While Thailand slides deeper and deeper into economic crisis, the government’s  national development plan “Thailand 4.0”, which was already launched in 2016, remains one of  strategies for recovery and progress. Thailand 4.0 was implemented to enhance the worldwide competitiveness of Thailand’s business environment and drive the digitalization of its government to provide its citizens and businesses with more efficient public services. The digitalization of the private and public sectors aims to advance the country’s overall economic competitiveness. In addition to infrastructure projects, like the expansion of broadband or fixed internet connections and the launch of initiatives such as the Smart City Development project, Thailand 4.0 also includes a legal framework to support Thailand’s progressing digitalization.

Recently, Thailand started implementing a legal framework for Thailand 4.0, including in particular the following acts:

Once all acts above are in effect, it is envisaged that the public and private sectors would invest in security systems, data protection systems, and personal data protection. With these investments, Thailand hopes to improve its international competitiveness. Please find an overview of these laws and what they seek to deliver below:

Cyber Security Act (“CSA”)

The CSA aims to protect critical information infrastructure, which must meet higher standards for security to prevent cyberattacks. This law seeks to ensure cyberspace’s security, enforce legal safeguards, and sets out a cybersecurity risk assessment plan to prevent cybersecurity threats that may affect national security and public interests.

The CSA applies to entities of both the public and private sector that:

Under the CSA, these companies must establish internal guidelines for managing cybersecurity issues according to the national cybersecurity master plan.

Personal Data Protection Act (“PDPA”)

The PDPA aims to provide a minimum standard of protection of personal data, which would be comparable to the personal data protection standards of the EU. At present, the PDPA was postponed for a second time and might come into effect on 1 July 2022.

Digital Government Administration and Services Act (“DGA”)

With the DGA, the Thai government aims to use digital technology as a management tool to increase efficiency and facilitate public services. The key to reaching this goal is the following:

The government plans to make at least 120 citizen-related services and 300 business-related licenses available within the next five years. It requires 100,000 state agencies, government hospitals, schools, and subdistrict administrations to comply with the new law. Furthermore, the DGA aims to provide data on traffic, water management, weather, agriculture to the public, which would allow the private sector to develop new services and innovations.

Electronic Transactions Act (“ETA”)

The ETA intends to facilitate electronic transactions and stipulates that digital evidence is officially accepted for electric transactions in Thailand. Furthermore, the ETA aims to harmonize Thailand’s electronic transaction law with the United Nations Electronic Communications Convention. According to the ETA:

With the aforementioned acts, Thailand aims to modernize its legal system to deal with the challenges of the ever-advancing digitalization and attract digital businesses to Thailand. Nevertheless, the success of Thailand 4.0 highly depends not only on the legal framework – as shown above – but also on various other factors, such as infrastructure tax incentives, workforce, and – of course – restrictions related to foreign investment.

If you have any legal questions related to doing business in Thailand, please contact us at [email protected] or call us at +66 (0)2 117 9131-2.