FRANK Legal & Tax | View firm profile
While Thailand slides deeper and deeper into economic crisis, the government’s national development plan “Thailand 4.0”, which was already launched in 2016, remains one of strategies for recovery and progress. Thailand 4.0 was implemented to enhance the worldwide competitiveness of Thailand’s business environment and drive the digitalization of its government to provide its citizens and businesses with more efficient public services. The digitalization of the private and public sectors aims to advance the country’s overall economic competitiveness. In addition to infrastructure projects, like the expansion of broadband or fixed internet connections and the launch of initiatives such as the Smart City Development project, Thailand 4.0 also includes a legal framework to support Thailand’s progressing digitalization.
Recently, Thailand started implementing a legal framework for Thailand 4.0, including in particular the following acts:
- Personal Data Protection Act;
- Electronic Transactions Act;
- Digital Government Administration and Services Act; and
- Cyber Security Act.
Once all acts above are in effect, it is envisaged that the public and private sectors would invest in security systems, data protection systems, and personal data protection. With these investments, Thailand hopes to improve its international competitiveness. Please find an overview of these laws and what they seek to deliver below:
Cyber Security Act (“CSA”)
The CSA aims to protect critical information infrastructure, which must meet higher standards for security to prevent cyberattacks. This law seeks to ensure cyberspace’s security, enforce legal safeguards, and sets out a cybersecurity risk assessment plan to prevent cybersecurity threats that may affect national security and public interests.
The CSA applies to entities of both the public and private sector that:
- Own information and communication infrastructure, which are integral for the maintenance of vital functions of society; and
- are engaged in
- National security;
- Material public service;
- Banking and finance;
- Information technology and telecommunications;
- Transportation and logistics;
- Energy and public utilities;
- Public health; and
- Other areas as prescribed by the relevant cybersecurity authority.
Under the CSA, these companies must establish internal guidelines for managing cybersecurity issues according to the national cybersecurity master plan.
Personal Data Protection Act (“PDPA”)
The PDPA aims to provide a minimum standard of protection of personal data, which would be comparable to the personal data protection standards of the EU. At present, the PDPA was postponed for a second time and might come into effect on 1 July 2022.
Digital Government Administration and Services Act (“DGA”)
With the DGA, the Thai government aims to use digital technology as a management tool to increase efficiency and facilitate public services. The key to reaching this goal is the following:
- Digitization of internal systems in each agency,
- Making data and services interchangeable with other agencies, establishing a one-stop service for government agencies; and
- Create participation from all sectors.
The government plans to make at least 120 citizen-related services and 300 business-related licenses available within the next five years. It requires 100,000 state agencies, government hospitals, schools, and subdistrict administrations to comply with the new law. Furthermore, the DGA aims to provide data on traffic, water management, weather, agriculture to the public, which would allow the private sector to develop new services and innovations.
Electronic Transactions Act (“ETA”)
The ETA intends to facilitate electronic transactions and stipulates that digital evidence is officially accepted for electric transactions in Thailand. Furthermore, the ETA aims to harmonize Thailand’s electronic transaction law with the United Nations Electronic Communications Convention. According to the ETA:
- Any action required to be in writing by law can be executed electronically, such as e-mail, or electronic data exchange, provided that such information is accessible and usable subsequently to the transaction without its meaning being altered.
- The ETA recognizes contracts made between an individual and an Automated Electronic Data Exchange System (“AEDES”) or between two or more AEDES. AEDES is defined as computer programs, electronic methods, or other automated methods used to commence a legal transaction or any operation performed by the data system, either in part or in whole, without examination or intervention by a natural person.
With the aforementioned acts, Thailand aims to modernize its legal system to deal with the challenges of the ever-advancing digitalization and attract digital businesses to Thailand. Nevertheless, the success of Thailand 4.0 highly depends not only on the legal framework – as shown above – but also on various other factors, such as infrastructure tax incentives, workforce, and – of course – restrictions related to foreign investment.
If you have any legal questions related to doing business in Thailand, please contact us at [email protected] or call us at +66 (0)2 117 9131-2.