You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

//
INSIGHTS

Insights

Tilleke & Gibbins provides regular updates on all of the latest legal developments in Southeast Asia, ensuring that you have the up-to-date knowledge you need to navigate the ever-changing legal landscape affecting your business. You can browse our entire library of publications below, or subscribe to receive the latest legal developments straight to your inbox.

Search Insights

  • Order by
  • Reset

Search Results

0 results found

Featured

RECENT INSIGHTS

March 28, 2024

Developments in Thailand’s Draft Climate Change Law

On February 14, 2024, Thailand’s Department of Climate Change and Energy (DCCE) began holding public hearings on the draft Climate Change Act, which is being developed to help the country achieve its commitments under the Paris Agreement. These hearings, held throughout the country, are expected to be completed by the end of March 2024. Key features and developments of the draft Climate Change Act are outlined below. Supervising Authority Under the current draft, the main supervising authority is changed from the Office of Natural Resources and Environmental Policy and Planning to the DCCE. The DCCE will focus on fostering collaboration with national and international governmental committees, agencies, and private sector organizations to facilitate the implementation of activities in alignment with the Climate Change Act. Thailand’s Climate Change Master Plan To be issued by the National Climate Change Policy Committee (NCCPC), the Climate Change Master Plan will serve as a national-level plan and framework for Thailand’s actions on climate change adaptation. The DCCE will review the plan every five years and is in charge of monitoring and enhancing state agencies’ implementation of the master plan. GHG Database The DCCE will establish and maintain a national greenhouse gas (GHG) database to track the quantity of GHG emissions from human activities, sequestration, and reduction efforts. In this regard, eight state agencies and other agencies to be prescribed by the NCCPC are required to store GHG-related information and submit reports to the DCCE. If necessary, certain private entities (e.g., factory operators and energy companies) may be required to report activity data to government agencies for compiling the GHG database. GHG Reporting For the benefit of the emissions trading system, legal entities under private and public laws prescribed by the NCCPC are required to submit an annual report of the quantity of emissions or sequestration of GHG resulting from their operations within three months from the

March 27, 2024

Thailand’s Regulations for Cross-Border Personal Data Transfer Come into Force

Two notifications on the cross-border transfer of personal data, issued by Thailand’s Personal Data Protection Committee (PDPC), came into effect on March 24, 2024. These notifications, which we detailed in a previous update, set out the criteria governing the cross-border transfer of personal data offshore, specifically focusing on situations where appropriate personal data protection standards are in place. Of particular importance is the role of binding corporate rules (BCRs) in enabling the cross-border transfer of personal data among affiliated businesses or within the same group of undertakings. The implementation of BCRs requires a comprehensive review and approval process by the Office of the PDPC, strictly in accordance with the criteria set out in one of the two notifications. With the notifications now fully enforceable, the Office of the PDPC has begun accepting BCRs for review. Data controllers and data processors intending to adopt BCRs as a means for transferring data to offshore affiliates or group companies must initiate the BCR submission process promptly. Failure to comply with PDPA requirements concerning the cross-border transfer of personal data could result in substantial penalties. Organizations involved in cross-border personal data transfers should be proactive in complying with the prescribed criteria to avoid these regulatory penalties and maintain the data protection standards mandated by the PDPA. For more information on these cross-border personal data transfer regulations, or on any aspect of complying with Thailand’s data protection laws, please contact Nopparat Lalitkomon at [email protected], Gvavalin Mahakunkitchareon at [email protected], or Wilin Somya at [email protected].

March 27, 2024

Cambodia Clarifies Compensation Due for Employment Contract Termination

Cambodia’s Ministry of Labor and Vocational Training issued the Notification on the Compensation for Terminating an Employment Contract on March 21, 2024, clarifying the compensation due to employees upon the termination of their employment contracts. The notification outlines different requirements depending on the nature of the termination and the type of employment contract, as laid out below. Termination without Valid Reason and in Absence of Serious Misconduct If an employment contract has been terminated by an employer without a valid reason and the employee did not commit any serious misconduct as defined under the relevant article of the Labor Law, the employer must compensate the employee as follows: Fixed-Duration Contract: Wages that have not yet been paid; Unused and unpaid annual leave through the termination date; Severance payment equal to at least 5% of the wages paid to the employee during the length of the contract; and Damages for being laid off before the expiration date of the fixed-duration contract, at least equal to the wages the employee would have received had he or she completed the original contracted term of employment. Unspecified-Duration Contract: Wages that have not yet been paid; Unused and unpaid annual leave through the termination date; Compensation in lieu of notice if the employer did not give prior notice in accordance with the Labor Law; Seniority indemnity for the semester that the employee is terminated and total seniority back payments that have not been paid; and Damages for being laid off, in an amount equal to the seniority payment received during the employment contract. Termination in Cases of Serious Misconduct Employees who commit any serious misconduct as defined under the Labor Law (regardless of whether they are under a fixed-duration or unspecified-duration contract) are entitled only to the following compensation: Wages that have not yet been paid; and Unused and unpaid annual leave through the termination date. Termination Due to Bankruptcy Since bankruptcy is considered not

March 27, 2024

Thailand Launches Public Consultation on Virtual Banks Supervision Notification

The Bank of Thailand (BOT) has opened a public comment period on their consultation paper titled “Criteria for Supervising Virtual Banks” from March 19, 2024, to April 17, 2024. The consultation paper reveals that the BOT intends to apply traditional commercial bank supervisory standards to virtual banks. However, the BOT also explains that the wholly digital nature of the services offered by virtual banks necessitates additional regulatory supervision. Additional Supervisory Criteria for Virtual Banks Financial business group: If a virtual bank is within the same financial business group as other financial institutions, its parent company must structure the virtual bank to be under its own sole consolidated financial business group. After the virtual bank has undergone the “restricted phase” in its initial years of operation (see below), other financial institutions within the group are prohibited from extending credit to or engaging in transactions similar to lending activities with the virtual bank. Shareholding structure: If the increase in the financial institution system capital is higher than the actual capital injection resulting from the bank’s shareholding structure, the BOT aims to issue an additional regulation to supervise the capital of the virtual bank and financial institution system to prevent double counting. Operational risk: Virtual banks must not use a trademark or logo that bears resemblance to or implies association with other financial institutions or financial institution groups. Governance: Virtual banks must have at least one director and chief technology officer (CTO) with at least three years of experience in IT or digital service. Additionally, the CTO must work full-time for the virtual bank and may not be an employee of another legal entity. Restriction on related lending and related-party transactions: Virtual banks must obtain prior unanimous approval from their boards of directors before engaging in transactions with major shareholders or businesses with a beneficial interest. Service channels and outsourcing:

March 27, 2024

Vietnam to Conduct First PDPD Compliance Investigation

Last year, the government of Vietnam issued the Personal Data Protection Decree (PDPD), which took effect on July 1, 2023. The Department of Cybersecurity and High-Tech Crime Prevention and Control (referred to as “A05”) under the Ministry of Public Security (MPS) is tasked with implementing and enforcing the requirements under the PDPD. While a decree on sanctioning provisions for noncompliance with the PDPD is still pending issuance, further movements from the MPS/A05 indicate that it aims to start conducting its first inspections into PDPD compliance. This is the first time that companies and government agencies have been officially questioned by the MPS about their compliance with the PDPD. The purposes of this inspection program are (1) to evaluate the compliance status of a group of selected companies and government agencies and to understand challenges in complying with the PDPD requirements; (2) to propose sanctions for noncompliance; and (3) to collect information and comments for the development of the upcoming Personal Data Protection Law—not to spot noncompliance with the PDPD specifically. This round of inspection includes a number of companies in 14 sectors (including e-commerce, aviation, telecom, banking and finance, intermediary payment, insurance, gaming, education, healthcare, real estate, data processing services, ride hailing, etc.). The companies targeted by this inspection program must: (1) submit a report on compliance to the MPS/A05 by May 30, 2024 (this report is different from the data protection impact assessment (DPIA)/transfer impact assessment (TIA) submission requirements); and (2) coordinate with the MPS/A05 on any further investigation actions from June to August 2024. The inspection results will be available by September 2024. Key information to be reported includes, among others: (1) a description of the activities and measures carried out to implement the PDPD (such as protecting data subjects’ rights, performing administrative procedures, preventing violations, etc.) and their implementation results