THAILAND
Since December 2010
Pillar Telecom infrastructure & competition |
Indicator Presence of an independent telecom authority
Act on the Organisation to Assign Radio Frequency and to Regulate the Broadcasting and Telecommunications Services B.E. 2553 (พระราชบัญญัติ องค์กรจัดสรรคลื่นความถี่และกำกับการประกอบกิจการวิทยุกระจายเสียง วิทยุโทรทัศน์ และกิจการโทรคมนาคม พ.ศ. 2553)
According to the Act on the Organisation to Assign Radio Frequency and to Regulate the Broadcasting and Telecommunications Services B.E. 2553, the executive authority for the supervision and administration of services in the telecommunications sector in Thailand is the National Broadcasting and Telecommunications Commission. It is reported that the National Broadcasting and Telecommunications Commission is independent from the government in the decision-making process.
Coverage Telecommunications sector
Sources
- https://web.archive.org/web/20241129162615/https://www.nbtc.go.th/getattachment//law/%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B8%A3%E0%B8%B2%E0%B8%8A%E0%B8%9A%E0%B8%B1%E0%B8%8D%E0%B8%8D%E0%B8%B1%E0%B8%95%E0%B8%...
- https://www.nbtc.go.th/getattachment//law/พระราชบัญญัติ/พระราชบัญญัติ/พระราชบัญญัติองค์กรจัดสรรค...
- https://web.archive.org/web/20250310162538/https://datahub.itu.int/data/?i=100088&s=3109&e=THA
- https://app.gen5.digital/tracker/country-cards/Thailand
- Show more...
THAILAND
Since November 2002
Pillar Cross-border data policies |
Indicator Ban to transfer and local processing requirement
Credit Information Business Operation Act BE 2545 (2002) (พระราชบัญญัติการประกอบธุรกิจข้อมูลเครดิต พ.ศ. 2545)
The Credit Information Business Act 2002 specifically covers the collection and processing of credit information. Section 9 states that only a credit information company has the right to operate the credit information business. Section 12 of the Act states that "No credit information company or information controller or information processor carrying on or operating the business in the Kingdom shall operate, control or process information outside the Kingdom."
Coverage Credit information companies
Sources
- https://web.archive.org/web/20250409220029/https://www.bot.or.th/content/dam/bot/documents/en/laws-and-rules/laws-and-regulations/legal-department/7-ncb-act/7.1%20LAW07_NCBAct.pdf
- https://web.archive.org/web/20160716140121/https://www.lexology.com/library/detail.aspx?g=b64c3413-1a36-4452-ae97-afcce941c991
THAILAND
Since September 2024, entry into force in September 2026
Pillar Cross-border data policies |
Indicator Infrastructure requirement
NCSC Standards for the Maintenance of Cybersecurity in Cloud Computing Systems (ประกาศ กมช. เรื่อง มาตรฐานด้านการรักษาความมั่นคงปลอดภัยไซเบอร์ระบบคลาวด์ พ.ศ. 2567)
Pursuant to Section 5.2.5.1 of the "NCSC Standards for the Maintenance of Cybersecurity in Cloud Computing Systems", cloud service providers are required to establish both a primary data centre and either a backup data centre located within Thailand or in the nearest Southeast Asian jurisdiction. The Standards further stipulate that information systems classified as having a “high” impact — defined as those capable of causing “very severe” consequences — must utilise these designated data centres.
Coverage Cloud-computing sector and information systems
Sources
THAILAND
Since May 2019, entry into force in June 2022
Since December 2023, entry into force in March 2024
Since December 2023, entry into force in March 2024
Since December 2023, entry into force in March 2024
Since December 2023, entry into force in March 2024
Pillar Cross-border data policies |
Indicator Conditional flow regime
Personal Data Protection Act, B.E. 2562 (2019)
(พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. ๒๕๖๒)
Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 28 of the Personal Data Protection Act, B.E. 2562 B.E. 2566 (2023)
(ประกาศคณะกรรมการคุ้มครองข้อมูลส่วนบุคคล เรื่อง หลักเกณฑ์การให้ความคุ้มครองข้อมูลส่วนบุคคล ที่ส่งหรือโอนไปยังต่างประเทศตามมาตรา 28 แห่งพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 พ.ศ. 2566)
Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 29 of the Personal Data Protection Act, B.E. 2562 B.E. 2566 (2023)
(ประกาศคณะกรรมการคุ้มครองข้อมูลส่วนบุคคล เรื่อง หลักเกณฑ์การให้ความคุ้มครองข้อมูลส่วนบุคคล ที่ส่งหรือโอนไปยังต่างประเทศตามมาตรา 29 แห่งพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 พ.ศ. 2566)
(พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. ๒๕๖๒)
Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 28 of the Personal Data Protection Act, B.E. 2562 B.E. 2566 (2023)
(ประกาศคณะกรรมการคุ้มครองข้อมูลส่วนบุคคล เรื่อง หลักเกณฑ์การให้ความคุ้มครองข้อมูลส่วนบุคคล ที่ส่งหรือโอนไปยังต่างประเทศตามมาตรา 28 แห่งพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 พ.ศ. 2566)
Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 29 of the Personal Data Protection Act, B.E. 2562 B.E. 2566 (2023)
(ประกาศคณะกรรมการคุ้มครองข้อมูลส่วนบุคคล เรื่อง หลักเกณฑ์การให้ความคุ้มครองข้อมูลส่วนบุคคล ที่ส่งหรือโอนไปยังต่างประเทศตามมาตรา 29 แห่งพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 พ.ศ. 2566)
Under Section 28 of the Personal Data Protection Act, personal data may only be transferred to a third country if the receiving country upholds adequate personal data protection standards, or if one of the following conditions is satisfied: (i) the transfer is necessary to comply with legal obligations; (ii) the individual has given informed consent for the transfer, despite being made aware of the inadequacy of the receiving country’s data protection laws; (iii) the transfer is required for the performance of a contract to which the individual is a party or will become a party; (iv) the transfer is necessary for the fulfilment of the controller’s obligations under a contract with a third party for the benefit of the individual; (v) the transfer is essential to prevent or address a danger to the life, body, or health of the individual or others, in situations where the individual cannot provide consent; or (vi) the transfer is necessary for the performance of a public task.
Section 29 of the Act further permits the international transfer of personal data under the following circumstances: (i) where the transfer is made to a controller or processor within a group company that has established binding corporate rules approved by the Committee; and (ii) where approval for the binding corporate rules from the Committee is pending, provided the controller or processor has implemented appropriate safeguards and effective legal remedies in accordance with the Committee’s guidelines.
Section 5 of the "Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 28 of the Personal Data Protection Act" sets forth criteria for determining the adequacy of personal data protection standards in recipient countries.
Additionally, Clauses 7 and 8 of the "Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 29 of the Personal Data Protection Act" outline additional requirements related to binding corporate rules, standard contractual clauses, and certifications, among others.
Section 29 of the Act further permits the international transfer of personal data under the following circumstances: (i) where the transfer is made to a controller or processor within a group company that has established binding corporate rules approved by the Committee; and (ii) where approval for the binding corporate rules from the Committee is pending, provided the controller or processor has implemented appropriate safeguards and effective legal remedies in accordance with the Committee’s guidelines.
Section 5 of the "Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 28 of the Personal Data Protection Act" sets forth criteria for determining the adequacy of personal data protection standards in recipient countries.
Additionally, Clauses 7 and 8 of the "Notification of the Personal Data Protection Committee on Criteria for the Protection of Personal Data Sent or Transferred to a Foreign Country Pursuant to Section 29 of the Personal Data Protection Act" outline additional requirements related to binding corporate rules, standard contractual clauses, and certifications, among others.
Coverage Horizontal
Sources
- https://web.archive.org/web/20240210102159/https://thainetizen.org/wp-content/uploads/2019/11/thailand-personal-data-protection-act-2019-en.pdf
- https://web.archive.org/web/20230113052304/http://www.ratchakitcha.soc.go.th/DATA/PDF/2562/A/069/T_0052.PDF
- https://web.archive.org/web/20241205230741/https://ratchakitcha.soc.go.th/documents/14915.pdf
- https://web.archive.org/web/20241205230839/https://ratchakitcha.soc.go.th/documents/14913.pdf
- https://web.archive.org/web/20241205230941/https://www.linklaters.com/en/insights/data-protected/data-protected---thailand
- Show more...
THAILAND
N/A
Pillar Cross-border data policies |
Indicator Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Thailand has not joined any agreement with binding commitments to open transfers of data across borders. Art. 12.15 of the Regional Comprehensive Economic Partnership (RCEP) recognises that each party may maintain its own regulatory requirements governing cross‑border transfers of information by electronic means and stipulates that such transfers shall not be restricted when undertaken for the conduct of business by a covered person; however, the article simultaneously allows parties to adopt or maintain any measures they themselves deem necessary to achieve a legitimate public policy objective, as well as any measures necessary to protect essential security interests, with the parties expressly affirming that the determination of such necessity lies solely with the implementing party and that such measures shall not be subject to dispute. It is reported that this formulation enables the parties to preserve their domestic data‑control regime under the rubric of national security without risking inter‑state disputes, and that the relative weakness of Chapter 12 renders its provisions largely ineffectual in facilitating the liberalisation of cross‑border data flows, particularly because the clause entrusting necessity assessments to the implementing party effectively permits any measure to be characterised as legitimate at that party’s discretion.
Coverage Horizontal
Sources
- https://web.archive.org/web/20260108205952/https://www.unilu.ch/fileadmin/fakultaeten/rf/burri/TAPED/TAPED_Burri_Vasquez_2025.xlsx
- https://web.archive.org/web/20250927032823/https://asean.org/wp-content/uploads/2024/10/Regional-Comprehensive-Economic-Partnership-RCEP-Agreement-Full-Text.pdf
- https://web.archive.org/web/20260317152539/https://moderndiplomacy.eu/2024/11/30/cross-border-data-flows-under-rcep-striking-a-balance-between-security-and-competitiveness/
- https://web.archive.org/web/20260317153111/https://www.cigionline.org/articles/digital-trade-rcep-wtos-future/
- Show more...
THAILAND
Since May 2019, entry into force in June 2022
Pillar Domestic data policies |
Indicator Framework for data protection
Personal Data Protection Act, B.E. 2562 (2019) (พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. ๒๕๖๒)
The Personal Data Protection Act provides a comprehensive regime of data protection in Thailand.
Coverage Horizontal
Sources
- https://web.archive.org/web/20230113052304/http://www.ratchakitcha.soc.go.th/DATA/PDF/2562/A/069/T_0052.PDF
- https://web.archive.org/web/20240717082543/https://www.dataguidance.com/sites/default/files/entranslation_of_the_personal_data_protection_act_0.pdf
- https://www.dataguidance.com/jurisdictions/thailand
- Show more...
THAILAND
Reported in 2020, last reported in 2025
Pillar Intellectual Property Rights (IPRs) |
Indicator Enforcement of copyright online
Reported limitations in enforcement against digital piracy
It is reported that rights holders consider existing enforcement mechanisms and deterrent measures to be insufficient in addressing the increasing prevalence of online piracy carried out through devices and applications that enable users to stream and download unauthorised content. Stakeholders are reportedly concerned that criminal proceedings relating to online piracy are protracted and that, even when convictions are ultimately obtained, the penalties imposed are inadequate to discourage future infringing conduct. Counterfeit and pirated goods also remain readily accessible, particularly through online marketplaces. Additional concerns persist regarding the continued use of unlicensed software within the private sector.
Coverage Horizontal
THAILAND
Since October 2022
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Copyright Treaty
WIPO Copyright Treaty
Thailand has adopted the World Intellectual Property Organization (WIPO) Copyright Treaty.
Coverage Horizontal
THAILAND
N/A
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Performances and Phonograms Treaty
Lack of adoption of the WIPO Performances and Phonograms Treaty
Thailand has not adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.
Coverage Horizontal
THAILAND
Since April 2002, last amended in February 2015
Pillar Intellectual Property Rights (IPRs) |
Indicator Mandatory disclosure of business trade secrets such as algorithms or source code
Trade Secrets Act, 2002 (พระราชบัญญัติความลับทางการค้า พ.ศ. 2545)
According to the Trade Secrets Act, trade secrets can be in any means or any medium which conveys a statement, story, or fact in formula, form, compilations, or assembled works, programs, methods, techniques, or processes (Section 3). The disclosure or use of trade secrets by a governmental agency that supervises the maintenance of trade secrets shall not be deemed as an infringement of rights in trade secrets in the following cases:
- When it is necessary to protect the health or safety of the public, or;
- When it is necessary for the benefit of the public, not for a commercial purpose, the governmental agency must proceed under the procedure to protect such trade secrets from being used in unfair trading activities (Section 7.2).
- When it is necessary to protect the health or safety of the public, or;
- When it is necessary for the benefit of the public, not for a commercial purpose, the governmental agency must proceed under the procedure to protect such trade secrets from being used in unfair trading activities (Section 7.2).
Coverage Horizontal
THAILAND
Since April 2002, last amended in February 2015
Pillar Intellectual Property Rights (IPRs) |
Indicator Effective protection covering trade secrets
Trade Secrets Act, 2002 (พระราชบัญญัติความลับทางการค้า พ.ศ. 2545)
The Trade Secrets Act (TSA) provides a framework for effective protection of trade secrets. Any “trade information”, such as an instrument of statements, facts, or other information that meets the following three requirements, is protected as a trade secret:
- It is confidential, i.e. the trade information is not being publicly known to or accessible by persons who are not related to the trade information;
- It has a commercial value derived from its secrecy;
- Its secrecy is protected by its owner/controller, who has taken appropriate and sufficient protection measures to maintain its secrecy.
In practice, a non-disclosure agreement is commonly used to safeguard and maintain the secrecy of a trade secret.
If there is a dispute concerning the trade secret because a person infringes its secrecy, the trade secret owner can submit the dispute to the Trade Secret Committee for mediation and settlement. Alternatively, they can file a lawsuit in court against the infringer for interim and permanent injunction orders and compensations for actual damages and punitive damages. The lawsuit must be filed within three years from the date on which the infringement act and the infringer are known or within 10 years from the date of the infringement act.
- It is confidential, i.e. the trade information is not being publicly known to or accessible by persons who are not related to the trade information;
- It has a commercial value derived from its secrecy;
- Its secrecy is protected by its owner/controller, who has taken appropriate and sufficient protection measures to maintain its secrecy.
In practice, a non-disclosure agreement is commonly used to safeguard and maintain the secrecy of a trade secret.
If there is a dispute concerning the trade secret because a person infringes its secrecy, the trade secret owner can submit the dispute to the Trade Secret Committee for mediation and settlement. Alternatively, they can file a lawsuit in court against the infringer for interim and permanent injunction orders and compensations for actual damages and punitive damages. The lawsuit must be filed within three years from the date on which the infringement act and the infringer are known or within 10 years from the date of the infringement act.
Coverage Horizontal
THAILAND
N/A
Pillar Public procurement of ICT goods and online services |
Indicator Signatory of the WTO Agreement on Government Procurement (GPA) with coverage of the most relevant services sectors (CPC 752, 754, 84)
Lack of participation in the WTO Agreement on Government Procurement (GPA)
Thailand is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA). However, the country has been an observer of the WTO GPA since 2015.
Coverage Horizontal
THAILAND
Since November 2018
Pillar Foreign Direct Investment (FDI) in sectors relevant to digital trade |
Indicator Maximum foreign equity share
Budget Procedure Act, 2018 (พระราชบัญญัติวิธีการงบประมาณ พ.ศ. ๒๕๖๑)
According to Section 4 of the Budget Procedure Act, foreign companies are prohibited from acquiring shares exceeding 50% in publicly controlled firms or state-owned enterprises (SOEs).
Coverage State-owned enterprises (SOEs)
THAILAND
Since November 1999
Since November 2001, last amended in January 2006
Since August 2011
Since November 2001, last amended in January 2006
Since August 2011
Pillar Foreign Direct Investment (FDI) in sectors relevant to digital trade |
Indicator Maximum foreign equity share
Foreign Business Act, B.E. 2542 (1999) (พระราชบัญญัติการประกอบธุรกิจของคน. ต างด าว พ.ศ. ๒๕๔๒)
Telecommunications Business Act, 2001 (พรบ. การประกอบกิจการโทรคมนาคม พ.ศ. 2544)
Notification of the National Broadcasting and Telecommunications Commission regarding Schedule of Prohibitions of Foreign Dominance Behavior, 2011
Telecommunications Business Act, 2001 (พรบ. การประกอบกิจการโทรคมนาคม พ.ศ. 2544)
Notification of the National Broadcasting and Telecommunications Commission regarding Schedule of Prohibitions of Foreign Dominance Behavior, 2011
The Foreign Business Act (FBA) of 1999 governs foreign investment in Thailand. The act defines "foreigner" as any company with at least 50% foreign-owned capital or shares, or any limited partnership or registered ordinary partnership where foreigners hold managerial control. Under the Telecommunications Business Act of 2001, foreign applicants are prohibited from obtaining Type 2 and Type 3 telecommunications licenses, limiting foreign ownership in these sectors to 49%.
Additionally, the 2011 Foreign Dominance Notification, enforced by the National Broadcasting and Telecommunications Commission (NBTC), establishes criteria for foreign dominance in the telecommunications sector. The regulation restricts foreign dominance, prohibiting actions like holding 50% or more of voting shares, controlling majority votes at shareholder meetings, or appointing or removing half or more of a company's directors. Prohibited behaviours also encompass dominance through shareholders, voting rights, controlling power, financial relationships, intellectual property agreements, procurement arrangements, joint business operations, and transfer pricing.
Additionally, the 2011 Foreign Dominance Notification, enforced by the National Broadcasting and Telecommunications Commission (NBTC), establishes criteria for foreign dominance in the telecommunications sector. The regulation restricts foreign dominance, prohibiting actions like holding 50% or more of voting shares, controlling majority votes at shareholder meetings, or appointing or removing half or more of a company's directors. Prohibited behaviours also encompass dominance through shareholders, voting rights, controlling power, financial relationships, intellectual property agreements, procurement arrangements, joint business operations, and transfer pricing.
Coverage Telecommunications sector
Sources
- https://web.archive.org/web/20220307204321/https://www.dbd.go.th/dbdweb_en/download/pdf_law/FOREIGN_BUSINESS_ACT_BE2542/act/1FBA-FINAL[1].pdf
- https://web.archive.org/web/20221117095945/http://web.krisdika.go.th/data/outsitedata/outsite21/file/Telecommunications_Business_Act_BE_2544_(2001).pdf
- https://web.archive.org/web/20170615093651/http://thailaws.com/law/t_laws/tlaw0461.pdf
- https://web.archive.org/web/20131208085701/http://www.weerawongcp.com/data/know/42.pdf
- https://web.archive.org/web/20241129151904/https://www.nbtc.go.th/getattachment/law/%E0%B8%81%E0%B8%B4%E0%B8%88%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B9%82%E0%B8%97%E0%B8%A3%E0%B8%A1%E0%B8%99%E0%B8%B2%E0%B8%8...
- Show more...
THAILAND
Since November 1999
Pillar Foreign Direct Investment (FDI) in sectors relevant to digital trade |
Indicator Maximum foreign equity share
Foreign Business Act, B.E. 2542 (1999) (พระราชบัญญัติการประกอบธุรกิจของคน. ต างด าว พ.ศ. ๒๕๔๒)
List 3 of the Foreign Business Act includes industries in which "Thai nationals are not yet ready to compete with foreigners". These are open to foreign investors provided they receive a licence from the Director-General of the Department of Business Development of the Ministry of Commerce and approval from the Foreign Business Committee. A wide range of businesses are covered under List 3, including advertising businesses. A foreign company can engage in List 3 activities if Thai nationals hold a majority of the limited company’s shares. Any company with a majority of foreign shareholders (more than 50%) cannot engage in List 3 activities unless it receives an exception from the Ministry of Commerce under its Foreign Business License application.
Coverage Advertising sector
Sources
- https://web.archive.org/web/20230905142857/https://investmentpolicy.unctad.org/investment-laws/laws/40/thailand-foreign-business-act
- https://web.archive.org/web/20220601052130/https://docs.wto.org/dol2fe/Pages/SS/directdoc.aspx?filename=q:/WT/TPR/S400R1.pdf&Open=True
- https://web.archive.org/web/20231001145823/https://www.state.gov/reports/2023-investment-climate-statements/thailand/
- Show more...
