HOME/All Jurisdictions/TH

TH — Country Profile

Thailand

90TOTAL
59OFFICIAL SOURCES
12TOPIC AREAS
Law / Act8
Executive Order41
Policy / Guidance1
National Strategy2
Standard / Framework5
Other33
22 MAR 2026 · Other

Securities and Exchange Commission's investigation into Bitazza Global for operating digital asset exchange without license

On 22 March 2026, the Ministry of Digital Economy and Society’s order blocking access in Thailand to the Bitazza Global platform enters into force under the Emergency Decree on Measures for the Prevention and Suppression of Technology Crimes (No. 2) B.E. 2568 (2025). The Decree authorises the Ministry to block access to unauthorised digital asset trading platforms. The Securities and Exchange Commission previously found that Bitazza Global operated a digital asset exchange in Thailand without...

National Strategysec.or.th ↗
16 FEB 2026 · Executive Order

Thailand SEC order extending remedy deadline for KuCoin capital maintenance deficiency

Thailand SEC issued an order to extend the deadline for KuCoin to remedy its capital maintenance deficiency until 30 March 2026.

✓ OfficialLicensing & Authorisationsec.or.th ↗
12 FEB 2026 · Standard / Framework

National Cyber Security Commission releases draft guidelines on use of AI

Primary source (drive.ncsa.or.th): (ร่าง) คู่มือการใช้งานปัญญาประดิษฐ์สำหรับประชาชน - NCSA Drive.

Generative AI ·Human Rights & Ethics ·Cybersecuritydrive.ncsa.or.th ↗
03 FEB 2026 · Other

Guidelines on use of artificial intelligence

On 2 March 2026, the National Cyber Security Commission closes the consultation on the draft guidelines on the use of artificial intelligence (AI). The draft explains AI and generative AI concepts and distinguishes between safe content (such as general, factual, creative, and educational material) and dangerous content requiring caution. Dangerous content includes inaccurate or outdated information, references to specific companies or products, controversial material, content requiring expert...

Consumer Protectiondrive.ncsa.or.th ↗
07 JAN 2026 · National Strategy

Thailand maps long-term semiconductor strategy, pushes toward full value chain

Primary source (boi.go.th) dated 7 January 2026 in TH. See linked source for full text.

National Strategyboi.go.th ↗
24 NOV 2025 · Other

Personal Data Protection Committee investigation into World (formerly Worldcoin) over alleged unlawful iris-scan data collection

On 24 November 2025, the Personal Data Protection Committee (PDPC) ordered the suspension and deletion of 1.2 million records collected by World (formerly Worldcoin). Earlier, on 17 May 2025, the PDPC noted risks in the project, which asked people to scan their irises with the Orb device in exchange for digital tokens. An on-site inspection showed that World had hired staff to carry out the iris scans.

✓ OfficialNational Strategy
26 OCT 2025 · Other

Digital services tax prohibition in United States of America and Thailand's Agreement on Reciprocal Trade

On 26 October 2025, the United States and Thailand announced a Framework for the Agreement on Reciprocal Trade. Under the Framework, Thailand committed not to impose digital services taxes or measures that “discriminate against US digital services or digital products”.

National Strategywhitehouse.gov ↗
15 AUG 2025 · Executive Order

National Cyber Security Agency's revised cybersecurity guidelines and standards framework

On 15 August 2025, the National Cyber Security Committee (ONCSA) closes the public consultation on modifications to the 2021 cybersecurity guidelines and standards framework for government agencies and critical information infrastructure, until 15 August 2025. The consultation is open to public, private, and civil society input. The consultation aims to ensure the revised standards reflect modern cyber threats and evolving technological conditions, with ONCSA encouraging broad participation t...

National Strategyncsa.or.th ↗
04 AUG 2025 · Other

2025 APEC Digital and AI Ministerial Statement

APEC 2025 Digital and AI Ministerial Statement “Digital and AI Transformation toward Prosperity and Sustainable Growth for All” Incheon, Republic of Korea, 4-6 August 2025

Cybersecurityapec.org ↗
30 JUN 2025 · Executive Order

Cybersecurity regulation in Bank of Thailand Policy on Risk Management of the Use of Artificial Intelligence Systems

On 30 June 2025, the Bank of Thailand closes its consultation on the draft Policy on Risk Management of the Use of Artificial Intelligence Systems, which had opened on 12 June 2025. The policy provides financial service providers with appropriate risk management guidelines, aligning with internationally accepted principles. Its objective is to establish a framework for managing AI-related risks based on usage scenarios, supplementing existing guidelines on its risk management, third-party ris...

National Strategybot.or.th ↗
12 JUN 2025 · Standard / Framework

Thailand releases draft guidelines for managing AI risks in financial sector

ค้นหาข่าวสาร สุนทรพจน์ สื่อประชาสัมพันธ์ รวมถึงกำหนดการกิจกรรมต่าง ๆ ล่าสุดของ ธปท.

Cybersecurity ·Data Privacy & Protectionbot.or.th ↗
10 MAY 2025 · Law / Act

Thailand unveils draft AI legislation principles, open to public comment

ระบบกลางทางกฎหมาย

Health & Life Sciences ·Data Privacy & Protectionlaw.go.th ↗
13 APR 2025 · Executive Order

Government access to data provisions in Ministerial Regulation No. 2 (B.E. 2568) under the Emergency Decree on Measures for the Prevention and Suppression of Technology Crimes

On 13 April 2025, Ministerial Regulation No. 2 (B.E. 2568) under the Emergency Decree on Measures for the Prevention and Suppression of Technology Crimes entered into force. The Regulation applies to mobile network operators, internet service providers, social media platforms, financial institutions, and other digital intermediaries operating in Thailand. It mandates that service providers retain user identification data and access logs, disclose information to government authorities upon req...

✓ OfficialNational Strategyratchakitcha.soc.go.th ↗
02 MAR 2025 · Other

Personal Data Protection Committee's guidelines on compliance with ASEAN Cross-Border Data Flows Mechanism

On 3 February 2025, the Personal Data Protection Committee (PDPC) of Thailand published guidelines on compliance with the ASEAN Cross-Border Data Flows (CBDF) mechanism. The guide outlines the ASEAN data protection frameworks, including Model Contractual Clauses (MCCs) and ASEAN Certification, and compares these with Thailand's Personal Data Protection Act (PDPA). The framework delineates compliance obligations, enforcement mechanisms, and dispute resolution processes. It provides a step-by-s...

✓ OfficialNational Strategypdpc.or.th ↗
14 FEB 2025 · Other

Thailand Prime Minister indicates draft AI regulation will be completed soon

The government is drafting Thailand's first law on artificial intelligence, aiming to adopt and regulate AI technology to strengthen businesses and the economy, says Prime Minister Paetongtarn Shinawatra.

Generative AI ·Data Privacy & Protection ·Copyright & Ipbangkokpost.com ↗
28 JAN 2025 · Other

Personal Data Protection Committee guidelines to facilitate compliance with EU General Data Protection Regulation and UK Data Protection Act

On 28 January 2025, the Personal Data Protection Committee (PDPC) published guidelines to assist businesses in aligning with the European Union's General Data Protection Regulation (GDPR) and the United Kingdom's Data Protection Act (DPA). The guidelines focus on the mechanisms for cross-border data transfers, including adequacy decisions, standard contractual clauses (SCCs), binding corporate rules, and specific derogations. The guidelines seek to enhance compliance for organisations in Thai...

✓ OfficialNational Strategypdpc.or.th ↗
18 JAN 2025 · Executive Order

NCSC Standards for Defining Characteristics and Cybersecurity for Information Systems or Critical Infrastructures B.E. 2566 (2023)

On 18 January 2025, the National Cyber Security Committee’s (NCSC) cybersecurity standards aimed at defining characteristics and ensuring the security of information systems or critical infrastructures enter into force. The standard was issued under the Cybersecurity Act and establishes a risk-based security classification for organisations’ data or information systems. Organisations must perform a self-assessment based on three key security objectives: confidentiality, integrity, and availab...

✓ OfficialNational Strategyratchakitcha.soc.go.th ↗
18 JAN 2025 · Executive Order

NCSC Minimum Standards for Data and Information Systems B.E. 2566 (2023)

On 18 January 2025, the National Cyber Security Committee’s (NCSC) order on the minimum standards for data and information systems B.E. 2566 entered into force. These standards outline cybersecurity control measures to improve the confidentiality, integrity, and availability of critical national information systems. Organisations must implement measures based on their risk levels (low, medium, and high). The measures include risk assessments, incident response plans, asset management, and cyb...

✓ OfficialNational Strategydrive.ncsa.or.th ↗
18 JAN 2025 · Other

PDPC review of Personal Data Protection Act B.E. 2562 and its secondary legislation

On 18 January 2025, the Office of the Personal Data Protection Committee (PDPC) concluded its consultation on the review of the Personal Data Protection Act B.E. 2562 and its secondary laws. The Personal Data Protection Act establishes protections for personal data, outlines the roles of data controllers and processors, and sets guidelines for data security, consent, and breach notifications. It also establishes the PDPC as the supervisory authority and details the rights of data subjects, li...

National Strategypdpc.or.th ↗
18 JAN 2025 · Executive Order

Deputy Prime Minister order for enforcement of personal data protection in mobile devices

On 18 January 2025, the Deputy Prime Minister ordered the Office of the Consumer Protection Board to enforce control over mobile phone distributors and service providers, including brands like Oppo and Realme, to ensure compliance with personal data protection laws. The Personal Data Protection Committee (PDPC) was tasked with coordinating with relevant agencies to inspect and prevent the installation of illegal applications on mobile phones and tablets. It was also highlighted that data secu...

✓ OfficialNational Strategypdpc.or.th ↗
27 DEC 2024 · Law / Act

SEC Amendments to the Royal Degree on Digital Asset Businesses

On 27 December 2024, the Office of the Securities and Exchange Commission (SEC) of Thailand closed a public consultation on the draft Act to Amend the Digital Asset Business Emergency Decree. It grants the SEC Office the authority to conduct joint investigations with other investigators in certain criminal cases related to digital assets. The act also introduces provisions for consumer protection, including requirements for disclosure, risk management, and dispute resolution mechanisms. Furt...

National Strategysec.or.th ↗
18 DEC 2024 · Other

PDPC guideline on data breach notification requirements

On 18 December 2024, the Personal Data Protection Committee (PDPC) released a guideline clarifying personal data breach notification obligations. According to the guideline, data controllers are not required to notify the PDPC if a breach, based on a risk assessment, poses no risk to individuals' rights and freedoms. However, if the breach poses a risk to individuals, the notification must be submitted within 72 hours of confirming the breach, excluding the time needed for further investigati...

✓ OfficialNational Strategypdpc.or.th ↗
27 NOV 2024 · National Strategy

Thailand pushing for AI governance framework for public sector

Thailand wants to be a regional artificial intelligence (AI) training centre to support developing countries' adoption of AI ethics rules by collaborating with the UN agency Unesco.

National Strategybangkokpost.com ↗
06 NOV 2024 · Executive Order

ETDA guidelines for managing advertisements on digital platforms (no. 3/2567)

On 11 June 2024, the Electronic Transactions Development Agency's (ETDA) guidelines for managing advertisements on digital platforms (no. 3/2567) entered into force. The guidelines aim to prevent fraudulent activities, illegal product or service offerings, and unlawful solicitation through advertisements on digital platforms. Furthermore, the guidelines aim to help digital platforms to establish effective self-regulation mechanisms to ensure that ads are credible, transparent, and verifiable....

✓ OfficialContent Moderationetda.or.th ↗
30 OCT 2024 · Other

DE and ETDA Generative AI Governance Guideline

On 30 October 2024, the Ministry of Digital Economy and Society (DE) and the Electronic Transactions Development Agency (ETDA), through the AI Governance Center (AIGC), jointly issued the generative artificial intelligence (AI) governance guideline for organisations. The guideline is organised into five sections, each designed to guide organisations in the responsible and effective deployment of generative AI. The first section, understanding generative AI, lays the foundation with definition...

✓ OfficialNational Strategyetda.or.th ↗
30 OCT 2024 · Standard / Framework

Thailand issues generative AI governance guidelines for organisations

กระทรวงดิจิทัลเพื่อเศรษฐกิจและสังคม (ดีอี) จับมือสำนักงานพัฒนา ธุรกรรมทางอิเล็กทรอนิกส์ (สพธอ.) หรือ ETDA (เอ็ตด้า) โดย ศูนย์ธรรมาภิบาลปัญญาประดิษฐ์ (AI Governance Center หรือ AIGC) เดินหน้าพัฒนากรอบธรรมาภิบาลปัญญาประดิษฐ์ที่เป็นการต่อยอด AI Governance Guideline ของไทย สู่การออกประกาศ Guideline ใหม่!! “แนวทางประยุกต์ใช้ Generative AI อย่างมีธรรมาภิบาลสำหรับองค์กร” (Generative AI Governance Guideline for Organizations) สำหรับผู้บริหารและผู้ที่เกี่ยวข้องนำไปประยุกต์ใช้เพื่อการวางกรอบการกำกับดูแล การประยุกต์ใช้ Generative AI ระดับองค์กรให้มีความชัดเจนและสอดคล้องกับเป้าหมาย โดยเนื้อหา ครอบคลุมตั้ง

Generative AI ·Data Privacy & Protectionetda.or.th ↗
21 AUG 2024 · Other

PDPC investigation into company selling goods online for alleged breach of the Personal Data Protection Act

On 21 August 2024, the Thai Personal Data Protection Committee (PDPC) imposed its first administrative fine for breach of the Personal Data Protection Act against an unnamed company trading goods online. In particular, the PDPC imposed a TBH 7 million fine and ordered corrective actions on the company after finding it had disclosed personal data without consent to unauthorised persons, specifically, a call center that used personal data to commit fraud.

✓ OfficialNational Strategymdes.go.th ↗
02 AUG 2024 · Other

Thailand invests 1 billion baht to boost AI skills and startups

Thailand can ride on the wave of the artificial intelligence (AI) global mega trend, with the aim to shift from being an AI user country to an AI application creator, according to the National Electronics and Computer Technology Center (Nectec).

Generative AIbangkokpost.com ↗
17 JUL 2024 · Executive Order

Prime Minister order requiring expedition of suppression of false news and information on social media

On 16 July 2024, the Prime Minister adopted an order requiring the expedition of the suppression of false news and information on social media. The order addresses misinformation on social media and various platforms that may mislead the public about individuals and significant government initiatives, including the Digital Wallet project. Under the order, the Ministry of Digital Economy and Society and the Technology Crime Suppression Division (TCSD) will establish a working group to analyse ...

✓ OfficialContent Moderationmdes.go.th ↗
27 JUN 2024 · Executive Order

Personal Data Protection Committee Criteria for Deletion or Destruction of Personal Data, or Making Personal Data Unidentifiable

On 27 June 2024, the Personal Data Protection Committee (PDPC) closes the public consultation on the draft Criteria for Deletion or Destruction of Personal Data, or Making Personal Data Unidentifiable. The draft aims to establish guidelines for data controllers on how to handle requests from data subjects to delete, destroy, or anonymize their personal data in compliance with Section 33 of the Personal Data Protection Act B.E. 2562 (2019). In particular, the data controllers are required to c...

National Strategylaw.go.th ↗
20 JUN 2024 · Executive Order

CRC order establishing obligations for critical information infrastructure organisations

On 20 June 2024, the Cybersecurity Regulating Committee’s (CRC) order on the obligations of obligations for critical information infrastructure (CII) entered into force. In particular, the CII organisations encompass state and private entities providing essential services in sectors such as national security, finance, and public health. The CII obligations include reporting to the National Cyber Security Agency (NCSA) lists of executive staff and responsible persons, along with emergency cont...

✓ OfficialNational Strategydrive.ncsa.or.th ↗
08 MAY 2024 · Other

MDES investigation into online crimes related to Digital Wallet project

On 5 August 2024, the Ministry of Digital Economy and Society issued an order based on the investigation into online crimes relating to the THB 10’000 top-up project through the digital wallet scheme, which opened for registration on 1 August 2024. The digital wallet scheme aims to promote local money circulation and provides THB 10’000 in digital currency to citizens over 16 years old with an annual income below THB 840’000 and bank deposits under THB 500’000. The investigation found six fak...

✓ OfficialContent Moderationmdes.go.th ↗
07 MAY 2024 · Other

Ministry of Digital Economy and Technology Crime Suppression Division investigation into technology crimes including online gambling

On 5 July 2024, the Ministry of Digital Economy and Society (MDES) issued a statement on the "FINAL BET" operation addressing ongoing efforts to combat online crime using AI technology and warning the public against participating in online gambling. In particular, the MDES stated that the "FINAL BET" operation, targeting and dismantling five major online gambling networks, is seizing assets exceeding THB 360 million. The operation involved coordinated efforts with the Anti-Cybercrime Division...

✓ OfficialContent Moderationmdes.go.th ↗
04 MAY 2024 · Other

Thailand forms AI committee to boost digital economy

Thailand's Ministry of Digital Economy and Society (DES) is advancing its plans to form a new national artificial intelligence (AI) committee as part of its effort to advance the second phase of the national AI strategy.

Data Privacy & Protectiontheinvestor.vn ↗
25 APR 2024 · Other

Thailand gears up for AI regulations

Policymakers will draw up more new artificial intelligence (AI) rules to prevent the violation of AI ethics and promote AI development through good governance and planned guidelines for generative AI.

Data Privacy & Protection ·Cybersecuritybangkokpost.com ↗
10 APR 2024 · Other

Thailand Senate approves report advocating AI regulation in election campaigns

A report advocating for the regulation of election campaigns conducted using artificial intelligence (AI) was approved by the Senate yesterday.

Generative AI ·Online Safety & Child Protectionthethaiger.com ↗
24 MAR 2024 · Executive Order

Rules on the criteria for protecting personal data sent or transferred abroad according to Section 28 of PDPA

On 24 March 2024, Thailand’s Personal Data Protection Committee (PDPC) implemented rules regarding the criteria for protecting personal data sent or transferred abroad according to Section 28 of the Personal Data Protection Act (PDPA). The order outlines the rules for the adoption of an adequacy decision, noting that PDPC will assess the level of protection the countries have and will accept cases proposed by data controllers. Further, it outlines the criteria for sufficient data protection s...

✓ OfficialNational Strategyratchakitcha.soc.go.th ↗
01 MAR 2024 · Executive Order

ETDA order on details of the terms and conditions notified to the platform users (no. 4/2566)

On 3 January 2024, the Electronic Transactions Development Agency’s (ETDA) order on details of the terms and conditions notified to the platform users (no. 4/2566) entered into force. The order applies to platforms that charge for services, act as intermediaries for goods or services, have contracts with businesses to offer goods or services or provide search engine services. Among others, the terms of service must include service conditions, suspension or termination of services, service cha...

✓ OfficialConsumer Protectionetda.or.th ↗
15 FEB 2024 · Other

Ministry of Digital for Economy and Society Investigation into Personal Data Trading Network

On 15 February 2024, the Ministry of Digital for Economic and Social Affairs (MICT) of Thailand announced the findings of investigations into the personal data trading networks, which resulted in the arrest of nine individuals involved in the illegal trade of personal information. This action was the result of a collaborative effort between the MICT, the Police Headquarters Investigation Technological Crime, the Office of the Personal Data Protection Commission (PDPC), and the Office of the N...

✓ OfficialNational Strategymdes.go.th ↗
09 FEB 2024 · Executive Order

ETDA guidelines for managing the sale of goods requiring product standards on digital platform services (no. 4/2567)

On 2 September 2024, the Electronic Transactions Development Agency's (ETDA) guidelines for managing the sale of goods requiring product standards on digital platform services (no. 4/2567) entered into force. The guidelines aim to establish regulations for the sale and advertisement of goods that must meet legally mandated standards on digital platforms, ensuring that these products are credible, comply with the required standards, and prevent any potential harm to consumers. Furthermore, the...

✓ OfficialConsumer Protectionetda.or.th ↗