Thailand’s draft Emergency Decree on Technology Crimes Suppression marks a significant shift in the country’s regulatory landscape by introducing shared liability for financial institutions, telecommunications companies, and social media platforms. This initiative aims to strengthen consumer protection by requiring these entities to implement robust measures against technological crimes. Under the new framework, organizations that are found negligent or reckless in preventing call-center scams or similar fraudulent activities could be held liable for financial losses incurred by victims.
The United States has expressed concerns regarding the amendments, particularly their potential impact on major digital platforms. Under the revised decree, banks, mobile operators, and social media platforms may be held accountable for customer damage resulting from technology-related crimes if they fail to comply with prescribed safeguards. Given that many widely used digital platforms in Thailand are U.S.-based, the law could pose additional compliance challenges, including stricter cybersecurity standards, data localization requirements, and increased regulatory oversight.
In response to these concerns, Thai authorities have clarified that the full details of the draft Emergency Decree cannot be disclosed until its official publication in the Royal Thai Government Gazette. This approach aims to prevent potential resistance that could delay its enactment. However, authorities have reassured that, in principle, the law does not obstruct business operations but instead sets compliance obligations that companies and stakeholders are already expected to follow. Entities that meet the stipulated criteria will not be held liable. For instance, businesses that share crime-related information, such as mule accounts, with government agencies in accordance with legal requirements will be exempt from liability.