies and Law No. 25 of 2007 on Investments, and the requirements on disclosure of material information under regulations of the Financial Services Authority). The application of Reg 33 may conflict with those laws and regulations, and it remains to be seen how the MEMR will resolve the issues when they surface. 

Explore More Insight