Database

Browse Database

THAILAND

Since June 2007, as amended in 2017

Pillar Content access  |  Indicator Blocking or filtering of commercial web content
Computer-Related Crime Act B.E. 2550 (พระราชบัญญัติว่าด้วยการกระทำความผิดเกี่ยวกับคอมพิวเตอร์ พ.ศ. ๒๕๕๐)
Section 20 of the Computer-Related Crime Act empowers the Ministry of Digital Economy and Society (MDES) to seek judicial authorisation to block or remove online content deemed harmful to national security, public order, or good morals, yet experts contend that the provision is interpreted too broadly and lacks transparent, objective criteria for imposing domain‑level restrictions, granting authorities extensive discretion under the Act’s expansive definitions. Consequently, it is reported that enforcement actions have at times extended beyond clearly unlawful websites and have affected legitimate global platforms. For example, in July 2025, the Thai government ordered internet service providers to block more than 500 URLs pursuant to a court order issued at the request of the MDES under Section 20, most of which related to online casinos, lottery operators, and betting services. Notably, the list also included the widely used link‑shortening service "Bit.ly", whose millions of user‑generated links mean that an outright ban imposes significant collateral impacts on businesses, digital marketers, developers, platforms, and end‑users.
Coverage Horizontal

THAILAND

Since November 1999

Pillar Content access  |  Indicator Restrictions on online advertising
Foreign Business Act, B.E. 2542 (1999) (พระราชบัญญัติการประกอบธุรกิจของคน. ต างด าว พ.ศ. ๒๕๔๒)
List 3 of the Foreign Business Act includes industries in which "Thai nationals are not yet ready to compete with foreigners". These are open to foreign investors provided they receive a licence from the Director-General of the Department of Business Development of the Ministry of Commerce and approval from the Foreign Business Committee. A wide range of businesses are covered under List 3, including advertising businesses. A foreign company can engage in List 3 activities if Thai nationals hold a majority of the limited company’s shares. Any company with a majority of foreign shareholders (more than 50%) cannot engage in List 3 activities unless it receives an exception from the Ministry of Commerce under its Foreign Business License application.
Coverage Advertising sector

THAILAND

Since June 2013
Since August 2013

Pillar Content access  |  Indicator Licensing schemes for digital services and applications
Notification of the National Broadcasting and Telecommunications Commission regarding Criteria, Procedures and Conditions for Digital Television Services Licensing, 2013

Notification of the National Broadcasting and Telecommunications Commission regarding Criteria, Procedures and Condition for Digital Television Services Auction, 2013
According to the Notification of the National Broadcasting and Telecommunications Commission regarding Criteria, Procedures, and Conditions for Digital Television Services Licensing 2013, any person who wishes to operate a digital television program must obtain a digital television license by qualifying and paying the fee. In addition, after receiving the license, a person shall be entered into the process of digital television channel auction as prescribed in the NBTC Notification 2013 regarding the auction.
Coverage Digital TV

THAILAND

Since October 2013

Pillar Content access  |  Indicator Licensing schemes for digital services and applications
Agenda 4.24 Resolutions of the National Telecommunications Commission (NTC)'s meeting No. 38/2013
Cloud computing services typically do not require a telecommunications license. However, when such services utilise a leased line network to connect users to the cloud infrastructure, they are categorised as telecommunications services. Consequently, providers must obtain a Type 1 license, as prescribed by the National Broadcasting and Telecommunications Commission (NBTC) under the Telecommunications Business Act. This requirement is outlined in Agenda 4.24 of the National Telecommunications Commission (NTC) meeting No. 38/2013.
Coverage Cloud computing sector
Sources

THAILAND

Since January 1955, last amended in March 1992
Since November 2012

Pillar Quantitative trade restrictions for ICT goods and online services  |  Indicator Other import restrictions, including non-transparent/discriminatory import procedures
Radio Communication Act (No. 3), 1992 (พรบ. วิทยุคมนาคม (ฉบับที่ 3) พ.ศ. 2535)

Notification of the National Broadcasting and Telecommunications Commission on Criteria and Procedures for Granting A Permit to Manufacture, Import, Sell, or Offer for Sale or Install Receiver, Apparatus or Device Enabled for Receiving or Decoding Signals to Receive Programs of the Subscription Broadcasting Business B.E. 2555 (2012) (ประกาศคณะกรรมการกิจการกระจายเสียง กิจการโทรทัศน์ และกิจการโทรคมนาคมแห่งชาติ เรื่อง หลักเกณฑ์และวิธีการอนุญาตให้ผลิต นำเข้า จำหน่ายหรือมีไว้เพื่อจำหน่ายหรือรับติดตั้ง เครื่องรับเครื่องมือหรืออุปกรณ์ที่สามารถใช้รับหรือแปลงสัญญาณในการรับรายการ ของกิจการกระจายเสียงหรือกิจการโทรทัศน์แบบบอกรับเป็นสมาชิก พ.ศ. ๒๕๕๕)
According to Section 6 of the Radio Communication Act, any persons who wish to import radio communication devices or any ancillary devices into the Kingdom are required to obtain a license. The telecommunications devices required to obtain a license include: radio modems, base stations, cellular repeaters, antennas, FM transmitters, and GPS tracking devices, among others. According to Section 9, the import license is valid for 180 days after issuance, and those who violate the law shall be liable to a fine, imprisonment, or both. The "Notification of the National Broadcasting and Telecommunications Commission on Criteria and Procedures for Granting A Permit to Manufacture, Import, Sell, or Offer for Sale or Install Receiver, Apparatus or Device Enabled for Receiving or Decoding Signals to Receive Programs of the Subscription Broadcasting Business B.E. 2555" includes the requirements that the importers must follow, including fee payment and document preparation.
Coverage Radiocommunication and telecommunications equipment

THAILAND

Since August 2006

Pillar Domestic data policies  |  Indicator Minimum period for data retention
Notification of the National Telecommunications Commission regarding Telecommunications Service Users' Rights Concerning Personal Information Rights to Privacy and Freedom of Communication, 2006 (ประกาศ กทช. เรื่อง มาตรการคุ้มครองสิทธิของผู้ใช้บริการโทรคมนาคมเกี่ยวกับข้อมูลส่วนบุคคล สิทธิในความเป็นส่วนตัว และเสรีภาพในการสื่อสารถึงกันโดยทางโทรคมนาคม)
The Notification on Telecommunications Service Users' Rights 2006, issued by the National Telecommunications Commission (NTC), states that licensed telecommunications service providers must retain their users' data for the last three months after the service is terminated (Clause 8). The personal data of telecommunication users includes factual information that can identify the individual user, usage details, subscriber number and behavioural activity in the use of telecommunication services. In case of necessity, the service provider may be required to extend the period of data retention but will not exceed two years.
Coverage Telecommunications sector

THAILAND

Since June 2007, last amended in January 2017
Since August 2007

Pillar Domestic data policies  |  Indicator Minimum period for data retention
Commission of Computer-Related Offences Act, 2007 (พรบ. ว่าด้วยการกระทำความผิดทางคอมพิวเตอร์ พ.ศ. 2550)

Notification of the Ministry of Information and Communications Technology regarding Computer Traffic Data Retention Criterias of Service Providers, 2007 (ประกาศกระทรวงเทคโนโลยีสารสนเทศและการสื่อสาร เรื่อง หลักเกณฑ์การเก็บรักษาข้อมูลจราจรทางคอมพิวเตอร์ของผู้ให้บริการ พ.ศ. 2550)
Section 26 of the Commission of Computer-Related Offences Act 2007 (so-called Computer Crimes Act 2007) (amended 2017) defines 'computer traffic data' as data in relation to the communication of computer system or the origin, time, duration, type of service, or else related to the computer system. The Act requires a service provider to retain computer traffic data for not less than 90 days from the date when the data was entered into the computer system. If necessary, the competent official may order any service provider to retain computer traffic data for a period exceeding 90 days but not exceeding 2 years as a matter of an individually exceptional case and on an ad hoc basis. Also, the service provider shall maintain client data, which is necessary for identifying the client since their first use of service and shall keep such data for not less than 90 days from the ending date of service. Those who fail to comply with this measure shall be liable to a fine not exceeding 500,000 Thai Baht (approx. USD 14,000).
The Notification on Computer Traffic Data Retention Criteria for Service Providers in 2007 provides detailed information regarding this matter. For example, the computer traffic data must be maintained under secured measures using a centralised log server, data archiving, or data hashing (Clause 8). Moreover, the service providers - telecommunication and broadcast carriers, access service providers, host service providers, and content service providers - need to retain the information as the law requires (Clause 5).
Coverage Telecommunication and broadcast carriers, access service providers, host service providers, and content service providers

THAILAND

Since May 2019, entry into force in June 2022

Pillar Domestic data policies  |  Indicator Requirement to perform a Data Protection Impact Assessment (DPIA) or have a data protection officer (DPO)
Personal Data Protection Act, B.E. 2562 (2019) (พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. ๒๕๖๒)
The appointment of a Data Protection Officer (DPO) is a mandatory condition under the Personal Data Protection Act (PDPA). Section 41 of the Act specifies that the data controller and data processor shall designate a DPO in the following circumstances: the activities such as collection, use, or disclosure of personal data.
The DPO's duties include advising the data controller and data processor, investigating the performance of the data controller and data processor, coordinating and cooperating with the Office of the Personal Data Protection Committee (PDPC) when there are problems and keeping confidentiality of the personal data (Section 42).
Coverage Horizontal

THAILAND

Since May 2019

Pillar Domestic data policies  |  Indicator Requirement to allow the government to access personal data collected
Cyber Security Act B.E. 2562 (พระราชบัญญัติการรักษาความมั่นคงปลอดภัยไซเบอร์ พ.ศ. ๒๕๖๒)
Section 64 of the Cyber Security Maintenance Act (CSA) 2019 states that, if it is necessary for the prevention, handling, and reduction of cyber threat risks, the Cyber Security Supervisory Committee (CSSC) shall order State agencies to provide information in their possession and related to cybersecurity maintenance.
Also, in Section 66, the CSSC has the power to carry out or order competent officials to carry out operations, only to the extent necessary for preventing cyber threats, in the following matters:
- to enter a place for inspection upon written notification;
- to gain access, copying or filtering computer data, computer systems or other related data;
- to test the functionality of computers or computer systems;
- to seize or attach, only to the extent necessary, computers, computer systems, or equipment, not exceeding 30 days.
To carry out activities under (2), (3), (4), the CSSC must file a motion to the competent court. However, in case of emergency and the threat is critical to cybersecurity, the Secretary-General shall take immediate action to the extent necessary for preventing and remedying damage in advance without filing a motion with the Court (Section 68).
Coverage Horizontal

THAILAND

Since June 2007, as amended in January 2017

Pillar Domestic data policies  |  Indicator Requirement to allow the government to access personal data collected
Computer-Related Crime Act B.E. 2550 (พรบ. ว่าด้วยการกระทำความผิดทางคอมพิวเตอร์ พ.ศ. 2550)
Section 18 of the Computer-Related Crime Act allows the government to access user-related or traffic data without a court order and compel ISPs to decode programmed data.
Coverage Horizontal

THAILAND

Reported in 2017, last reported in 2024

Pillar Telecom infrastructure & competition  |  Indicator Passive infrastructure sharing obligation
Requirement of passive infrastructure sharing
It is reported that passive infrastructure sharing in Thailand to deliver telecom services to end users is mandated.
Coverage Telecommunications sector

THAILAND

Since November 1999
Since November 2001, last amended in January 2006

Pillar Telecom infrastructure & competition  |  Indicator Maximum foreign equity share for investment in the telecommunication sector
Foreign Business Act, B.E. 2542 (1999) (พระราชบัญญัติการประกอบธุรกิจของคน. ต างด าว พ.ศ. ๒๕๔๒)

Telecommunications Business Act, 2001 (พรบ. การประกอบกิจการโทรคมนาคม พ.ศ. 2544)
The Foreign Business Act (FBA) 1999 governs foreign investment in Thailand. Section 4 of the Act defines a "foreigner" as a company in which at least half of the capital or shares are held by foreigners, or a limited partnership or registered ordinary partnership with foreigners as the managing partner or manager.
According to Section 8 of the Telecommunications Business Act 2001, Type 2 licenses (telecommunications operators providing services to a specific group of customers, with or without operating their own telecommunications network) and Type 3 licenses (telecommunications operators providing their own telecommunications network for public use) cannot be granted to foreign applicants. As a result, foreign ownership in these sectors is capped at 49%.
Coverage Telecommunications sector

THAILAND

Last reported in 2026

Pillar Telecom infrastructure & competition  |  Indicator Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in the telecom sector
The government maintains shareholdings in the National Telecom Public Company Limited, which was established on 7 January 2021 and provides a full range of domestic and international telecommunication services, holds the status of a state enterprise, with the Ministry of Finance fully owning its registered capital.
Coverage Telecommunications sector

THAILAND

N/A

Pillar Telecom infrastructure & competition  |  Indicator Functional/accounting separation for operators with significant market power
Lack of mandatory functional separation for dominant network operators
Thailand does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, accounting separation is mandated.
Coverage Telecommunications sector

THAILAND

N/A

Pillar Telecom infrastructure & competition  |  Indicator Signature of the WTO Telecom Reference Paper
Lack of appendment of WTO Telecom Reference Paper to schedule of commitments
Thailand has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.
Coverage Telecommunications sector

Report issue     Report new measure