<![CDATA[The rapid proliferation of generative artificial intelligence (AI) technologies has significantly amplified the sophistication and scale of social engineering attacks, posing unprecedented challenges to legal systems worldwide, including Indonesia. This article examines whether the existing Indonesian cyber criminal law framework primarily Law No. 11 of 2008 on Electronic Information and Transactions (UU ITE) as amended by Law No. 1 of 2024, along with Law No. 27 of 2022 on Personal Data Protection (UU PDP) and the new Criminal Code (KUHP 2023) is adequate to address AI-driven social engineering attacks such as deepfake-assisted phishing, AI-generated vishing, and automated pretexting schemes. Employing a normative legal research methodology with a comparative approach, this study analyses the applicable legal provisions against the technical characteristics of generative AI-enabled social engineering and compares Indonesia’s regulatory posture with the European Union’s AI Act and the United States’ sector-based frameworks. The findings reveal three critical legislative gaps: the absence of AI-specific criminal provisions, insufficient evidentiary standards for AI-generated content, and inadequate mechanisms for attributing criminal liability in multi-actor AI-mediated offences. This article concludes that Indonesia’s current legal framework is structurally inadequate and recommends the enactment of a dedicated AI Criminal Liability Law and targeted amendments to the UU ITE to incorporate AI-specific definitional, evidentiary, and liability provisions commensurate with the contemporary threat landscape.]]>
Copyrights © 2024
