Deepfake resurrection is no longer a distant technological fantasy. In the age of AI-generated personas, cloned voices, synthetic avatars, and digital identity systems, the misuse of a human likeness may create serious legal, corporate, theological, and litigation risks in Indonesia.
How may AI-generated digital personas create new litigation risks for corporations, platforms, families, and religious communities in Indonesia?
This article is the third part of a broader series by Dr. Padriadi Wiharjokusumo examining how artificial intelligence, the metaverse, corporate power, law, and theology are reshaping the meaning of human identity in the digital age.
The first article, “AI and Metaverse Regulation in Emerging Markets: Law, Theology, and Human Dignity”, argued that AI and the metaverse are not merely technological developments. They are emerging legal and moral environments where digital identity, platform power, automated agency, and human dignity must be governed. For emerging markets such as Indonesia, the central issue is not only whether these technologies create economic opportunity, but whether they preserve the human person. The article emphasized that emerging markets should not become passive digital laboratories for technologies designed and monetized elsewhere.
The second article, “Corporate AI and Post-Mortem Digital Rights: The Ghost in the Avatar and the Preservation of Imago Dei”, moved from digital governance into the question of the digital afterlife. It examined how corporations may use AI, biometric data, voice patterns, writings, images, behavioral logs, and platform data to create synthetic replicas of deceased persons. The core argument was that the human person must not be reduced to data, memory must not become a subscription product, and the deceased must not become a corporate ghost inside an avatar.
This third article takes the next step.
If the first article asked how AI-powered digital environments should be governed, and the second article asked how human dignity should be protected after death, this article asks what happens when the misuse of AI-generated personas produces a legal dispute.
What if a deceased person’s voice is cloned to promote an investment product?
What if an AI-generated avatar of a religious leader delivers a distorted theological message?
What if a synthetic replica of a business figure is used to mislead investors?
What if a digital persona causes reputational, financial, emotional, or spiritual harm?
Who should be sued?
The platform?
The AI developer?
The corporation that commissioned the avatar?
The marketing agency?
The directors who approved the campaign?
The party that supplied the data?
Or the system itself?
This article argues that the answer cannot be found by stopping at the screen or blaming the algorithm. The law must look behind the digital appearance and identify the human and corporate actors who designed, deployed, monetized, approved, or negligently supervised the AI system.
For that purpose, this article proposes the doctrine of piercing the digital veil.
The doctrine is simple in principle but powerful in consequence: when AI-generated personas cause harm, courts should not allow corporations or platforms to hide behind automation, black-box systems, technical complexity, or algorithmic distance. The legal system must be able to pierce the digital veil and trace responsibility to the actors who created, controlled, benefited from, or failed to prevent the harm.
This is where the discussion moves from theory to litigation.
From regulation to responsibility.
From digital afterlife to legal accountability.
From Imago Dei to the courtroom.
1. When Death No Longer Ends Legal Risk
For centuries, death created a certain legal boundary.
A person could pass away, but his or her estate, reputation, family, writings, and legacy would remain protected through inheritance law, civil law, defamation principles, and moral memory. The law could still deal with property, contracts, debts, family rights, and succession. But the deceased person no longer acted, spoke, promoted, persuaded, taught, or entered into public controversy.
Artificial intelligence is beginning to disturb that boundary.
Through generative AI, voice cloning, synthetic video, avatar systems, and deepfake technology, a person’s face, voice, manner of speaking, religious authority, intellectual style, or public reputation can now be digitally reconstructed. In the commercial world, this can be used for marketing. In politics, it can be used for propaganda. In religion, it can be used to fabricate spiritual messages. In finance, it can be used to promote fraudulent investment schemes.
This is not merely a technological issue.
It is a legal, ethical, theological, and litigation issue.
The global debate on AI governance already emphasizes trustworthy AI, human rights, transparency, accountability, and risk management. The OECD AI Principles promote trustworthy AI that respects human rights and democratic values, while UNESCO’s Recommendation on the Ethics of Artificial Intelligence places human rights and dignity at the center of AI ethics.
But a difficult question remains:
What happens when AI is used not only to process data but also to resurrect a human persona?
That question is especially important for Indonesia, where AI-related disputes may not wait for perfect regulation. Courts, lawyers, corporations, families, religious institutions, and digital platforms may soon face cases where existing legal doctrines must respond to a new form of harm: persona theft.
2. From Deepfake to Persona Theft
Most legal discussions about deepfake technology focus on misinformation, fraud, privacy, pornography, election manipulation, or consumer deception.
These issues are serious.
But deepfake resurrection introduces a deeper category of harm.
It is not only about false content.
It is about the unauthorized reconstruction and exploitation of a human persona.
A digital persona may include a person’s face, voice, gestures, accent, religious language, professional authority, family identity, business reputation, public trust, and moral legacy. When these elements are extracted, recombined, and commercialized by AI, the harm goes beyond ordinary data misuse.
It becomes persona theft.
In the Indonesian legal context, this issue intersects with personal data protection, electronic information, civil liability, defamation, consumer protection, intellectual property, and potentially criminal law. Indonesia’s Law No. 27 of 2022 on Personal Data Protection provides an important legal foundation for the protection of personal data, including specific personal data such as biometric data.
However, persona theft is broader than personal data.
A face may be data.
A voice may be biometric information.
A signature may be an identifier.
But a persona is more than data.
A persona is the public embodiment of a person’s identity, dignity, memory, authority, and relational meaning.
This is where existing law may need to evolve.
If law treats digital identity merely as data, it may fail to protect the person behind the data. A human being is not only an information object. Identity is connected to dignity, agency, consent, reputation, family, community, truth, and accountability.
This is why persona theft should be understood as a distinct legal and moral problem in the AI era.
3. The Litigation Problem: Who Should Be Sued?
Consider a hypothetical case.
A respected religious teacher, public intellectual, lawyer, business leader, or community figure has passed away. A technology company, marketing agency, political consultant, or digital platform uses AI to create a synthetic avatar resembling that person. The avatar then appears in a video promoting a financial product, endorsing a political message, or delivering a distorted theological statement.
The family objects.
The community is confused.
The public is misled.
Investors suffer losses.
A religious institution suffers reputational damage.
The question becomes: who is legally responsible?
Several possible defendants may exist.
First, the company that commissioned the avatar.
Second, the platform that distributed or monetized it.
Third, the AI developer that created the model.
Fourth, the marketing agency or consultant that shaped the message.
Fifth, the corporate directors who approved the campaign.
Sixth, the party that supplied the training material, voice samples, photos, or videos.
This is why future AI litigation will not be simple.
Defendants may attempt to hide behind technical complexity. They may argue that the content was generated automatically, that the model operated probabilistically, that the platform merely hosted user content, or that the output resulted from an unpredictable black-box process.
That defense should not automatically succeed.
When AI-generated harm is foreseeable, commercialized, and connected to human or corporate decisions, the legal system must not stop at the algorithm.
This is where a new doctrine becomes necessary:
Piercing the Digital Veil.
4. Piercing the Digital Veil
In corporate law, courts may sometimes apply the doctrine of piercing the corporate veil to look beyond the separate legal personality of a company when the corporate structure is abused for fraud, evasion, or injustice.
AI disputes may require an analogous approach.
Piercing the Digital Veil means that courts should not stop at the surface of the digital output. The law must look behind the screen, behind the avatar, behind the model, and behind the algorithmic explanation to identify the human and corporate actors who designed, deployed, monetized, approved, or negligently supervised the system.
In other words, “the algorithm did it” should not become a universal shield.
The European Union’s AI Act reflects a growing global concern with AI transparency, risk management, and accountability. The EU explains that the AI Act is designed to provide a legal framework for safe and trustworthy AI, including transparency and copyright-related obligations for certain AI models.
For Indonesia, the lesson is important.
Even before Indonesian courts develop specific AI doctrines, judges can begin from a basic legal principle: where there is harm, benefit, control, negligence, and causation, there may be liability.
The digital veil should be pierced when a corporation uses AI to distance itself from the consequences of its own business model.
This doctrine may become especially important in cases involving:
AI-generated endorsements;
synthetic avatars of deceased persons;
cloned voices used in commercial transactions;
fake religious or political messages;
misleading digital representatives;
post-mortem digital replicas;
or platform-based monetization of human likeness.
The legal point is clear.
If a corporation designs, authorizes, distributes, or profits from an AI-generated persona, it should not escape responsibility merely because the harm was delivered through a machine.
5. Tort Law and Perbuatan Melawan Hukum in Indonesia
Indonesian civil law already has a foundation for addressing AI-related harm through Perbuatan Melawan Hukum under Article 1365 of the Indonesian Civil Code.
Traditionally, a civil claim based on unlawful act requires elements such as an unlawful act, fault, damage, and causal connection. The challenge is how to apply these elements to AI-generated persona theft.
The “act” may consist of creating, deploying, distributing, monetizing, or failing to remove a synthetic persona.
The “fault” may consist of negligence in consent verification, failure to label AI-generated content, lack of ethical review, inadequate platform moderation, reckless commercialization, or intentional exploitation of a deceased person’s reputation.
The “damage” may include financial loss, reputational injury, emotional distress to the family, religious confusion, public deception, loss of trust, and damage to the legacy of the deceased.
The “causation” may be established by showing that the AI-generated persona influenced public perception, triggered transactions, caused reputational harm, or contributed to measurable economic or moral damage.
This approach allows Indonesian courts to adapt existing PMH doctrine without waiting for a fully developed AI liability statute.
But there is a deeper issue.
In many AI cases, the victim may not have access to the internal design documents, training data, model architecture, risk assessment, prompt history, authorization logs, moderation records, or revenue structure. The defendant may control most of the evidence.
That imbalance makes ordinary fault-based litigation difficult.
This is why litigation strategy must also consider evidentiary asymmetry.
The plaintiff may need to request digital forensic examination, platform data disclosure, audit trails, metadata analysis, consent records, takedown histories, and corporate approval documents. Without these materials, the victim may be forced to prove negligence from outside the system, while the defendant controls the very system that caused the harm.
In AI litigation, evidence is often not outside the machine.
It is inside the architecture.
6. Strict Liability for Commercial Deepfake Resurrection
When a corporation commercializes an AI-generated persona, especially the persona of a deceased person, it creates a serious risk of harm.
The harm may not be accidental.
It may be inherent in the business model.
If a platform profits from synthetic human identity, it should also carry the legal burden when that identity is misused.
This article proposes that commercial deepfake resurrection should be treated as a high-risk activity. Where a company creates, sells, licenses, distributes, or monetizes AI-generated replicas of real persons, particularly without clear consent, layered authorization, or family approval, the company should face a higher standard of responsibility.
In appropriate cases, Indonesian legal development may consider a form of strict liability.
Under this approach, victims should not be forced to prove every technical detail of algorithmic negligence. Instead, the entity that introduced the dangerous synthetic persona into public circulation should bear responsibility for the resulting harm.
This would be especially important in cases involving:
AI-generated endorsements of financial products;
synthetic religious messages attributed to deceased leaders;
deepfake political persuasion;
commercial exploitation of deceased celebrities or public figures;
fraudulent customer communication using cloned voices;
or manipulated corporate statements by fake digital executives.
The principle is simple:
The party that profits from resurrecting a persona should bear the risk of harming that persona.
This does not mean every AI company should automatically be liable for every misuse by every user. Liability must still be assessed based on control, foreseeability, benefit, knowledge, risk design, and failure to prevent harm.
But where the business model itself depends on the generation, monetization, or distribution of synthetic human identity, the burden should not fall entirely on victims.
The law should not reward companies for building systems that are powerful enough to imitate persons but opaque enough to avoid responsibility.
7. Theological Ethics: Imago Dei and the Legacy of Truth
A purely secular legal framework may treat persona theft as a problem of consent, privacy, consumer deception, platform responsibility, or reputation.
Those categories are necessary.
But they are incomplete.
From a theological perspective, a human being is not merely a biological organism, a data profile, or a set of behavioral patterns. Human dignity is rooted in the belief that the human person bears the image of God — Imago Dei.
This gives the AI debate a deeper moral foundation.
If a person’s face, voice, and memory can be digitally manipulated after death, the issue is not only whether data was misused. The issue is whether the person’s dignity, truth, and moral legacy have been violated.
A deceased person cannot personally object.
But the absence of physical presence does not mean the absence of dignity.
The family, community, and legal system may still have a duty to protect the person’s name, memory, and truth from digital corruption.
UNESCO’s AI ethics framework places human rights and dignity at the center of AI governance and emphasizes transparency, fairness, and human oversight. This supports the broader view that AI governance must remain anchored in the protection of the human person, not merely the efficiency of technological systems.
This is where theology strengthens legal reasoning.
The law protects reputation because truth matters.
The law protects consent because human agency matters.
The law protects identity because persons are not objects.
Theology deepens this by saying the human person must not be reduced to a digital instrument, even after death.
An AI-generated resurrection without moral restraint may become a form of technological desecration.
It may imitate the face of a person while betraying the truth of that person.
It may simulate the voice of a person while silencing the dignity of that person.
It may preserve the appearance of memory while corrupting the meaning of memory.
For this reason, the legal response to persona theft should not be reduced to data compliance. It should also be understood as a defense of dignity, truth, and legacy.
8. Litigation Strategy for Indonesia
For Indonesian lawyers, this issue should not remain theoretical.
Future litigation may require practical strategies.
First, families or affected parties may seek urgent legal action to stop the continued publication, distribution, or monetization of the AI-generated persona.
Second, plaintiffs may bring a PMH claim based on unlawful digital exploitation, reputational harm, emotional distress, economic damage, and moral injury.
Third, lawyers may request digital forensic examination to identify the source of the content, distribution chain, metadata, platform involvement, prompt history, account ownership, payment flow, and commercial beneficiaries.
Fourth, legal standing should be developed for heirs or family members to protect the dignity, reputation, and moral legacy of the deceased.
Fifth, corporations using AI-generated human likenesses should implement consent architecture, board-level AI governance, documentation of approvals, content labeling, audit trails, and takedown mechanisms.
The NIST AI Risk Management Framework is useful as an international reference for organizations seeking to identify, measure, manage, and govern risks to individuals, organizations, and society associated with AI.
For companies operating in Indonesia, the message is clear:
AI governance is no longer only a technology department issue.
It is a boardroom issue.
It is a litigation risk issue.
It is a reputational survival issue.
And, in cases involving human identity, it is also a moral issue.
This is particularly relevant for companies that operate in sensitive sectors such as finance, health, education, religion, media, political communication, entertainment, estate planning, digital legacy services, and platform-based commerce.
The more a company uses AI to simulate human presence, the more it must build legal safeguards around consent, identity, disclosure, and accountability.
9. Corporate Governance and the Boardroom Duty to Control AI
Corporate AI liability should not be treated merely as an IT risk.
When a company deploys AI-generated human likenesses, cloned voices, synthetic customer service agents, virtual influencers, or post-mortem avatars, the legal risk enters the level of corporate governance.
Boards and directors should ask several questions before approving such systems.
Was consent obtained?
Was the consent specific enough?
Does the consent cover AI training, AI output, commercial use, and post-mortem use?
Is the person alive or deceased?
If deceased, who has authority to approve or object?
Is the content clearly labeled as AI-generated?
Is there a takedown mechanism?
Is there an audit trail?
Who reviews the theological, cultural, reputational, and legal sensitivity of the content?
Who bears liability if the avatar causes harm?
These questions are not technical details.
They are governance questions.
A corporation that fails to ask these questions before deploying AI-generated personas may later struggle to argue that the harm was unforeseeable.
In the future, AI governance documents may become important evidence in litigation. Internal emails, board minutes, risk assessments, compliance reports, vendor agreements, content policies, and moderation logs may determine whether the company acted responsibly or recklessly.
This is why Piercing the Digital Veil must also be understood as a governance doctrine.
The court must be able to trace responsibility from the AI output back to the corporate decision-making structure.
The avatar is not the final actor.
It is the visible result of invisible governance.
10. Why Indonesia Should Not Wait
Indonesia does not need to copy every foreign AI framework.
But Indonesia also cannot ignore the global direction of travel.
AI regulation is moving toward transparency, accountability, risk classification, human oversight, and protection of fundamental rights. The OECD, UNESCO, EU, and NIST frameworks each reflect different legal traditions, but they converge on one important point: AI systems must not be allowed to escape responsibility when they affect human dignity, rights, and public trust.
Indonesia’s courts, regulators, lawyers, universities, and corporations should begin developing doctrine now.
The most dangerous legal vacuum is not the absence of statute.
It is the absence of imagination.
If lawyers fail to imagine the coming disputes, the first victims will face the legal system unprepared.
Deepfake resurrection, persona theft, and AI-generated identity exploitation are not science fiction anymore. They are foreseeable legal risks.
And foreseeable legal risks require legal preparation.
Indonesia already has legal entry points: civil liability, personal data protection, electronic information law, consumer protection, intellectual property principles, inheritance law, and constitutional protection of personal dignity. But these entry points must be developed into a coherent legal response.
That response must be able to answer three questions.
Who controlled the digital persona?
Who benefited from its use?
Who should bear responsibility when it caused harm?
Without these questions, AI disputes may become legally fragmented. Victims may be pushed from one doctrine to another, from one defendant to another, and from one jurisdictional problem to another.
The doctrine of Piercing the Digital Veil offers a starting point.
It allows courts and lawyers to say: do not stop at the synthetic image. Follow the control. Follow the benefit. Follow the design. Follow the failure. Follow the harm.
Indonesia’s challenge is not that there is no law at all. The challenge is fragmentation. Personal data law protects data. Civil law protects against unlawful acts. Electronic information law addresses digital misuse. Consumer protection law protects against market deception. But persona theft sits across all of them. Without a coherent doctrine, victims may face fragmented remedies.
Conclusion: The Law Must Not Stop at the Screen
The age of AI-generated resurrection forces law to confront a new reality: a person may die, but their digital persona may still be manipulated, monetized, and weaponized.
If the law stops at the screen, victims will be left without remedy.
If the law stops at the algorithm, corporations will hide behind automation.
If the law stops at data protection, human dignity will be reduced to information management.
The better approach is to pierce the digital veil.
Courts must look beyond the synthetic image and ask who designed it, who approved it, who distributed it, who profited from it, who failed to control it, and who harmed the dignity of the person represented.
For Indonesia, this is not merely a question of technology regulation.
It is a question of justice.
It is a question of corporate accountability.
It is a question of human dignity.
And from a theological perspective, it is a question of whether society will allow the image of the human person to be digitally exploited after death without truth, consent, or reverence.
The future of AI litigation will belong to lawyers who understand not only machines, platforms, and data, but also the human person behind the digital veil.
About the Author
Dr. Padriadi Wiharjokusumo is an Indonesian senior advocate, legal consultant, and academic based in Medan, Sumatra. His work focuses on cross-border legal strategy, foreign investment, corporate and regulatory risk, dispute strategy, and the intersection between law, technology, theology, and emerging-market realities.
In addition to his legal practice, Dr. Padriadi has written on contextual theology and the metaverse, exploring how digital environments affect human identity, social interaction, spirituality, and moral responsibility. His interdisciplinary approach combines legal analysis, practical field experience, and theological reflection to examine how emerging technologies such as artificial intelligence, digital identity systems, and metaverse platforms should be governed in ways that protect human dignity.
Through his writings, Dr. Padriadi emphasizes that law must not merely follow technological change but must provide normative structure, accountability, and moral direction—especially in emerging markets where innovation often advances faster than institutional safeguards.
Strategic Legal Advisory
As artificial intelligence, digital identity, and immersive technologies continue to reshape business, governance, and human interaction, legal strategy must move beyond conventional compliance.
For companies, institutions, and international stakeholders operating in emerging markets such as Indonesia, the critical question is no longer only whether technology can be deployed — but whether it can be governed responsibly, lawfully, and with respect for human dignity.
Dr. Padriadi Wiharjokusumo provides strategic legal analysis and advisory support on AI governance, corporate accountability, digital identity risk, regulatory strategy, and emerging-market legal structuring.
For professional inquiries or strategic consultation, please contact:
PW Law Firm / Dr. Padriadi Wiharjokusumo & Partners
WhatsApp: +62 812 6327 8064
Email: pwlawfirmmedan@gmail.com
The PW Law Firm team portrait represents strategic legal advisory, corporate law, dispute strategy, and cross-border legal support in Medan, North Sumatra, Indonesia.
Academic Disclaimer
This article is written for academic, educational, and general informational purposes only. It reflects a legal, philosophical, and theological analysis of artificial intelligence, digital identity, deepfake resurrection, persona theft, corporate accountability, and human dignity.
The discussion does not constitute specific legal advice, religious instruction, or a formal legal opinion on any particular case, transaction, technology platform, or regulatory issue. Readers should seek independent professional advice before making legal, commercial, technological, or policy decisions based on the matters discussed in this article.
The theological references in this article are used as part of a normative and ethical framework for analyzing human dignity in digital environments.