According to the Notification of the National Broadcasting and Telecommunications Commission regarding Criteria, Procedures, and Conditions for Digital Television Services Licensing 2013, any person who wishes to operate a digital television program must obtain a digital television license by qualifying and paying the fee. In addition, after receiving the license, a person shall be entered into the process of digital television channel auction as prescribed in the NBTC Notification 2013 regarding the auction.

Cloud computing services typically do not require a telecommunications license. However, when such services utilise a leased line network to connect users to the cloud infrastructure, they are categorised as telecommunications services. Consequently, providers must obtain a Type 1 license, as prescribed by the National Broadcasting and Telecommunications Commission (NBTC) under the Telecommunications Business Act. This requirement is outlined in Agenda 4.24 of the National Telecommunications Commission (NTC) meeting No. 38/2013.

According to Section 6 of the Radio Communication Act, any persons who wish to import radio communication devices or any ancillary devices into the Kingdom are required to obtain a license. The telecommunications devices required to obtain a license include: radio modems, base stations, cellular repeaters, antennas, FM transmitters, and GPS tracking devices, among others. According to Section 9, the import license is valid for 180 days after issuance, and those who violate the law shall be liable to a fine, imprisonment, or both. The "Notification of the National Broadcasting and Telecommunications Commission on Criteria and Procedures for Granting A Permit to Manufacture, Import, Sell, or Offer for Sale or Install Receiver, Apparatus or Device Enabled for Receiving or Decoding Signals to Receive Programs of the Subscription Broadcasting Business B.E. 2555" includes the requirements that the importers must follow, including fee payment and document preparation.

According to the Ministry of Commerce's Notification regarding 3D Printing Machines as a Product Subjected to Import Requirements 2016, importers of 3D printing machines must be registered with the Department of Foreign Trade under the Ministry of Commerce. In addition, they are also required to notify the importation, possession, disposal, and balance of these products twice a year (in June and December). Moreover, the importers must report this information to the Customs Department.

It is reported that Thailand’s provision of incentives to customs officials who initiate investigations or enforcement actions creates conflicts of interest and encourages customs investigations for personal financial gain. Foreign companies report concerns about corruption and the cost, uncertainty, and lack of transparency associated with the customs penalty/reward system. Foreign stakeholders also have expressed concern about the country's inconsistent application of the transaction valuation methodology, as well as the repeated use of arbitrary or fictitious values by the Customs Department.

According to Section 6 of the Radio Communication Act, any persons who wish to export radio communication devices or any ancillary devices into the Kingdom are required to obtain a license. The telecommunications devices required to obtain a license include a radio modem, base station, cellular repeater, antenna, FM transmitter, GPS Tracking, among others. According to Section 9, the import license is valid for 180 days after issuance, and those who violate the law shall be liable to a fine, imprisonment, or both. In addition, the Notification of the National Broadcasting and Telecommunications Commission (NBTC) on Export of Radio Communication Equipment 2011 includes the requirements that the exporters must follow, including fee payment and document preparation.

In October 2020, the Ministry of Digital Economy and Society (MDES) issued an order requiring internet service providers (ISPs) and mobile service providers to block four internet protocol (IP) addresses associated with Telegram, a messaging app widely used by protesters. Although the government has not publicly disclosed the total number of URLs blocked through court orders, the MDES reported that during the first nine months of 2022, it obtained court orders to block approximately 4,735 URLs, including 1,816 URLs containing allegedly offensive content about the monarchy.
Websites have also been blocked on grounds of national security, for gambling content, for alleged violations of intellectual property rights, and for hosting unauthorised virtual private network (VPN) services. In addition to blocking and filtering, content removal reportedly continues under tight government control.

The appointment of a Data Protection Officer (DPO) is a mandatory condition under the Personal Data Protection Act (PDPA). Section 41 of the Act specifies that the data controller and data processor shall designate a DPO in the following circumstances: the activities such as collection, use, or disclosure of personal data.
The DPO's duties include advising the data controller and data processor, investigating the performance of the data controller and data processor, coordinating and cooperating with the Office of the Personal Data Protection Committee (PDPC) when there are problems and keeping confidentiality of the personal data (Section 42).

Section 64 of the Cyber Security Maintenance Act (CSA) 2019 states that, if it is necessary for the prevention, handling, and reduction of cyber threat risks, the Cyber Security Supervisory Committee (CSSC) shall order State agencies to provide information in their possession and related to cybersecurity maintenance.
Also, in Section 66, the CSSC has the power to carry out or order competent officials to carry out operations, only to the extent necessary for preventing cyber threats, in the following matters:
- to enter a place for inspection upon written notification;
- to gain access, copying or filtering computer data, computer systems or other related data;
- to test the functionality of computers or computer systems;
- to seize or attach, only to the extent necessary, computers, computer systems, or equipment, not exceeding 30 days.
To carry out activities under (2), (3), (4), the CSSC must file a motion to the competent court. However, in case of emergency and the threat is critical to cybersecurity, the Secretary-General shall take immediate action to the extent necessary for preventing and remedying damage in advance without filing a motion with the Court (Section 68).

Section 18 of the Computer-Related Crime Act allows the government to access user-related or traffic data without a court order and compel ISPs to decode programmed data.

The National Intelligence Act 2019 gives the power to the National Intelligence Agency to perform duties related to activities on intelligence operations, civil security safeguards, and monitoring situations that affect national security (Section 4). Section 6 of the Act provides the National Intelligence Agency with the power to order public agencies or any person to submit the information or document that impacts national security within the specified period. If it is necessary to acquire the information, the agency is allowed to take action by adopting electronic, scientific, telecommunication devices, or other technology tools to obtain such information. Certain activities can be done without filing a motion to the court and are deemed in good faith for the public or national security.

The Copyright Act establishes a safe harbour regime for intermediaries for copyright infringements. Although Thailand has not signed the WIPO Copyright Treaty, in 2015, two copyright amendment laws were approved: the Copyright Act (No. 2) and Copyright Act (No. 3). These two laws implemented many of the key provisions of the WIPO Copyright Treaty. Copyright “safe harbour” protection for intermediaries such as cloud service providers is contained in the 2015 amendments to copyright laws. The provisions exempt Internet intermediaries from liability in broad circumstances provided that they did not control, initiate, or order the infringement. The intermediary is shielded from liability for content until they receive a court order ordering them to remove it.

The Computer-Related Crime Act and the Notification of the Ministry of Digital Economy and Society (MDES) establish a safe harbour regime for intermediaries beyond copyright infringement. According to Section 15 of the Computer-Related Crime Act, service providers are not liable of for for the content published if they remove computer data once it has received a notification from the Minister of Digital Economy and Society (MDES) to discontinue the dissemination of these. In addition, the Notification includes the 'Notice and Take Down' procedure to remove the offence's content and the intermediary's liability. This notification allows an individual to submit their notices of online offence to the police or competent officers. After the service provider receives the notification from the Ministry, the competent officer, or court order, they must remove or stop the dissemination of certain content immediately within the given period.

According to Art. 26 of the Commission of Computer-Related Offences Act (commonly known as the Computer Crimes Act or CCA), all service providers are required to record users' computer traffic data and store it for 90 days, with the possibility of extending the retention period up to a year if ordered by authorities. In 2019, it was reported that the Thai government requested all coffee shops, including small operators, to retain traffic data of customers using their Wifi for 90 days and to provide that information upon request. This request includes keeping a 'log file' of customers' computer traffic data, including their IP address, full name, ID card number, or passport details. As defined in Art. 3 of the CCA, "Computer Traffic Data", encompasses information related to the communication of a computer system, such as the origin, source, terminal, route, time, date, size, duration, type of service, and other relevant communication details.

According to the National Council of Peace and Order (NCPO) Notification No. 18/2557 (2014), all types of media services, including both public and private providers in satellite, cable TV, digital TV, and community radio, service providers, newspapers, must monitor their content to prohibit broadcasting or disseminating the following information:
- A criticism of the performance of the NCPO and related persons;
- A confidential information of the state agency;
- An information that creates misunderstanding and inciting conflicts in the Kingdom;
- Threatening to harm any person that could create fear among the public.