Cyber Security Act B.E. 2562 (2019)

Living in the digital era, cyber security has become more and more in focus by both private and public sectors. This is also not an exception for Thailand.

In accordance with Thai laws, the major legislation governing the cyber security issues is known as “Cyber Security Act B.E. 2562 (2019)” (“Act”), which came into force since 27 May 2019. Under the Act, not only government agencies and the regulatory organizations but also organizations of critical information infrastructure shall comply with the requirements of provisions of a code of conducts and a cyber security standard framework.

It is provided in Section 49 of the Act that 8 businesses, which fall under the scope of organizations of critical information infrastructure, relate to: (i) national security; (ii) substantive public services; (iii) banking and finance; (iv) information technology and telecommunications; (v) transportation and logistics; (vi) energy and public utilities; (vii) public health; and (viii) others as prescribed by the National Cyber Security Commission (the “NCSC”). It was argued that this is still too wide for interpretation to which certain business activities should be subject.

On 11 August 2021, the NCSC finally issued the notification regarding regulations and characteristics of businesses, having a nature or providing services, which are categorized as organizations of critical information infrastructure and as the assignment of control and supervision B.E. 2564 (the “Notification”).

Some interesting matters and services in each business governed under the Act and the Notification are:

  Business Areas    Business Activities
national securityMatters relating to legal enforcement and criminal court proceedings; surveillance and alert for threat affecting national security
substantive public services;Services for residents in Thailand covering services relating to civil registration, immigration, Linkage center, digital broadcasting and digital identification and verification
banking and financeServices relating to payment systems i.e. BAHTNET, ICAS, Prompt pay, Single Payment System, and platforms for matching, clearing and settlement system in the stock market
information technology and telecommunicationsServices relating to fixed-line, mobile, and internet
transportation and logisticsServices relating to Bangkok traffic control, sale and reservation of train tickets; port and cargo management, airlines and airport and aviation facilities, and airplane maintenance and aircraft parking bay
energy and public utilitiesServices relating to electricity generation, sale of electricity, power transmission line, electricity management, petroleum production, gas and oil transportation, water quality control, water production and  sale of water
public healthMedical services in hospitals and related supporting services and services relating to disease transmission control