This study aims to analyze and formulate legal reforms in handling identity theft crimes in cross-border e-commerce transactions using normative juridical methods through legislative and conceptual approaches. The results of the study indicate that the legal provisions contained in Law Number 1 of 2024 concerning the Second Amendment to Law Number 11 of 2008 concerning Electronic Information and Transactions, and Law Number 27 of 2022 concerning Personal Data Protection, do not explicitly regulate identity theft as a separate crime and remain fragmentary, thus unable to encompass the complexity of crimes in cross-border digital transactions. Furthermore, normative and implementative weaknesses were found, including the absence of a legal definition of identity theft, weak victim protection, limited recovery mechanisms, and obstacles to cross-border law enforcement, such as jurisdictional conflicts and limited international cooperation. Therefore, legal reform is needed through the establishment of specific norms for identity theft, the strengthening of personal data protection, the regulation of digital platform responsibilities, and the enhancement of international cooperation and law enforcement capacity. This research produces a legal policy model that is preventive, repressive, and restorative in order to ensure the security of cross-border e-commerce transactions and protect Indonesia's data sovereignty.
Copyrights © 2026