It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 40, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

According to the Domain Name Registration Policy 2020, the domain name ".co.th" is designed for business entities registered with the Department of Business Development in Thailand, state enterprises, or any person who registered the Value Added Tax with the Revenue Department in Thailand. In addition, according to Section 2 of the guidelines, the domain name holder can be a foreigner who holds a registered trademark with the Department of Intellectual Property (DIP) in Thailand. However, foreign juristic persons or trademark owners must appoint an agent to hold rights in a domain name on their behalf.

The Consumer Protection Act 1979 and the Direct Sales and Direct Marketing Act 2002 provide a comprehensive framework for consumer protection that also applies to online transactions.

Thailand has acceded to the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts. Upon accession, Thailand declared that, the Convention shall not apply to communications or transactions specifically excluded under Section 3 of the Electronic Transactions Act B.E. 2544 (2001) of Thailand; contracts to which at least one of the parties is a Thai state agency; and transactions which are required to be registered with a competent authority under Thai law. This is in accordance with Art. 19, paragraph 2, of the Convention.

According to Section 6 of the Radio Communication Act, any persons who wish to export radio communication devices or any ancillary devices into the Kingdom are required to obtain a license. The telecommunications devices required to obtain a license include a radio modem, base station, cellular repeater, antenna, FM transmitter, GPS Tracking, among others. According to Section 9, the import license is valid for 180 days after issuance, and those who violate the law shall be liable to a fine, imprisonment, or both. In addition, the Notification of the National Broadcasting and Telecommunications Commission (NBTC) on Export of Radio Communication Equipment 2011 includes the requirements that the exporters must follow, including fee payment and document preparation.

It is reported that no compulsory assessment procedure is in place to certify electronic products.

According to Clause 5 of the Ministry of Commerce's Notification (No. 11) 2010, a website that includes the transaction of goods and services must register the 'E-Commercial Registration' under the Commercial Registration Act 1956 (amended by the Commercial Registration Act (No. 2) in 2006). Therefore, the electronic businesses operating in the internet system, service providers, web hosting, e-marketplace, or platform (for example, Lazada, Shopee, etc.) are required to register with the Department of Business Development (DBD). In addition, the DBD registration is valid for five years. Also, ordinary persons and juristic persons engaged in e-commerce businesses without commercial registration are considered to be in violation and shall be subject to a fine penalty as stipulated. Furthermore, foreign companies are required to submit additional documents for registration, including a copy of the company registration, an appointment of operation in Thailand, work permits, and a foreign business license or document certificate (if any).

The National Intelligence Act 2019 gives the power to the National Intelligence Agency to perform duties related to activities on intelligence operations, civil security safeguards, and monitoring situations that affect national security (Section 4). Section 6 of the Act provides the National Intelligence Agency with the power to order public agencies or any person to submit the information or document that impacts national security within the specified period. If it is necessary to acquire the information, the agency is allowed to take action by adopting electronic, scientific, telecommunication devices, or other technology tools to obtain such information. Certain activities can be done without filing a motion to the court and are deemed in good faith for the public or national security.

The Copyright Act establishes a safe harbour regime for intermediaries for copyright infringements. Although Thailand has not signed the WIPO Copyright Treaty, in 2015, two copyright amendment laws were approved: the Copyright Act (No. 2) and Copyright Act (No. 3). These two laws implemented many of the key provisions of the WIPO Copyright Treaty. Copyright “safe harbour” protection for intermediaries such as cloud service providers is contained in the 2015 amendments to copyright laws. The provisions exempt Internet intermediaries from liability in broad circumstances provided that they did not control, initiate, or order the infringement. The intermediary is shielded from liability for content until they receive a court order ordering them to remove it.

The Computer-Related Crime Act and the Notification of the Ministry of Digital Economy and Society (MDES) establish a safe harbour regime for intermediaries beyond copyright infringement. According to Section 15 of the Computer-Related Crime Act, service providers are not liable of for for the content published if they remove computer data once it has received a notification from the Minister of Digital Economy and Society (MDES) to discontinue the dissemination of these. In addition, the Notification includes the 'Notice and Take Down' procedure to remove the offence's content and the intermediary's liability. This notification allows an individual to submit their notices of online offence to the police or competent officers. After the service provider receives the notification from the Ministry, the competent officer, or court order, they must remove or stop the dissemination of certain content immediately within the given period.

According to Art. 26 of the Commission of Computer-Related Offences Act (commonly known as the Computer Crimes Act or CCA), all service providers are required to record users' computer traffic data and store it for 90 days, with the possibility of extending the retention period up to a year if ordered by authorities. In 2019, it was reported that the Thai government requested all coffee shops or Internet cafè, including small operators, to retain traffic data of customers using their Wifi for 90 days and to provide that information upon request. This request includes keeping a 'log file' of customers' computer traffic data, including their IP address, full name, ID card number, or passport details. As defined in Art. 3 of the CCA, "Computer Traffic Data", encompasses information related to the communication of a computer system, such as the origin, source, terminal, route, time, date, size, duration, type of service, and other relevant communication details.

It is reported that Thailand’s approach to SIM registration requires mobile network operators to collect and validate users’ personal information and proof of identity, including the use of biometric checks.

According to the National Council of Peace and Order (NCPO) Notification No. 18/2557 (2014), all types of media services, including both public and private providers in satellite, cable TV, digital TV, and community radio, service providers, newspapers, must monitor their content to prohibit broadcasting or disseminating the following information:
- A criticism of the performance of the NCPO and related persons;
- A confidential information of the state agency;
- An information that creates misunderstanding and inciting conflicts in the Kingdom;
- Threatening to harm any person that could create fear among the public.

Section 20 of the Computer-Related Crime Act empowers the Ministry of Digital Economy and Society (MDES) to seek judicial authorisation to block or remove online content deemed harmful to national security, public order, or good morals, yet experts contend that the provision is interpreted too broadly and lacks transparent, objective criteria for imposing domain‑level restrictions, granting authorities extensive discretion under the Act’s expansive definitions. Consequently, it is reported that enforcement actions have at times extended beyond clearly unlawful websites and have affected legitimate global platforms. For example, in July 2025, the Thai government ordered internet service providers to block more than 500 URLs pursuant to a court order issued at the request of the MDES under Section 20, most of which related to online casinos, lottery operators, and betting services. Notably, the list also included the widely used link‑shortening service "Bit.ly", whose millions of user‑generated links mean that an outright ban imposes significant collateral impacts on businesses, digital marketers, developers, platforms, and end‑users.

List 3 of the Foreign Business Act includes industries in which "Thai nationals are not yet ready to compete with foreigners". These are open to foreign investors provided they receive a licence from the Director-General of the Department of Business Development of the Ministry of Commerce and approval from the Foreign Business Committee. A wide range of businesses are covered under List 3, including advertising businesses. A foreign company can engage in List 3 activities if Thai nationals hold a majority of the limited company’s shares. Any company with a majority of foreign shareholders (more than 50%) cannot engage in List 3 activities unless it receives an exception from the Ministry of Commerce under its Foreign Business License application.