According to the Notification of the Ministry of Commerce regarding the Exportation and Importation of Goods, to protect intellectual property, import licensing is required for machinery, and parts that can be used to violate the copyrights of the cassette tape, videotape, and compact disc.

The Radio Communication Act covers the radio communication devices and ancillary devices, including a radio communication-transmitter, radio communication receiver, or radio communication transmitter-receiver, etc. According to Arts. 6-9 of the Act, any person who wishes to produce, possess, use, import, export, trade-in radio communication devices, or establish a radio communication station, or receive foreign radio communication news, must obtain a license. In other words, those who operate the mentioned activities require to obtain a specific type of license (e.g. license to import, export, trade, etc.), and each license has a different validity period.

In general, cloud computing does not need to acquire a telecoms license. But, if the service is provided by a leased line network to connect its users to the cloud system, then the cloud service shall be deemed a telecommunications business. Therefore, the cloud service is required to apply for a Type 1 license issued by the NBTC under the Telecommunications Business Act (the Agenda 4.24 of the National Broadcasting Commission (NTC)'s meeting No. 38/2013).

List 3 of the Foreign Business Act includes industries in which "Thai nationals are not yet ready to compete with foreigners". These are open to foreign investors provided they receive a licence from the Director-General of the Department of Business Development of the Ministry of Commerce and approval from the Foreign Business Committee. A wide range of businesses are covered under List 3, including advertising businesses. A foreign company can engage in List 3 activities if a majority of the limited company’s shares are held by Thai nationals. Any company with a majority of foreign shareholders (more than 50%) cannot engage in List 3 activities unless it receives an exception from the Ministry of Commerce under its Foreign Business License application.

According to the Notification of the National Broadcasting and Telecommunications Commission regarding Criteria, Procedures, and Conditions for Digital Television Services Licensing 2013, any person who wishes to operate a digital television program must obtain a digital television license by qualifying and paying the fee. In addition, after receiving the license, a person shall be entered into the process of digital television channel auction as prescribed in the NBTC Notification 2013 regarding the auction.

According to Section 20 of the Commission of Computer-Related Offences Act, the competent official can file a motion to proceed with blocking or removing the prohibited computer data, including (i) computer data constituting an offense under the Computer Crimes Act; (ii) computer data likely to affect the security of the Kingdom under the Penal Code; (iii) computer data constituting a criminal offense under intellectual property or other laws, by nature against public order or good moral. It is reported that in October 2020, the Minister of the Ministry of Digital Economy and Society (MDES) stated that there are 300,000 URLs on social media that committed crimes under the Computer Crime Commission Act.

National Council of Peace and Order (NCPO) Notification No. 15/2557(2014) requires that providers of digital TV and Community Radio must ensure that the disseminated information is accurate, without any distortions which can create misunderstanding in the public. It is reported that, as a result of this measure, several stations are banned.

According to the National Council of Peace and Order (NCPO) Notification No. 18/2557(2014) regarding Public Information Dissemination, all types of media services, including both public and private providers in satellite, cable TV, digital TV, and community radio, service providers, newspapers, must prohibit from broadcasting or disseminating the following information:
- A criticism of the performance of the NCPO and related persons;
- A confidential information of the state agency;
- An information that creates misunderstanding and inciting conflicts in the Kingdom;
- Threatening to harm to any person that could create fear among the public.

It is reported that the blocking of content deemed critical of the monarchy is widespread, but a lack of transparency means that the full extent of this blocking is unclear. Websites have also been blocked on grounds of national security, for gambling content, for alleged violations of intellectual property rights, and for hosting unauthorized virtual private network (VPN) services. In addition, like blocking and filtering, content removal has reportedly continued under tight government control. Users are often pressured by authorities to remove content, while content providers or intermediaries often comply with removal requests to avoid criminal liability.

The Computer-Related Crime Act and the Notification of the Ministry of Digital Economy and Society (MDES) establish a safe harbour regime for intermediaries beyond copyright infringement. According to Section 15 of the Computer-Related Crime Act, service providers are not liable of for for the content published if they remove computer data once it has received a notification from the Minister of Digital Economy and Society (MDES) to discontinue the dissemination of these. In addition, the Notification includes the 'Notice and Take Down' procedure to remove the offense's content and the intermediary's liability. This notification allows an individual to submit their notices of online offense to the police or competent officers. After the service provider receives the notification from the Ministry, the competent officer, or court order, they must remove or stop the dissemination of certain content immediately within the given period.

According to Art. 26 of the Commission of Computer-Related Offences Act (so-called the Computer Crimes Act (CCA)), all service providers are required to record users' computer traffic and store the data for 90 days, or up to a year if ordered by authorities. Despite this Art. of the law has been enforced since 2007, the government had made no effort to enforce the rule among public Wi-Fi providers, and few shops or restaurants have followed through. However, it is reported that in 2019, the Thai government requested all coffee shops, including small operators, to keep traffic data of customers using their Wi-Fi for 90 days and to provide that information if required. The request includes to retain a 'Log file' of their customers’ computer traffic data and their IP address as well to their identification, their full name, ID card number, or passport as required. According to Art. 3 of the CCA, "Computer Traffic Data" includes data in relation to the communication of computer system that indicates the origin, source, terminal, route, time, date, size, duration, type of service, or else relating to the communication.

The Copyright Act establishes a safe harbour regime for intermediaries for copyright infringements. Despite Thailand has not signed the WIPO Copyright Treaty, in 2015, two Copyright Amendment laws were approved: the Copyright Act (No. 2) and Copyright Act (No. 3). These two laws implemented many of the key provisions of the WIPO Copyright Treaty. Copyright “safe harbor” protection for intermediaries such as cloud service providers is contained in the 2015 amendments to copyright laws. The provisions exempt Internet intermediaries from liability in broad circumstances provided that they did not control, initiate, or order the infringement. The intermediary is shielded from liability for content until they receive a court order ordering them to remove it.

According to the National Council of Peace and Order (NCPO) Notification No. 26/2557(2014) regarding Supervision and Surveillance of the Online Social Media, the Ministry of Digital Economy and Society (MDES) has the power to designate a competent officer to access/investigate the computer traffic data and online content within the scope of inciting violence and to oppose the performance of NCPO (Clause 1).

The National Intelligence Act 2019 gives the power to the National Intelligence Agency to perform duties related to activities on intelligence operations, civil security safeguard and monitoring the situations which affect the national security (Section 4). Section 6 of the Act provides the National Intelligence Agency with the power to order public agencies or any person to submit the information or document that impacts national security within the specified period. If it is necessary to acquire the information, the agency is allowed to conduct any actions by adopting electronic, scientific, telecommunication devices, or other technology tools to obtain such information. Certain activities can be done without filing a motion to the court and are deemed in good faith for the public or national security. Also, the competent officer requires to follow the Director's regulations with approval from the Prime Minister.

Section 64 of the Cyber Security Maintenance Act (CSA) 2019 states that, if it is necessary for the prevention, handling, and reduction of cyber threat risks, the Cyber Security Supervisory Committee (CSSC) shall order State agencies to provide information in their possession and related to cybersecurity maintenance.
Also, in Section 66, the CSSC has the power to carry out or order competent officials to carry out operations, only to the extent necessary for preventing cyber threats, in the following matters:
- to enter a place for inspection upon written notification;
- to gain access to computer data, computer systems, or other related data, make copies, or screening;
- to test the functionality of computers or computer systems;
- to seize or attach, only to the extent necessary, computers, computer systems, or equipment, not exceeding 30 days.
To carry out activities under (2), (3), (4) must file a motion to the competent court. However, in case of emergency and the threat is critical to cybersecurity, the Secretary-General shall take immediate action to the extent necessary for preventing and remedying damage in advance without filing a motion with the Court (Section 68).