The development of Artificial Intelligence (AI) technology has achieved significant progress across various sectors but has also created new challenges in the field of law, particularly regarding the emergence of new methods of fraud (scam) through electronic communication. AI-based scams, such as the use of deepfake technology to mimic the faces and voices of public figures, have opened opportunities for technological misuse that harms society. This study aims to analyze Indonesia’s legal regulations concerning AI-based scam offenses conducted through electronic communication and to examine the legal certainty in determining the criminal liability of perpetrators. This research employs a normative juridical method with statutory and conceptual approaches. The findings indicate that the regulation of such crimes is already established in the Criminal Code (KUHP), the Electronic Information and Transactions Law (UU ITE), and the Personal Data Protection Law (UU PDP). Article 492 of the KUHP remains relevant since the elements of fraud are fulfilled even when committed digitally, while Articles 28 and 35 of the UU ITE regulate the dissemination of false information and electronic data manipulation, and Articles 65–68 of the UU PDP provide protection for victims’ personal data. Based on the legal principle of geen straf zonder schuld (“no punishment without fault”), the use of AI does not eliminate human culpability, as AI merely serves as a tool controlled by the perpetrator. Therefore, Indonesian law has provided a clear foundation of legal certainty in determining criminal liability for perpetrators of AI-based scams conducted through electronic communication.